Click here to close now.




















Welcome!

@CloudExpo Authors: Dana Gardner, Elizabeth White, Liz McMillan, AppDynamics Blog, Pat Romanski

Related Topics: @CloudExpo, Java IoT, Microservices Expo, Open Source Cloud, Containers Expo Blog, Agile Computing

@CloudExpo: Article

Examining Excellent Eucalyptus

A high-level cloud - overview of Eucalyptus IaaS

Eucalyptus is an open source Infrastructure as a Service cloud offering. What is unique about Eucalyptus is that it is compatible with Amazon AWS APIs. This means that you can:

  • Use Eucalyptus commands to manage Amazon or Eucalyptus instances.
  • Freely move instances between a Eucalyptus private cloud and the Amazon Public cloud to create a hybrid cloud.

Eucalyptus leverages operating system virtualization, such as KVM or XEN, to achieve isolation between applications and stacks. Operating system virtualization dedicates CPU and RAM to systems and applications such that they don't interfere with each other. In cloud parlance, this is called isolation and is essential to achieve multi-tenancy. (For a refresher on basic cloud terminology, see here; for a refresher on Infrastructure as a Service, see here).

Cloud computing layers on top of operating system virtualization and when combined with dynamic  allocation of IP addresses, storage  and firewall rules creates a service that end users interact with to run instances of images.

Eucalyptus concepts
The following is an explanation of terminology and concepts used by Eucalyptus.

Images
An image is a fixed collection of software modules, system software, application software and configuration information that is started from a known baseline (immutable/fixed). An example of an image is a Linux virtual machine configured with Apache, MySQL, Perl and PHP.  When bundled and uploaded to the Eucalyptus cloud, this will become known as an "EMI" Eucalyptus Machine Image.  An EKI is an Eucalyptus Kernel Image which contains kernel modules necessary for functioning of the image. An ERI is a Eucalyptus RAM Image.

Instances
When an image is put to use it is called an instance. The configuration is dynamically executed at runtime and the cloud controller decides where the image will run, storage and networking is attached to meet resource needs. This is executed under the control of the credentials (digital certificates) of the user who is requesting an instance of the image.

IP addressing
Eucalyptus instances can have public and private IPs. An IP address is assigned to an instance when the instance is created from an image. For instances that require a persistent IP address, such as  web-server, Eucalyptus supplies Elastic IP addresses. These are pre-allocated by the Eucalyptus cloud to an instance. An Elastic IP persists whether the instance is running or not. In other words if you stop an instance and restart it hours, days or even weeks later, the instance will bind to the same Elastic IP address that was assigned to it. This is essential for consistent DNS resolution.

Security
TCP/IP stack layer 3 security is achieved using security groups, which share a common set of firewall rules. This is a mechanism to firewall off an instance using IP address and port block/allow functionality.

At TCP/IP layer 2 instances are isolated. If this were not present, a root user could manipulate the networking of instances and gain access to neighboring instances violating the basic cloud tenet of instance isolation and separation.

Networking
There are three networking modes:

  1. Managed mode - Eucalyptus manages a local network of instances, including security groups and elastic IPs. Eucalyptus maintains a DHCP server and provides private non-routable IPs to instances. An instance is created in a security group and gets an IP from the range in that group.  There is also a pool of public (elastic) IPs that users can bind to an instance at boot-time or dynamically at runtime. VLANs are used to network instances in different security groups. If there is no VLAN present, isolation can be achieved using security groups in different subnets.
  2. System mode - Essentially the physical LAN that is attached to Eucalyptus manages the network of the Eucalyptus cloud. Eucalyptus assigns a MAC address and attaches the instance's network interface to the physical Ethernet LAN through the NodeController's bridge. System mode requires a DHCP server on the physical LAN that is reachable by instances. System mode does not offer elastic IPs, security groups or VM isolation.
  3. Static mode - In static mode Eucalyptus maintains a DHCP server and assigns IP addresses to instances. Static mode does not offer elastic IPs, security groups or VM isolation.

Access control
A user of Eucalyptus is called an identity. Identities can be grouped together for access control purposes. Users exist within accounts. An account is a namespace that contains users/identities, key pairs and security groups. An account is used to account for resource usage.

Eucalyptus abbreviations
CLC

The CLC is a Cloud controller similar to Amazon EC2, It is the entry point into cloud for all users: administrators, developers, project managers and  end users. The CLC queries other components for resources and makes scheduling decisions and requests to Cluster Controllers. The CLC exposing and manages underlying resources (servers, networks, storage).  Users access the CLC using AWS compatible command line tools and a web-based dashboard.

Walrus
Walrus, similar to Amazon's S3,  is a bucket based persistent data storage.  Users create, delete and list buckets; put and remove objects from buckets; get and set access control policies. Walrus is accessible from the administrative interface or from an instance inside cloud.

CC
The CC is the Cluster Controller. The CC gathers information about node controllers and schedules an instance to execute on a specific NodeController.

NC
The NC is the the Node Controller. The Node Controller manages instances. The NC controls instance activities such as execution, inspection and termination.  The NC fetches and maintains a cache of instance images.  The NC also manages virtual network endpoints.

SC
The SC is the storage controller and is similar to Amazon's EBS (Elastic Block Store). The storage controller manages block accessed network storage.  The SC interfaces with SCSI, SAN, NFS.  The SC exports storage volumes that can be attached to an instance or mounted as a raw-block device. SC storage volumes persist even when an instance stops running and thus stores persistent data. SC storage cannot be shared between instances and only exists in the same Availability Zone in which the instance is running. Users can create snapshots from SC volumes which can stored in Walrus and thus be made available across Availability Zones.

More Stories By Jonathan Gershater

Jonathan Gershater has lived and worked in Silicon Valley since 1996, primarily doing system and sales engineering specializing in: Web Applications, Identity and Security. At Red Hat, he provides Technical Marketing for Virtualization and Cloud. Prior to joining Red Hat, Jonathan worked at 3Com, Entrust (by acquisition) two startups, Sun Microsystems and Trend Micro.

(The views expressed in this blog are entirely mine and do not represent my employer - Jonathan).

Comments (0)

Share your thoughts on this story.

Add your comment
You must be signed in to add a comment. Sign-in | Register

In accordance with our Comment Policy, we encourage comments that are on topic, relevant and to-the-point. We will remove comments that include profanity, personal attacks, racial slurs, threats of violence, or other inappropriate material that violates our Terms and Conditions, and will block users who make repeated violations. We ask all readers to expect diversity of opinion and to treat one another with dignity and respect.


@CloudExpo Stories
In their session at 17th Cloud Expo, Hal Schwartz, CEO of Secure Infrastructure & Services (SIAS), and Chuck Paolillo, CTO of Secure Infrastructure & Services (SIAS), provide a study of cloud adoption trends and the power and flexibility of IBM Power and Pureflex cloud solutions. In his role as CEO of Secure Infrastructure & Services (SIAS), Hal Schwartz provides leadership and direction for the company.
SYS-CON Events announced today that MobiDev, a software development company, will exhibit at the 17th International Cloud Expo®, which will take place November 3–5, 2015, at the Santa Clara Convention Center in Santa Clara, CA. MobiDev is a software development company with representative offices in Atlanta (US), Sheffield (UK) and Würzburg (Germany); and development centers in Ukraine. Since 2009 it has grown from a small group of passionate engineers and business managers to a full-scale mobi...
In his keynote at 16th Cloud Expo, Rodney Rogers, CEO of Virtustream, discussed the evolution of the company from inception to its recent acquisition by EMC – including personal insights, lessons learned (and some WTF moments) along the way. Learn how Virtustream’s unique approach of combining the economics and elasticity of the consumer cloud model with proper performance, application automation and security into a platform became a breakout success with enterprise customers and a natural fit f...
The Internet of Everything (IoE) brings together people, process, data and things to make networked connections more relevant and valuable than ever before – transforming information into knowledge and knowledge into wisdom. IoE creates new capabilities, richer experiences, and unprecedented opportunities to improve business and government operations, decision making and mission support capabilities.
Chuck Piluso presented a study of cloud adoption trends and the power and flexibility of IBM Power and Pureflex cloud solutions. Prior to Secure Infrastructure and Services, Mr. Piluso founded North American Telecommunication Corporation, a facilities-based Competitive Local Exchange Carrier licensed by the Public Service Commission in 10 states, serving as the company's chairman and president from 1997 to 2000. Between 1990 and 1997, Mr. Piluso served as chairman & founder of International Te...
"We have been in business for 21 years and have been building many enterprise solutions, all IT plumbing - server, storage, interconnects," stated Alex Gorbachev, President of Intelligent Systems Services, in this SYS-CON.tv interview at 16th Cloud Expo, held June 9-11, 2015, at the Javits Center in New York City.
With SaaS use rampant across organizations, how can IT departments track company data and maintain security? More and more departments are commissioning their own solutions and bypassing IT. A cloud environment is amorphous and powerful, allowing you to set up solutions for all of your user needs: document sharing and collaboration, mobile access, e-mail, even industry-specific applications. In his session at 16th Cloud Expo, Shawn Mills, President and a founder of Green House Data, discussed h...
One of the hottest areas in cloud right now is DRaaS and related offerings. In his session at 16th Cloud Expo, Dale Levesque, Disaster Recovery Product Manager with Windstream's Cloud and Data Center Marketing team, will discuss the benefits of the cloud model, which far outweigh the traditional approach, and how enterprises need to ensure that their needs are properly being met.
The speed of software changes in growing and large scale rapid-paced DevOps environments presents a challenge for continuous testing. Many organizations struggle to get this right. Practices that work for small scale continuous testing may not be sufficient as the requirements grow. In his session at DevOps Summit, Marc Hornbeek, Sr. Solutions Architect of DevOps continuous test solutions at Spirent Communications, explained the best practices of continuous testing at high scale, which is rele...
"We got started as search consultants. On the services side of the business we have help organizations save time and save money when they hit issues that everyone more or less hits when their data grows," noted Otis Gospodnetić, Founder of Sematext, in this SYS-CON.tv interview at @DevOpsSummit, held June 9-11, 2015, at the Javits Center in New York City.
"We specialize in testing. DevOps is all about continuous delivery and accelerating the delivery pipeline and there is no continuous delivery without testing," noted Marc Hornbeek, Sr. Solutions Architect at Spirent Communications, in this SYS-CON.tv interview at @DevOpsSummit, held June 9-11, 2015, at the Javits Center in New York City.
"Alert Logic is a managed security service provider that basically deploys technologies, but we support those technologies with the people and process behind it," stated Stephen Coty, Chief Security Evangelist at Alert Logic, in this SYS-CON.tv interview at 16th Cloud Expo, held June 9-11, 2015, at the Javits Center in New York City.
Digital Transformation is the ultimate goal of cloud computing and related initiatives. The phrase is certainly not a precise one, and as subject to hand-waving and distortion as any high-falutin' terminology in the world of information technology. Yet it is an excellent choice of words to describe what enterprise IT—and by extension, organizations in general—should be working to achieve. Digital Transformation means: handling all the data types being found and created in the organizat...
The essence of cloud computing is that all consumable IT resources are delivered as services. In his session at 15th Cloud Expo, Yung Chou, Technology Evangelist at Microsoft, demonstrated the concepts and implementations of two important cloud computing deliveries: Infrastructure as a Service (IaaS) and Platform as a Service (PaaS). He discussed from business and technical viewpoints what exactly they are, why we care, how they are different and in what ways, and the strategies for IT to tran...
The Software Defined Data Center (SDDC), which enables organizations to seamlessly run in a hybrid cloud model (public + private cloud), is here to stay. IDC estimates that the software-defined networking market will be valued at $3.7 billion by 2016. Security is a key component and benefit of the SDDC, and offers an opportunity to build security 'from the ground up' and weave it into the environment from day one. In his session at 16th Cloud Expo, Reuven Harrison, CTO and Co-Founder of Tufin,...
The Internet of Things is not only adding billions of sensors and billions of terabytes to the Internet. It is also forcing a fundamental change in the way we envision Information Technology. For the first time, more data is being created by devices at the edge of the Internet rather than from centralized systems. What does this mean for today's IT professional? In this Power Panel at @ThingsExpo, moderated by Conference Chair Roger Strukhoff, panelists addressed this very serious issue of pro...
Container technology is sending shock waves through the world of cloud computing. Heralded as the 'next big thing,' containers provide software owners a consistent way to package their software and dependencies while infrastructure operators benefit from a standard way to deploy and run them. Containers present new challenges for tracking usage due to their dynamic nature. They can also be deployed to bare metal, virtual machines and various cloud platforms. How do software owners track the usag...
Discussions about cloud computing are evolving into discussions about enterprise IT in general. As enterprises increasingly migrate toward their own unique clouds, new issues such as the use of containers and microservices emerge to keep things interesting. In this Power Panel at 16th Cloud Expo, moderated by Conference Chair Roger Strukhoff, panelists addressed the state of cloud computing today, and what enterprise IT professionals need to know about how the latest topics and trends affect t...
"Our biggest growth area has been the security services, the managed services - the things that differentiate us in the market that there is no client that's too small and there's no client that's too big," explained Paul Mazzucco, Chief Security Officer at TierPoint, in this SYS-CON.tv interview at 16th Cloud Expo, held June 9-11, 2015, at the Javits Center in New York City.
SYS-CON Events announced today that HPM Networks will exhibit at the 17th International Cloud Expo®, which will take place on November 3–5, 2015, at the Santa Clara Convention Center in Santa Clara, CA. For 20 years, HPM Networks has been integrating technology solutions that solve complex business challenges. HPM Networks has designed solutions for both SMB and enterprise customers throughout the San Francisco Bay Area.