Click here to close now.

Welcome!

Cloud Expo Authors: Pat Romanski, Elizabeth White, Liz McMillan, Bart Copeland, Carmen Gonzalez

Related Topics: Cloud Expo, Java, Microservices Journal, Open Source, Virtualization, Web 2.0

Cloud Expo: Article

Examining Excellent Eucalyptus

A high-level cloud - overview of Eucalyptus IaaS

Eucalyptus is an open source Infrastructure as a Service cloud offering. What is unique about Eucalyptus is that it is compatible with Amazon AWS APIs. This means that you can:

  • Use Eucalyptus commands to manage Amazon or Eucalyptus instances.
  • Freely move instances between a Eucalyptus private cloud and the Amazon Public cloud to create a hybrid cloud.

Eucalyptus leverages operating system virtualization, such as KVM or XEN, to achieve isolation between applications and stacks. Operating system virtualization dedicates CPU and RAM to systems and applications such that they don't interfere with each other. In cloud parlance, this is called isolation and is essential to achieve multi-tenancy. (For a refresher on basic cloud terminology, see here; for a refresher on Infrastructure as a Service, see here).

Cloud computing layers on top of operating system virtualization and when combined with dynamic  allocation of IP addresses, storage  and firewall rules creates a service that end users interact with to run instances of images.

Eucalyptus concepts
The following is an explanation of terminology and concepts used by Eucalyptus.

Images
An image is a fixed collection of software modules, system software, application software and configuration information that is started from a known baseline (immutable/fixed). An example of an image is a Linux virtual machine configured with Apache, MySQL, Perl and PHP.  When bundled and uploaded to the Eucalyptus cloud, this will become known as an "EMI" Eucalyptus Machine Image.  An EKI is an Eucalyptus Kernel Image which contains kernel modules necessary for functioning of the image. An ERI is a Eucalyptus RAM Image.

Instances
When an image is put to use it is called an instance. The configuration is dynamically executed at runtime and the cloud controller decides where the image will run, storage and networking is attached to meet resource needs. This is executed under the control of the credentials (digital certificates) of the user who is requesting an instance of the image.

IP addressing
Eucalyptus instances can have public and private IPs. An IP address is assigned to an instance when the instance is created from an image. For instances that require a persistent IP address, such as  web-server, Eucalyptus supplies Elastic IP addresses. These are pre-allocated by the Eucalyptus cloud to an instance. An Elastic IP persists whether the instance is running or not. In other words if you stop an instance and restart it hours, days or even weeks later, the instance will bind to the same Elastic IP address that was assigned to it. This is essential for consistent DNS resolution.

Security
TCP/IP stack layer 3 security is achieved using security groups, which share a common set of firewall rules. This is a mechanism to firewall off an instance using IP address and port block/allow functionality.

At TCP/IP layer 2 instances are isolated. If this were not present, a root user could manipulate the networking of instances and gain access to neighboring instances violating the basic cloud tenet of instance isolation and separation.

Networking
There are three networking modes:

  1. Managed mode - Eucalyptus manages a local network of instances, including security groups and elastic IPs. Eucalyptus maintains a DHCP server and provides private non-routable IPs to instances. An instance is created in a security group and gets an IP from the range in that group.  There is also a pool of public (elastic) IPs that users can bind to an instance at boot-time or dynamically at runtime. VLANs are used to network instances in different security groups. If there is no VLAN present, isolation can be achieved using security groups in different subnets.
  2. System mode - Essentially the physical LAN that is attached to Eucalyptus manages the network of the Eucalyptus cloud. Eucalyptus assigns a MAC address and attaches the instance's network interface to the physical Ethernet LAN through the NodeController's bridge. System mode requires a DHCP server on the physical LAN that is reachable by instances. System mode does not offer elastic IPs, security groups or VM isolation.
  3. Static mode - In static mode Eucalyptus maintains a DHCP server and assigns IP addresses to instances. Static mode does not offer elastic IPs, security groups or VM isolation.

Access control
A user of Eucalyptus is called an identity. Identities can be grouped together for access control purposes. Users exist within accounts. An account is a namespace that contains users/identities, key pairs and security groups. An account is used to account for resource usage.

Eucalyptus abbreviations
CLC

The CLC is a Cloud controller similar to Amazon EC2, It is the entry point into cloud for all users: administrators, developers, project managers and  end users. The CLC queries other components for resources and makes scheduling decisions and requests to Cluster Controllers. The CLC exposing and manages underlying resources (servers, networks, storage).  Users access the CLC using AWS compatible command line tools and a web-based dashboard.

Walrus
Walrus, similar to Amazon's S3,  is a bucket based persistent data storage.  Users create, delete and list buckets; put and remove objects from buckets; get and set access control policies. Walrus is accessible from the administrative interface or from an instance inside cloud.

CC
The CC is the Cluster Controller. The CC gathers information about node controllers and schedules an instance to execute on a specific NodeController.

NC
The NC is the the Node Controller. The Node Controller manages instances. The NC controls instance activities such as execution, inspection and termination.  The NC fetches and maintains a cache of instance images.  The NC also manages virtual network endpoints.

SC
The SC is the storage controller and is similar to Amazon's EBS (Elastic Block Store). The storage controller manages block accessed network storage.  The SC interfaces with SCSI, SAN, NFS.  The SC exports storage volumes that can be attached to an instance or mounted as a raw-block device. SC storage volumes persist even when an instance stops running and thus stores persistent data. SC storage cannot be shared between instances and only exists in the same Availability Zone in which the instance is running. Users can create snapshots from SC volumes which can stored in Walrus and thus be made available across Availability Zones.

More Stories By Jonathan Gershater

Jonathan Gershater has lived and worked in Silicon Valley since 1996, primarily doing system and sales engineering specializing in: Web Applications, Identity and Security. At Red Hat, he provides Technical Marketing for Virtualization and Cloud. Prior to joining Red Hat, Jonathan worked at 3Com, Entrust (by acquisition) two startups, Sun Microsystems and Trend Micro.

(The views expressed in this blog are entirely mine and do not represent my employer - Jonathan).

Comments (0)

Share your thoughts on this story.

Add your comment
You must be signed in to add a comment. Sign-in | Register

In accordance with our Comment Policy, we encourage comments that are on topic, relevant and to-the-point. We will remove comments that include profanity, personal attacks, racial slurs, threats of violence, or other inappropriate material that violates our Terms and Conditions, and will block users who make repeated violations. We ask all readers to expect diversity of opinion and to treat one another with dignity and respect.


@CloudExpo Stories
of cloud, colocation, managed services and disaster recovery solutions, will exhibit at SYS-CON's 16th International Cloud Expo®, which will take place on June 9-11, 2015, at the Javits Center in New York City, NY. TierPoint, LLC, is a leading national provider of information technology and data center services, including cloud, colocation, disaster recovery and managed IT services, with corporate headquarters in St. Louis, MO. TierPoint was formed through the strategic combination of some of t...
Cryptography has become one of the most underappreciated, misunderstood components of technology. It’s too easy for salespeople to dismiss concerns with three letters that nobody wants to question. ‘Yes, of course, we use AES.’ But what exactly are you trusting to be the ultimate guardian of your data? Let’s face it – you probably don’t know. An organic, grass-fed Kobe steak is a far cry from a Big Mac, but they’re both beef, right? Not exactly. Crypto is the same way. The US government require...
SYS-CON Events announced today Sematext Group, Inc., a Brooklyn-based Performance Monitoring and Log Management solution provider, will exhibit at SYS-CON's DevOps Summit 2015 New York, which will take place on June 9-11, 2015, at the Javits Center in New York City, NY. Sematext is a globally distributed organization that builds innovative Cloud and On Premises solutions for performance monitoring, alerting and anomaly detection (SPM), log management and analytics (Logsene), search analytics (S...
Hadoop as a Service (as offered by handful of niche vendors now) is a cloud computing solution that makes medium and large-scale data processing accessible, easy, fast and inexpensive. In his session at Big Data Expo, Kumar Ramamurthy, Vice President and Chief Technologist, EIM & Big Data, at Virtusa, will discuss how this is achieved by eliminating the operational challenges of running Hadoop, so one can focus on business growth. The fragmented Hadoop distribution world and various PaaS soluti...
SYS-CON Events announced today that Stratoscale, the new data center operating system, will exhibit at SYS-CON's 16th International Cloud Expo®, which will take place on June 9-11, 2015, at the Javits Center in New York City, NY. Based in Herzeliya, Israel, Stratoscale is redefining the data center, developing a hardware-agnostic, software platform hyper-converging compute, storage and networking across the rack or data center. The self-optimizing platform automatically distributes all physical...
When an enterprise builds a hybrid IaaS cloud connecting its data center to one or more public clouds, security is often a major topic along with the other challenges involved. Security is closely intertwined with the networking choices made for the hybrid cloud. Traditional networking approaches for building a hybrid cloud try to kludge together the enterprise infrastructure with the public cloud. Consequently this approach requires risky, deep "surgery" including changes to firewalls, subnets...
SYS-CON Media announced today that Blue Box as launched a popular blog feed on Cloud Computing Journal. Cloud Computing Journal aims to help open the eyes of Enterprise IT professionals to the economics and strategies that utility/cloud computing provides. Blue Box Cloud gives you unequaled agility, without the burden of designing, deploying and managing your own infrastructure. It’s the right choice when public cloud just won’t do. Blue Box Cloud is a managed Private Cloud as a Service (...
With major technology companies and startups seriously embracing IoT strategies, now is the perfect time to attend @ThingsExpo in Silicon Valley. Learn what is going on, contribute to the discussions, and ensure that your enterprise is as "IoT-Ready" as it can be! Internet of @ThingsExpo, taking place Nov 3-5, 2015, at the Santa Clara Convention Center in Santa Clara, CA, is co-located with 17th Cloud Expo and will feature technical sessions from a rock star conference faculty and the leading in...
MeriTalk, a public-private partnership focused on improving the outcomes of government IT, today announced the results of its new report, "The Agile Advantage: Can DevOps Move Cloud to the Fast Lane?" The study, underwritten by Accenture Federal Services, reveals that approximately two-thirds of Feds say DevOps will help agencies shift into the cloud fast lane - improving IT collaboration and migration speed. But help is needed, with 66 percent saying that their agency needs to move IT services ...
There is little doubt that Big Data solutions will have an increasing role in the Enterprise IT mainstream over time. 8th International Big Data Expo, co-located with 17th International Cloud Expo - to be held November 3-5, 2015, at the Santa Clara Convention Center in Santa Clara, CA - has announced its Call for Papers is open. As advanced data storage, access and analytics technologies aimed at handling high-volume and/or fast moving data all move center stage, aided by the cloud computing bo...
Every day we read jaw-dropping stats on the explosion of data. We allocate significant resources to harness and better understand it. We build businesses around it. But we’ve only just begun. For big payoffs in Big Data, CIOs are turning to cognitive computing. Cognitive computing’s ability to securely extract insights, understand natural language, and get smarter each time it’s used is the next, logical step for Big Data.
Move from reactive to proactive cloud management in a heterogeneous cloud infrastructure. In his session at 16th Cloud Expo, Manoj Khabe, Innovative Solution-Focused Transformation Leader at Vicom Computer Services, Inc., will show how to replace a help desk-centric approach with an ITIL-based service model and service-centric CMDB that’s tightly integrated with an event and incident management platform. Learn how to expand the scope of operations management to service management. He will al...
Enterprises are fast realizing the importance of integrating SaaS/Cloud applications, API and on-premises data and processes, to unleash hidden value. This webinar explores how managers can use a Microservice-centric approach to aggressively tackle the unexpected new integration challenges posed by proliferation of cloud, mobile, social and big data projects. Industry analyst and SOA expert Jason Bloomberg will strip away the hype from microservices, and clearly identify their advantages and d...
DevOps Summit, taking place Nov 3-5, 2015, at the Santa Clara Convention Center in Santa Clara, CA, is co-located with 17th Cloud Expo and will feature technical sessions from a rock star conference faculty and the leading industry players in the world. The widespread success of cloud computing is driving the DevOps revolution in enterprise IT. Now as never before, development teams must communicate and collaborate in a dynamic, 24/7/365 environment. There is no time to wait for long developmen...
The 5th International DevOps Summit, co-located with 17th International Cloud Expo – being held November 3-5, 2015, at the Santa Clara Convention Center in Santa Clara, CA – announces that its Call for Papers is open. Born out of proven success in agile development, cloud computing, and process automation, DevOps is a macro trend you cannot afford to miss. From showcase success stories from early adopters and web-scale businesses, DevOps is expanding to organizations of all sizes, including the...
17th Cloud Expo, taking place Nov 3-5, 2015, at the Santa Clara Convention Center in Santa Clara, CA, will feature technical sessions from a rock star conference faculty and the leading industry players in the world. Cloud computing is now being embraced by a majority of enterprises of all sizes. Yesterday's debate about public vs. private has transformed into the reality of hybrid cloud: a recent survey shows that 74% of enterprises have a hybrid cloud strategy. Meanwhile, 94% of enterprises a...
Over the years, a variety of methodologies have emerged in order to overcome the challenges related to project constraints. The successful use of each methodology seems highly context-dependent. However, communication seems to be the common denominator of the many challenges that project management methodologies intend to resolve. In this respect, Information and Communication Technologies (ICTs) can be viewed as powerful tools for managing projects. Few research papers have focused on the way...
As the world moves from DevOps to NoOps, application deployment to the cloud ought to become a lot simpler. However, applications have been architected with a much tighter coupling than it needs to be which makes deployment in different environments and migration between them harder. The microservices architecture, which is the basis of many new age distributed systems such as OpenStack, Netflix and so on is at the heart of CloudFoundry – a complete developer-oriented Platform as a Service (PaaS...
The Industrial Internet revolution is now underway, enabled by connected machines and billions of devices that communicate and collaborate. The massive amounts of Big Data requiring real-time analysis is flooding legacy IT systems and giving way to cloud environments that can handle the unpredictable workloads. Yet many barriers remain until we can fully realize the opportunities and benefits from the convergence of machines and devices with Big Data and the cloud, including interoperability, ...
High-performing enterprise Software Quality Assurance (SQA) teams validate systems that are ready for use - getting most actively involved as components integrate and form complete systems. These teams catch and report on defects, making sure the customer gets the best software possible. SQA teams have leveraged automation and virtualization to execute more thorough testing in less time - bringing Dev and Ops together, ensuring production readiness. Does the emergence of DevOps mean the end of E...