incubator-cloudstack-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From j..@apache.org
Subject [52/52] [abbrv] [partial] CLOUDSTACK-444 Fix from Radhika PC against docs, adds network setup in the install guide.
Date Wed, 07 Nov 2012 18:01:13 GMT
http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/blob/8e353282/docs/tmp/en-US/html-single/index.html
----------------------------------------------------------------------
diff --git a/docs/tmp/en-US/html-single/index.html b/docs/tmp/en-US/html-single/index.html
new file mode 100644
index 0000000..50f667d
--- /dev/null
+++ b/docs/tmp/en-US/html-single/index.html
@@ -0,0 +1,4987 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>CloudStack Administrator's Guide</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Apache_CloudStack-Admin_Guide-4.0.0-incubating-en-US-1-" /><meta name="description" content="Administration Guide for CloudStack." /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+              addID('Apache_CloudStack');
+              
+	      addID('Apache_CloudStack.4.0.0-incubating');
+              
+              addID('Apache_CloudStack.4.0.0-incubating.books');
+	      addID('Apache_CloudStack.4.0.0-incubating.Admin_Guide');
+              </script></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://cloudstack.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.cloudstack.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><div xml:lang="en-US" class="book" id="idm15308352" lang="en-US"><div class="titlepage"><div><div class="producttitle"><span class="productname">Apache CloudStack</span> <span class="productnumber">4.0.0-incubating</span></div><div><h1 id="idm15308352" class="title">CloudStack Administrator's Guide</h1></div><p class="edition">Edition 1</p><div><h3 class="corpauthor">
+			<span class="inlinemediaobject"><object data="Common_Content/images/title_logo.svg" type="image/svg+xml"> </object></span>
+
+		</h3></div><div><div xml:lang="en-US" class="authorgroup" lang="en-US"><div class="author"><h3 class="author"><span class="firstname">Apache</span> <span class="surname">CloudStack</span></h3></div></div></div><hr /><div><div id="idp5437592" class="legalnotice"><h1 class="legalnotice">Legal Notice</h1><div class="para">
+		Licensed to the Apache Software Foundation (ASF) under one or more contributor license agreements. See the NOTICE file distributed with this work for additional information regarding copyright ownership. The ASF licenses this file to you under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at
+	</div><div class="para">
+		http://www.apache.org/licenses/LICENSE-2.0
+	</div><div class="para">
+		Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.
+	</div><div class="para">
+		Apache CloudStack is an effort undergoing incubation at The Apache Software Foundation (ASF).
+	</div><div class="para">
+		Incubation is required of all newly accepted projects until a further review indicates that the infrastructure, communications, and decision making process have stabilized in a manner consistent with other successful ASF projects. While incubation status is not necessarily a reflection of the completeness or stability of the code, it does indicate that the project has yet to be fully endorsed by the ASF.
+	</div></div></div><div><div class="abstract"><h6>Abstract</h6><div class="para">
+				Administration Guide for CloudStack.
+			</div></div></div></div><hr /></div><div class="toc"><dl><dt><span class="chapter"><a href="#concepts">1. Concepts</a></span></dt><dd><dl><dt><span class="section"><a href="#whatis">1.1. What Is CloudStack?</a></span></dt><dt><span class="section"><a href="#feature-overview">1.2. What Can CloudStack Do?</a></span></dt><dt><span class="section"><a href="#deployment-architecture-overview">1.3. Deployment Architecture Overview</a></span></dt><dd><dl><dt><span class="section"><a href="#management-server-overview">1.3.1. Management Server Overview</a></span></dt><dt><span class="section"><a href="#cloud-infrastructure-overview">1.3.2. Cloud Infrastructure Overview</a></span></dt><dt><span class="section"><a href="#networking-overview">1.3.3. Networking Overview</a></span></dt></dl></dd></dl></dd><dt><span class="chapter"><a href="#cloud-infrastructure-concepts">2. Cloud Infrastructure Concepts</a></span></dt><dd><dl><dt><span class="section"><a href="#about-zones">2.1. About Zones</a>
 </span></dt><dt><span class="section"><a href="#about-pods">2.2. About Pods</a></span></dt><dt><span class="section"><a href="#about-clusters">2.3. About Clusters</a></span></dt><dt><span class="section"><a href="#about-hosts">2.4. About Hosts</a></span></dt><dt><span class="section"><a href="#about-primary-storage">2.5. About Primary Storage</a></span></dt><dt><span class="section"><a href="#about-secondary-storage">2.6. About Secondary Storage</a></span></dt><dt><span class="section"><a href="#about-physical-networks">2.7. About Physical Networks</a></span></dt><dd><dl><dt><span class="section"><a href="#physical-network-configuration-settings">2.7.1. Configurable Characteristics of Physical Networks</a></span></dt><dt><span class="section"><a href="#basic-zone-network-traffic-types">2.7.2. Basic Zone Network Traffic Types</a></span></dt><dt><span class="section"><a href="#basic-zone-guest-ip-addresses">2.7.3. Basic Zone Guest IP Addresses</a></span></dt><dt><span class="section">
 <a href="#advanced-zone-network-traffic-types">2.7.4. Advanced Zone Network Traffic Types</a></span></dt><dt><span class="section"><a href="#advanced-zone-guest-ip-addresses">2.7.5. Advanced Zone Guest IP Addresses</a></span></dt><dt><span class="section"><a href="#advanced-zone-public-ip-addresses">2.7.6. Advanced Zone Public IP Addresses</a></span></dt><dt><span class="section"><a href="#system-reserved-ip-addresses">2.7.7. System Reserved IP Addresses</a></span></dt></dl></dd></dl></dd><dt><span class="chapter"><a href="#accounts">3. Accounts</a></span></dt><dd><dl><dt><span class="section"><a href="#accounts-users-domains">3.1. Accounts, Users, and Domains</a></span></dt><dt><span class="section"><a href="#LDAPserver-for-user-authentication">3.2. Using an LDAP Server for User Authentication</a></span></dt><dd><dl><dt><span class="section"><a href="#example-LDAP-configuration-commands">3.2.1. Example LDAP Configuration Commands</a></span></dt><dt><span class="section"><a href="#s
 earch-base">3.2.2. Search Base</a></span></dt><dt><span class="section"><a href="#query-filter">3.2.3. Query Filter</a></span></dt><dt><span class="section"><a href="#search-user-bind-dn">3.2.4. Search User Bind DN</a></span></dt><dt><span class="section"><a href="#SSL-keystore-path-and-password">3.2.5. SSL Keystore Path and Password</a></span></dt></dl></dd></dl></dd><dt><span class="chapter"><a href="#user-services-overview">4. User Services Overview</a></span></dt><dd><dl><dt><span class="section"><a href="#offerings-and-templates">4.1. Service Offerings, Disk Offerings, Network Offerings, and Templates</a></span></dt></dl></dd><dt><span class="chapter"><a href="#ui">5. User Interface</a></span></dt><dd><dl><dt><span class="section"><a href="#log-in">5.1. Log In to the UI</a></span></dt><dd><dl><dt><span class="section"><a href="#end-user-ui-overview">5.1.1. End User's UI Overview</a></span></dt><dt><span class="section"><a href="#root-admin-ui-overview">5.1.2. Root Administrator
 's UI Overview</a></span></dt><dt><span class="section"><a href="#log-in-root-admin">5.1.3. Logging In as the Root Administrator</a></span></dt><dt><span class="section"><a href="#changing-root-password">5.1.4. Changing the Root Password</a></span></dt></dl></dd><dt><span class="section"><a href="#using-sshkeys">5.2. Using SSH Keys for Authentication</a></span></dt><dd><dl><dt><span class="section"><a href="#create-ssh-template">5.2.1.  Creating an Instance Template that Supports SSH Keys</a></span></dt><dt><span class="section"><a href="#create-ssh-keypair">5.2.2. Creating the SSH Keypair</a></span></dt><dt><span class="section"><a href="#creating-ssh-instance">5.2.3. Creating an Instance</a></span></dt><dt><span class="section"><a href="#logging-in-ssh">5.2.4. Logging In Using the SSH Keypair</a></span></dt></dl></dd></dl></dd><dt><span class="chapter"><a href="#projects">6. Using Projects to Organize Users and Resources</a></span></dt><dd><dl><dt><span class="section"><a href="#p
 rojects-overview">6.1. Overview of Projects</a></span></dt><dt><span class="section"><a href="#configuring-projects">6.2. Configuring Projects</a></span></dt><dd><dl><dt><span class="section"><a href="#set-up-invitations">6.2.1. Setting Up Invitations</a></span></dt><dt><span class="section"><a href="#set-resource-limits-for-projects">6.2.2. Setting Resource Limits for Projects</a></span></dt><dt><span class="section"><a href="#set-projects-creator-permissions">6.2.3. Setting Project Creator Permissions</a></span></dt></dl></dd><dt><span class="section"><a href="#create-new-projects">6.3. Creating a New Project</a></span></dt><dt><span class="section"><a href="#add-members-to-projects">6.4. Adding Members to a Project</a></span></dt><dd><dl><dt><span class="section"><a href="#send-projects-membership-invitation">6.4.1. Sending Project Membership Invitations</a></span></dt><dt><span class="section"><a href="#add-projects-members-from-ui">6.4.2. Adding Project Members From the UI</a><
 /span></dt></dl></dd><dt><span class="section"><a href="#accept-membership-invite">6.5. Accepting a Membership Invitation</a></span></dt><dt><span class="section"><a href="#suspend-project">6.6. Suspending or Deleting a Project</a></span></dt><dt><span class="section"><a href="#use-project-view">6.7. Using the Project View</a></span></dt></dl></dd><dt><span class="chapter"><a href="#provisioning-steps">7. Steps to Provisioning Your Cloud Infrastructure</a></span></dt><dd><dl><dt><span class="section"><a href="#provisioning-steps-overview">7.1. Overview of Provisioning Steps</a></span></dt><dt><span class="section"><a href="#zone-add">7.2. Adding a Zone</a></span></dt><dd><dl><dt><span class="section"><a href="#basic-zone-configuration">7.2.1. Basic Zone Configuration</a></span></dt><dt><span class="section"><a href="#advanced-zone-configuration">7.2.2. Advanced Zone Configuration</a></span></dt></dl></dd><dt><span class="section"><a href="#pod-add">7.3. Adding a Pod</a></span></dt><
 dt><span class="section"><a href="#cluster-add">7.4. Adding a Cluster</a></span></dt><dd><dl><dt><span class="section"><a href="#add-clusters-kvm-xenserver">7.4.1. Add Cluster: KVM or XenServer</a></span></dt><dt><span class="section"><a href="#add-clusters-vsphere">7.4.2. Add Cluster: vSphere</a></span></dt></dl></dd><dt><span class="section"><a href="#host-add">7.5. Adding a Host</a></span></dt><dd><dl><dt><span class="section"><a href="#host-add-xenserver-kvm-ovm">7.5.1. Adding a Host (XenServer or KVM)</a></span></dt><dt><span class="section"><a href="#host-add-vsphere">7.5.2. Adding a Host (vSphere)</a></span></dt></dl></dd><dt><span class="section"><a href="#primary-storage-add">7.6. Add Primary Storage</a></span></dt><dd><dl><dt><span class="section"><a href="#sys-require-primary-storage">7.6.1. System Requirements for Primary Storage</a></span></dt><dt><span class="section"><a href="#adding-primary-storage">7.6.2. Adding Primary Stroage</a></span></dt></dl></dd><dt><span cla
 ss="section"><a href="#secondary-storage-add">7.7. Add Secondary Storage</a></span></dt><dd><dl><dt><span class="section"><a href="#sys-require-secondary-storage">7.7.1. System Requirements for Secondary Storage</a></span></dt><dt><span class="section"><a href="#adding-secondary-storage">7.7.2. Adding Secondary Storage</a></span></dt></dl></dd><dt><span class="section"><a href="#initialize-and-test">7.8. Initialize and Test</a></span></dt></dl></dd><dt><span class="chapter"><a href="#offerings">8. Service Offerings</a></span></dt><dd><dl><dt><span class="section"><a href="#compute-disk-service-offerings">8.1. Compute and Disk Service Offerings</a></span></dt><dd><dl><dt><span class="section"><a href="#creating-compute-offerings">8.1.1. Creating a New Compute Offering</a></span></dt><dt><span class="section"><a href="#creating-disk-offerings">8.1.2. Creating a New Disk Offering</a></span></dt><dt><span class="section"><a href="#modify-delete-service-offerings">8.1.3. Modifying or Del
 eting a Service Offering</a></span></dt></dl></dd><dt><span class="section"><a href="#system-service-offerings">8.2. System Service Offerings</a></span></dt></dl></dd><dt><span class="chapter"><a href="#set-up-network-for-users">9. Setting Up Networking for Users</a></span></dt><dd><dl><dt><span class="section"><a href="#networks-for-users-overview">9.1. Overview of Setting Up Networking for Users</a></span></dt><dt><span class="section"><a href="#about-virtual-networks">9.2. About Virtual Networks</a></span></dt><dd><dl><dt><span class="section"><a href="#isolated-networks">9.2.1. Isolated Networks</a></span></dt><dt><span class="section"><a href="#shared-networks">9.2.2. Shared Networks</a></span></dt><dt><span class="section"><a href="#runtime-allocation-virtual-network-resources">9.2.3. Runtime Allocation of Virtual Network Resources</a></span></dt></dl></dd><dt><span class="section"><a href="#network-service-providers">9.3. Network Service Providers</a></span></dt><dt><span cla
 ss="section"><a href="#network-offerings">9.4. Network Offerings</a></span></dt></dl></dd><dt><span class="chapter"><a href="#virtual-machines">10. Working With Virtual Machines</a></span></dt><dd><dl><dt><span class="section"><a href="#about-working-with-vms">10.1. About Working with Virtual Machines</a></span></dt><dt><span class="section"><a href="#best-practices-vm">10.2. Best Practices for Virtual Machines</a></span></dt><dt><span class="section"><a href="#vm-lifecycle">10.3. VM Lifecycle</a></span></dt><dt><span class="section"><a href="#creating-vms">10.4. Creating VMs</a></span></dt><dt><span class="section"><a href="#accessing-vms">10.5. Accessing VMs</a></span></dt><dt><span class="section"><a href="#stopping-and-starting-vms">10.6. Stopping and Starting VMs</a></span></dt><dt><span class="section"><a href="#changing-vm-name-os-group">10.7. Changing the VM Name, OS, or Group</a></span></dt><dt><span class="section"><a href="#changing-service-offering-for-vm">10.8. Changing
  the Service Offering for a VM</a></span></dt><dt><span class="section"><a href="#manual-live-migration">10.9. Moving VMs Between Hosts (Manual Live Migration)</a></span></dt><dt><span class="section"><a href="#deleting-vms">10.10. Deleting VMs</a></span></dt><dt><span class="section"><a href="#working-with-iso">10.11. Working with ISOs</a></span></dt><dd><dl><dt><span class="section"><a href="#add-iso">10.11.1. Adding an ISO</a></span></dt><dt><span class="section"><a href="#attach-iso-to-vm">10.11.2. Attaching an ISO to a VM</a></span></dt></dl></dd></dl></dd><dt><span class="chapter"><a href="#working-with-hosts">11. Working With Hosts</a></span></dt><dd><dl><dt><span class="section"><a href="#adding-hosts">11.1. Adding Hosts</a></span></dt><dt><span class="section"><a href="#scheduled-maintenance-maintenance-mode-hosts">11.2. Scheduled Maintenance and Maintenance Mode for Hosts</a></span></dt><dt><span class="section"><a href="#disable-enable-zones-pods-clusters">11.3. Disabling
  and Enabling Zones, Pods, and Clusters</a></span></dt><dt><span class="section"><a href="#removing-hosts">11.4. Removing Hosts</a></span></dt><dd><dl><dt><span class="section"><a href="#removing-xenserver-kvm-hosts">11.4.1. Removing XenServer and KVM Hosts</a></span></dt><dt><span class="section"><a href="#removing-vsphere-hosts">11.4.2. Removing vSphere Hosts</a></span></dt></dl></dd><dt><span class="section"><a href="#re-install-hosts">11.5. Re-Installing Hosts</a></span></dt><dt><span class="section"><a href="#maintain-hypervisors-on-hosts">11.6. Maintaining Hypervisors on Hosts</a></span></dt><dt><span class="section"><a href="#change-host-password">11.7. Changing Host Password</a></span></dt><dt><span class="section"><a href="#host-allocation">11.8. Host Allocation</a></span></dt><dt><span class="section"><a href="#vlan-provisioning">11.9. VLAN Provisioning</a></span></dt></dl></dd><dt><span class="chapter"><a href="#working-with-templates">12. Working with Templates</a></span
 ></dt><dd><dl><dt><span class="section"><a href="#create-templates-overview">12.1. Creating Templates: Overview</a></span></dt><dt><span class="section"><a href="#requirements-templates">12.2. Requirements for Templates</a></span></dt><dt><span class="section"><a href="#best-practices-templates">12.3. Best Practices for Templates</a></span></dt><dt><span class="section"><a href="#default-template">12.4. The Default Template</a></span></dt><dt><span class="section"><a href="#private-public-template">12.5. Private and Public Templates</a></span></dt><dt><span class="section"><a href="#create-template-from-existing-vm">12.6. Creating a Template from an Existing Virtual Machine</a></span></dt><dt><span class="section"><a href="#create-template-from-snapshot">12.7. Creating a Template from a Snapshot</a></span></dt><dt><span class="section"><a href="#upload-template">12.8. Uploading Templates</a></span></dt><dt><span class="section"><a href="#export-template">12.9. Exporting Templates</a
 ></span></dt><dt><span class="section"><a href="#create-windows-template">12.10. Creating a Windows Template</a></span></dt><dd><dl><dt><span class="section"><a href="#sysprep-windows-server-2008R2">12.10.1. System Preparation for Windows Server 2008 R2</a></span></dt><dt><span class="section"><a href="#sysprep-for-windows-server-2003R2">12.10.2. Sysprep for Windows Server 2003 R2</a></span></dt></dl></dd><dt><span class="section"><a href="#import-ami">12.11. Importing Amazon Machine Images</a></span></dt><dt><span class="section"><a href="#convert-hyperv-vm-to-template">12.12. Converting a Hyper-V VM to a Template</a></span></dt><dt><span class="section"><a href="#add-password-management-to-templates">12.13. Adding Password Management to Your Templates</a></span></dt><dd><dl><dt><span class="section"><a href="#linux-installation">12.13.1. Linux OS Installation</a></span></dt><dt><span class="section"><a href="#windows-installation">12.13.2. Windows OS Installation</a></span></dt></
 dl></dd><dt><span class="section"><a href="#delete-templates">12.14. Deleting Templates</a></span></dt></dl></dd><dt><span class="chapter"><a href="#storage">13. Working With Storage</a></span></dt><dd><dl><dt><span class="section"><a href="#storage-overview">13.1. Storage Overview</a></span></dt><dt><span class="section"><a href="#primary-storage">13.2. Primary Storage</a></span></dt><dt><span class="section"><a href="#secondary-storage">13.3. Secondary Storage</a></span></dt><dt><span class="section"><a href="#working-with-volumes">13.4. Using Swift for Secondary Storage</a></span></dt><dt><span class="section"><a href="#working-with-snapshots">13.5. Working with Snapshots</a></span></dt></dl></dd><dt><span class="chapter"><a href="#work-with-usage">14. Working with Usage</a></span></dt><dd><dl><dt><span class="section"><a href="#configure-usage-server">14.1. Configuring the Usage Server</a></span></dt><dt><span class="section"><a href="#set-usage-limit">14.2. Setting Usage Limits
 </a></span></dt><dt><span class="section"><a href="#globally-configured-limit">14.3. Globally Configured Limits</a></span></dt><dt><span class="section"><a href="#default-account-resource-limit">14.4. Default Account Resource Limits</a></span></dt><dt><span class="section"><a href="#per-domain-limits">14.5. Per-Domain Limits</a></span></dt></dl></dd><dt><span class="chapter"><a href="#networks">15. Managing Networks and Traffic</a></span></dt><dd><dl><dt><span class="section"><a href="#guest-traffic">15.1. Guest Traffic</a></span></dt><dt><span class="section"><a href="#networking-in-a-pod">15.2. Networking in a Pod</a></span></dt><dt><span class="section"><a href="#networking-in-a-zone">15.3. Networking in a Zone</a></span></dt><dt><span class="section"><a href="#basic-zone-physical-network-configuration">15.4. Basic Zone Physical Network Configuration</a></span></dt><dt><span class="section"><a href="#advanced-zone-physical-network-configuration">15.5. Advanced Zone Physical Netwo
 rk Configuration</a></span></dt><dd><dl><dt><span class="section"><a href="#configure-guest-traffic-in-advanced-zone">15.5.1. Configure Guest Traffic in an Advanced Zone</a></span></dt><dt><span class="section"><a href="#configure-public-traffic-in-an-advanced-zone">15.5.2. Configure Public Traffic in an Advanced Zone</a></span></dt></dl></dd><dt><span class="section"><a href="#using-multiple-guest-networks">15.6. Using Multiple Guest Networks</a></span></dt><dd><dl><dt><span class="section"><a href="#add-additional-guest-network">15.6.1. Adding an Additional Guest Network</a></span></dt><dt><span class="section"><a href="#change-network-offering-on-guest-network">15.6.2. Changing the Network Offering on a Guest Network</a></span></dt></dl></dd><dt><span class="section"><a href="#security-groups">15.7. Security Groups</a></span></dt><dd><dl><dt><span class="section"><a href="#about-security-groups">15.7.1. About Security Groups</a></span></dt><dt><span class="section"><a href="#add-
 security-group">15.7.2. Adding a Security Group</a></span></dt><dt><span class="section"><a href="#enable-security-groups">15.7.3. Enabling Security Groups</a></span></dt><dt><span class="section"><a href="#add-ingress-egress-rules">15.7.4. Adding Ingress and Egress Rules to a Security Group</a></span></dt></dl></dd><dt><span class="section"><a href="#external-firewalls-and-load-balancers">15.8. External Firewalls and Load Balancers</a></span></dt><dt><span class="section"><a href="#load-balancer-rules">15.9. Load Balancer Rules</a></span></dt><dt><span class="section"><a href="#guest-ip-ranges">15.10. Guest IP Ranges</a></span></dt><dt><span class="section"><a href="#acquire-new-ip-address">15.11. Acquiring a New IP Address</a></span></dt><dt><span class="section"><a href="#release-ip-address">15.12. Releasing an IP Address</a></span></dt><dt><span class="section"><a href="#static-nat">15.13. Static NAT</a></span></dt><dt><span class="section"><a href="#ip-forwarding-firewalling">1
 5.14. IP Forwarding and Firewalling</a></span></dt><dt><span class="section"><a href="#ip-load-balancing">15.15. IP Load Balancing</a></span></dt><dt><span class="section"><a href="#dns-dhcp">15.16. DNS and DHCP</a></span></dt><dt><span class="section"><a href="#vpn">15.17. VPN</a></span></dt><dd><dl><dt><span class="section"><a href="#configure-vpn">15.17.1. Configuring VPN</a></span></dt><dt><span class="section"><a href="#using-vpn-with-windows">15.17.2. Using VPN with Windows</a></span></dt><dt><span class="section"><a href="#using-vpn-with-mac">15.17.3. Using VPN with Mac OS X</a></span></dt><dt><span class="section"><a href="#site-to-site-vpn">15.17.4. Setting Up a Site-to-Site VPN Connection</a></span></dt></dl></dd><dt><span class="section"><a href="#inter-vlan-routing">15.18. About Inter-VLAN Routing</a></span></dt><dt><span class="section"><a href="#configure-vpc">15.19. Configuring a Virtual Private Cloud</a></span></dt><dd><dl><dt><span class="section"><a href="#vpc">15.
 19.1. About Virtual Private Clouds</a></span></dt><dt><span class="section"><a href="#add-vpc">15.19.2. Adding a Virtual Private Cloud</a></span></dt><dt><span class="section"><a href="#add-tier">15.19.3. Adding Tiers</a></span></dt><dt><span class="section"><a href="#configure-acl">15.19.4. Configuring Access Control List</a></span></dt><dt><span class="section"><a href="#add-gateway-vpc">15.19.5. Adding a Private Gateway to a VPC</a></span></dt><dt><span class="section"><a href="#add-vm-to-tier">15.19.6. Deploying VMs to the Tier</a></span></dt><dt><span class="section"><a href="#acquire-new-ip-for-vpc">15.19.7. Acquiring a New IP Address for a VPC</a></span></dt><dt><span class="section"><a href="#release-ip-for-vpc">15.19.8. Releasing an IP Address Alloted to a VPC</a></span></dt><dt><span class="section"><a href="#enable-disable-static-nat-vpc">15.19.9. Enabling or Disabling Static NAT on a VPC</a></span></dt><dt><span class="section"><a href="#add-loadbalancer-rule-vpc">15.19.
 10. Adding Load Balancing Rules on a VPC</a></span></dt><dt><span class="section"><a href="#add-portforward-vpc">15.19.11. Adding a Port Forwarding Rule on a VPC</a></span></dt><dt><span class="section"><a href="#remove-tier">15.19.12. Removing Tiers</a></span></dt><dt><span class="section"><a href="#remove-vpc">15.19.13. Editing, Restarting, and Removing a Virtual Private Cloud</a></span></dt></dl></dd></dl></dd><dt><span class="chapter"><a href="#working-with-system-vm">16. Working with System Virtual Machines</a></span></dt><dd><dl><dt><span class="section"><a href="#system-vm-template">16.1. The System VM Template</a></span></dt><dt><span class="section"><a href="#multiple-system-vm-vmware">16.2. Multiple System VM Support for VMware</a></span></dt><dt><span class="section"><a href="#console-proxy">16.3. Console Proxy</a></span></dt><dt><span class="section"><a href="#virtual-router">16.4. Virtual Router</a></span></dt><dt><span class="section"><a href="#secondary-storage-vm">16
 .5. Secondary Storage VM</a></span></dt></dl></dd><dt><span class="chapter"><a href="#sys-reliability-and-ha">17. System Reliability and High Availability</a></span></dt><dd><dl><dt><span class="section"><a href="#ha-management-server">17.1. HA for Management Server</a></span></dt><dt><span class="section"><a href="#ha-enabled-vm">17.2. HA-Enabled Virtual Machines</a></span></dt><dt><span class="section"><a href="#ha-for-hosts">17.3. HA for Hosts</a></span></dt><dt><span class="section"><a href="#primary-storage-outage-and-data-loss">17.4. Primary Storage Outage and Data Loss</a></span></dt><dt><span class="section"><a href="#secondary-storage-outage-and-data-loss">17.5. Secondary Storage Outage and Data Loss</a></span></dt></dl></dd><dt><span class="chapter"><a href="#manage-cloud">18. Managing the Cloud</a></span></dt><dd><dl><dt><span class="section"><a href="#tagging-resources">18.1. Using Tags to Organize Resources in the Cloud</a></span></dt><dt><span class="section"><a href="
 #change-database-config">18.2. Changing the Database Configuration</a></span></dt><dt><span class="section"><a href="#admin-alerts">18.3. Administrator Alerts</a></span></dt><dt><span class="section"><a href="#customizing-dns">18.4. Customizing the Network Domain Name</a></span></dt><dt><span class="section"><a href="#stop-restart-management-server">18.5. Stopping and Restarting the Management Server</a></span></dt></dl></dd><dt><span class="chapter"><a href="#global-config">19. Setting Global Configuration Parameters</a></span></dt><dt><span class="chapter"><a href="#api-overview">20. CloudStack API</a></span></dt><dd><dl><dt><span class="section"><a href="#provisioning-auth-api">20.1. Provisioning and Authentication API</a></span></dt><dt><span class="section"><a href="#allocators">20.2. Allocators</a></span></dt><dt><span class="section"><a href="#user-data-and-meta-data">20.3. User Data and Meta Data</a></span></dt></dl></dd><dt><span class="chapter"><a href="#tuning">21. Tuning
 </a></span></dt><dd><dl><dt><span class="section"><a href="#performance-monitoring">21.1. Performance Monitoring</a></span></dt><dt><span class="section"><a href="#increase-management-server-max-memory">21.2. Increase Management Server Maximum Memory</a></span></dt><dt><span class="section"><a href="#set-database-buffer-pool-size">21.3. Set Database Buffer Pool Size</a></span></dt><dt><span class="section"><a href="#set-monitor-total-vm-limits-per-host">21.4. Set and Monitor Total VM Limits per Host</a></span></dt><dt><span class="section"><a href="#configure-xenserver-dom0-memory">21.5. Configure XenServer dom0 Memory</a></span></dt></dl></dd><dt><span class="chapter"><a href="#troubleshooting">22. Troubleshooting</a></span></dt><dd><dl><dt><span class="section"><a href="#events">22.1. Events</a></span></dt><dd><dl><dt><span class="section"><a href="#events-log">22.1.1. Event Logs</a></span></dt><dt><span class="section"><a href="#standard-events">22.1.2. Standard Events</a></span>
 </dt><dt><span class="section"><a href="#long-running-job-events">22.1.3. Long Running Job Events</a></span></dt><dt><span class="section"><a href="#event-log-queries">22.1.4. Event Log Queries</a></span></dt></dl></dd><dt><span class="section"><a href="#troubleshooting-working-with-server-logs">22.2. Working with Server Logs</a></span></dt><dt><span class="section"><a href="#troubleshooting-dataloss-on-exported-primary-storage">22.3. Data Loss on Exported Primary Storage</a></span></dt><dt><span class="section"><a href="#troubleshooting-recover-lost-virtual-router">22.4. Recovering a Lost Virtual Router </a></span></dt><dt><span class="section"><a href="#troubleshooting-maintenance-mode-not-working-on-vCenter">22.5. Maintenance mode not working on vCenter</a></span></dt><dt><span class="section"><a href="#troubleshooting-unable-to-deploy-vms">22.6. Unable to deploy VMs from uploaded vSphere template</a></span></dt><dt><span class="section"><a href="#troubleshooting-unable-to-power-
 on-vm">22.7. Unable to power on virtual machine on VMware</a></span></dt><dt><span class="section"><a href="#troubleshooting-lb-rules-fails">22.8. Load balancer rules fail after changing network offering</a></span></dt></dl></dd><dt><span class="appendix"><a href="#time-zones">A. Time Zones</a></span></dt><dt><span class="appendix"><a href="#event-types">B. Event Types</a></span></dt><dt><span class="appendix"><a href="#alerts">C. Alerts</a></span></dt><dt><span class="appendix"><a href="#appe-cloudstack-Revision_History">D. Revision History</a></span></dt></dl></div><div xml:lang="en-US" class="chapter" id="concepts" lang="en-US"><div class="titlepage"><div><div><h2 class="title">Chapter 1. Concepts</h2></div></div></div><div class="toc"><dl><dt><span class="section"><a href="#whatis">1.1. What Is CloudStack?</a></span></dt><dt><span class="section"><a href="#feature-overview">1.2. What Can CloudStack Do?</a></span></dt><dt><span class="section"><a href="#deployment-architecture-
 overview">1.3. Deployment Architecture Overview</a></span></dt><dd><dl><dt><span class="section"><a href="#management-server-overview">1.3.1. Management Server Overview</a></span></dt><dt><span class="section"><a href="#cloud-infrastructure-overview">1.3.2. Cloud Infrastructure Overview</a></span></dt><dt><span class="section"><a href="#networking-overview">1.3.3. Networking Overview</a></span></dt></dl></dd></dl></div><div xml:lang="en-US" class="section" id="whatis" lang="en-US"><div class="titlepage"><div><div><h2 class="title" id="whatis">1.1. What Is CloudStack?</h2></div></div></div><div class="para">
+		CloudStack is an open source software platform that pools computing resources to build public, private, and hybrid Infrastructure as a Service (IaaS) clouds. CloudStack manages the network, storage, and compute nodes that make up a cloud infrastructure. Use CloudStack to deploy, manage, and configure cloud computing environments.
+	</div><div class="para">
+		Typical users are service providers and enterprises. With CloudStack, you can:
+	</div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+				Set up an on-demand, elastic cloud computing service. Service providers can sell self service virtual machine instances, storage volumes, and networking configurations over the Internet.
+			</div></li><li class="listitem"><div class="para">
+				Set up an on-premise private cloud for use by employees. Rather than managing virtual machines in the same way as physical machines, with CloudStack an enterprise can offer self-service virtual machines to users without involving IT departments.
+			</div></li></ul></div><div class="mediaobject"><img src="./images/1000-foot-view.png" width="444" alt="1000-foot-view.png: Overview of CloudStack" /></div></div><div xml:lang="en-US" class="section" id="feature-overview" lang="en-US"><div class="titlepage"><div><div><h2 class="title" id="feature-overview">1.2. What Can CloudStack Do?</h2></div></div></div><div class="para">
+		<span class="bold bold"><strong>Multiple Hypervisor Support</strong></span>
+	</div><div class="para">
+		CloudStack works with a variety of hypervisors, and a single cloud deployment can contain multiple hypervisor implementations. The current release of CloudStack supports pre-packaged enterprise solutions like Citrix XenServer and VMware vSphere, as well as KVM or Xen running on Ubuntu or CentOS.
+	</div><div class="para">
+		<span class="bold bold"><strong>Massively Scalable Infrastructure Management</strong></span>
+	</div><div class="para">
+		CloudStack can manage tens of thousands of servers installed in multiple geographically distributed datacenters. The centralized management server scales linearly, eliminating the need for intermediate cluster-level management servers. No single component failure can cause cloud-wide outage. Periodic maintenance of the management server can be performed without affecting the functioning of virtual machines running in the cloud.
+	</div><div class="para">
+		<span class="bold bold"><strong>Automatic Configuration Management</strong></span>
+	</div><div class="para">
+		CloudStack automatically configures each guest virtual machine’s networking and storage settings.
+	</div><div class="para">
+		CloudStack internally manages a pool of virtual appliances to support the cloud itself. These appliances offer services such as firewalling, routing, DHCP, VPN access, console proxy, storage access, and storage replication. The extensive use of virtual appliances simplifies the installation, configuration, and ongoing management of a cloud deployment.
+	</div><div class="para">
+		<span class="bold bold"><strong>Graphical User Interface</strong></span>
+	</div><div class="para">
+		CloudStack offers an administrator's Web interface, used for provisioning and managing the cloud, as well as an end-user's Web interface, used for running VMs and managing VM templates. The UI can be customized to reflect the desired service provider or enterprise look and feel.
+	</div><div class="para">
+		<span class="bold bold"><strong>API and Extensibility</strong></span>
+	</div><div class="para">
+		CloudStack provides an API that gives programmatic access to all the management features available in the UI. The API is maintained and documented. This API enables the creation of command line tools and new user interfaces to suit particular needs. See the Developer’s Guide and API Reference, both available at <a href="http://incubator.apache.org/cloudstack/docs">Apache CloudStack Guides</a> and <a href="http://incubator.apache.org/cloudstack/docs/api">Apache CloudStack API Reference</a> respectively.
+	</div><div class="para">
+		The CloudStack pluggable allocation architecture allows the creation of new types of allocators for the selection of storage and Hosts. See the Allocator Implementation Guide (<a href="http://docs.cloudstack.org/CloudStack_Documentation/Allocator_Implementation_Guide">http://docs.cloudstack.org/CloudStack_Documentation/Allocator_Implementation_Guide</a>).
+	</div><div class="para">
+		<span class="bold bold"><strong>High Availability</strong></span>
+	</div><div class="para">
+		CloudStack has a number of features to increase the availability of the system. The Management Server itself may be deployed in a multi-node installation where the servers are load balanced. MySQL may be configured to use replication to provide for a manual failover in the event of database loss. For the hosts, CloudStack supports NIC bonding and the use of separate networks for storage as well as iSCSI Multipath.
+	</div></div><div xml:lang="en-US" class="section" id="deployment-architecture-overview" lang="en-US"><div class="titlepage"><div><div><h2 class="title" id="deployment-architecture-overview">1.3. Deployment Architecture Overview</h2></div></div></div><div class="para">
+		A CloudStack installation consists of two parts: the Management Server and the cloud infrastructure that it manages. When you set up and manage a CloudStack cloud, you provision resources such as hosts, storage devices, and IP addresses into the Management Server, and the Management Server manages those resources.
+	</div><div class="para">
+		The minimum production installation consists of one machine running the CloudStack Management Server and another machine to act as the cloud infrastructure (in this case, a very simple infrastructure consisting of one host running hypervisor software). In its smallest deployment, a single machine can act as both the Management Server and the hypervisor host (using the KVM hypervisor).
+	</div><div class="mediaobject"><img src="./images/basic-deployment.png" alt="basic-deployment.png: Basic two-machine deployment" /></div><div class="para">
+		A more full-featured installation consists of a highly-available multi-node Management Server installation and up to tens of thousands of hosts using any of several advanced networking setups. For information about deployment options, see Choosing a Deployment Architecture.
+	</div><div xml:lang="en-US" class="section" id="management-server-overview" lang="en-US"><div class="titlepage"><div><div><h3 class="title" id="management-server-overview">1.3.1. Management Server Overview</h3></div></div></div><div class="para">
+		The Management Server is the CloudStack software that manages cloud resources. By interacting with the Management Server through its UI or API, you can configure and manage your cloud infrastructure.
+	</div><div class="para">
+		The Management Server runs on a dedicated server or VM. It controls allocation of virtual machines to hosts and assigns storage and IP addresses to the virtual machine instances. The Management Server runs in a Tomcat container and requires a MySQL database for persistence.
+	</div><div class="para">
+		The machine must meet the system requirements described in System Requirements.
+	</div><div class="para">
+		The Management Server:
+	</div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+				Provides the web user interface for the administrator and a reference user interface for end users.
+			</div></li><li class="listitem"><div class="para">
+				Provides the APIs for CloudStack.
+			</div></li><li class="listitem"><div class="para">
+				Manages the assignment of guest VMs to particular hosts.
+			</div></li><li class="listitem"><div class="para">
+				Manages the assignment of public and private IP addresses to particular accounts.
+			</div></li><li class="listitem"><div class="para">
+				Manages the allocation of storage to guests as virtual disks.
+			</div></li><li class="listitem"><div class="para">
+				Manages snapshots, templates, and ISO images, possibly replicating them across data centers.
+			</div></li><li class="listitem"><div class="para">
+				Provides a single point of configuration for the cloud.
+			</div></li></ul></div></div><div xml:lang="en-US" class="section" id="cloud-infrastructure-overview" lang="en-US"><div class="titlepage"><div><div><h3 class="title" id="cloud-infrastructure-overview">1.3.2. Cloud Infrastructure Overview</h3></div></div></div><div class="para">
+		The Management Server manages one or more zones (typically, datacenters) containing host computers where guest virtual machines will run. The cloud infrastructure is organized as follows:
+	</div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+				Zone: Typically, a zone is equivalent to a single datacenter. A zone consists of one or more pods and secondary storage.
+			</div></li><li class="listitem"><div class="para">
+				Pod: A pod is usually one rack of hardware that includes a layer-2 switch and one or more clusters.
+			</div></li><li class="listitem"><div class="para">
+				Cluster: A cluster consists of one or more hosts and primary storage.
+			</div></li><li class="listitem"><div class="para">
+				Host: A single compute node within a cluster. The hosts are where the actual cloud services run in the form of guest virtual machines.
+			</div></li><li class="listitem"><div class="para">
+				Primary storage is associated with a cluster, and it stores the disk volumes for all the VMs running on hosts in that cluster.
+			</div></li><li class="listitem"><div class="para">
+				Secondary storage is associated with a zone, and it stores templates, ISO images, and disk volume snapshots.
+			</div></li></ul></div><div class="mediaobject"><img src="./images/infrastructure-overview.png" width="444" alt="infrastructure_overview.png: Nested organization of a zone" /></div><div class="para">
+		<span class="bold bold"><strong>More Information</strong></span>
+	</div><div class="para">
+		For more information, see documentation on cloud infrastructure concepts.
+	</div></div><div xml:lang="en-US" class="section" id="networking-overview" lang="en-US"><div class="titlepage"><div><div><h3 class="title" id="networking-overview">1.3.3. Networking Overview</h3></div></div></div><div class="para">
+		CloudStack offers two types of networking scenario:
+	</div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+				Basic. For AWS-style networking. Provides a single network where guest isolation can be provided through layer-3 means such as security groups (IP address source filtering).
+			</div></li><li class="listitem"><div class="para">
+				Advanced. For more sophisticated network topologies. This network model provides the most flexibility in defining guest networks.
+			</div></li></ul></div><div class="para">
+		For more details, see Network Setup.
+	</div></div></div></div><div xml:lang="en-US" class="chapter" id="cloud-infrastructure-concepts" lang="en-US"><div class="titlepage"><div><div><h2 class="title">Chapter 2. Cloud Infrastructure Concepts</h2></div></div></div><div class="toc"><dl><dt><span class="section"><a href="#about-zones">2.1. About Zones</a></span></dt><dt><span class="section"><a href="#about-pods">2.2. About Pods</a></span></dt><dt><span class="section"><a href="#about-clusters">2.3. About Clusters</a></span></dt><dt><span class="section"><a href="#about-hosts">2.4. About Hosts</a></span></dt><dt><span class="section"><a href="#about-primary-storage">2.5. About Primary Storage</a></span></dt><dt><span class="section"><a href="#about-secondary-storage">2.6. About Secondary Storage</a></span></dt><dt><span class="section"><a href="#about-physical-networks">2.7. About Physical Networks</a></span></dt><dd><dl><dt><span class="section"><a href="#physical-network-configuration-settings">2.7.1. Configurable Chara
 cteristics of Physical Networks</a></span></dt><dt><span class="section"><a href="#basic-zone-network-traffic-types">2.7.2. Basic Zone Network Traffic Types</a></span></dt><dt><span class="section"><a href="#basic-zone-guest-ip-addresses">2.7.3. Basic Zone Guest IP Addresses</a></span></dt><dt><span class="section"><a href="#advanced-zone-network-traffic-types">2.7.4. Advanced Zone Network Traffic Types</a></span></dt><dt><span class="section"><a href="#advanced-zone-guest-ip-addresses">2.7.5. Advanced Zone Guest IP Addresses</a></span></dt><dt><span class="section"><a href="#advanced-zone-public-ip-addresses">2.7.6. Advanced Zone Public IP Addresses</a></span></dt><dt><span class="section"><a href="#system-reserved-ip-addresses">2.7.7. System Reserved IP Addresses</a></span></dt></dl></dd></dl></div><div xml:lang="en-US" class="section" id="about-zones" lang="en-US"><div class="titlepage"><div><div><h2 class="title" id="about-zones">2.1. About Zones</h2></div></div></div><div clas
 s="para">
+		A zone is the largest organizational unit within a CloudStack deployment. A zone typically corresponds to a single datacenter, although it is permissible to have multiple zones in a datacenter. The benefit of organizing infrastructure into zones is to provide physical isolation and redundancy. For example, each zone can have its own power supply and network uplink, and the zones can be widely separated geographically (though this is not required).
+	</div><div class="para">
+		A zone consists of:
+	</div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+				One or more pods. Each pod contains one or more clusters of hosts and one or more primary storage servers.
+			</div></li><li class="listitem"><div class="para">
+				Secondary storage, which is shared by all the pods in the zone.
+			</div></li></ul></div><div class="mediaobject"><img src="./images/zone-overview.png" width="444" alt="zone-overview.png: Nested structure of a simple zone" /></div><div class="para">
+		Zones are visible to the end user. When a user starts a guest VM, the user must select a zone for their guest. Users might also be required to copy their private templates to additional zones to enable creation of guest VMs using their templates in those zones.
+	</div><div class="para">
+		Zones can be public or private. Public zones are visible to all users. This means that any user may create a guest in that zone. Private zones are reserved for a specific domain. Only users in that domain or its subdomains may create guests in that zone.
+	</div><div class="para">
+		Hosts in the same zone are directly accessible to each other without having to go through a firewall. Hosts in different zones can access each other through statically configured VPN tunnels.
+	</div><div class="para">
+		For each zone, the administrator must decide the following.
+	</div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+				How many pods to place in a zone.
+			</div></li><li class="listitem"><div class="para">
+				How many clusters to place in each pod.
+			</div></li><li class="listitem"><div class="para">
+				How many hosts to place in each cluster.
+			</div></li><li class="listitem"><div class="para">
+				How many primary storage servers to place in each cluster and total capacity for the storage servers.
+			</div></li><li class="listitem"><div class="para">
+				How much secondary storage to deploy in a zone.
+			</div></li></ul></div><div class="para">
+		When you add a new zone, you will be prompted to configure the zone’s physical network and add the first pod, cluster, host, primary storage, and secondary storage.
+	</div></div><div xml:lang="en-US" class="section" id="about-pods" lang="en-US"><div class="titlepage"><div><div><h2 class="title" id="about-pods">2.2. About Pods</h2></div></div></div><div class="para">
+		A pod often represents a single rack. Hosts in the same pod are in the same subnet.
+	</div><div class="para">
+		A pod is the second-largest organizational unit within a CloudStack deployment. Pods are contained within zones. Each zone can contain one or more pods.
+	</div><div class="para">
+		Pods are not visible to the end user.
+	</div><div class="para">
+		A pod consists of one or more clusters of hosts and one or more primary storage servers.
+	</div><div class="mediaobject"><img src="./images/pod-overview.png" alt="pod-overview.png: Nested structure of a simple pod" /></div></div><div xml:lang="en-US" class="section" id="about-clusters" lang="en-US"><div class="titlepage"><div><div><h2 class="title" id="about-clusters">2.3. About Clusters</h2></div></div></div><div class="para">
+		A cluster provides a way to group hosts. To be precise, a cluster is a XenServer server pool, a set of KVM servers, , or a VMware cluster preconfigured in vCenter. The hosts in a cluster all have identical hardware, run the same hypervisor, are on the same subnet, and access the same shared primary storage. Virtual machine instances (VMs) can be live-migrated from one host to another within the same cluster, without interrupting service to the user.
+	</div><div class="para">
+		A cluster is the third-largest organizational unit within a CloudStack deployment. Clusters are contained within pods, and pods are contained within zones. Size of the cluster is limited by the underlying hypervisor, although the CloudStack recommends less in most cases; see Best Practices.
+	</div><div class="para">
+		A cluster consists of one or more hosts and one or more primary storage servers.
+	</div><div class="mediaobject"><img src="./images/cluster-overview.png" alt="cluster-overview.png: Structure of a simple cluster" /></div><div class="para">
+		CloudStack allows multiple clusters in a cloud deployment.
+	</div><div class="para">
+		Even when local storage is used exclusively, clusters are still required organizationally, even if there is just one host per cluster.
+	</div><div class="para">
+		When VMware is used, every VMware cluster is managed by a vCenter server. Administrator must register the vCenter server with CloudStack. There may be multiple vCenter servers per zone. Each vCenter server may manage multiple VMware clusters.
+	</div></div><div xml:lang="en-US" class="section" id="about-hosts" lang="en-US"><div class="titlepage"><div><div><h2 class="title" id="about-hosts">2.4. About Hosts</h2></div></div></div><div class="para">
+		A host is a single computer. Hosts provide the computing resources that run the guest virtual machines. Each host has hypervisor software installed on it to manage the guest VMs. For example, a Linux KVM-enabled server, a Citrix XenServer server, and an ESXi server are hosts.
+	</div><div class="para">
+		The host is the smallest organizational unit within a CloudStack deployment. Hosts are contained within clusters, clusters are contained within pods, and pods are contained within zones.
+	</div><div class="para">
+		Hosts in a CloudStack deployment:
+	</div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+				Provide the CPU, memory, storage, and networking resources needed to host the virtual machines
+			</div></li><li class="listitem"><div class="para">
+				Interconnect using a high bandwidth TCP/IP network and connect to the Internet
+			</div></li><li class="listitem"><div class="para">
+				May reside in multiple data centers across different geographic locations
+			</div></li><li class="listitem"><div class="para">
+				May have different capacities (different CPU speeds, different amounts of RAM, etc.), although the hosts within a cluster must all be homogeneous
+			</div></li></ul></div><div class="para">
+		Additional hosts can be added at any time to provide more capacity for guest VMs.
+	</div><div class="para">
+		CloudStack automatically detects the amount of CPU and memory resources provided by the Hosts.
+	</div><div class="para">
+		Hosts are not visible to the end user. An end user cannot determine which host their guest has been assigned to.
+	</div><div class="para">
+		For a host to function in CloudStack, you must do the following:
+	</div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+				Install hypervisor software on the host
+			</div></li><li class="listitem"><div class="para">
+				Assign an IP address to the host
+			</div></li><li class="listitem"><div class="para">
+				Ensure the host is connected to the CloudStack Management Server
+			</div></li></ul></div></div><div xml:lang="en-US" class="section" id="about-primary-storage" lang="en-US"><div class="titlepage"><div><div><h2 class="title" id="about-primary-storage">2.5. About Primary Storage</h2></div></div></div><div class="para">
+		Primary storage is associated with a cluster, and it stores the disk volumes for all the VMs running on hosts in that cluster. You can add multiple primary storage servers to a cluster. At least one is required. It is typically located close to the hosts for increased performance.
+	</div><div class="para">
+		CloudStack is designed to work with all standards-compliant iSCSI and NFS servers that are supported by the underlying hypervisor, including, for example:
+	</div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+				Dell EqualLogic™ for iSCSI
+			</div></li><li class="listitem"><div class="para">
+				Network Appliances filers for NFS and iSCSI
+			</div></li><li class="listitem"><div class="para">
+				Scale Computing for NFS
+			</div></li></ul></div><div class="para">
+		If you intend to use only local disk for your installation, you can skip to Add Secondary Storage.
+	</div></div><div xml:lang="en-US" class="section" id="about-secondary-storage" lang="en-US"><div class="titlepage"><div><div><h2 class="title" id="about-secondary-storage">2.6. About Secondary Storage</h2></div></div></div><div class="para">
+		Secondary storage is associated with a zone, and it stores the following:
+	</div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+				Templates — OS images that can be used to boot VMs and can include additional configuration information, such as installed applications
+			</div></li><li class="listitem"><div class="para">
+				ISO images — disc images containing data or bootable media for operating systems
+			</div></li><li class="listitem"><div class="para">
+				Disk volume snapshots — saved copies of VM data which can be used for data recovery or to create new templates
+			</div></li></ul></div><div class="para">
+		The items in zone-based NFS secondary storage are available to all hosts in the zone. CloudStack manages the allocation of guest virtual disks to particular primary storage devices.
+	</div><div class="para">
+		To make items in secondary storage available to all hosts throughout the cloud, you can add OpenStack Object Storage (Swift, <a href="http://swift.openstack.org">swift.openstack.org</a>) in addition to the zone-based NFS secondary storage. When using Swift, you configure Swift storage for the entire CloudStack, then set up NFS secondary storage for each zone as usual. The NFS storage in each zone acts as a staging area through which all templates and other secondary storage data pass before being forwarded to Swift. The Swift storage acts as a cloud-wide resource, making templates and other data available to any zone in the cloud. There is no hierarchy in the Swift storage, just one Swift container per storage object. Any secondary storage in the whole cloud can pull a container from Swift at need. It is not necessary to copy templates and snapshots from one zone to another, as would be required when using zone NFS alone. Everything is available everywhere.
+	</div></div><div xml:lang="en-US" class="section" id="about-physical-networks" lang="en-US"><div class="titlepage"><div><div><h2 class="title" id="about-physical-networks">2.7. About Physical Networks</h2></div></div></div><div class="para">
+		Part of adding a zone is setting up the physical network. One or (in an advanced zone) more physical networks can be associated with each zone. The network corresponds to a NIC on the hypervisor host. Each physical network can carry one or more types of network traffic. The choices of traffic type for each network vary depending on whether you are creating a zone with basic networking or advanced networking.
+	</div><div class="para">
+		A physical network is the actual network hardware and wiring in a zone. A zone can have multiple physical networks. An administrator can:
+	</div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+				Add/Remove/Update physical networks in a zone
+			</div></li><li class="listitem"><div class="para">
+				Configure VLANs on the physical network
+			</div></li><li class="listitem"><div class="para">
+				Configure a name so the network can be recognized by hypervisors
+			</div></li><li class="listitem"><div class="para">
+				Configure the service providers (firewalls, load balancers, etc.) available on a physical network
+			</div></li><li class="listitem"><div class="para">
+				Configure the IP addresses trunked to a physical network
+			</div></li><li class="listitem"><div class="para">
+				Specify what type of traffic is carried on the physical network, as well as other properties like network speed
+			</div></li></ul></div><div xml:lang="en-US" class="section" id="physical-network-configuration-settings" lang="en-US"><div class="titlepage"><div><div><h3 class="title" id="physical-network-configuration-settings">2.7.1. Configurable Characteristics of Physical Networks</h3></div></div></div><div class="para">
+		CloudStack provides configuration settings you can use to set up a physical network in a zone, including:
+	</div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+				What type of network traffic it carries (guest, public, management, storage)
+			</div></li><li class="listitem"><div class="para">
+				VLANs
+			</div></li><li class="listitem"><div class="para">
+				Unique name that the hypervisor can use to find that particular network
+			</div></li><li class="listitem"><div class="para">
+				Enabled or disabled. When a network is first set up, it is disabled – not in use yet. The administrator sets the physical network to enabled, and it begins to be used. The administrator can later disable the network again, which prevents any new virtual networks from being created on that physical network; the existing network traffic continues even though the state is disabled.
+			</div></li><li class="listitem"><div class="para">
+				Speed
+			</div></li><li class="listitem"><div class="para">
+				Tags, so network offerings can be matched to physical networks
+			</div></li><li class="listitem"><div class="para">
+				Isolation method
+			</div></li></ul></div></div><div xml:lang="en-US" class="section" id="basic-zone-network-traffic-types" lang="en-US"><div class="titlepage"><div><div><h3 class="title" id="basic-zone-network-traffic-types">2.7.2. Basic Zone Network Traffic Types</h3></div></div></div><div class="para">
+		When basic networking is used, there can be only one physical network in the zone. That physical network carries the following traffic types:
+	</div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+				Guest. When end users run VMs, they generate guest traffic. The guest VMs communicate with each other over a network that can be referred to as the guest network. Each pod in a basic zone is a broadcast domain, and therefore each pod has a different IP range for the guest network. The administrator must configure the IP range for each pod.
+			</div></li><li class="listitem"><div class="para">
+				Management. When CloudStack’s internal resources communicate with each other, they generate management traffic. This includes communication between hosts, system VMs (VMs used by CloudStack to perform various tasks in the cloud), and any other component that communicates directly with the CloudStack Management Server. You must configure the IP range for the system VMs to use.
+			</div><div class="note"><div class="admonition_header"><h2>Note</h2></div><div class="admonition"><div class="para">
+					We strongly recommend the use of separate NICs for management traffic and guest traffic.
+				</div></div></div></li><li class="listitem"><div class="para">
+				Public. Public traffic is generated when VMs in the cloud access the Internet. Publicly accessible IPs must be allocated for this purpose. End users can use the CloudStack UI to acquire these IPs to implement NAT between their guest network and the public network, as described in Acquiring a New IP Address.
+			</div></li><li class="listitem"><div class="para">
+				Storage. Traffic such as VM templates and snapshots, which is sent between the secondary storage VM and secondary storage servers. CloudStack uses a separate Network Interface Controller (NIC) named storage NIC for storage network traffic. Use of a storage NIC that always operates on a high bandwidth network allows fast template and snapshot copying. You must configure the IP range to use for the storage network.
+			</div></li></ul></div><div class="para">
+		In a basic network, configuring the physical network is fairly straightforward. In most cases, you only need to configure one guest network to carry traffic that is generated by guest VMs. If you use a NetScaler load balancer and enable its elastic IP and elastic load balancing (EIP and ELB) features, you must also configure a network to carry public traffic. CloudStack takes care of presenting the necessary network configuration steps to you in the UI when you add a new zone.
+	</div></div><div xml:lang="en-US" class="section" id="basic-zone-guest-ip-addresses" lang="en-US"><div class="titlepage"><div><div><h3 class="title" id="basic-zone-guest-ip-addresses">2.7.3. Basic Zone Guest IP Addresses</h3></div></div></div><div class="para">
+		When basic networking is used, CloudPlatform will assign IP addresses in the CIDR of the pod to the guests in that pod. The administrator must add a Direct IP range on the pod for this purpose. These IPs are in the same VLAN as the hosts.
+	</div></div><div xml:lang="en-US" class="section" id="advanced-zone-network-traffic-types" lang="en-US"><div class="titlepage"><div><div><h3 class="title" id="advanced-zone-network-traffic-types">2.7.4. Advanced Zone Network Traffic Types</h3></div></div></div><div class="para">
+		When advanced networking is used, there can be multiple physical networks in the zone. Each physical network can carry one or more traffic types, and you need to let CloudStack know which type of network traffic you want each network to carry. The traffic types in an advanced zone are:
+	</div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+				Guest. When end users run VMs, they generate guest traffic. The guest VMs communicate with each other over a network that can be referred to as the guest network. This network can be isolated or shared. In an isolated guest network, the administrator needs to reserve VLAN ranges to provide isolation for each CloudStack account’s network (potentially a large number of VLANs). In a shared guest network, all guest VMs share a single network.
+			</div></li><li class="listitem"><div class="para">
+				Management. When CloudStack’s internal resources communicate with each other, they generate management traffic. This includes communication between hosts, system VMs (VMs used by CloudStack to perform various tasks in the cloud), and any other component that communicates directly with the CloudStack Management Server. You must configure the IP range for the system VMs to use.
+			</div></li><li class="listitem"><div class="para">
+				Public. Public traffic is generated when VMs in the cloud access the Internet. Publicly accessible IPs must be allocated for this purpose. End users can use the CloudStack UI to acquire these IPs to implement NAT between their guest network and the public network, as described in “Acquiring a New IP Address” in the Administration Guide.
+			</div></li><li class="listitem"><div class="para">
+				Storage. Traffic such as VM templates and snapshots, which is sent between the secondary storage VM and secondary storage servers. CloudStack uses a separate Network Interface Controller (NIC) named storage NIC for storage network traffic. Use of a storage NIC that always operates on a high bandwidth network allows fast template and snapshot copying. You must configure the IP range to use for the storage network.
+			</div></li></ul></div><div class="para">
+		These traffic types can each be on a separate physical network, or they can be combined with certain restrictions. When you use the Add Zone wizard in the UI to create a new zone, you are guided into making only valid choices.
+	</div></div><div xml:lang="en-US" class="section" id="advanced-zone-guest-ip-addresses" lang="en-US"><div class="titlepage"><div><div><h3 class="title" id="advanced-zone-guest-ip-addresses">2.7.5. Advanced Zone Guest IP Addresses</h3></div></div></div><div class="para">
+		When advanced networking is used, the administrator can create additional networks for use by the guests. These networks can span the zone and be available to all accounts, or they can be scoped to a single account, in which case only the named account may create guests that attach to these networks. The networks are defined by a VLAN ID, IP range, and gateway. The administrator may provision thousands of these networks if desired.
+	</div></div><div xml:lang="en-US" class="section" id="advanced-zone-public-ip-addresses" lang="en-US"><div class="titlepage"><div><div><h3 class="title" id="advanced-zone-public-ip-addresses">2.7.6. Advanced Zone Public IP Addresses</h3></div></div></div><div class="para">
+		When advanced networking is used, the administrator can create additional networks for use by the guests. These networks can span the zone and be available to all accounts, or they can be scoped to a single account, in which case only the named account may create guests that attach to these networks. The networks are defined by a VLAN ID, IP range, and gateway. The administrator may provision thousands of these networks if desired.
+	</div></div><div xml:lang="en-US" class="section" id="system-reserved-ip-addresses" lang="en-US"><div class="titlepage"><div><div><h3 class="title" id="system-reserved-ip-addresses">2.7.7. System Reserved IP Addresses</h3></div></div></div><div class="para">
+		In each zone, you need to configure a range of reserved IP addresses for the management network. This network carries communication between the CloudStack Management Server and various system VMs, such as Secondary Storage VMs, Console Proxy VMs, and DHCP.
+	</div><div class="para">
+		The reserved IP addresses must be unique across the cloud. You cannot, for example, have a host in one zone which has the same private IP address as a host in another zone.
+	</div><div class="para">
+		The hosts in a pod are assigned private IP addresses. These are typically RFC1918 addresses. The Console Proxy and Secondary Storage system VMs are also allocated private IP addresses in the CIDR of the pod that they are created in.
+	</div><div class="para">
+		Make sure computing servers and Management Servers use IP addresses outside of the System Reserved IP range. For example, suppose the System Reserved IP range starts at 192.168.154.2 and ends at 192.168.154.7. CloudStack can use .2 to .7 for System VMs. This leaves the rest of the pod CIDR, from .8 to .254, for the Management Server and hypervisor hosts.
+	</div><div class="para">
+		<span class="bold bold"><strong>In all zones:</strong></span>
+	</div><div class="para">
+		Provide private IPs for the system in each pod and provision them in CloudStack.
+	</div><div class="para">
+		For KVM and XenServer, the recommended number of private IPs per pod is one per host. If you expect a pod to grow, add enough private IPs now to accommodate the growth.
+	</div><div class="para">
+		<span class="bold bold"><strong>In a zone that uses advanced networking:</strong></span>
+	</div><div class="para">
+		For zones with advanced networking, we recommend provisioning enough private IPs for your total number of customers, plus enough for the required CloudStack System VMs. Typically, about 10 additional IPs are required for the System VMs. For more information about System VMs, see Working with System Virtual Machines in the Administrator's Guide.
+	</div><div class="para">
+		When advanced networking is being used, the number of private IP addresses available in each pod varies depending on which hypervisor is running on the nodes in that pod. Citrix XenServer and KVM use link-local addresses, which in theory provide more than 65,000 private IP addresses within the address block. As the pod grows over time, this should be more than enough for any reasonable number of hosts as well as IP addresses for guest virtual routers. VMWare ESXi, by contrast uses any administrator-specified subnetting scheme, and the typical administrator provides only 255 IPs per pod. Since these are shared by physical machines, the guest virtual router, and other entities, it is possible to run out of private IPs when scaling up a pod whose nodes are running ESXi.
+	</div><div class="para">
+		To ensure adequate headroom to scale private IP space in an ESXi pod that uses advanced networking, use one or both of the following techniques:
+	</div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+				Specify a larger CIDR block for the subnet. A subnet mask with a /20 suffix will provide more than 4,000 IP addresses.
+			</div></li><li class="listitem"><div class="para">
+				Create multiple pods, each with its own subnet. For example, if you create 10 pods and each pod has 255 IPs, this will provide 2,550 IP addresses.
+			</div></li></ul></div></div></div></div><div xml:lang="en-US" class="chapter" id="accounts" lang="en-US"><div class="titlepage"><div><div><h2 class="title">Chapter 3. Accounts</h2></div></div></div><div class="toc"><dl><dt><span class="section"><a href="#accounts-users-domains">3.1. Accounts, Users, and Domains</a></span></dt><dt><span class="section"><a href="#LDAPserver-for-user-authentication">3.2. Using an LDAP Server for User Authentication</a></span></dt><dd><dl><dt><span class="section"><a href="#example-LDAP-configuration-commands">3.2.1. Example LDAP Configuration Commands</a></span></dt><dt><span class="section"><a href="#search-base">3.2.2. Search Base</a></span></dt><dt><span class="section"><a href="#query-filter">3.2.3. Query Filter</a></span></dt><dt><span class="section"><a href="#search-user-bind-dn">3.2.4. Search User Bind DN</a></span></dt><dt><span class="section"><a href="#SSL-keystore-path-and-password">3.2.5. SSL Keystore Path and Password</a></span></dt>
 </dl></dd></dl></div><div xml:lang="en-US" class="section" id="accounts-users-domains" lang="en-US"><div class="titlepage"><div><div><h2 class="title" id="accounts-users-domains">3.1. Accounts, Users, and Domains</h2></div></div></div><div class="formalpara"><h5 class="formalpara" id="idp7537928">Accounts</h5>
+			An account typically represents a customer of the service provider or a department in a large organization. Multiple users can exist in an account.
+		</div><div class="formalpara"><h5 class="formalpara" id="idp11735304">Domains</h5>
+			Accounts are grouped by domains. Domains usually contain multiple accounts that have some logical relationship to each other and a set of delegated administrators with some authority over the domain and its subdomains. For example, a service provider with several resellers could create a domain for each reseller.
+		</div><div class="para">
+		For each account created, the Cloud installation creates three different types of user accounts: root administrator, domain administrator, and user.
+	</div><div class="formalpara"><h5 class="formalpara" id="idp10414544">Users</h5>
+			Users are like aliases in the account. Users in the same account are not isolated from each other, but they are isolated from users in other accounts. Most installations need not surface the notion of users; they just have one user per account. The same user cannot belong to multiple accounts.
+		</div><div class="para">
+		Username is unique in a domain across accounts in that domain. The same username can exist in other domains, including sub-domains. Domain name can repeat only if the full pathname from root is unique. For example, you can create root/d1, as well as root/foo/d1, and root/sales/d1.
+	</div><div class="para">
+		Administrators are accounts with special privileges in the system. There may be multiple administrators in the system. Administrators can create or delete other administrators, and change the password for any user in the system.
+	</div><div class="formalpara"><h5 class="formalpara" id="idm2556040">Domain Administrators</h5>
+			Domain administrators can perform administrative operations for users who belong to that domain. Domain administrators do not have visibility into physical servers or other domains.
+		</div><div class="formalpara"><h5 class="formalpara" id="idp11184280">Root Administrator</h5>
+			Root administrators have complete access to the system, including managing templates, service offerings, customer care administrators, and domains
+		</div><div class="para">
+		The resources belong to the account, not individual users in that account. For example, billing, resource limits, and so on are maintained by the account, not the users. A user can operate on any resource in the account provided the user has privileges for that operation. The privileges are determined by the role.
+	</div></div><div xml:lang="en-US" class="section" id="LDAPserver-for-user-authentication" lang="en-US"><div class="titlepage"><div><div><h2 class="title" id="LDAPserver-for-user-authentication">3.2. Using an LDAP Server for User Authentication</h2></div></div></div><div class="para">
+		You can use an external LDAP server such as Microsoft Active Directory or ApacheDS to authenticate CloudStack end-users. Just map CloudStack accounts to the corresponding LDAP accounts using a query filter. The query filter is written using the query syntax of the particular LDAP server, and can include special wildcard characters provided by CloudStack for matching common values such as the user’s email address and name. CloudStack will search the external LDAP directory tree starting at a specified base directory and return the distinguished name (DN) and password of the matching user. This information along with the given password is used to authenticate the user..
+	</div><div class="para">
+		To set up LDAP authentication in CloudStack, call the CloudStack API command ldapConfig and provide the following:
+	</div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+				Hostname or IP address and listening port of the LDAP server
+			</div></li><li class="listitem"><div class="para">
+				Base directory and query filter
+			</div></li><li class="listitem"><div class="para">
+				Search user DN credentials, which give CloudStack permission to search on the LDAP server
+			</div></li><li class="listitem"><div class="para">
+				SSL keystore and password, if SSL is used
+			</div></li></ul></div><div xml:lang="en-US" class="section" id="example-LDAP-configuration-commands" lang="en-US"><div class="titlepage"><div><div><h3 class="title" id="example-LDAP-configuration-commands">3.2.1. Example LDAP Configuration Commands</h3></div></div></div><div class="para">
+		To understand the examples in this section, you need to know the basic concepts behind calling the CloudStack API, which are explained in the Developer’s Guide.
+	</div><div class="para">
+		The following shows an example invocation of ldapConfig with an ApacheDS LDAP server
+	</div><pre class="programlisting">http://127.0.0.1:8080/client/api?command=ldapConfig&amp;hostname=127.0.0.1&amp;searchbase=ou%3Dtesting%2Co%3Dproject&amp;queryfilter=%28%26%28uid%3D%25u%29%29&amp;binddn=cn%3DJohn+Singh%2Cou%3Dtesting%2Co%project&amp;bindpass=secret&amp;port=10389&amp;ssl=true&amp;truststore=C%3A%2Fcompany%2Finfo%2Ftrusted.ks&amp;truststorepass=secret&amp;response=json&amp;apiKey=YourAPIKey&amp;signature=YourSignatureHash</pre><div class="para">
+		The command must be URL-encoded. Here is the same example without the URL encoding:
+	</div><pre class="programlisting">http://127.0.0.1:8080/client/api?command=ldapConfig
+&amp;hostname=127.0.0.1
+&amp;searchbase=ou=testing,o=project
+&amp;queryfilter=(&amp;(%uid=%u))
+&amp;binddn=cn=John+Singh,ou=testing,o=project
+&amp;bindpass=secret
+&amp;port=10389
+&amp;ssl=true
+&amp;truststore=C:/company/info/trusted.ks
+&amp;truststorepass=secret
+&amp;response=json
+&amp;apiKey=YourAPIKey&amp;signature=YourSignatureHash
+</pre><div class="para">
+		The following shows a similar command for Active Directory. Here, the search base is the testing group within a company, and the users are matched up based on email address.
+	</div><pre class="programlisting">http://10.147.29.101:8080/client/api?command=ldapConfig&amp;hostname=10.147.28.250&amp;searchbase=OU%3Dtesting%2CDC%3Dcompany&amp;queryfilter=%28%26%28mail%3D%25e%29%29 &amp;binddn=CN%3DAdministrator%2COU%3Dtesting%2CDC%3Dcompany&amp;bindpass=1111_aaaa&amp;port=389&amp;response=json&amp;apiKey=YourAPIKey&amp;signature=YourSignatureHash</pre><div class="para">
+		The next few sections explain some of the concepts you will need to know when filling out the ldapConfig parameters.
+	</div></div><div xml:lang="en-US" class="section" id="search-base" lang="en-US"><div class="titlepage"><div><div><h3 class="title" id="search-base">3.2.2. Search Base</h3></div></div></div><div class="para">
+		An LDAP query is relative to a given node of the LDAP directory tree, called the search base. The search base is the distinguished name (DN) of a level of the directory tree below which all users can be found. The users can be in the immediate base directory or in some subdirectory. The search base may be equivalent to the organization, group, or domain name. The syntax for writing a DN varies depending on which LDAP server you are using. A full discussion of distinguished names is outside the scope of our documentation. The following table shows some examples of search bases to find users in the testing department..
+	</div><div class="informaltable"><table border="1"><colgroup><col width="50%" /><col width="50%" /></colgroup><thead><tr><th align="left">
+						<div class="para">
+							LDAP Server
+						</div>
+					</th><th align="left">
+						<div class="para">
+							Example Search Base DN
+						</div>
+					</th></tr></thead><tbody><tr><td align="left">
+						<div class="para">
+							ApacheDS
+						</div>
+					</td><td align="left">
+						<div class="para">
+							ou=testing,o=project
+						</div>
+					</td></tr><tr><td align="left">
+						<div class="para">
+							Active Directory
+						</div>
+					</td><td align="left">
+						<div class="para">
+							OU=testing, DC=company
+						</div>
+					</td></tr></tbody></table></div></div><div xml:lang="en-US" class="section" id="query-filter" lang="en-US"><div class="titlepage"><div><div><h3 class="title" id="query-filter">3.2.3. Query Filter</h3></div></div></div><div class="para">
+		The query filter is used to find a mapped user in the external LDAP server. The query filter should uniquely map the CloudPlatform user to LDAP user for a meaningful authentication. For more information about query filter syntax, consult the documentation for your LDAP server.
+	</div><div class="para">
+		The CloudPlatform query filter wildcards are:
+	</div><div class="informaltable"><table border="1"><colgroup><col width="50%" /><col width="50%" /></colgroup><thead><tr><th align="left">
+						<div class="para">
+							Query Filter Wildcard
+						</div>
+					</th><th align="left">
+						<div class="para">
+							Description
+						</div>
+					</th></tr></thead><tbody><tr><td align="left">
+						<div class="para">
+							%u
+						</div>
+					</td><td align="left">
+						<div class="para">
+							User name
+						</div>
+					</td></tr><tr><td align="left">
+						<div class="para">
+							%e
+						</div>
+					</td><td align="left">
+						<div class="para">
+							Email address
+						</div>
+					</td></tr><tr><td align="left">
+						<div class="para">
+							%n
+						</div>
+					</td><td align="left">
+						<div class="para">
+							First and last name
+						</div>
+					</td></tr></tbody></table></div><div class="para">
+		The following examples assume you are using Active Directory, and refer to user attributes from the Active Directory schema.
+	</div><div class="para">
+		If the CloudPlatform user name is the same as the LDAP user ID:
+	</div><pre class="programlisting">(uid=%u)</pre><div class="para">
+		If the CloudPlatform user name is the LDAP display name:
+	</div><pre class="programlisting">(displayName=%u)</pre><div class="para">
+		To find a user by email address:
+	</div><pre class="programlisting">(mail=%e)</pre></div><div xml:lang="en-US" class="section" id="search-user-bind-dn" lang="en-US"><div class="titlepage"><div><div><h3 class="title" id="search-user-bind-dn">3.2.4. Search User Bind DN</h3></div></div></div><div class="para">
+		The bind DN is the user on the external LDAP server permitted to search the LDAP directory within the defined search base. When the DN is returned, the DN and passed password are used to authenticate the CloudStack user with an LDAP bind. A full discussion of bind DNs is outside the scope of our documentation. The following table shows some examples of bind DNs.
+	</div><div class="informaltable"><table border="1"><colgroup><col width="50%" /><col width="50%" /></colgroup><thead><tr><th align="left">
+						<div class="para">
+							LDAP Server
+						</div>
+					</th><th align="left">
+						<div class="para">
+							Example Bind DN
+						</div>
+					</th></tr></thead><tbody><tr><td align="left">
+						<div class="para">
+							ApacheDS
+						</div>
+					</td><td align="left">
+						<div class="para">
+							cn=Administrator,dc=testing,ou=project,ou=org
+						</div>
+					</td></tr><tr><td align="left">
+						<div class="para">
+							Active Directory
+						</div>
+					</td><td align="left">
+						<div class="para">
+							CN=Administrator, OU=testing, DC=company, DC=com
+						</div>
+					</td></tr></tbody></table></div></div><div xml:lang="en-US" class="section" id="SSL-keystore-path-and-password" lang="en-US"><div class="titlepage"><div><div><h3 class="title" id="SSL-keystore-path-and-password">3.2.5. SSL Keystore Path and Password</h3></div></div></div><div class="para">
+		If the LDAP server requires SSL, you need to enable it in the ldapConfig command by setting the parameters ssl, truststore, and truststorepass. Before enabling SSL for ldapConfig, you need to get the certificate which the LDAP server is using and add it to a trusted keystore. You will need to know the path to the keystore and the password.
+	</div></div></div></div><div xml:lang="en-US" class="chapter" id="user-services-overview" lang="en-US"><div class="titlepage"><div><div><h2 class="title">Chapter 4. User Services Overview</h2></div></div></div><div class="toc"><dl><dt><span class="section"><a href="#offerings-and-templates">4.1. Service Offerings, Disk Offerings, Network Offerings, and Templates</a></span></dt></dl></div><div class="para">
+		In addition to the physical and logical infrastructure of your cloud, and the CloudStack software and servers, you also need a layer of user services so that people can actually make use of the cloud. This means not just a user UI, but a set of options and resources that users can choose from, such as templates for creating virtual machines, disk storage, and more. If you are running a commercial service, you will be keeping track of what services and resources users are consuming and charging them for that usage. Even if you do not charge anything for people to use your cloud – say, if the users are strictly internal to your organization, or just friends who are sharing your cloud – you can still keep track of what services they use and how much of them.
+	</div><div class="section" id="offerings-and-templates"><div class="titlepage"><div><div><h2 class="title" id="offerings-and-templates">4.1. Service Offerings, Disk Offerings, Network Offerings, and Templates</h2></div></div></div><div class="para">
+			A user creating a new instance can make a variety of choices about its characteristics and capabilities. CloudStack provides several ways to present users with choices when creating a new instance:
+		</div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+					Service Offerings, defined by the CloudStack administrator, provide a choice of CPU speed, number of CPUs, RAM size, tags on the root disk, and other choices. See Creating a New Compute Offering.
+				</div></li><li class="listitem"><div class="para">
+					Disk Offerings, defined by the CloudStack administrator, provide a choice of disk size for primary data storage. See Creating a New Disk Offering.
+				</div></li><li class="listitem"><div class="para">
+					Network Offerings, defined by the CloudStack administrator, describe the feature set that is available to end users from the virtual router or external networking devices on a given guest network. See Network Offerings.
+				</div></li><li class="listitem"><div class="para">
+					Templates, defined by the CloudStack administrator or by any CloudStack user, are the base OS images that the user can choose from when creating a new instance. For example, CloudStack includes CentOS as a template. See Working with Templates.
+				</div></li></ul></div><div class="para">
+			In addition to these choices that are provided for users, there is another type of service offering which is available only to the CloudStack root administrator, and is used for configuring virtual infrastructure resources. For more information, see Upgrading a Virtual Router with System Service Offerings.
+		</div></div></div><div xml:lang="en-US" class="chapter" id="ui" lang="en-US"><div class="titlepage"><div><div><h2 class="title">Chapter 5. User Interface</h2></div></div></div><div class="toc"><dl><dt><span class="section"><a href="#log-in">5.1. Log In to the UI</a></span></dt><dd><dl><dt><span class="section"><a href="#end-user-ui-overview">5.1.1. End User's UI Overview</a></span></dt><dt><span class="section"><a href="#root-admin-ui-overview">5.1.2. Root Administrator's UI Overview</a></span></dt><dt><span class="section"><a href="#log-in-root-admin">5.1.3. Logging In as the Root Administrator</a></span></dt><dt><span class="section"><a href="#changing-root-password">5.1.4. Changing the Root Password</a></span></dt></dl></dd><dt><span class="section"><a href="#using-sshkeys">5.2. Using SSH Keys for Authentication</a></span></dt><dd><dl><dt><span class="section"><a href="#create-ssh-template">5.2.1.  Creating an Instance Template that Supports SSH Keys</a></span></dt><dt><span 
 class="section"><a href="#create-ssh-keypair">5.2.2. Creating the SSH Keypair</a></span></dt><dt><span class="section"><a href="#creating-ssh-instance">5.2.3. Creating an Instance</a></span></dt><dt><span class="section"><a href="#logging-in-ssh">5.2.4. Logging In Using the SSH Keypair</a></span></dt></dl></dd></dl></div><div xml:lang="en-US" class="section" id="log-in" lang="en-US"><div class="titlepage"><div><div><h2 class="title" id="log-in">5.1. Log In to the UI</h2></div></div></div><div class="para">
+		CloudStack provides a web-based UI that can be used by both administrators and end users. The appropriate version of the UI is displayed depending on the credentials used to log in. The UI is available in popular browsers including IE7, IE8, IE9, Firefox 3.5+, Firefox 4, Safari 4, and Safari 5. The URL is: (substitute your own management server IP address)
+	</div><pre class="programlisting">http://&lt;management-server-ip-address&gt;:8080/client</pre><div class="para">
+		On a fresh Management Server installation, a guided tour splash screen appears. On later visits, you’ll see a login screen where you specify the following to proceed to your Dashboard:
+	</div><div class="formalpara"><h5 class="formalpara" id="idp5277688">Username</h5>
+			The user ID of your account. The default username is admin.
+		</div><div class="formalpara"><h5 class="formalpara" id="idp2873912">Password</h5>
+			The password associated with the user ID. The password for the default username is password.
+		</div><div class="formalpara"><h5 class="formalpara" id="idp131456">Domain</h5>
+			If you are a root user, leave this field blank.
+		</div><div class="para">
+		If you are a user in the sub-domains, enter the full path to the domain, excluding the root domain.
+	</div><div class="para">
+		For example, suppose multiple levels are created under the root domain, such as Comp1/hr. The users in the Comp1 domain should enter Comp1 in the Domain field, whereas the users in the Comp1/sales domain should enter Comp1/sales.
+	</div><div class="para">
+		For more guidance about the choices that appear when you log in to this UI, see Logging In as the Root Administrator.
+	</div><div xml:lang="en-US" clas

<TRUNCATED>

Mime
View raw message