You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cloudstack.apache.org by ke...@apache.org on 2013/10/08 21:27:40 UTC
[36/70] [partial] Adding documents from 4.2
http://git-wip-us.apache.org/repos/asf/cloudstack-docs/blob/b23872a5/en-US/external-guest-firewall-integration.xml
----------------------------------------------------------------------
diff --git a/en-US/external-guest-firewall-integration.xml b/en-US/external-guest-firewall-integration.xml
new file mode 100644
index 0000000..0b34dca
--- /dev/null
+++ b/en-US/external-guest-firewall-integration.xml
@@ -0,0 +1,201 @@
+<?xml version='1.0' encoding='utf-8' ?>
+<!DOCTYPE section PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN" "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
+<!ENTITY % BOOK_ENTITIES SYSTEM "cloudstack.ent">
+%BOOK_ENTITIES;
+]>
+<!-- Licensed to the Apache Software Foundation (ASF) under one
+ or more contributor license agreements. See the NOTICE file
+ distributed with this work for additional information
+ regarding copyright ownership. The ASF licenses this file
+ to you under the Apache License, Version 2.0 (the
+ "License"); you may not use this file except in compliance
+ with the License. You may obtain a copy of the License at
+ http://www.apache.org/licenses/LICENSE-2.0
+ Unless required by applicable law or agreed to in writing,
+ software distributed under the License is distributed on an
+ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ KIND, either express or implied. See the License for the
+ specific language governing permissions and limitations
+ under the License.
+-->
+<section id="external-guest-firewall-integration">
+ <title>External Guest Firewall Integration for Juniper SRX (Optional)</title>
+ <note>
+ <para>Available only for guests using advanced networking.</para>
+ </note>
+ <para>&PRODUCT; provides for direct management of the Juniper SRX series of firewalls. This
+ enables &PRODUCT; to establish static NAT mappings from public IPs to guest VMs, and to use
+ the Juniper device in place of the virtual router for firewall services. You can have one or
+ more Juniper SRX per zone. This feature is optional. If Juniper integration is not provisioned,
+ &PRODUCT; will use the virtual router for these services.</para>
+ <para>The Juniper SRX can optionally be used in conjunction with an external load balancer.
+ External Network elements can be deployed in a side-by-side or inline configuration.</para>
+ <mediaobject>
+ <imageobject>
+ <imagedata fileref="./images/parallel-mode.png"/>
+ </imageobject>
+ <textobject>
+ <phrase>parallel-mode.png: adding a firewall and load balancer in parallel mode.</phrase>
+ </textobject>
+ </mediaobject>
+ <para>&PRODUCT; requires the Juniper to be configured as follows:</para>
+ <note>
+ <para>Supported SRX software version is 10.3 or higher.</para>
+ </note>
+ <orderedlist>
+ <listitem>
+ <para>Install your SRX appliance according to the vendor's instructions.</para>
+ </listitem>
+ <listitem>
+ <para>Connect one interface to the management network and one interface to the public network.
+ Alternatively, you can connect the same interface to both networks and a use a VLAN for the
+ public network.</para>
+ </listitem>
+ <listitem>
+ <para>Make sure "vlan-tagging" is enabled on the private interface.</para>
+ </listitem>
+ <listitem>
+ <para>Record the public and private interface names. If you used a VLAN for the public
+ interface, add a ".[VLAN TAG]" after the interface name. For example, if you are using
+ ge-0/0/3 for your public interface and VLAN tag 301, your public interface name would be
+ "ge-0/0/3.301". Your private interface name should always be untagged because the
+ &PRODUCT; software automatically creates tagged logical interfaces.</para>
+ </listitem>
+ <listitem>
+ <para>Create a public security zone and a private security zone. By default, these will
+ already exist and will be called "untrust" and "trust". Add the public interface to the
+ public zone and the private interface to the private zone. Note down the security zone
+ names.</para>
+ </listitem>
+ <listitem>
+ <para>Make sure there is a security policy from the private zone to the public zone that
+ allows all traffic.</para>
+ </listitem>
+ <listitem>
+ <para>Note the username and password of the account you want the &PRODUCT; software to log
+ in to when it is programming rules.</para>
+ </listitem>
+ <listitem>
+ <para>Make sure the "ssh" and "xnm-clear-text" system services are enabled.</para>
+ </listitem>
+ <listitem>
+ <para>If traffic metering is desired:</para>
+ <orderedlist>
+ <listitem>
+ <para>a. Create an incoming firewall filter and an outgoing firewall filter. These filters
+ should be the same names as your public security zone name and private security zone
+ name respectively. The filters should be set to be "interface-specific". For example,
+ here is the configuration where the public zone is "untrust" and the private zone is
+ "trust":</para>
+ <programlisting>root@cloud-srx# show firewall
+filter trust {
+ interface-specific;
+}
+filter untrust {
+ interface-specific;
+}</programlisting>
+ </listitem>
+ <listitem>
+ <para>Add the firewall filters to your public interface. For example, a sample
+ configuration output (for public interface ge-0/0/3.0, public security zone untrust, and
+ private security zone trust) is:</para>
+ <programlisting>ge-0/0/3 {
+ unit 0 {
+ family inet {
+ filter {
+ input untrust;
+ output trust;
+ }
+ address 172.25.0.252/16;
+ }
+ }
+}</programlisting>
+ </listitem>
+ </orderedlist>
+ </listitem>
+ <listitem>
+ <para>Make sure all VLANs are brought to the private interface of the SRX.</para>
+ </listitem>
+ <listitem>
+ <para>After the &PRODUCT; Management Server is installed, log in to the &PRODUCT; UI as
+ administrator.</para>
+ </listitem>
+ <listitem>
+ <para>In the left navigation bar, click Infrastructure.</para>
+ </listitem>
+ <listitem>
+ <para>In Zones, click View More.</para>
+ </listitem>
+ <listitem>
+ <para>Choose the zone you want to work with.</para>
+ </listitem>
+ <listitem>
+ <para>Click the Network tab.</para>
+ </listitem>
+ <listitem>
+ <para>In the Network Service Providers node of the diagram, click Configure. (You might have
+ to scroll down to see this.)</para>
+ </listitem>
+ <listitem>
+ <para>Click SRX.</para>
+ </listitem>
+ <listitem>
+ <para>Click the Add New SRX button (+) and provide the following:</para>
+ <itemizedlist>
+ <listitem>
+ <para>IP Address: The IP address of the SRX.</para>
+ </listitem>
+ <listitem>
+ <para>Username: The user name of the account on the SRX that &PRODUCT; should use.</para>
+ </listitem>
+ <listitem>
+ <para>Password: The password of the account.</para>
+ </listitem>
+ <listitem>
+ <para>Public Interface. The name of the public interface on the SRX. For example,
+ ge-0/0/2. A ".x" at the end of the interface indicates the VLAN that is in use.</para>
+ </listitem>
+ <listitem>
+ <para>Private Interface: The name of the private interface on the SRX. For example,
+ ge-0/0/1. </para>
+ </listitem>
+ <listitem>
+ <para>Usage Interface: (Optional) Typically, the public interface is used to meter
+ traffic. If you want to use a different interface, specify its name here</para>
+ </listitem>
+ <listitem>
+ <para>Number of Retries: The number of times to attempt a command on the SRX before
+ failing. The default value is 2.</para>
+ </listitem>
+ <listitem>
+ <para>Timeout (seconds): The time to wait for a command on the SRX before considering it
+ failed. Default is 300 seconds.</para>
+ </listitem>
+ <listitem>
+ <para>Public Network: The name of the public network on the SRX. For example,
+ trust.</para>
+ </listitem>
+ <listitem>
+ <para>Private Network: The name of the private network on the SRX. For example,
+ untrust.</para>
+ </listitem>
+ <listitem>
+ <para>Capacity: The number of networks the device can handle</para>
+ </listitem>
+ <listitem>
+ <para>Dedicated: When marked as dedicated, this device will be dedicated to a single
+ account. When Dedicated is checked, the value in the Capacity field has no significance
+ implicitly, its value is 1</para>
+ </listitem>
+ </itemizedlist>
+ </listitem>
+ <listitem>
+ <para>Click OK.</para>
+ </listitem>
+ <listitem>
+ <para>Click Global Settings. Set the parameter external.network.stats.interval to indicate how
+ often you want &PRODUCT; to fetch network usage statistics from the Juniper SRX. If you
+ are not using the SRX to gather network usage statistics, set to 0.</para>
+ </listitem>
+ </orderedlist>
+</section>
http://git-wip-us.apache.org/repos/asf/cloudstack-docs/blob/b23872a5/en-US/external-guest-lb-integration.xml
----------------------------------------------------------------------
diff --git a/en-US/external-guest-lb-integration.xml b/en-US/external-guest-lb-integration.xml
new file mode 100644
index 0000000..5760f95
--- /dev/null
+++ b/en-US/external-guest-lb-integration.xml
@@ -0,0 +1,109 @@
+<?xml version='1.0' encoding='utf-8' ?>
+<!DOCTYPE section PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN" "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
+<!ENTITY % BOOK_ENTITIES SYSTEM "cloudstack.ent">
+%BOOK_ENTITIES;
+]>
+<!-- Licensed to the Apache Software Foundation (ASF) under one
+ or more contributor license agreements. See the NOTICE file
+ distributed with this work for additional information
+ regarding copyright ownership. The ASF licenses this file
+ to you under the Apache License, Version 2.0 (the
+ "License"); you may not use this file except in compliance
+ with the License. You may obtain a copy of the License at
+ http://www.apache.org/licenses/LICENSE-2.0
+ Unless required by applicable law or agreed to in writing,
+ software distributed under the License is distributed on an
+ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ KIND, either express or implied. See the License for the
+ specific language governing permissions and limitations
+ under the License.
+-->
+<section id="external-guest-lb-integration">
+ <title>External Guest Load Balancer Integration (Optional)</title>
+ <para>&PRODUCT; can optionally use a Citrix NetScaler or BigIP F5 load balancer to provide load
+ balancing services to guests. If this is not enabled, &PRODUCT; will use the software load
+ balancer in the virtual router.</para>
+ <para>To install and enable an external load balancer for &PRODUCT; management:</para>
+ <orderedlist>
+ <listitem>
+ <para>Set up the appliance according to the vendor's directions.</para>
+ </listitem>
+ <listitem>
+ <para>Connect it to the networks carrying public traffic and management traffic (these could
+ be the same network).</para>
+ </listitem>
+ <listitem>
+ <para>Record the IP address, username, password, public interface name, and private interface
+ name. The interface names will be something like "1.1" or "1.2".</para>
+ </listitem>
+ <listitem>
+ <para>Make sure that the VLANs are trunked to the management network interface.</para>
+ </listitem>
+ <listitem>
+ <para>After the &PRODUCT; Management Server is installed, log in as administrator to the
+ &PRODUCT; UI.</para>
+ </listitem>
+ <listitem>
+ <para>In the left navigation bar, click Infrastructure.</para>
+ </listitem>
+ <listitem>
+ <para>In Zones, click View More.</para>
+ </listitem>
+ <listitem>
+ <para>Choose the zone you want to work with.</para>
+ </listitem>
+ <listitem>
+ <para>Click the Network tab.</para>
+ </listitem>
+ <listitem>
+ <para>In the Network Service Providers node of the diagram, click Configure. (You might have
+ to scroll down to see this.)</para>
+ </listitem>
+ <listitem>
+ <para>Click NetScaler or F5.</para>
+ </listitem>
+ <listitem>
+ <para>Click the Add button (+) and provide the following:</para>
+ <para>For NetScaler:</para>
+ <itemizedlist>
+ <listitem>
+ <para>IP Address: The IP address of the SRX.</para>
+ </listitem>
+ <listitem>
+ <para>Username/Password: The authentication credentials to access the device. &PRODUCT;
+ uses these credentials to access the device.</para>
+ </listitem>
+ <listitem>
+ <para>Type: The type of device that is being added. It could be F5 Big Ip Load Balancer,
+ NetScaler VPX, NetScaler MPX, or NetScaler SDX. For a comparison of the NetScaler types,
+ see the &PRODUCT; Administration Guide.</para>
+ </listitem>
+ <listitem>
+ <para>Public interface: Interface of device that is configured to be part of the public
+ network.</para>
+ </listitem>
+ <listitem>
+ <para>Private interface: Interface of device that is configured to be part of the private
+ network.</para>
+ </listitem>
+ <listitem>
+ <para>Number of retries. Number of times to attempt a command on the device before
+ considering the operation failed. Default is 2.</para>
+ </listitem>
+ <listitem>
+ <para>Capacity: The number of networks the device can handle.</para>
+ </listitem>
+ <listitem>
+ <para>Dedicated: When marked as dedicated, this device will be dedicated to a single
+ account. When Dedicated is checked, the value in the Capacity field has no significance
+ implicitly, its value is 1.</para>
+ </listitem>
+ </itemizedlist>
+ </listitem>
+ <listitem>
+ <para>Click OK.</para>
+ </listitem>
+ </orderedlist>
+ <para>The installation and provisioning of the external load balancer is finished. You can proceed
+ to add VMs and NAT or load balancing rules.</para>
+</section>
http://git-wip-us.apache.org/repos/asf/cloudstack-docs/blob/b23872a5/en-US/extracting-source.xml
----------------------------------------------------------------------
diff --git a/en-US/extracting-source.xml b/en-US/extracting-source.xml
new file mode 100644
index 0000000..d169040
--- /dev/null
+++ b/en-US/extracting-source.xml
@@ -0,0 +1,36 @@
+<?xml version='1.0' encoding='utf-8' ?>
+<!DOCTYPE section PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN" "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
+<!ENTITY % BOOK_ENTITIES SYSTEM "cloudstack.ent">
+%BOOK_ENTITIES;
+]>
+
+<!-- Licensed to the Apache Software Foundation (ASF) under one
+ or more contributor license agreements. See the NOTICE file
+ distributed with this work for additional information
+ regarding copyright ownership. The ASF licenses this file
+ to you under the Apache License, Version 2.0 (the
+ "License"); you may not use this file except in compliance
+ with the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing,
+ software distributed under the License is distributed on an
+ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ KIND, either express or implied. See the License for the
+ specific language governing permissions and limitations
+ under the License.
+-->
+
+<section id="sect-source-extract">
+ <title>Extracting source</title>
+ <para>
+ Extracting the &PRODUCT; release is relatively simple and can be done
+ with a single command as follows:
+ <programlisting><prompt>$</prompt> <command>tar</command> -jxvf apache-cloudstack-4.1.0.src.tar.bz2</programlisting>
+ </para>
+ <para>
+ You can now move into the directory:
+ <programlisting><prompt>$</prompt> <command>cd</command> ./apache-cloudstack-4.1.0-src</programlisting>
+ </para>
+</section>
http://git-wip-us.apache.org/repos/asf/cloudstack-docs/blob/b23872a5/en-US/feature-overview.xml
----------------------------------------------------------------------
diff --git a/en-US/feature-overview.xml b/en-US/feature-overview.xml
new file mode 100644
index 0000000..57b6d84
--- /dev/null
+++ b/en-US/feature-overview.xml
@@ -0,0 +1,81 @@
+<?xml version='1.0' encoding='utf-8' ?>
+<!DOCTYPE section PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN" "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
+<!ENTITY % BOOK_ENTITIES SYSTEM "cloudstack.ent">
+%BOOK_ENTITIES;
+]>
+
+<!-- Licensed to the Apache Software Foundation (ASF) under one
+ or more contributor license agreements. See the NOTICE file
+ distributed with this work for additional information
+ regarding copyright ownership. The ASF licenses this file
+ to you under the Apache License, Version 2.0 (the
+ "License"); you may not use this file except in compliance
+ with the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing,
+ software distributed under the License is distributed on an
+ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ KIND, either express or implied. See the License for the
+ specific language governing permissions and limitations
+ under the License.
+-->
+<section id="feature-overview">
+ <title>What Can &PRODUCT; Do?</title>
+ <para>
+ <emphasis role="bold">Multiple Hypervisor Support</emphasis>
+ </para>
+ <para>
+ &PRODUCT; works with a variety of hypervisors, and a single cloud deployment can contain multiple hypervisor implementations. The current release of &PRODUCT; supports pre-packaged enterprise solutions like Citrix XenServer and VMware vSphere, as well as KVM or Xen running on Ubuntu or CentOS.
+ </para>
+ <para>
+ <emphasis role="bold">Massively Scalable Infrastructure Management</emphasis>
+ </para>
+ <para>
+ &PRODUCT; can manage tens of thousands of servers installed in multiple geographically distributed datacenters. The centralized management server scales linearly, eliminating the need for intermediate cluster-level management servers. No single component failure can cause cloud-wide outage. Periodic maintenance of the management server can be performed without affecting the functioning of virtual machines running in the cloud.
+ </para>
+ <para>
+ <emphasis role="bold">Automatic Configuration Management</emphasis>
+ </para>
+ <para>&PRODUCT; automatically configures each guest virtual machine’s networking and storage settings.
+ </para>
+ <para>&PRODUCT; internally manages a pool of virtual appliances to support the cloud itself. These appliances offer services such as firewalling, routing, DHCP, VPN access, console proxy, storage access, and storage replication. The extensive use of virtual appliances simplifies the installation, configuration, and ongoing management of a cloud deployment.
+ </para>
+ <para>
+ <emphasis role="bold">Graphical User Interface</emphasis>
+ </para>
+ <para>&PRODUCT; offers an administrator's Web interface, used for provisioning and managing the cloud, as well as an end-user's Web interface, used for running VMs and managing VM templates. The UI can be customized to reflect the desired service provider or enterprise look and feel.
+ </para>
+ <para>
+ <emphasis role="bold">API and Extensibility</emphasis>
+ </para>
+ <para>
+ &PRODUCT; provides an API that gives programmatic access to all the
+ management features available in the UI. The API is maintained and
+ documented. This API enables the creation of command line tools and
+ new user interfaces to suit particular needs. See the Developer’s
+ Guide and API Reference, both available at
+ <ulink url="http://cloudstack.apache.org/docs/en-US/index.html">Apache CloudStack Guides</ulink>
+ and
+ <ulink url="http://cloudstack.apache.org/docs/api/index.html">Apache CloudStack API Reference</ulink>
+ respectively.
+ </para>
+ <para>
+ The &PRODUCT; pluggable allocation architecture allows the creation
+ of new types of allocators for the selection of storage and Hosts.
+ See the Allocator Implementation Guide
+ (<ulink url="http://docs.cloudstack.org/CloudStack_Documentation/Allocator_Implementation_Guide">http://docs.cloudstack.org/CloudStack_Documentation/Allocator_Implementation_Guide</ulink>).
+ </para>
+ <para>
+ <emphasis role="bold">High Availability</emphasis>
+ </para>
+ <para>
+ &PRODUCT; has a number of features to increase the availability of the
+ system. The Management Server itself may be deployed in a multi-node
+ installation where the servers are load balanced. MySQL may be configured
+ to use replication to provide for a manual failover in the event of
+ database loss. For the hosts, &PRODUCT; supports NIC bonding and the use
+ of separate networks for storage as well as iSCSI Multipath.
+ </para>
+</section>
http://git-wip-us.apache.org/repos/asf/cloudstack-docs/blob/b23872a5/en-US/feedback.xml
----------------------------------------------------------------------
diff --git a/en-US/feedback.xml b/en-US/feedback.xml
new file mode 100644
index 0000000..4b06c9f
--- /dev/null
+++ b/en-US/feedback.xml
@@ -0,0 +1,24 @@
+<?xml version='1.0' encoding='utf-8' ?>
+<!DOCTYPE section PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN" "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
+<!ENTITY % BOOK_ENTITIES SYSTEM "cloudstack.ent">
+%BOOK_ENTITIES;
+]>
+<!-- Licensed to the Apache Software Foundation (ASF) under one
+ or more contributor license agreements. See the NOTICE file
+ distributed with this work for additional information
+ regarding copyright ownership. The ASF licenses this file
+ to you under the Apache License, Version 2.0 (the
+ "License"); you may not use this file except in compliance
+ with the License. You may obtain a copy of the License at
+ http://www.apache.org/licenses/LICENSE-2.0
+ Unless required by applicable law or agreed to in writing,
+ software distributed under the License is distributed on an
+ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ KIND, either express or implied. See the License for the
+ specific language governing permissions and limitations
+ under the License.
+-->
+<section id="feedback">
+ <title>Feedback</title>
+ <para>to-do</para>
+</section>
http://git-wip-us.apache.org/repos/asf/cloudstack-docs/blob/b23872a5/en-US/firewall-rules.xml
----------------------------------------------------------------------
diff --git a/en-US/firewall-rules.xml b/en-US/firewall-rules.xml
new file mode 100644
index 0000000..837a4c6
--- /dev/null
+++ b/en-US/firewall-rules.xml
@@ -0,0 +1,82 @@
+<?xml version='1.0' encoding='utf-8' ?>
+<!DOCTYPE section PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN" "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
+<!ENTITY % BOOK_ENTITIES SYSTEM "cloudstack.ent">
+%BOOK_ENTITIES;
+]>
+<!-- Licensed to the Apache Software Foundation (ASF) under one
+ or more contributor license agreements. See the NOTICE file
+ distributed with this work for additional information
+ regarding copyright ownership. The ASF licenses this file
+ to you under the Apache License, Version 2.0 (the
+ "License"); you may not use this file except in compliance
+ with the License. You may obtain a copy of the License at
+ http://www.apache.org/licenses/LICENSE-2.0
+ Unless required by applicable law or agreed to in writing,
+ software distributed under the License is distributed on an
+ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ KIND, either express or implied. See the License for the
+ specific language governing permissions and limitations
+ under the License.
+-->
+<section id="firewall-rules">
+ <title>Firewall Rules</title>
+ <para>By default, all incoming traffic to the public IP address is rejected by the firewall. To
+ allow external traffic, you can open firewall ports by specifying firewall rules. You can
+ optionally specify one or more CIDRs to filter the source IPs. This is useful when you want to
+ allow only incoming requests from certain IP addresses.</para>
+ <para>You cannot use firewall rules to open ports for an elastic IP address. When elastic IP is
+ used, outside access is instead controlled through the use of security groups. See <xref
+ linkend="add-security-group"/>.</para>
+ <para>In an advanced zone, you can also create egress firewall rules by using the virtual router.
+ For more information, see <xref linkend="egress-firewall-rule"/>.</para>
+ <para>Firewall rules can be created using the Firewall tab in the Management Server UI. This tab
+ is not displayed by default when &PRODUCT; is installed. To display the Firewall tab, the
+ &PRODUCT; administrator must set the global configuration parameter firewall.rule.ui.enabled to
+ "true."</para>
+ <para>To create a firewall rule:</para>
+ <orderedlist>
+ <listitem>
+ <para>Log in to the &PRODUCT; UI as an administrator or end user. </para>
+ </listitem>
+ <listitem>
+ <para>In the left navigation, choose Network.</para>
+ </listitem>
+ <listitem>
+ <para>Click the name of the network where you want to work with.</para>
+ </listitem>
+ <listitem>
+ <para>Click View IP Addresses.</para>
+ </listitem>
+ <listitem>
+ <para>Click the IP address you want to work with.</para>
+ </listitem>
+ <listitem>
+ <para>Click the Configuration tab and fill in the following values.</para>
+ <itemizedlist>
+ <listitem>
+ <para><emphasis role="bold">Source CIDR</emphasis>. (Optional) To accept only traffic from
+ IP addresses within a particular address block, enter a CIDR or a comma-separated list
+ of CIDRs. Example: 192.168.0.0/22. Leave empty to allow all CIDRs.</para>
+ </listitem>
+ <listitem>
+ <para><emphasis role="bold">Protocol</emphasis>. The communication protocol in use on the
+ opened port(s).</para>
+ </listitem>
+ <listitem>
+ <para><emphasis role="bold">Start Port and End Port</emphasis>. The port(s) you want to
+ open on the firewall. If you are opening a single port, use the same number in both
+ fields</para>
+ </listitem>
+ <listitem>
+ <para><emphasis role="bold">ICMP Type and ICMP Code</emphasis>. Used only if Protocol is
+ set to ICMP. Provide the type and code required by the ICMP protocol to fill out the
+ ICMP header. Refer to ICMP documentation for more details if you are not sure what to
+ enter</para>
+ </listitem>
+ </itemizedlist>
+ </listitem>
+ <listitem>
+ <para>Click Add.</para>
+ </listitem>
+ </orderedlist>
+</section>
http://git-wip-us.apache.org/repos/asf/cloudstack-docs/blob/b23872a5/en-US/first_ms_node_install.xml
----------------------------------------------------------------------
diff --git a/en-US/first_ms_node_install.xml b/en-US/first_ms_node_install.xml
new file mode 100644
index 0000000..af6b35b
--- /dev/null
+++ b/en-US/first_ms_node_install.xml
@@ -0,0 +1,57 @@
+<?xml version='1.0' encoding='utf-8' ?>
+<!DOCTYPE section PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN" "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
+<!ENTITY % BOOK_ENTITIES SYSTEM "cloudstack.ent">
+%BOOK_ENTITIES;
+]>
+
+<!-- Licensed to the Apache Software Foundation (ASF) under one
+ or more contributor license agreements. See the NOTICE file
+ distributed with this work for additional information
+ regarding copyright ownership. The ASF licenses this file
+ to you under the Apache License, Version 2.0 (the
+ "License"); you may not use this file except in compliance
+ with the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing,
+ software distributed under the License is distributed on an
+ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ KIND, either express or implied. See the License for the
+ specific language governing permissions and limitations
+ under the License.
+-->
+
+ <section id="first_ms_node_install">
+ <title>Install the First Management Server</title>
+ <orderedlist>
+ <listitem>
+ <para>
+ Ensure you have configured your machine according to
+ <xref linkend="sect-source-buildrpm-repo2" />
+ or
+ <xref linkend="sect-source-builddebs-repo2" />
+ as appropriate for your platform.
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ Install the &PRODUCT; management server packages by
+ issuing one of the following commands as appropriate:
+ <programlisting><prompt>#</prompt> <command>yum</command> install cloudstack-management</programlisting>
+ <programlisting><prompt>#</prompt> <command>apt-get</command> install cloudstack-management</programlisting>
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ (RPM-based distributions) When the installation is
+ finished, run the following commands to start essential
+ services:</para>
+ <programlisting><prompt>#</prompt> <command>service</command> rpcbind start
+<prompt>#</prompt> <command>service</command> nfs start
+<prompt>#</prompt> <command>chkconfig</command> nfs on
+<prompt>#</prompt> <command>chkconfig</command> rpcbind on
+ </programlisting>
+ </listitem>
+ </orderedlist>
+ </section>
http://git-wip-us.apache.org/repos/asf/cloudstack-docs/blob/b23872a5/en-US/generic-firewall-provisions.xml
----------------------------------------------------------------------
diff --git a/en-US/generic-firewall-provisions.xml b/en-US/generic-firewall-provisions.xml
new file mode 100644
index 0000000..53ae45a
--- /dev/null
+++ b/en-US/generic-firewall-provisions.xml
@@ -0,0 +1,37 @@
+<?xml version='1.0' encoding='utf-8' ?>
+<!DOCTYPE section PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN" "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
+<!ENTITY % BOOK_ENTITIES SYSTEM "cloudstack.ent">
+%BOOK_ENTITIES;
+]>
+<!-- Licensed to the Apache Software Foundation (ASF) under one
+ or more contributor license agreements. See the NOTICE file
+ distributed with this work for additional information
+ regarding copyright ownership. The ASF licenses this file
+ to you under the Apache License, Version 2.0 (the
+ "License"); you may not use this file except in compliance
+ with the License. You may obtain a copy of the License at
+ http://www.apache.org/licenses/LICENSE-2.0
+ Unless required by applicable law or agreed to in writing,
+ software distributed under the License is distributed on an
+ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ KIND, either express or implied. See the License for the
+ specific language governing permissions and limitations
+ under the License.
+-->
+<section id="generic-firewall-provisions">
+ <title>Generic Firewall Provisions</title>
+ <para>The hardware firewall is required to serve two purposes:</para>
+ <itemizedlist>
+ <listitem>
+ <para>Protect the Management Servers. NAT and port forwarding should be configured to direct
+ traffic from the public Internet to the Management Servers.</para>
+ </listitem>
+ <listitem>
+ <para>Route management network traffic between multiple zones. Site-to-site VPN should be
+ configured between multiple zones.</para>
+ </listitem>
+ </itemizedlist>
+ <para>To achieve the above purposes you must set up fixed configurations for the firewall.
+ Firewall rules and policies need not change as users are provisioned into the cloud. Any brand
+ of hardware firewall that supports NAT and site-to-site VPN can be used.</para>
+</section>
http://git-wip-us.apache.org/repos/asf/cloudstack-docs/blob/b23872a5/en-US/getting-release.xml
----------------------------------------------------------------------
diff --git a/en-US/getting-release.xml b/en-US/getting-release.xml
new file mode 100644
index 0000000..ee08a94
--- /dev/null
+++ b/en-US/getting-release.xml
@@ -0,0 +1,40 @@
+<?xml version='1.0' encoding='utf-8' ?>
+<!DOCTYPE section PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN" "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
+<!ENTITY % BOOK_ENTITIES SYSTEM "cloudstack.ent">
+%BOOK_ENTITIES;
+]>
+
+<!-- Licensed to the Apache Software Foundation (ASF) under one
+ or more contributor license agreements. See the NOTICE file
+ distributed with this work for additional information
+ regarding copyright ownership. The ASF licenses this file
+ to you under the Apache License, Version 2.0 (the
+ "License"); you may not use this file except in compliance
+ with the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing,
+ software distributed under the License is distributed on an
+ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ KIND, either express or implied. See the License for the
+ specific language governing permissions and limitations
+ under the License.
+-->
+
+<section id="sect-source-gettingrelease">
+ <title>Getting the release</title>
+ <para>
+ You can download the latest &PRODUCT; release from the
+ <ulink url="http://incubator.apache.org/cloudstack/downloads.html">
+ Apache CloudStack project download page</ulink>.
+ </para>
+ <para>Prior releases are available via archive.apache.org as well. See the downloads page for more information on archived releases.</para>
+ <para>You'll notice several links under the 'Latest release' section. A link to a file ending in <filename>tar.bz2</filename>, as well as a PGP/GPG signature, MD5, and SHA512 file.</para>
+ <itemizedlist>
+ <listitem><para>The <filename>tar.bz2</filename> file contains the Bzip2-compressed tarball with the source code.</para></listitem>
+ <listitem><para>The <filename>.asc</filename> file is a detached cryptographic signature that can be used to help verify the authenticity of the release.</para></listitem>
+ <listitem><para>The <filename>.md5</filename> file is an MD5 hash of the release to aid in verify the validity of the release download.</para></listitem>
+ <listitem><para>The <filename>.sha</filename> file is a SHA512 hash of the release to aid in verify the validity of the release download.</para></listitem>
+ </itemizedlist>
+</section>
http://git-wip-us.apache.org/repos/asf/cloudstack-docs/blob/b23872a5/en-US/global-config.xml
----------------------------------------------------------------------
diff --git a/en-US/global-config.xml b/en-US/global-config.xml
new file mode 100644
index 0000000..30d02eb
--- /dev/null
+++ b/en-US/global-config.xml
@@ -0,0 +1,298 @@
+<?xml version='1.0' encoding='utf-8' ?>
+<!DOCTYPE chapter PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN" "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
+<!ENTITY % BOOK_ENTITIES SYSTEM "cloudstack.ent">
+%BOOK_ENTITIES;
+]>
+<!-- Licensed to the Apache Software Foundation (ASF) under one
+ or more contributor license agreements. See the NOTICE file
+ distributed with this work for additional information
+ regarding copyright ownership. The ASF licenses this file
+ to you under the Apache License, Version 2.0 (the
+ "License"); you may not use this file except in compliance
+ with the License. You may obtain a copy of the License at
+ http://www.apache.org/licenses/LICENSE-2.0
+ Unless required by applicable law or agreed to in writing,
+ software distributed under the License is distributed on an
+ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ KIND, either express or implied. See the License for the
+ specific language governing permissions and limitations
+ under the License.
+-->
+<chapter id="global-config">
+ <title>Setting Configuration Parameters</title>
+ <section id="about-global-config-parameters">
+ <title>About Configuration Parameters</title>
+ <para>&PRODUCT; provides a variety of settings you can use to set limits, configure features,
+ and enable or disable features in the cloud. Once your Management Server is running, you might
+ need to set some of these configuration parameters, depending on what optional features
+ you are setting up.
+ You can set default values at the global level, which will be in effect throughout the cloud unless you override them at a lower level.
+ You can make local settings, which will override the global configuration parameter values, at the level of an account, zone, cluster, or primary storage.</para>
+ <para>The documentation for each &PRODUCT; feature should direct you to the names of the applicable
+ parameters. The following table
+ shows a few of the more useful parameters.</para>
+ <informaltable frame="all">
+ <tgroup cols="2" align="left" colsep="1" rowsep="1">
+ <colspec colnum="1" colname="c1" colwidth="1.0*"/>
+ <colspec colnum="2" colname="c2" colwidth="3.55*"/>
+ <thead>
+ <row>
+ <entry><para>Field</para></entry>
+ <entry><para>Value</para></entry>
+ </row>
+ </thead>
+ <tbody>
+ <row>
+ <entry><para>management.network.cidr</para></entry>
+ <entry><para>A CIDR that describes the network that the management CIDRs reside on. This
+ variable must be set for deployments that use vSphere. It is recommended to be set for
+ other deployments as well. Example: 192.168.3.0/24.</para></entry>
+ </row>
+ <row>
+ <entry><para>xen.setup.multipath</para></entry>
+ <entry><para>For XenServer nodes, this is a true/false variable that instructs CloudStack to
+ enable iSCSI multipath on the XenServer Hosts when they are added. This defaults to false.
+ Set it to true if you would like CloudStack to enable multipath.</para>
+ <para>If this is true for a NFS-based deployment multipath will still be enabled on the
+ XenServer host. However, this does not impact NFS operation and is harmless.</para></entry>
+ </row>
+ <row>
+ <entry><para>secstorage.allowed.internal.sites</para></entry>
+ <entry><para>This is used to protect your internal network from rogue attempts to download
+ arbitrary files using the template download feature. This is a comma-separated list of CIDRs.
+ If a requested URL matches any of these CIDRs the Secondary Storage VM will use the private
+ network interface to fetch the URL. Other URLs will go through the public interface.
+ We suggest you set this to 1 or 2 hardened internal machines where you keep your templates.
+ For example, set it to 192.168.1.66/32.</para></entry>
+ </row>
+ <row>
+ <entry><para>use.local.storage</para></entry>
+ <entry><para>Determines whether CloudStack will use storage that is local to the Host for data
+ disks, templates, and snapshots. By default CloudStack will not use this storage. You should
+ change this to true if you want to use local storage and you understand the reliability and
+ feature drawbacks to choosing local storage.</para></entry>
+ </row>
+ <row>
+ <entry><para>host</para></entry>
+ <entry><para>This is the IP address of the Management Server. If you are using multiple
+ Management Servers you should enter a load balanced IP address that is reachable via
+ the private network.</para></entry>
+ </row>
+ <row>
+ <entry><para>default.page.size</para></entry>
+ <entry><para>Maximum number of items per page that can be returned by a CloudStack API command.
+ The limit applies at the cloud level and can vary from cloud to cloud. You can override this
+ with a lower value on a particular API call by using the page and pagesize API command parameters.
+ For more information, see the Developer's Guide. Default: 500.</para></entry>
+ </row>
+ <row>
+ <entry><para>ha.tag</para></entry>
+ <entry><para>The label you want to use throughout the cloud to designate certain hosts as dedicated
+ HA hosts. These hosts will be used only for HA-enabled VMs that are restarting due to the failure
+ of another host. For example, you could set this to ha_host. Specify the ha.tag value as a host tag
+ when you add a new host to the cloud.</para></entry>
+ </row>
+ </tbody>
+ </tgroup>
+ </informaltable>
+ </section>
+ <section id="global-config-howto">
+ <title>Setting Global Configuration Parameters</title>
+ <para>Use the following steps to set global configuration parameters. These values will be the defaults in effect throughout your &PRODUCT; deployment.</para>
+ <orderedlist>
+ <listitem><para>Log in to the UI as administrator.</para></listitem>
+ <listitem><para>In the left navigation bar, click Global Settings.</para></listitem>
+ <listitem><para>In Select View, choose one of the following:</para>
+ <itemizedlist>
+ <listitem><para>Global Settings. This displays a list of the parameters with brief descriptions and current values.</para></listitem>
+ <listitem><para>Hypervisor Capabilities. This displays a list of hypervisor versions with the maximum number of guests supported for each.</para></listitem>
+ </itemizedlist>
+ </listitem>
+ <listitem><para>Use the search box to narrow down the list to those you are interested in.</para></listitem>
+ <listitem><para>In the Actions column, click the Edit icon to modify a value. If you are viewing Hypervisor Capabilities, you must click the name of the hypervisor first to display the editing screen.</para></listitem>
+ </orderedlist>
+ </section>
+ <section id="local-config-howto">
+ <title>Setting Local Configuration Parameters</title>
+ <para>Use the following steps to set local configuration parameters for an account, zone, cluster, or primary storage.
+ These values will override the global configuration settings.</para>
+ <orderedlist>
+ <listitem><para>Log in to the UI as administrator.</para></listitem>
+ <listitem><para>In the left navigation bar, click Infrastructure or Accounts, depending on where you want to set a value.</para></listitem>
+ <listitem><para>Find the name of the particular resource that you want to work with. For example, if you are in Infrastructure,
+ click View All on the Zones, Clusters, or Primary Storage area.</para></listitem>
+ <listitem><para>Click the name of the resource where you want to set a limit.</para></listitem>
+ <listitem><para>Click the Settings tab.</para></listitem>
+ <listitem><para>Use the search box to narrow down the list to those you are interested in.</para></listitem>
+ <listitem><para>In the Actions column, click the Edit icon to modify a value.</para></listitem>
+ </orderedlist>
+ </section>
+ <section id="granular-param">
+ <title>Granular Global Configuration Parameters</title>
+ <para>The following global configuration parameters have been made more granular. The parameters
+ are listed under three different scopes: account, cluster, and zone. </para>
+ <informaltable frame="all">
+ <tgroup cols="3" align="left" colsep="1" rowsep="1">
+ <colspec colnum="1" colname="c1" colwidth="1.0*"/>
+ <colspec colnum="2" colname="c2" colwidth="2.08*"/>
+ <colspec colnum="3" colname="c3" colwidth="11.86*"/>
+ <thead>
+ <row>
+ <entry><para>Field</para></entry>
+ <entry><para>Field</para></entry>
+ <entry><para>Value</para></entry>
+ </row>
+ </thead>
+ <tbody>
+ <row>
+ <entry><para>account</para></entry>
+ <entry><para>remote.access.vpn.client.iprange </para></entry>
+ <entry><para>The range of IPs to be allocated to remotely access the VPN clients. The
+ first IP in the range is used by the VPN server.</para></entry>
+ </row>
+ <row>
+ <entry><para>account</para></entry>
+ <entry><para>allow.public.user.templates</para></entry>
+ <entry><para>If false, users will not be able to create public templates.</para></entry>
+ </row>
+ <row>
+ <entry><para>account</para></entry>
+ <entry><para>use.system.public.ips</para></entry>
+ <entry><para>If true and if an account has one or more dedicated public IP ranges, IPs
+ are acquired from the system pool after all the IPs dedicated to the account have
+ been consumed.</para></entry>
+ </row>
+ <row>
+ <entry><para>account</para></entry>
+ <entry><para>use.system.guest.vlans </para></entry>
+ <entry><para>If true and if an account has one or more dedicated guest VLAN ranges,
+ VLANs are allocated from the system pool after all the VLANs dedicated to the
+ account have been consumed.</para></entry>
+ </row>
+ <row>
+ <entry><para>cluster</para></entry>
+ <entry><para>cluster.storage.allocated.capacity.notificationthreshold </para></entry>
+ <entry><para>The percentage, as a value between 0 and 1, of allocated storage utilization above which
+ alerts are sent that the storage is below the threshold.</para></entry>
+ </row>
+ <row>
+ <entry><para>cluster</para></entry>
+ <entry><para>cluster.storage.capacity.notificationthreshold </para></entry>
+ <entry><para>The percentage, as a value between 0 and 1, of storage utilization above which alerts are sent
+ that the available storage is below the threshold.</para></entry>
+ </row>
+ <row>
+ <entry><para>cluster</para></entry>
+ <entry><para>cluster.cpu.allocated.capacity.notificationthreshold </para></entry>
+ <entry><para>The percentage, as a value between 0 and 1, of cpu utilization above which alerts are sent
+ that the available CPU is below the threshold.</para></entry>
+ </row>
+ <row>
+ <entry><para>cluster</para></entry>
+ <entry><para>cluster.memory.allocated.capacity.notificationthreshold </para></entry>
+ <entry><para>The percentage, as a value between 0 and 1, of memory utilization above which alerts are sent
+ that the available memory is below the threshold.</para></entry>
+ </row>
+ <row>
+ <entry><para>cluster</para></entry>
+ <entry><para>cluster.cpu.allocated.capacity.disablethreshold </para></entry>
+ <entry><para>The percentage, as a value between 0 and 1, of CPU utilization above which allocators will
+ disable that cluster from further usage. Keep the corresponding notification
+ threshold lower than this value to be notified beforehand.</para></entry>
+ </row>
+ <row>
+ <entry><para>cluster</para></entry>
+ <entry><para>cluster.memory.allocated.capacity.disablethreshold </para></entry>
+ <entry><para>The percentage, as a value between 0 and 1, of memory utilization above which allocators will
+ disable that cluster from further usage. Keep the corresponding notification
+ threshold lower than this value to be notified beforehand.</para></entry>
+ </row>
+ <row>
+ <entry><para>cluster</para></entry>
+ <entry><para>cpu.overprovisioning.factor</para></entry>
+ <entry><para>Used for CPU over-provisioning calculation; the available CPU will be the mathematical product
+ of actualCpuCapacity and cpu.overprovisioning.factor.</para></entry>
+ </row>
+ <row>
+ <entry><para>cluster</para></entry>
+ <entry><para>mem.overprovisioning.factor </para></entry>
+ <entry><para>Used for memory over-provisioning calculation.</para></entry>
+ </row>
+ <row>
+ <entry><para>cluster</para></entry>
+ <entry><para>vmware.reserve.cpu </para></entry>
+ <entry><para>Specify whether or not to reserve CPU when not over-provisioning; In case of CPU
+ over-provisioning, CPU is always reserved.</para></entry>
+ </row>
+ <row>
+ <entry><para>cluster</para></entry>
+ <entry><para>vmware.reserve.mem </para></entry>
+ <entry><para>Specify whether or not to reserve memory when not over-provisioning; In case of memory
+ over-provisioning memory is always reserved.</para></entry>
+ </row>
+ <row>
+ <entry><para>zone</para></entry>
+ <entry><para>pool.storage.allocated.capacity.disablethreshold </para></entry>
+ <entry><para>The percentage, as a value between 0 and 1, of allocated storage utilization above which
+ allocators will disable that pool because the available allocated storage is below
+ the threshold.</para></entry>
+ </row>
+ <row>
+ <entry><para>zone</para></entry>
+ <entry><para>pool.storage.capacity.disablethreshold </para></entry>
+ <entry><para>The percentage, as a value between 0 and 1, of storage utilization above which allocators will
+ disable the pool because the available storage capacity is below the
+ threshold.</para></entry>
+ </row>
+ <row>
+ <entry><para>zone</para></entry>
+ <entry><para>storage.overprovisioning.factor </para></entry>
+ <entry><para>Used for storage over-provisioning calculation; available storage will be the mathematical
+ product of actualStorageSize and storage.overprovisioning.factor.</para></entry>
+ </row>
+ <row>
+ <entry><para>zone</para></entry>
+ <entry><para>network.throttling.rate </para></entry>
+ <entry><para>Default data transfer rate in megabits per second allowed in a network.</para></entry>
+ </row>
+ <row>
+ <entry><para>zone</para></entry>
+ <entry><para>guest.domain.suffix </para></entry>
+ <entry><para>Default domain name for VMs inside a virtual networks with a router.</para></entry>
+ </row>
+ <row>
+ <entry><para>zone</para></entry>
+ <entry><para>router.template.xen </para></entry>
+ <entry><para>Name of the default router template on Xenserver.</para></entry>
+ </row>
+ <row>
+ <entry><para>zone</para></entry>
+ <entry><para>router.template.kvm </para></entry>
+ <entry><para>Name of the default router template on KVM.</para></entry>
+ </row>
+ <row>
+ <entry><para>zone</para></entry>
+ <entry><para>router.template.vmware </para></entry>
+ <entry><para>Name of the default router template on VMware.</para></entry>
+ </row>
+ <row>
+ <entry><para>zone</para></entry>
+ <entry><para>enable.dynamic.scale.vm</para></entry>
+ <entry><para>Enable or diable dynamically scaling of a VM.</para></entry>
+ </row>
+ <row>
+ <entry><para>zone</para></entry>
+ <entry><para>use.external.dns </para></entry>
+ <entry><para>Bypass internal DNS, and use the external DNS1 and DNS2</para></entry>
+ </row>
+ <row>
+ <entry><para>zone</para></entry>
+ <entry><para>blacklisted.routes </para></entry>
+ <entry><para>Routes that are blacklisted cannot be used for creating static routes for a VPC Private
+ Gateway.</para></entry>
+ </row>
+ </tbody>
+ </tgroup>
+ </informaltable>
+ </section>
+</chapter>
http://git-wip-us.apache.org/repos/asf/cloudstack-docs/blob/b23872a5/en-US/globally-configured-limits.xml
----------------------------------------------------------------------
diff --git a/en-US/globally-configured-limits.xml b/en-US/globally-configured-limits.xml
new file mode 100644
index 0000000..ac71112
--- /dev/null
+++ b/en-US/globally-configured-limits.xml
@@ -0,0 +1,100 @@
+<?xml version='1.0' encoding='utf-8' ?>
+<!DOCTYPE section PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN" "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
+<!ENTITY % BOOK_ENTITIES SYSTEM "cloudstack.ent">
+%BOOK_ENTITIES;
+]>
+
+<!-- Licensed to the Apache Software Foundation (ASF) under one
+ or more contributor license agreements. See the NOTICE file
+ distributed with this work for additional information
+ regarding copyright ownership. The ASF licenses this file
+ to you under the Apache License, Version 2.0 (the
+ "License"); you may not use this file except in compliance
+ with the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing,
+ software distributed under the License is distributed on an
+ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ KIND, either express or implied. See the License for the
+ specific language governing permissions and limitations
+ under the License.
+-->
+
+<section id="globally-configured-limits">
+ <title>Globally Configured Limits</title>
+ <para>In a zone, the guest virtual network has a 24 bit CIDR by default. This limits the guest virtual network to 254 running instances. It can be adjusted as needed, but this must be done before any instances are created in the zone. For example, 10.1.1.0/22 would provide for ~1000 addresses.</para>
+ <para>The following table lists limits set in the Global Configuration:</para>
+ <informaltable>
+ <tgroup cols="2">
+ <thead>
+ <row>
+ <entry><para>Parameter Name</para></entry>
+ <entry><para>Definition</para></entry>
+
+ </row>
+ </thead>
+ <tbody>
+ <row>
+ <entry><para>max.account.public.ips</para></entry>
+ <entry><para>Number of public IP addresses that can be owned by an account</para></entry>
+
+ </row>
+ <row>
+ <entry><para>max.account.snapshots</para></entry>
+ <entry><para>Number of snapshots that can exist for an account</para></entry>
+
+ </row>
+
+ <row>
+ <entry><para>max.account.templates</para></entry>
+ <entry><para>Number of templates that can exist for an account</para></entry>
+
+ </row>
+ <row>
+ <entry><para>max.account.user.vms</para></entry>
+ <entry><para>Number of virtual machine instances that can exist for an account</para></entry>
+ </row>
+
+ <row>
+ <entry><para>max.account.volumes</para></entry>
+ <entry><para>Number of disk volumes that can exist for an account</para></entry>
+ </row>
+
+ <row>
+ <entry><para>max.template.iso.size</para></entry>
+ <entry><para>Maximum size for a downloaded template or ISO in GB</para></entry>
+ </row>
+
+ <row>
+ <entry><para>max.volume.size.gb</para></entry>
+ <entry><para>Maximum size for a volume in GB</para></entry>
+ </row>
+ <row>
+ <entry><para>network.throttling.rate</para></entry>
+ <entry><para>Default data transfer rate in megabits per second allowed per user (supported on XenServer)</para></entry>
+ </row>
+ <row>
+ <entry><para>snapshot.max.hourly</para></entry>
+ <entry><para>Maximum recurring hourly snapshots to be retained for a volume. If the limit is reached, early snapshots from the start of the hour are deleted so that newer ones can be saved. This limit does not apply to manual snapshots. If set to 0, recurring hourly snapshots can not be scheduled</para></entry>
+ </row>
+
+ <row>
+ <entry><para>snapshot.max.daily</para></entry>
+ <entry><para>Maximum recurring daily snapshots to be retained for a volume. If the limit is reached, snapshots from the start of the day are deleted so that newer ones can be saved. This limit does not apply to manual snapshots. If set to 0, recurring daily snapshots can not be scheduled</para></entry>
+ </row>
+ <row>
+ <entry><para>snapshot.max.weekly</para></entry>
+ <entry><para>Maximum recurring weekly snapshots to be retained for a volume. If the limit is reached, snapshots from the beginning of the week are deleted so that newer ones can be saved. This limit does not apply to manual snapshots. If set to 0, recurring weekly snapshots can not be scheduled</para></entry>
+ </row>
+
+ <row>
+ <entry><para>snapshot.max.monthly</para></entry>
+ <entry><para>Maximum recurring monthly snapshots to be retained for a volume. If the limit is reached, snapshots from the beginning of the month are deleted so that newer ones can be saved. This limit does not apply to manual snapshots. If set to 0, recurring monthly snapshots can not be scheduled.</para></entry>
+ </row>
+ </tbody>
+ </tgroup>
+ </informaltable>
+ <para>To modify global configuration parameters, use the global configuration screen in the &PRODUCT; UI. See Setting Global Configuration Parameters </para>
+</section>
http://git-wip-us.apache.org/repos/asf/cloudstack-docs/blob/b23872a5/en-US/gslb.xml
----------------------------------------------------------------------
diff --git a/en-US/gslb.xml b/en-US/gslb.xml
new file mode 100644
index 0000000..968e8e2
--- /dev/null
+++ b/en-US/gslb.xml
@@ -0,0 +1,487 @@
+<?xml version='1.0' encoding='utf-8' ?>
+<!DOCTYPE section PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN" "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
+<!ENTITY % BOOK_ENTITIES SYSTEM "cloudstack.ent">
+%BOOK_ENTITIES;
+]>
+
+<!-- Licensed to the Apache Software Foundation (ASF) under one
+ or more contributor license agreements. See the NOTICE file
+ distributed with this work for additional information
+ regarding copyright ownership. The ASF licenses this file
+ to you under the Apache License, Version 2.0 (the
+ "License"); you may not use this file except in compliance
+ with the License. You may obtain a copy of the License at
+ http://www.apache.org/licenses/LICENSE-2.0
+ Unless required by applicable law or agreed to in writing,
+ software distributed under the License is distributed on an
+ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ KIND, either express or implied. See the License for the
+ specific language governing permissions and limitations
+ under the License.
+-->
+<section id="gslb">
+ <title>Global Server Load Balancing Support</title>
+ <para>&PRODUCT; supports Global Server Load Balancing (GSLB) functionalities to provide business
+ continuity, and enable seamless resource movement within a &PRODUCT; environment. &PRODUCT;
+ achieve this by extending its functionality of integrating with NetScaler Application Delivery
+ Controller (ADC), which also provides various GSLB capabilities, such as disaster recovery and
+ load balancing. The DNS redirection technique is used to achieve GSLB in &PRODUCT;. </para>
+ <para>In order to support this functionality, region level services and service provider are
+ introduced. A new service 'GSLB' is introduced as a region level service. The GSLB service
+ provider is introduced that will provider the GSLB service. Currently, NetScaler is the
+ supported GSLB provider in &PRODUCT;. GSLB functionality works in an Active-Active data center
+ environment. </para>
+ <section id="about-gslb">
+ <title>About Global Server Load Balancing</title>
+ <para>Global Server Load Balancing (GSLB) is an extension of load balancing functionality, which
+ is highly efficient in avoiding downtime. Based on the nature of deployment, GSLB represents a
+ set of technologies that is used for various purposes, such as load sharing, disaster
+ recovery, performance, and legal obligations. With GSLB, workloads can be distributed across
+ multiple data centers situated at geographically separated locations. GSLB can also provide an
+ alternate location for accessing a resource in the event of a failure, or to provide a means
+ of shifting traffic easily to simplify maintenance, or both.</para>
+ <section id="gslb-comp">
+ <title>Components of GSLB</title>
+ <para>A typical GSLB environment is comprised of the following components:</para>
+ <itemizedlist>
+ <listitem>
+ <para><emphasis role="bold">GSLB Site</emphasis>: In &PRODUCT; terminology, GSLB sites are
+ represented by zones that are mapped to data centers, each of which has various network
+ appliances. Each GSLB site is managed by a NetScaler appliance that is local to that
+ site. Each of these appliances treats its own site as the local site and all other
+ sites, managed by other appliances, as remote sites. It is the central entity in a GSLB
+ deployment, and is represented by a name and an IP address.</para>
+ </listitem>
+ <listitem>
+ <para><emphasis role="bold">GSLB Services</emphasis>: A GSLB service is typically
+ represented by a load balancing or content switching virtual server. In a GSLB
+ environment, you can have a local as well as remote GSLB services. A local GSLB service
+ represents a local load balancing or content switching virtual server. A remote GSLB
+ service is the one configured at one of the other sites in the GSLB setup. At each site
+ in the GSLB setup, you can create one local GSLB service and any number of remote GSLB
+ services.</para>
+ </listitem>
+ <listitem>
+ <para><emphasis role="bold">GSLB Virtual Servers</emphasis>: A GSLB virtual server refers
+ to one or more GSLB services and balances traffic between traffic across the VMs in
+ multiple zones by using the &PRODUCT; functionality. It evaluates the configured GSLB
+ methods or algorithms to select a GSLB service to which to send the client requests. One
+ or more virtual servers from different zones are bound to the GSLB virtual server. GSLB
+ virtual server does not have a public IP associated with it, instead it will have a FQDN
+ DNS name.</para>
+ </listitem>
+ <listitem>
+ <para><emphasis role="bold">Load Balancing or Content Switching Virtual
+ Servers</emphasis>: According to Citrix NetScaler terminology, a load balancing or
+ content switching virtual server represents one or many servers on the local network.
+ Clients send their requests to the load balancing or content switching virtual server’s
+ virtual IP (VIP) address, and the virtual server balances the load across the local
+ servers. After a GSLB virtual server selects a GSLB service representing either a local
+ or a remote load balancing or content switching virtual server, the client sends the
+ request to that virtual server’s VIP address.</para>
+ </listitem>
+ <listitem>
+ <para><emphasis role="bold">DNS VIPs</emphasis>: DNS virtual IP represents a load
+ balancing DNS virtual server on the GSLB service provider. The DNS requests for domains
+ for which the GSLB service provider is authoritative can be sent to a DNS VIP.</para>
+ </listitem>
+ <listitem>
+ <para><emphasis role="bold">Authoritative DNS</emphasis>: ADNS (Authoritative Domain Name
+ Server) is a service that provides actual answer to DNS queries, such as web site IP
+ address. In a GSLB environment, an ADNS service responds only to DNS requests for
+ domains for which the GSLB service provider is authoritative. When an ADNS service is
+ configured, the service provider owns that IP address and advertises it. When you create
+ an ADNS service, the NetScaler responds to DNS queries on the configured ADNS service IP
+ and port.</para>
+ </listitem>
+ </itemizedlist>
+ </section>
+ <section id="concept-gslb">
+ <title>How Does GSLB Works in &PRODUCT;?</title>
+ <para>Global server load balancing is used to manage the traffic flow to a web site hosted on
+ two separate zones that ideally are in different geographic locations. The following is an
+ illustration of how GLSB functionality is provided in &PRODUCT;: An organization, xyztelco,
+ has set up a public cloud that spans two zones, Zone-1 and Zone-2, across geographically
+ separated data centers that are managed by &PRODUCT;. Tenant-A of the cloud launches a
+ highly available solution by using xyztelco cloud. For that purpose, they launch two
+ instances each in both the zones: VM1 and VM2 in Zone-1 and VM5 and VM6 in Zone-2. Tenant-A
+ acquires a public IP, IP-1 in Zone-1, and configures a load balancer rule to load balance
+ the traffic between VM1 and VM2 instances. &PRODUCT; orchestrates setting up a virtual
+ server on the LB service provider in Zone-1. Virtual server 1 that is set up on the LB
+ service provider in Zone-1 represents a publicly accessible virtual server that client
+ reaches at IP-1. The client traffic to virtual server 1 at IP-1 will be load balanced across
+ VM1 and VM2 instances. </para>
+ <para>Tenant-A acquires another public IP, IP-2 in Zone-2 and sets up a load balancer rule to
+ load balance the traffic between VM5 and VM6 instances. Similarly in Zone-2, &PRODUCT;
+ orchestrates setting up a virtual server on the LB service provider. Virtual server 2 that
+ is setup on the LB service provider in Zone-2 represents a publicly accessible virtual
+ server that client reaches at IP-2. The client traffic that reaches virtual server 2 at IP-2
+ is load balanced across VM5 and VM6 instances. At this point Tenant-A has the service
+ enabled in both the zones, but has no means to set up a disaster recovery plan if one of the
+ zone fails. Additionally, there is no way for Tenant-A to load balance the traffic
+ intelligently to one of the zones based on load, proximity and so on. The cloud
+ administrator of xyztelco provisions a GSLB service provider to both the zones. A GSLB
+ provider is typically an ADC that has the ability to act as an ADNS (Authoritative Domain
+ Name Server) and has the mechanism to monitor health of virtual servers both at local and
+ remote sites. The cloud admin enables GSLB as a service to the tenants that use zones 1 and
+ 2. </para>
+ <mediaobject>
+ <imageobject>
+ <imagedata fileref="./images/gslb.png"/>
+ </imageobject>
+ <textobject>
+ <phrase>gslb.png: GSLB architecture</phrase>
+ </textobject>
+ </mediaobject>
+ <para>Tenant-A wishes to leverage the GSLB service provided by the xyztelco cloud. Tenant-A
+ configures a GSLB rule to load balance traffic across virtual server 1 at Zone-1 and virtual
+ server 2 at Zone-2. The domain name is provided as A.xyztelco.com. &PRODUCT; orchestrates
+ setting up GSLB virtual server 1 on the GSLB service provider at Zone-1. &PRODUCT; binds
+ virtual server 1 of Zone-1 and virtual server 2 of Zone-2 to GLSB virtual server 1. GSLB
+ virtual server 1 is configured to start monitoring the health of virtual server 1 and 2 in
+ Zone-1. &PRODUCT; will also orchestrate setting up GSLB virtual server 2 on GSLB service
+ provider at Zone-2. &PRODUCT; will bind virtual server 1 of Zone-1 and virtual server 2 of
+ Zone-2 to GLSB virtual server 2. GSLB virtual server 2 is configured to start monitoring the
+ health of virtual server 1 and 2. &PRODUCT; will bind the domain A.xyztelco.com to both the
+ GSLB virtual server 1 and 2. At this point, Tenant-A service will be globally reachable at
+ A.xyztelco.com. The private DNS server for the domain xyztelcom.com is configured by the
+ admin out-of-band to resolve the domain A.xyztelco.com to the GSLB providers at both the
+ zones, which are configured as ADNS for the domain A.xyztelco.com. A client when sends a DNS
+ request to resolve A.xyztelcom.com, will eventually get DNS delegation to the address of
+ GSLB providers at zone 1 and 2. A client DNS request will be received by the GSLB provider.
+ The GSLB provider, depending on the domain for which it needs to resolve, will pick up the
+ GSLB virtual server associated with the domain. Depending on the health of the virtual
+ servers being load balanced, DNS request for the domain will be resolved to the public IP
+ associated with the selected virtual server.</para>
+ </section>
+ </section>
+ <section id="gslb-workflow">
+ <title>Configuring GSLB</title>
+ <para>To configure a GSLB deployment, you must first configure a standard load balancing setup
+ for each zone. This enables you to balance load across the different servers in each zone in
+ the region. Then on the NetScaler side, configure both NetScaler appliances that you plan to
+ add to each zone as authoritative DNS (ADNS) servers. Next, create a GSLB site for each zone,
+ configure GSLB virtual servers for each site, create GLSB services, and bind the GSLB services
+ to the GSLB virtual servers. Finally, bind the domain to the GSLB virtual servers. The GSLB
+ configurations on the two appliances at the two different zones are identical, although each
+ sites load-balancing configuration is specific to that site.</para>
+ <para>Perform the following as a cloud administrator. As per the example given above, the
+ administrator of xyztelco is the one who sets up GSLB:</para>
+ <orderedlist>
+ <listitem>
+ <para>In the cloud.dns.name global parameter, specify the DNS name of your tenant's cloud
+ that make use of the GSLB service.</para>
+ </listitem>
+ <listitem>
+ <para>On the NetScaler side, configure GSLB as given in <ulink
+ url="http://support.citrix.com/proddocs/topic/netscaler-traffic-management-10-map/ns-gslb-config-con.html"
+ >Configuring Global Server Load Balancing (GSLB)</ulink>:</para>
+ <orderedlist>
+ <listitem>
+ <para>Configuring a standard load balancing setup.</para>
+ </listitem>
+ <listitem>
+ <para>Configure Authoritative DNS, as explained in <ulink
+ url="http://support.citrix.com/proddocs/topic/netscaler-traffic-management-10-map/ns-gslb-config-adns-svc-tsk.html"
+ >Configuring an Authoritative DNS Service</ulink>.</para>
+ </listitem>
+ <listitem>
+ <para>Configure a GSLB site with site name formed from the domain name details.</para>
+ <para>Configure a GSLB site with the site name formed from the domain name.</para>
+ <para>As per the example given above, the site names are A.xyztelco.com and
+ B.xyztelco.com.</para>
+ <para>For more information, see <ulink
+ url="http://support.citrix.com/proddocs/topic/netscaler-traffic-management-10-map/ns-gslb-config-basic-site-tsk.html"
+ >Configuring a Basic GSLB Site</ulink>.</para>
+ </listitem>
+ <listitem>
+ <para>Configure a GSLB virtual server.</para>
+ <para>For more information, see <ulink
+ url="http://support.citrix.com/proddocs/topic/netscaler-traffic-management-10-map/ns-gslb-config-vsvr-tsk.html"
+ >Configuring a GSLB Virtual Server</ulink>.</para>
+ </listitem>
+ <listitem>
+ <para>Configure a GSLB service for each virtual server.</para>
+ <para>For more information, see <ulink
+ url="http://support.citrix.com/proddocs/topic/netscaler-traffic-management-10-map/ns-gslb-config-svc-tsk.html"
+ >Configuring a GSLB Service</ulink>.</para>
+ </listitem>
+ <listitem>
+ <para>Bind the GSLB services to the GSLB virtual server.</para>
+ <para>For more information, see <ulink
+ url="http://support.citrix.com/proddocs/topic/netscaler-traffic-management-10-map/ns-gslb-bind-svc-vsvr-tsk.html"
+ >Binding GSLB Services to a GSLB Virtual Server</ulink>.</para>
+ </listitem>
+ <listitem>
+ <para>Bind domain name to GSLB virtual server. Domain name is obtained from the domain
+ details.</para>
+ <para>For more information, see <ulink
+ url="http://support.citrix.com/proddocs/topic/netscaler-traffic-management-10-map/ns-gslb-bind-dom-vsvr-tsk.html"
+ >Binding a Domain to a GSLB Virtual Server</ulink>.</para>
+ </listitem>
+ </orderedlist>
+ </listitem>
+ <listitem>
+ <para>In each zone that are participating in GSLB, add GSLB-enabled NetScaler device.</para>
+ <para>For more information, see <xref linkend="enable-glsb-ns"/>.</para>
+ </listitem>
+ </orderedlist>
+ <para>As a domain administrator/ user perform the following:</para>
+ <orderedlist>
+ <listitem>
+ <para>Add a GSLB rule on both the sites.</para>
+ <para>See <xref linkend="gslb-add"/>.</para>
+ </listitem>
+ <listitem>
+ <para>Assign load balancer rules.</para>
+ <para>See <xref linkend="assign-lb-gslb"/>.</para>
+ </listitem>
+ </orderedlist>
+ <section id="prereq-gslb">
+ <title>Prerequisites and Guidelines</title>
+ <itemizedlist>
+ <listitem>
+ <para>The GSLB functionality is supported both Basic and Advanced zones.</para>
+ </listitem>
+ <listitem>
+ <para>GSLB is added as a new network service.</para>
+ </listitem>
+ <listitem>
+ <para>GSLB service provider can be added to a physical network in a zone.</para>
+ </listitem>
+ <listitem>
+ <para>The admin is allowed to enable or disable GSLB functionality at region level.</para>
+ </listitem>
+ <listitem>
+ <para>The admin is allowed to configure a zone as GSLB capable or enabled. </para>
+ <para>A zone shall be considered as GSLB capable only if a GSLB service provider is
+ provisioned in the zone.</para>
+ </listitem>
+ <listitem>
+ <para>When users have VMs deployed in multiple availability zones which are GSLB enabled,
+ they can use the GSLB functionality to load balance traffic across the VMs in multiple
+ zones.</para>
+ </listitem>
+ <listitem>
+ <para>The users can use GSLB to load balance across the VMs across zones in a region only
+ if the admin has enabled GSLB in that region. </para>
+ </listitem>
+ <listitem>
+ <para>The users can load balance traffic across the availability zones in the same region
+ or different regions.</para>
+ </listitem>
+ <listitem>
+ <para>The admin can configure DNS name for the entire cloud.</para>
+ </listitem>
+ <listitem>
+ <para>The users can specify an unique name across the cloud for a globally load balanced
+ service. The provided name is used as the domain name under the DNS name associated with
+ the cloud.</para>
+ <para>The user-provided name along with the admin-provided DNS name is used to produce a
+ globally resolvable FQDN for the globally load balanced service of the user. For
+ example, if the admin has configured xyztelco.com as the DNS name for the cloud, and
+ user specifies 'foo' for the GSLB virtual service, then the FQDN name of the GSLB
+ virtual service is foo.xyztelco.com.</para>
+ </listitem>
+ <listitem>
+ <para>While setting up GSLB, users can select a load balancing method, such as round
+ robin, for using across the zones that are part of GSLB.</para>
+ </listitem>
+ <listitem>
+ <para>The user shall be able to set weight to zone-level virtual server. Weight shall be
+ considered by the load balancing method for distributing the traffic.</para>
+ </listitem>
+ <listitem>
+ <para>The GSLB functionality shall support session persistence, where series of client
+ requests for particular domain name is sent to a virtual server on the same zone. </para>
+ <para>Statistics is collected from each GSLB virtual server.</para>
+ </listitem>
+ </itemizedlist>
+ </section>
+ <section id="enable-glsb-ns">
+ <title>Enabling GSLB in NetScaler</title>
+ <para>In each zone, add GSLB-enabled NetScaler device for load balancing.</para>
+ <orderedlist>
+ <listitem>
+ <para>Log in as administrator to the &PRODUCT; UI.</para>
+ </listitem>
+ <listitem>
+ <para>In the left navigation bar, click Infrastructure.</para>
+ </listitem>
+ <listitem>
+ <para>In Zones, click View More.</para>
+ </listitem>
+ <listitem>
+ <para>Choose the zone you want to work with.</para>
+ </listitem>
+ <listitem>
+ <para>Click the Physical Network tab, then click the name of the physical network. </para>
+ </listitem>
+ <listitem>
+ <para>In the Network Service Providers node of the diagram, click Configure. </para>
+ <para>You might have to scroll down to see this.</para>
+ </listitem>
+ <listitem>
+ <para>Click NetScaler.</para>
+ </listitem>
+ <listitem>
+ <para>Click Add NetScaler device and provide the following:</para>
+ <para>For NetScaler:</para>
+ <itemizedlist>
+ <listitem>
+ <para><emphasis role="bold">IP Address</emphasis>: The IP address of the SRX.</para>
+ </listitem>
+ <listitem>
+ <para><emphasis role="bold">Username/Password</emphasis>: The authentication
+ credentials to access the device. &PRODUCT; uses these credentials to access the
+ device.</para>
+ </listitem>
+ <listitem>
+ <para><emphasis role="bold">Type</emphasis>: The type of device that is being added.
+ It could be F5 Big Ip Load Balancer, NetScaler VPX, NetScaler MPX, or NetScaler SDX.
+ For a comparison of the NetScaler types, see the &PRODUCT; Administration
+ Guide.</para>
+ </listitem>
+ <listitem>
+ <para><emphasis role="bold">Public interface</emphasis>: Interface of device that is
+ configured to be part of the public network.</para>
+ </listitem>
+ <listitem>
+ <para><emphasis role="bold">Private interface</emphasis>: Interface of device that is
+ configured to be part of the private network.</para>
+ </listitem>
+ <listitem>
+ <para><emphasis role="bold">GSLB service</emphasis>: Select this option.</para>
+ </listitem>
+ <listitem>
+ <para><emphasis role="bold">GSLB service Public IP</emphasis>: The public IP address
+ of the NAT translator for a GSLB service that is on a private network.</para>
+ </listitem>
+ <listitem>
+ <para><emphasis role="bold">GSLB service Private IP</emphasis>: The private IP of the
+ GSLB service.</para>
+ </listitem>
+ <listitem>
+ <para><emphasis role="bold">Number of Retries</emphasis>. Number of times to attempt a
+ command on the device before considering the operation failed. Default is 2.</para>
+ </listitem>
+ <listitem>
+ <para><emphasis role="bold">Capacity</emphasis>: The number of networks the device can
+ handle.</para>
+ </listitem>
+ <listitem>
+ <para><emphasis role="bold">Dedicated</emphasis>: When marked as dedicated, this
+ device will be dedicated to a single account. When Dedicated is checked, the value
+ in the Capacity field has no significance implicitly, its value is 1.</para>
+ </listitem>
+ </itemizedlist>
+ </listitem>
+ <listitem>
+ <para>Click OK.</para>
+ </listitem>
+ </orderedlist>
+ </section>
+ <section id="gslb-add">
+ <title>Adding a GSLB Rule</title>
+ <orderedlist>
+ <listitem>
+ <para>Log in to the &PRODUCT; UI as a domain administrator or user.</para>
+ </listitem>
+ <listitem>
+ <para>In the left navigation pane, click Region.</para>
+ </listitem>
+ <listitem>
+ <para>Select the region for which you want to create a GSLB rule.</para>
+ </listitem>
+ <listitem>
+ <para>In the Details tab, click View GSLB.</para>
+ </listitem>
+ <listitem>
+ <para>Click Add GSLB.</para>
+ <para>The Add GSLB page is displayed as follows:</para>
+ <mediaobject>
+ <imageobject>
+ <imagedata fileref="./images/add-gslb.png"/>
+ </imageobject>
+ <textobject>
+ <phrase>gslb-add.png: adding a gslb rule</phrase>
+ </textobject>
+ </mediaobject>
+ </listitem>
+ <listitem>
+ <para>Specify the following:</para>
+ <itemizedlist>
+ <listitem>
+ <para><emphasis role="bold">Name</emphasis>: Name for the GSLB rule.</para>
+ </listitem>
+ <listitem>
+ <para><emphasis role="bold">Description</emphasis>: (Optional) A short description of
+ the GSLB rule that can be displayed to users.</para>
+ </listitem>
+ <listitem>
+ <para><emphasis role="bold">GSLB Domain Name</emphasis>: A preferred domain name for
+ the service.</para>
+ </listitem>
+ <listitem>
+ <para><emphasis role="bold">Algorithm</emphasis>: (Optional) The algorithm to use to
+ load balance the traffic across the zones. The options are Round Robin, Least
+ Connection, and Proximity.</para>
+ </listitem>
+ <listitem>
+ <para><emphasis role="bold">Service Type</emphasis>: The transport protocol to use for
+ GSLB. The options are TCP and UDP.</para>
+ </listitem>
+ <listitem>
+ <para><emphasis role="bold">Domain</emphasis>: (Optional) The domain for which you
+ want to create the GSLB rule.</para>
+ </listitem>
+ <listitem>
+ <para><emphasis role="bold">Account</emphasis>: (Optional) The account on which you
+ want to apply the GSLB rule.</para>
+ </listitem>
+ </itemizedlist>
+ </listitem>
+ <listitem>
+ <para>Click OK to confirm.</para>
+ </listitem>
+ </orderedlist>
+ </section>
+ <section id="assign-lb-gslb">
+ <title>Assigning Load Balancing Rules to GSLB</title>
+ <orderedlist>
+ <listitem>
+ <para>Log in to the &PRODUCT; UI as a domain administrator or user.</para>
+ </listitem>
+ <listitem>
+ <para>In the left navigation pane, click Region.</para>
+ </listitem>
+ <listitem>
+ <para>Select the region for which you want to create a GSLB rule.</para>
+ </listitem>
+ <listitem>
+ <para>In the Details tab, click View GSLB.</para>
+ </listitem>
+ <listitem>
+ <para>Select the desired GSLB.</para>
+ </listitem>
+ <listitem>
+ <para>Click view assigned load balancing.</para>
+ </listitem>
+ <listitem>
+ <para>Click assign more load balancing.</para>
+ </listitem>
+ <listitem>
+ <para>Select the load balancing rule you have created for the zone.</para>
+ </listitem>
+ <listitem>
+ <para>Click OK to confirm.</para>
+ </listitem>
+ </orderedlist>
+ </section>
+ </section>
+ <section>
+ <title>Known Limitation</title>
+ <para>Currently, &PRODUCT; does not support orchestration of services across the zones. The
+ notion of services and service providers in region are to be introduced.</para>
+ </section>
+</section>