cloudstack-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Clayton Weise <cwe...@iswest.net>
Subject RE: Cloudstack 4 - Accounts Isolation in a Domain
Date Thu, 24 Jan 2013 17:25:46 GMT
There is a giant shared network (albeit hidden from users) in a basic network and that is the
public network which is used to assign IP addresses to instances in that zone.  I haven't
done enough work with basic networks and their associated network offerings to know whether
or not it's possible to create a shared network that is domain-specific in a basic zone but
it's worth a shot (although it may only be available for creation through the API and not
the UI).

-----Original Message-----
From: Geoff Higginbottom [mailto:geoff.higginbottom@shapeblue.com] 
Sent: Thursday, January 24, 2013 4:33 AM
To: cloudstack-users@incubator.apache.org
Subject: RE: Cloudstack 4 - Accounts Isolation in a Domain

Hi Asmita,

Yes, Shared Networks are only available in Advanced Zones

Regards

Geoff Higginbottom

D: +44 20 3603 0542 | S: +44 20 3603 0540 | M: +447968161581

geoff.higginbottom@shapeblue.com


-----Original Message-----
From: Asmita Vagyani [mailto:Asmita.Vagyani@sigma-systems.com]
Sent: 24 January 2013 10:59
To: 'cloudstack-users@incubator.apache.org'
Subject: RE: Cloudstack 4 - Accounts Isolation in a Domain

Hi Geoff,
I have used Basic zone configuration in the setups of CS4 with VMWare Cluster.
And I tried to follow steps you mentioned, but dint find the network tab in  Infrastructure/Zones/YourZone/Physical
Network/YourPhysicalNetwork/Guest.

Is this the setting coming from advanced zone setup.


Thanks and Regards.

Asmita Patil Vagyani.


-----Original Message-----
From: Geoff Higginbottom [mailto:geoff.higginbottom@shapeblue.com]
Sent: 24 January 2013 PM 04:10
To: cloudstack-users@incubator.apache.org
Subject: RE: Cloudstack 4 - Accounts Isolation in a Domain

Hi Asmita,

The Network section only allows you to create new Isolated Networks based on the default 'DefaultIsolatedNetworkOfferingWithSourceNatService'
offering which is used when a new Guest Network is created.

To create Networks based on custom network offerings or to create a Shared Network you need
to do the following.

1. Navigate to Infrastructure/Zones/YourZone/Physical Network/YourPhysicalNetwork/Guest/Network
Tab/Add Guest Network 2. Set Scope to Domain and choose the appropriate Domain 3. You may
want to select the 'Sub Domain Access' box if you plan on using sub domains later 4. Choose
the 'Shared Network' offering 5. Now complete the rest of the settings such as Name, Description
etc

Note:
The Shared Network offering has the 'Specify VLAN' flag set so you need to specify the Guest
IP Schema such as Gateway, Netmask, Start IP, End IP etc.  Ensure you choose a different IP
schema to your default guest IP schema so if you create a VM and specify both the default
guest network for their Account, and the Shared Network, the IPs are in different ranges.

If you have any existing VMs you cannot add them to the new Shared Network, you can only add
networks at VM creation time

Regards

Geoff Higginbottom

D: +44 20 3603 0542 | S: +44 20 3603 0540 | M: +447968161581

geoff.higginbottom@shapeblue.com

-----Original Message-----
From: Asmita Vagyani [mailto:Asmita.Vagyani@sigma-systems.com]
Sent: 24 January 2013 05:59
To: '<cloudstack-users@incubator.apache.org>'
Cc: 'Nitin.Mehta@citrix.com'
Subject: RE: Cloudstack 4 - Accounts Isolation in a Domain

Thanks Geoff.

My next question is , how can I create a shared network across accounts in a domain.
I went to the Network tab on CS client console, I dont see an option to create a shared network
for a domain.
I can see only one default network "guestNetworkForBasicZone" created in the Networks section.

But, for the domain - edit option - I can see the  Network Domain option on the Domain.
If I specify there any value, where does it get mapped to?

Thanks and Regards.

Asmita Patil Vagyani.

-----Original Message-----
From: Geoff Higginbottom [mailto:geoff.higginbottom@shapeblue.com]
Sent: 23 January 2013 PM 07:10
To: <cloudstack-users@incubator.apache.org>
Cc: cloudstack-users@incubator.apache.org; Nitin.Mehta@citrix.com
Subject: Re: Cloudstack 4 - Accounts Isolation in a Domain

Hi Asmita,

You are correct in your assessment.

If you do want to have VMs in different accounts communicating directly you can create a shared
network which is linked to the Domain. The Accounts would need to belong to the same Domain
for this to work.

Regards

Geoff Higginbottom
CTO / Cloud Architect

D: +44 20 3603 0542<tel:+442036030542> | S: +44 20 3603 0540<tel:+442036030540>|
M: +447968161581<tel:+447968161581>

geoff.higginbottom@shapeblue.com<mailto:geoff.higginbottom@shapeblue.com> |www.shapeblue.com
| Twitter:@shapeblue<https://twitter.com/#!/shapeblue>

ShapeBlue Ltd, 53 Chandos Place, Covent Garden, London, WC2N 4HS

Visit us on stand 291 at Cloud Expo Europe

On 23 Jan 2013, at 13:21, "Asmita Vagyani" <Asmita.Vagyani@sigma-systems.com<mailto:Asmita.Vagyani@sigma-systems.com>>
wrote:

Hi ,

I read in a blog : (Source - http://docs.cloudstack.org/index.php?title=CloudStack_Documentation/FAQ:_CloudStack/How_are_users%2C_accounts%2C_and_domains_handled_in_CloudStack%3F&action=source)
It says:

CloudStack platform users are assigned accounts.
An account is typically a customer of the service provider or a department in a large organization.
Accounts are the unit of isolation in the cloud. Accounts are grouped by domains.
Domains usually contain accounts that have some logical relationship to each other and a set
of delegated administrators with some authority over the domain and its subdomains.
For example, a service provider with several resellers could create a domain for each reseller.

My question is,

In a domain D1, I have two accounts A1 and A2 in D1.
Account A1 has a VM1 assigned and Account A2 has a VM2 assigned.
If the accounts are said to be in isolation ,then the VM1 used by account A1 and VM2  used
by account A2 will not be able to talk to each other?
Is my understanding correct?
Or is the communication between VM1 and VM2 possible since they in the same domain?
Please clarify.

Thanks and Regards.

Asmita Patil Vagyani.

-----Original Message-----
From: Nitin Mehta [mailto:Nitin.Mehta@citrix.com]
Sent: 22 January 2013 PM 03:57
To: cloudstack-users@incubator.apache.org<mailto:cloudstack-users@incubator.apache.org>;
Sailaja Mada
Subject: Re: Issue in Creating instance on Cloudstack 4

Key thing to understand is that the ownership of resources is tied to an account. Users are
mere synonyms for accessing the account resources. So any vm is also owned by an account and
not a user.
All the users of the account have visibility to the resources of the account.

Little more reading on
https://cwiki.apache.org/confluence/display/CLOUDSTACK/Accounts,+Domains,+a
nd+Admin+explained

On 22/01/13 3:49 PM, "Asmita Vagyani" <Asmita.Vagyani@sigma-systems.com<mailto:Asmita.Vagyani@sigma-systems.com>>
wrote:

Hi all,

I have a doubt.
The functionality of my application is :
There will be lots of companies approaching my application to create VMs for its employees.

I have created one account for one company on CS4.
And the company can have many employees, so is my account having many users added for each
employee.
Is there any way in CS4 to associate a VM instance for a particular user inside the same account?
I mean one account will have many VMs created, each VM assigned to a unique user, basically
1:1 association betwn user:VM.

While creating a VM(deployVirtualMachine) I cannot pass the userId in that to say only user
with userId "**" can use this vm.
I can pass only the account with domain name, what does this indicate , what is the relation
of vm with account?
Does that mean all users belonging to that account and domain can use this vm.

Thanks and Regards.

Asmita Patil Vagyani.






ShapeBlue provides a range of strategic and technical consulting and implementation services
to help IT Service Providers and Enterprises to build a true IaaS compute cloud. ShapeBlue's
expertise, combined with CloudStack technology, allows IT Service Providers and Enterprises
to deliver true, utility based, IaaS to the customer or end-user.

________________________________

This email and any attachments to it may be confidential and are intended solely for the use
of the individual to whom it is addressed. Any views or opinions expressed are solely those
of the author and do not necessarily represent those of Shape Blue Ltd. If you are not the
intended recipient of this email, you must neither take any action based upon its contents,
nor copy or show it to anyone. Please contact the sender if you believe you have received
this email in error. Shape Blue Ltd is a company incorporated in England & Wales.


ShapeBlue provides a range of strategic and technical consulting and implementation services
to help IT Service Providers and Enterprises to build a true IaaS compute cloud. ShapeBlue’s
expertise, combined with CloudStack technology, allows IT Service Providers and Enterprises
to deliver true, utility based, IaaS to the customer or end-user.

________________________________

This email and any attachments to it may be confidential and are intended solely for the use
of the individual to whom it is addressed. Any views or opinions expressed are solely those
of the author and do not necessarily represent those of Shape Blue Ltd. If you are not the
intended recipient of this email, you must neither take any action based upon its contents,
nor copy or show it to anyone. Please contact the sender if you believe you have received
this email in error. Shape Blue Ltd is a company incorporated in England & Wales.
ShapeBlue provides a range of strategic and technical consulting and implementation services
to help IT Service Providers and Enterprises to build a true IaaS compute cloud. ShapeBlue’s
expertise, combined with CloudStack technology, allows IT Service Providers and Enterprises
to deliver true, utility based, IaaS to the customer or end-user.

________________________________

This email and any attachments to it may be confidential and are intended solely for the use
of the individual to whom it is addressed. Any views or opinions expressed are solely those
of the author and do not necessarily represent those of Shape Blue Ltd. If you are not the
intended recipient of this email, you must neither take any action based upon its contents,
nor copy or show it to anyone. Please contact the sender if you believe you have received
this email in error. Shape Blue Ltd is a company incorporated in England & Wales.
Mime
View raw message