Click here to close now.

Welcome!

@CloudExpo Authors: Dana Gardner, Liz McMillan, John Mancini, Pat Romanski, Roger Strukhoff

Related Topics: @CloudExpo, Java IoT, @MicroservicesE Blog, Open Source Cloud, Containers Expo, Agile Computing

@CloudExpo: Article

Examining Excellent Eucalyptus

A high-level cloud - overview of Eucalyptus IaaS

Eucalyptus is an open source Infrastructure as a Service cloud offering. What is unique about Eucalyptus is that it is compatible with Amazon AWS APIs. This means that you can:

  • Use Eucalyptus commands to manage Amazon or Eucalyptus instances.
  • Freely move instances between a Eucalyptus private cloud and the Amazon Public cloud to create a hybrid cloud.

Eucalyptus leverages operating system virtualization, such as KVM or XEN, to achieve isolation between applications and stacks. Operating system virtualization dedicates CPU and RAM to systems and applications such that they don't interfere with each other. In cloud parlance, this is called isolation and is essential to achieve multi-tenancy. (For a refresher on basic cloud terminology, see here; for a refresher on Infrastructure as a Service, see here).

Cloud computing layers on top of operating system virtualization and when combined with dynamic  allocation of IP addresses, storage  and firewall rules creates a service that end users interact with to run instances of images.

Eucalyptus concepts
The following is an explanation of terminology and concepts used by Eucalyptus.

Images
An image is a fixed collection of software modules, system software, application software and configuration information that is started from a known baseline (immutable/fixed). An example of an image is a Linux virtual machine configured with Apache, MySQL, Perl and PHP.  When bundled and uploaded to the Eucalyptus cloud, this will become known as an "EMI" Eucalyptus Machine Image.  An EKI is an Eucalyptus Kernel Image which contains kernel modules necessary for functioning of the image. An ERI is a Eucalyptus RAM Image.

Instances
When an image is put to use it is called an instance. The configuration is dynamically executed at runtime and the cloud controller decides where the image will run, storage and networking is attached to meet resource needs. This is executed under the control of the credentials (digital certificates) of the user who is requesting an instance of the image.

IP addressing
Eucalyptus instances can have public and private IPs. An IP address is assigned to an instance when the instance is created from an image. For instances that require a persistent IP address, such as  web-server, Eucalyptus supplies Elastic IP addresses. These are pre-allocated by the Eucalyptus cloud to an instance. An Elastic IP persists whether the instance is running or not. In other words if you stop an instance and restart it hours, days or even weeks later, the instance will bind to the same Elastic IP address that was assigned to it. This is essential for consistent DNS resolution.

Security
TCP/IP stack layer 3 security is achieved using security groups, which share a common set of firewall rules. This is a mechanism to firewall off an instance using IP address and port block/allow functionality.

At TCP/IP layer 2 instances are isolated. If this were not present, a root user could manipulate the networking of instances and gain access to neighboring instances violating the basic cloud tenet of instance isolation and separation.

Networking
There are three networking modes:

  1. Managed mode - Eucalyptus manages a local network of instances, including security groups and elastic IPs. Eucalyptus maintains a DHCP server and provides private non-routable IPs to instances. An instance is created in a security group and gets an IP from the range in that group.  There is also a pool of public (elastic) IPs that users can bind to an instance at boot-time or dynamically at runtime. VLANs are used to network instances in different security groups. If there is no VLAN present, isolation can be achieved using security groups in different subnets.
  2. System mode - Essentially the physical LAN that is attached to Eucalyptus manages the network of the Eucalyptus cloud. Eucalyptus assigns a MAC address and attaches the instance's network interface to the physical Ethernet LAN through the NodeController's bridge. System mode requires a DHCP server on the physical LAN that is reachable by instances. System mode does not offer elastic IPs, security groups or VM isolation.
  3. Static mode - In static mode Eucalyptus maintains a DHCP server and assigns IP addresses to instances. Static mode does not offer elastic IPs, security groups or VM isolation.

Access control
A user of Eucalyptus is called an identity. Identities can be grouped together for access control purposes. Users exist within accounts. An account is a namespace that contains users/identities, key pairs and security groups. An account is used to account for resource usage.

Eucalyptus abbreviations
CLC

The CLC is a Cloud controller similar to Amazon EC2, It is the entry point into cloud for all users: administrators, developers, project managers and  end users. The CLC queries other components for resources and makes scheduling decisions and requests to Cluster Controllers. The CLC exposing and manages underlying resources (servers, networks, storage).  Users access the CLC using AWS compatible command line tools and a web-based dashboard.

Walrus
Walrus, similar to Amazon's S3,  is a bucket based persistent data storage.  Users create, delete and list buckets; put and remove objects from buckets; get and set access control policies. Walrus is accessible from the administrative interface or from an instance inside cloud.

CC
The CC is the Cluster Controller. The CC gathers information about node controllers and schedules an instance to execute on a specific NodeController.

NC
The NC is the the Node Controller. The Node Controller manages instances. The NC controls instance activities such as execution, inspection and termination.  The NC fetches and maintains a cache of instance images.  The NC also manages virtual network endpoints.

SC
The SC is the storage controller and is similar to Amazon's EBS (Elastic Block Store). The storage controller manages block accessed network storage.  The SC interfaces with SCSI, SAN, NFS.  The SC exports storage volumes that can be attached to an instance or mounted as a raw-block device. SC storage volumes persist even when an instance stops running and thus stores persistent data. SC storage cannot be shared between instances and only exists in the same Availability Zone in which the instance is running. Users can create snapshots from SC volumes which can stored in Walrus and thus be made available across Availability Zones.

More Stories By Jonathan Gershater

Jonathan Gershater has lived and worked in Silicon Valley since 1996, primarily doing system and sales engineering specializing in: Web Applications, Identity and Security. At Red Hat, he provides Technical Marketing for Virtualization and Cloud. Prior to joining Red Hat, Jonathan worked at 3Com, Entrust (by acquisition) two startups, Sun Microsystems and Trend Micro.

(The views expressed in this blog are entirely mine and do not represent my employer - Jonathan).

Comments (0)

Share your thoughts on this story.

Add your comment
You must be signed in to add a comment. Sign-in | Register

In accordance with our Comment Policy, we encourage comments that are on topic, relevant and to-the-point. We will remove comments that include profanity, personal attacks, racial slurs, threats of violence, or other inappropriate material that violates our Terms and Conditions, and will block users who make repeated violations. We ask all readers to expect diversity of opinion and to treat one another with dignity and respect.


@CloudExpo Stories
"We help to transform an organization and their operations and make them more efficient, more agile, and more nimble to move into the cloud or to move between cloud providers and create an agnostic tool set," noted Jeremy Steinert, DevOps Services Practice Lead at WSM International, in this SYS-CON.tv interview at @DevOpsSummit, held June 9-11, 2015, at the Javits Center in New York City.
The basic integration architecture, as defined by ESBs, hasn’t changed for more than a decade. Most cloud integration providers still rely on an ESB architecture and their proprietary connectors. As a result, enterprise integration projects suffer from constraints of availability and reliability of these connectors that are not re-usable across other integration vendors. However, the rapid adoption of APIs and almost ubiquitous availability of APIs amongst most SaaS and Cloud applications are ra...
Agile, which started in the development organization, has gradually expanded into other areas downstream - namely IT and Operations. Teams – then teams of teams – have streamlined processes, improved feedback loops and driven a much faster pace into IT departments which have had profound effects on the entire organization. In his session at DevOps Summit, Anders Wallgren, Chief Technology Officer of Electric Cloud, will discuss how DevOps and Continuous Delivery have emerged to help connect dev...
"What Dyn is able to do with our Internet performance and our Internet intelligence is give companies visibility into what is actually going on in that cloud," noted Corey Hamilton, Product Marketing Manager at Dyn, in this SYS-CON.tv interview at 16th Cloud Expo, held June 9-11, 2015, at the Javits Center in New York City.
The Internet of Things is not only adding billions of sensors and billions of terabytes to the Internet. It is also forcing a fundamental change in the way we envision Information Technology. For the first time, more data is being created by devices at the edge of the Internet rather than from centralized systems. What does this mean for today's IT professional? In this Power Panel at @ThingsExpo, moderated by Conference Chair Roger Strukhoff, panelists addressed this very serious issue of pro...
Internet of Things is moving from being a hype to a reality. Experts estimate that internet connected cars will grow to 152 million, while over 100 million internet connected wireless light bulbs and lamps will be operational by 2020. These and many other intriguing statistics highlight the importance of Internet powered devices and how market penetration is going to multiply many times over in the next few years.
Manufacturing has widely adopted standardized and automated processes to create designs, build them, and maintain them through their life cycle. However, many modern manufacturing systems go beyond mechanized workflows to introduce empowered workers, flexible collaboration, and rapid iteration. Such behaviors also characterize open source software development and are at the heart of DevOps culture, processes, and tooling.
Today air travel is a minefield of delays, hassles and customer disappointment. Airlines struggle to revitalize the experience. GE and M2Mi will demonstrate practical examples of how IoT solutions are helping airlines bring back personalization, reduce trip time and improve reliability. In their session at @ThingsExpo, Shyam Varan Nath, Principal Architect with GE, and Dr. Sarah Cooper, M2Mi’s VP Business Development and Engineering, will explore the IoT cloud-based platform technologies drivi...
Containers have changed the mind of IT in DevOps. They enable developers to work with dev, test, stage and production environments identically. Containers provide the right abstraction for microservices and many cloud platforms have integrated them into deployment pipelines. DevOps and Containers together help companies to achieve their business goals faster and more effectively. In his session at DevOps Summit, Ruslan Synytsky, CEO and Co-founder of Jelastic, reviewed the current landscape of...
Live Webinar with 451 Research Analyst Peter Christy. Join us on Wednesday July 22, 2015, at 10 am PT / 1 pm ET In a world where users are on the Internet and the applications are in the cloud, how do you maintain your historic SLA with your users? Peter Christy, Research Director, Networks at 451 Research, will discuss this new network paradigm, one in which there is no LAN and no WAN, and discuss what users and network administrators gain and give up when migrating to the agile world of clo...
SYS-CON Events announced today that JFrog, maker of Artifactory, the popular Binary Repository Manager, will exhibit at SYS-CON's @DevOpsSummit Silicon Valley, which will take place on November 3–5, 2015, at the Santa Clara Convention Center in Santa Clara, CA. Based in California, Israel and France, founded by longtime field-experts, JFrog, creator of Artifactory and Bintray, has provided the market with the first Binary Repository solution and a software distribution social platform.
"We got started as search consultants. On the services side of the business we have help organizations save time and save money when they hit issues that everyone more or less hits when their data grows," noted Otis Gospodnetić, Founder of Sematext, in this SYS-CON.tv interview at @DevOpsSummit, held June 9-11, 2015, at the Javits Center in New York City.
Internet of Things (IoT) will be a hybrid ecosystem of diverse devices and sensors collaborating with operational and enterprise systems to create the next big application. In their session at @ThingsExpo, Bramh Gupta, founder and CEO of robomq.io, and Fred Yatzeck, principal architect leading product development at robomq.io, discussed how choosing the right middleware and integration strategy from the get-go will enable IoT solution developers to adapt and grow with the industry, while at th...
Containers are revolutionizing the way we deploy and maintain our infrastructures, but monitoring and troubleshooting in a containerized environment can still be painful and impractical. Understanding even basic resource usage is difficult – let alone tracking network connections or malicious activity. In his session at DevOps Summit, Gianluca Borello, Sr. Software Engineer at Sysdig, will cover the current state of the art for container monitoring and visibility, including pros / cons and liv...
The last decade was about virtual machines, but the next one is about containers. Containers enable a service to run on any host at any time. Traditional tools are starting to show cracks because they were not designed for this level of application portability. Now is the time to look at new ways to deploy and manage applications at scale. In his session at @DevOpsSummit, Brian “Redbeard” Harrington, a principal architect at CoreOS, will examine how CoreOS helps teams run in production. Attende...
"We have a tagline - "Power in the API Economy." What that means is everything that is built in applications and connected applications is done through APIs," explained Roberto Medrano, Executive Vice President at Akana, in this SYS-CON.tv interview at 16th Cloud Expo, held June 9-11, 2015, at the Javits Center in New York City.
Malicious agents are moving faster than the speed of business. Even more worrisome, most companies are relying on legacy approaches to security that are no longer capable of meeting current threats. In the modern cloud, threat diversity is rapidly expanding, necessitating more sophisticated security protocols than those used in the past or in desktop environments. Yet companies are falling for cloud security myths that were truths at one time but have evolved out of existence.
The cloud has transformed how we think about software quality. Instead of preventing failures, we must focus on automatic recovery from failure. In other words, resilience trumps traditional quality measures. Continuous delivery models further squeeze traditional notions of quality. Remember the venerable project management Iron Triangle? Among time, scope, and cost, you can only fix two or quality will suffer. Only in today's DevOps world, continuous testing, integration, and deployment upend...
IT data is typically silo'd by the various tools in place. Unifying all the log, metric and event data in one analytics platform stops finger pointing and provides the end-to-end correlation. Logs, metrics and custom event data can be joined to tell the holistic story of your software and operations. For example, users can correlate code deploys to system performance to application error codes. In his session at DevOps Summit, Michael Demmer, VP of Engineering at Jut, will discuss how this can...
"A lot of the enterprises that have been using our systems for many years are reaching out to the cloud - the public cloud, the private cloud and hybrid," stated Reuven Harrison, CTO and Co-Founder of Tufin, in this SYS-CON.tv interview at 16th Cloud Expo, held June 9-11, 2015, at the Javits Center in New York City.