Welcome!

Java IoT Authors: Elizabeth White, Carmen Gonzalez, Liz McMillan, Mano Marks, Jyoti Bansal

Related Topics: @CloudExpo, Java IoT, Microservices Expo, Open Source Cloud, Containers Expo Blog, Agile Computing

@CloudExpo: Article

Examining Excellent Eucalyptus

A high-level cloud - overview of Eucalyptus IaaS

Eucalyptus is an open source Infrastructure as a Service cloud offering. What is unique about Eucalyptus is that it is compatible with Amazon AWS APIs. This means that you can:

  • Use Eucalyptus commands to manage Amazon or Eucalyptus instances.
  • Freely move instances between a Eucalyptus private cloud and the Amazon Public cloud to create a hybrid cloud.

Eucalyptus leverages operating system virtualization, such as KVM or XEN, to achieve isolation between applications and stacks. Operating system virtualization dedicates CPU and RAM to systems and applications such that they don't interfere with each other. In cloud parlance, this is called isolation and is essential to achieve multi-tenancy. (For a refresher on basic cloud terminology, see here; for a refresher on Infrastructure as a Service, see here).

Cloud computing layers on top of operating system virtualization and when combined with dynamic  allocation of IP addresses, storage  and firewall rules creates a service that end users interact with to run instances of images.

Eucalyptus concepts
The following is an explanation of terminology and concepts used by Eucalyptus.

Images
An image is a fixed collection of software modules, system software, application software and configuration information that is started from a known baseline (immutable/fixed). An example of an image is a Linux virtual machine configured with Apache, MySQL, Perl and PHP.  When bundled and uploaded to the Eucalyptus cloud, this will become known as an "EMI" Eucalyptus Machine Image.  An EKI is an Eucalyptus Kernel Image which contains kernel modules necessary for functioning of the image. An ERI is a Eucalyptus RAM Image.

Instances
When an image is put to use it is called an instance. The configuration is dynamically executed at runtime and the cloud controller decides where the image will run, storage and networking is attached to meet resource needs. This is executed under the control of the credentials (digital certificates) of the user who is requesting an instance of the image.

IP addressing
Eucalyptus instances can have public and private IPs. An IP address is assigned to an instance when the instance is created from an image. For instances that require a persistent IP address, such as  web-server, Eucalyptus supplies Elastic IP addresses. These are pre-allocated by the Eucalyptus cloud to an instance. An Elastic IP persists whether the instance is running or not. In other words if you stop an instance and restart it hours, days or even weeks later, the instance will bind to the same Elastic IP address that was assigned to it. This is essential for consistent DNS resolution.

Security
TCP/IP stack layer 3 security is achieved using security groups, which share a common set of firewall rules. This is a mechanism to firewall off an instance using IP address and port block/allow functionality.

At TCP/IP layer 2 instances are isolated. If this were not present, a root user could manipulate the networking of instances and gain access to neighboring instances violating the basic cloud tenet of instance isolation and separation.

Networking
There are three networking modes:

  1. Managed mode - Eucalyptus manages a local network of instances, including security groups and elastic IPs. Eucalyptus maintains a DHCP server and provides private non-routable IPs to instances. An instance is created in a security group and gets an IP from the range in that group.  There is also a pool of public (elastic) IPs that users can bind to an instance at boot-time or dynamically at runtime. VLANs are used to network instances in different security groups. If there is no VLAN present, isolation can be achieved using security groups in different subnets.
  2. System mode - Essentially the physical LAN that is attached to Eucalyptus manages the network of the Eucalyptus cloud. Eucalyptus assigns a MAC address and attaches the instance's network interface to the physical Ethernet LAN through the NodeController's bridge. System mode requires a DHCP server on the physical LAN that is reachable by instances. System mode does not offer elastic IPs, security groups or VM isolation.
  3. Static mode - In static mode Eucalyptus maintains a DHCP server and assigns IP addresses to instances. Static mode does not offer elastic IPs, security groups or VM isolation.

Access control
A user of Eucalyptus is called an identity. Identities can be grouped together for access control purposes. Users exist within accounts. An account is a namespace that contains users/identities, key pairs and security groups. An account is used to account for resource usage.

Eucalyptus abbreviations
CLC

The CLC is a Cloud controller similar to Amazon EC2, It is the entry point into cloud for all users: administrators, developers, project managers and  end users. The CLC queries other components for resources and makes scheduling decisions and requests to Cluster Controllers. The CLC exposing and manages underlying resources (servers, networks, storage).  Users access the CLC using AWS compatible command line tools and a web-based dashboard.

Walrus
Walrus, similar to Amazon's S3,  is a bucket based persistent data storage.  Users create, delete and list buckets; put and remove objects from buckets; get and set access control policies. Walrus is accessible from the administrative interface or from an instance inside cloud.

CC
The CC is the Cluster Controller. The CC gathers information about node controllers and schedules an instance to execute on a specific NodeController.

NC
The NC is the the Node Controller. The Node Controller manages instances. The NC controls instance activities such as execution, inspection and termination.  The NC fetches and maintains a cache of instance images.  The NC also manages virtual network endpoints.

SC
The SC is the storage controller and is similar to Amazon's EBS (Elastic Block Store). The storage controller manages block accessed network storage.  The SC interfaces with SCSI, SAN, NFS.  The SC exports storage volumes that can be attached to an instance or mounted as a raw-block device. SC storage volumes persist even when an instance stops running and thus stores persistent data. SC storage cannot be shared between instances and only exists in the same Availability Zone in which the instance is running. Users can create snapshots from SC volumes which can stored in Walrus and thus be made available across Availability Zones.

More Stories By Jonathan Gershater

Jonathan Gershater has lived and worked in Silicon Valley since 1996, primarily doing system and sales engineering specializing in: Web Applications, Identity and Security. At Red Hat, he provides Technical Marketing for Virtualization and Cloud. Prior to joining Red Hat, Jonathan worked at 3Com, Entrust (by acquisition) two startups, Sun Microsystems and Trend Micro.

(The views expressed in this blog are entirely mine and do not represent my employer - Jonathan).

Comments (0)

Share your thoughts on this story.

Add your comment
You must be signed in to add a comment. Sign-in | Register

In accordance with our Comment Policy, we encourage comments that are on topic, relevant and to-the-point. We will remove comments that include profanity, personal attacks, racial slurs, threats of violence, or other inappropriate material that violates our Terms and Conditions, and will block users who make repeated violations. We ask all readers to expect diversity of opinion and to treat one another with dignity and respect.


@ThingsExpo Stories
20th Cloud Expo, taking place June 6-8, 2017, at the Javits Center in New York City, NY, will feature technical sessions from a rock star conference faculty and the leading industry players in the world. Cloud computing is now being embraced by a majority of enterprises of all sizes. Yesterday's debate about public vs. private has transformed into the reality of hybrid cloud: a recent survey shows that 74% of enterprises have a hybrid cloud strategy.
Discover top technologies and tools all under one roof at April 24–28, 2017, at the Westin San Diego in San Diego, CA. Explore the Mobile Dev + Test and IoT Dev + Test Expo and enjoy all of these unique opportunities: The latest solutions, technologies, and tools in mobile or IoT software development and testing. Meet one-on-one with representatives from some of today's most innovative organizations
DevOps is being widely accepted (if not fully adopted) as essential in enterprise IT. But as Enterprise DevOps gains maturity, expands scope, and increases velocity, the need for data-driven decisions across teams becomes more acute. DevOps teams in any modern business must wrangle the ‘digital exhaust’ from the delivery toolchain, "pervasive" and "cognitive" computing, APIs and services, mobile devices and applications, the Internet of Things, and now even blockchain. In this power panel at @...
Data is the fuel that drives the machine learning algorithmic engines and ultimately provides the business value. In his session at Cloud Expo, Ed Featherston, a director and senior enterprise architect at Collaborative Consulting, discussed the key considerations around quality, volume, timeliness, and pedigree that must be dealt with in order to properly fuel that engine.
"A lot of times people will come to us and have a very diverse set of requirements or very customized need and we'll help them to implement it in a fashion that you can't just buy off of the shelf," explained Nick Rose, CTO of Enzu, in this SYS-CON.tv interview at 18th Cloud Expo, held June 7-9, 2016, at the Javits Center in New York City, NY.
The WebRTC Summit New York, to be held June 6-8, 2017, at the Javits Center in New York City, NY, announces that its Call for Papers is now open. Topics include all aspects of improving IT delivery by eliminating waste through automated business models leveraging cloud technologies. WebRTC Summit is co-located with 20th International Cloud Expo and @ThingsExpo. WebRTC is the future of browser-to-browser communications, and continues to make inroads into the traditional, difficult, plug-in web co...
Buzzword alert: Microservices and IoT at a DevOps conference? What could possibly go wrong? In this Power Panel at DevOps Summit, moderated by Jason Bloomberg, the leading expert on architecting agility for the enterprise and president of Intellyx, panelists peeled away the buzz and discuss the important architectural principles behind implementing IoT solutions for the enterprise. As remote IoT devices and sensors become increasingly intelligent, they become part of our distributed cloud enviro...
In 2014, Amazon announced a new form of compute called Lambda. We didn't know it at the time, but this represented a fundamental shift in what we expect from cloud computing. Now, all of the major cloud computing vendors want to take part in this disruptive technology. In his session at 20th Cloud Expo, John Jelinek IV, a web developer at Linux Academy, will discuss why major players like AWS, Microsoft Azure, IBM Bluemix, and Google Cloud Platform are all trying to sidestep VMs and containers...
SYS-CON Events announced today that MobiDev, a client-oriented software development company, will exhibit at SYS-CON's 20th International Cloud Expo®, which will take place June 6-8, 2017, at the Javits Center in New York City, NY, and the 21st International Cloud Expo®, which will take place October 31-November 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. MobiDev is a software company that develops and delivers turn-key mobile apps, websites, web services, and complex softw...
WebRTC is about the data channel as much as about video and audio conferencing. However, basically all commercial WebRTC applications have been built with a focus on audio and video. The handling of “data” has been limited to text chat and file download – all other data sharing seems to end with screensharing. What is holding back a more intensive use of peer-to-peer data? In her session at @ThingsExpo, Dr Silvia Pfeiffer, WebRTC Applications Team Lead at National ICT Australia, looked at differ...
Fact is, enterprises have significant legacy voice infrastructure that’s costly to replace with pure IP solutions. How can we bring this analog infrastructure into our shiny new cloud applications? There are proven methods to bind both legacy voice applications and traditional PSTN audio into cloud-based applications and services at a carrier scale. Some of the most successful implementations leverage WebRTC, WebSockets, SIP and other open source technologies. In his session at @ThingsExpo, Da...
Growth hacking is common for startups to make unheard-of progress in building their business. Career Hacks can help Geek Girls and those who support them (yes, that's you too, Dad!) to excel in this typically male-dominated world. Get ready to learn the facts: Is there a bias against women in the tech / developer communities? Why are women 50% of the workforce, but hold only 24% of the STEM or IT positions? Some beginnings of what to do about it! In her Day 2 Keynote at 17th Cloud Expo, Sandy Ca...
SYS-CON Media announced today that @WebRTCSummit Blog, the largest WebRTC resource in the world, has been launched. @WebRTCSummit Blog offers top articles, news stories, and blog posts from the world's well-known experts and guarantees better exposure for its authors than any other publication. @WebRTCSummit Blog can be bookmarked ▸ Here @WebRTCSummit conference site can be bookmarked ▸ Here
Manufacturers are embracing the Industrial Internet the same way consumers are leveraging Fitbits – to improve overall health and wellness. Both can provide consistent measurement, visibility, and suggest performance improvements customized to help reach goals. Fitbit users can view real-time data and make adjustments to increase their activity. In his session at @ThingsExpo, Mark Bernardo Professional Services Leader, Americas, at GE Digital, discussed how leveraging the Industrial Internet and...
Who are you? How do you introduce yourself? Do you use a name, or do you greet a friend by the last four digits of his social security number? Assuming you don’t, why are we content to associate our identity with 10 random digits assigned by our phone company? Identity is an issue that affects everyone, but as individuals we don’t spend a lot of time thinking about it. In his session at @ThingsExpo, Ben Klang, Founder & President of Mojo Lingo, discussed the impact of technology on identity. Sho...
We are reaching the end of the beginning with WebRTC, and real systems using this technology have begun to appear. One challenge that faces every WebRTC deployment (in some form or another) is identity management. For example, if you have an existing service – possibly built on a variety of different PaaS/SaaS offerings – and you want to add real-time communications you are faced with a challenge relating to user management, authentication, authorization, and validation. Service providers will w...
"ReadyTalk is an audio and web video conferencing provider. We've really come to embrace WebRTC as the platform for our future of technology," explained Dan Cunningham, CTO of ReadyTalk, in this SYS-CON.tv interview at WebRTC Summit at 19th Cloud Expo, held November 1-3, 2016, at the Santa Clara Convention Center in Santa Clara, CA.
The many IoT deployments around the world are busy integrating smart devices and sensors into their enterprise IT infrastructures. Yet all of this technology – and there are an amazing number of choices – is of no use without the software to gather, communicate, and analyze the new data flows. Without software, there is no IT. In this power panel at @ThingsExpo, moderated by Conference Chair Roger Strukhoff, Dave McCarthy, Director of Products at Bsquare Corporation; Alan Williamson, Principal ...
Web Real-Time Communication APIs have quickly revolutionized what browsers are capable of. In addition to video and audio streams, we can now bi-directionally send arbitrary data over WebRTC's PeerConnection Data Channels. With the advent of Progressive Web Apps and new hardware APIs such as WebBluetooh and WebUSB, we can finally enable users to stitch together the Internet of Things directly from their browsers while communicating privately and securely in a decentralized way.
With major technology companies and startups seriously embracing IoT strategies, now is the perfect time to attend @ThingsExpo 2016 in New York. Learn what is going on, contribute to the discussions, and ensure that your enterprise is as "IoT-Ready" as it can be! Internet of @ThingsExpo, taking place June 6-8, 2017, at the Javits Center in New York City, New York, is co-located with 20th Cloud Expo and will feature technical sessions from a rock star conference faculty and the leading industry p...