incubator-cloudstack-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Paul Angus <paul.an...@shapeblue.com>
Subject RE: Security Groups in Advanced Zone - Plugin Support
Date Wed, 06 Mar 2013 15:59:30 GMT
We at ShapeBlue are also very keen to understand the direction that 'Security Groups in Advanced
Zones' is going.

We have a large client who would like to use advanced zone VLAN isolation of accounts, with
security groups based isolation of VM tiers within each account.

Regards,

Paul Angus
S: +44 20 3603 0540 | M: +447711418784
paul.angus@shapeblue.com

-----Original Message-----
From: Mills, Joseph [mailto:joe@midokura.jp]
Sent: 05 March 2013 08:34
To: cloudstack-dev@incubator.apache.org
Cc: Anthony Xu
Subject: Re: Security Groups in Advanced Zone - Plugin Support

Hi Anthony,

Any thoughts? We are looking forward to hearing back from you about this.
Just to recap:

(1) Your current changes add Security Group capabilities for the Virtual Router in advance-shared
only, is this correct?

(2) Your future plan is to add Security Groups to Virtual Router in advanced-isolated, but
will NOT be supportable by other network service providers, is this correct?

(3) Any reason you have decided to implement Security Groups differently than the other network
services? Particularly with respect to pluggability?

Thanks,
Joe

On Fri, Mar 1, 2013 at 12:16 PM, Dave Cahill <dcahill@midokura.com> wrote:

> Hi Anthony,
>
> Adding you in CC in case you missed this message.
>
> We're trying to understand in more detail your plan for Security
> Groups support.
>
> Thanks,
> Dave.
>
> On Fri, Feb 15, 2013 at 3:19 PM, Mills, Joseph <joe@midokura.jp> wrote:
>
> > *Hi Anthony,
> >
> > Thanks for the quick response. Just to check my understanding:
> >
> > CloudStack has 4 networking models:
> > Basic (Only in Basic Zone)
> > Isolated (Only in Advanced Zone)
> > Shared (Only in  Advanced Zone)
> > VPC (Only in  Advanced Zone)
> >
> > Zones can be Security Group enabled, or Security Group disabled -
> > this
> is a
> > tickbox in the UI when creating a Zone.
> >
> > Network Offerings can have the Security Groups Capability enabled or
> > not
> -
> > this is a tickbox in the UI when creating a NetworkOffering.
> >
> > You have code that is almost ready to commit (CLOUDSTACK-737,
> > currently adding unit tests), and you also plan to make further
> > changes for 4.2 - let’s call these “current” and “future”. changes.
> >
> > (1) Your “current” changes add support for the Security Groups
> > Capability in Advanced Shared networks, however this will be only be
> > supported by
> the
> > Virtual Router Provider, with no option to be supported by other
> > network plugins.
> >
> > (2) For 4.2 (“future”), you plan to add support for the Security
> > Groups Capability in Advanced Isolated networks. This will also not
> > have the option of being supported by other network plugins.
> >
> > Is this correct?
> >
> > Any reason why you have chosen to implement this service differently
> > than the other Services with respect to pluggability?
> >
> > Thanks,
> > Joe*
> >
> > On Fri, Feb 15, 2013 at 1:11 PM, Anthony Xu <Xuefei.Xu@citrix.com>
> wrote:
> >
> > > I have plan to add isolated and shared networks to SG enabled zone
> > > in
> > 4.2,
> > > the service providers on these network will be supported in SG
> > > enabled zone, but as for SG enabled shared network, current plan
> > > is only
> support
> > > Virtual Router as service provider. If you want to add other
> > > service provider in SG enabled shared network, please file a
> > > feature request
> for
> > > it, and welcome work on that feature.
> > >
> > >
> > > Anthony
> > >
> > > > -----Original Message-----
> > > > From: Mills, Joseph [mailto:joe@midokura.jp]
> > > > Sent: Thursday, February 14, 2013 7:02 PM
> > > > To: cloudstack-dev@incubator.apache.org
> > > > Subject: Security Groups in Advanced Zone - Plugin Support
> > > >
> > > > I was looking at the FS for Security Group Isolation in Advanced
> Zone,
> > > > (CLOUDSTACK-737) and I noticed that:
> > > >
> > > > "Only one network service provider is supported in advanced SG
> enabled
> > > > zone
> > > > - Virtual Router"
> > > >
> > > > Are there currently any plans to add pluggability support for
> Security
> > > > Groups in 4.2, and if so, is any timeline estimate available? As
> > > > far
> as
> > > > we
> > > > know, all other Services are pluggable, and we would like to
> > > > support Security Group Isolation as well.
> > > >
> > > > Thanks,
> > > > Joe
> > >
> >
>
ShapeBlue provides a range of strategic and technical consulting and implementation services
to help IT Service Providers and Enterprises to build a true IaaS compute cloud. ShapeBlue’s
expertise, combined with CloudStack technology, allows IT Service Providers and Enterprises
to deliver true, utility based, IaaS to the customer or end-user.

________________________________

This email and any attachments to it may be confidential and are intended solely for the use
of the individual to whom it is addressed. Any views or opinions expressed are solely those
of the author and do not necessarily represent those of Shape Blue Ltd. If you are not the
intended recipient of this email, you must neither take any action based upon its contents,
nor copy or show it to anyone. Please contact the sender if you believe you have received
this email in error. Shape Blue Ltd is a company incorporated in England & Wales.
Mime
View raw message