OnApp cloud handles cloud deployment, VS deployment, VS management & resource allocation, compute resource and SAN management, failover, user management, billing, self-provisioning, CDN and DNS, and other associated functions. Here's a brief description of the main components and features of the OnApp installation.
There are two required server types in an OnApp configuration – compute resource servers and the Control Panel server. OnApp also requires storage devices for templates, virtual servers, and backups.
Control Panel Server
The Control Panel server hosts the OnApp user interface and manages all the processes controlled by OnApp.
The Control Panel server:
- Provides a web-based user interface
- Assigns a virtual server to a compute resource
- Creates/starts/stops/deletes virtual servers
- Resizes CPU and storage
- Manages virtual servers through a console session
- Creates backups of virtual servers
- Allows virtual servers to be restored from a backup
- Allows the creation of custom templates from virtual server backups, for future deployment of new virtual servers
- Displays your CPU usage and network utilization
Compute resources are Xen, KVM, or VMware-powered servers running on bare metal, with CentOS Linux as the management operating system. This ensures highly efficient use of available hardware and complete isolation of virtual server processes. The management OS controls virtual servers as well as handling network/disk connectivity, monitoring, IP address anti-spoofing and more.
- Provide system resources such as CPU, memory, and network
- Control the virtual differentiation of entities such as virtual servers and application data being delivered to cloud-hosted applications
- Take care of secure virtualization and channeling of storage, data communications and server processing
- Can be located at different geographical zones
- Can have different CPU and RAM
- Can be of Virtual, Baremetal, Smart and VPC types. The VPC type indicates the VMware Cloud Director compute resources
- Can be associated with the data stores, networks and backup servers of the same type
OnApp cloud supports the following compute resource virtualization platforms:
- VMware Cloud Director
VMware compute resources operate in a slightly different way. With Xen/KVM, OnApp controls compute resources directly. With VMware, OnApp controls the VMware vCenter. This allows vCenter to control the VSs with the full range of VMware functionality, including DRS and vMotion to ensure that the operation is optimal.
CloudBoot Compute Resources
CloudBoot functionality is a method of compute resource installation without the presence of a local disk or other local storage, utilizing the PXE and DHCP servers. CloudBoot Compute resources are used for smart and baremetal server provisioning. To start using CloudBoot, you must have Integrated Storage configured and the CloudBoot enabled in the system configuration first. See CloudBoot Compute Resources section for details.
OnApp gives you complete control of your virtual servers (VSs), and all files and processes running on those servers. You can start, stop, reboot, and delete virtual servers. You can move VSs between compute resources with no downtime. OnApp also lets you perform automatic and manual backups, and restore VSs in case of failure.
When creating a virtual server, you can choose a compute resource server with data store attached if you wish. If not, the system will search for the available compute resources with sufficient RAM and storage for that virtual server, and choose the one with the lowest (but sufficient) amount of RAM available.
You can monitor the CPU usage of each virtual server and the network utilization of each network interface. This helps you decide if and when to change the resources available to each VS. OnApp also provides detailed logs of all tasks which are running, pending, have failed, or have been completed.
Smart servers are dedicated entities based on CloudBoot compute resources with passthrough enabled. Smart servers are created and managed exactly the same as virtual servers, except only one smart server can be deployed per compute resource. Smart servers can be organized into zones to create different tiers of service - for example, by setting up different zones for smart appliances, with limits and prices specified per zone. Smart appliance zones can also be used to create private clouds for specific users.
Baremetal servers are physical servers that reside directly on the hardware without the virtualization layer. Namely, a baremetal server is a compute resource that runs on the OS installed. Baremetal compute resources cannot have more than one baremetal server located on it.
For VS template and backup storage we recommend that you set up a separate server with SSH (preferred) or NFS (for high-end NAS). However, in a CloudBoot environment or for a small scale installation, you can use the Control Panel server to host the templates and backups.
You will also need a storage platform for virtual server disk storage. OnApp provides an integrated storage platform that enables you to expose local storage drives across compute resources as a distributed block SAN with full redundancy and failover properties. Additionally, you can use any block based storage platform, such as local disks in compute resources, an Ethernet SAN such as iSCSI or AoE, or hardware (fiber) SAN. Storage Area Networks are core segments of the cloud system, and OnApp can control their physical and virtual routing. This control enables seamless SAN failover management, including SAN testing, emergency migration, and data backup.
With OnApp you can create complex networks between virtual servers residing on a single host, or across multiple installations of OnApp. You can configure each virtual server with one or more virtual NICs, each with its own IP and MAC address, to make them act like physical servers.
OnApp ensures that each customer has their own dedicated virtual network, isolated and secure. They can only see their traffic, even if they share the same physical server as another customer. OnApp enables you to modify network configurations without changing actual cabling and switch setups. Networks in OnApp can be of Virtual, Baremetal, Smart, and VPC types and can be associated with compute resources and compute zones of the same type. The VPC type indicates the VMware Cloud Director networks.
An OnApp template is a pre-configured OS image that is used to build virtual servers. There are two types of templates for virtual server deployment in OnApp: downloadable templates provided by OnApp, and custom templates you create from existing virtual servers. The OnApp template library includes a wide range of VS templates for various distributions of Windows and Linux, both 32- and 64-bit.
At present OnApp does not support VSs/templates with Active Directory Domain Controllers.
OnApp is a highly scalable cloud deployment and management tool that allows you to add and remove сompute resources, data stores, and resources at any time to meet your changing needs. You can add more CPUs and memory to a specific virtual server to increase its capacity, and increase the total available RAM and CPU by adding new сompute resources.
OnApp provides high reliability and availability in a number of ways:
- Compute resource failover management system — If a compute resource fails, OnApp's self-healing architecture automatically moves virtual servers to another box. Compute resources regularly update the control panel with their status. If they do not return valid data for a period of time, they are marked as offline, and an appropriate new compute resource is selected for a virtual server to boot there. This process is fully automatic, but may take several minutes. When the crashed compute resource comes online, it will be again available, but virtual servers previously migrated from it will not be migrated back.
- Virtual servers — OnApp keeps virtual servers running even if the Control Panel server goes offline. In such an event, you won't be able to perform any actions on virtual servers until access to the Control Panel server has been restored.
- Backup mechanisms — There is storage security provided by the backup mechanisms on both virtual and physical storage. Both automatic and manual backups provide the ability to capture the current state of a virtual server. You can always restore the virtual server from a backup if needed. There are also emergency MySQL backups as part of the disaster recovery system.
- High Availability Control Panel — OnApp High Availability feature brings new opportunity to deploy more than one Control Panel within one cloud. This allows to improve cloud load balancing, minimize server downtime in case of CP issues, and enhance the scalability of the whole infrastructure. At this stage, OnApp introduces high availability for the following components:
- Background services
- Load Balancer
- Message Queue
OnApp provides multiple layers of security:
- Compute resource — OnApp is a multi-compute resource cloud system that currently supports Xen, KVM, and VMware (Hyper-V and other compute resources will be added in future releases). The first layer of security is provided by the compute resource itself. For example, Xen provides full isolation between virtual servers and allows each virtual server to access its own disk only. When a virtual server makes a request for data, it gets redirected to its correct disk. Xen dictates which virtual servers and resources are allowed to run or be accessed at any given time.
- Firewall — In addition to the compute resource security mechanism, there is also an anti-spoof firewall which resides on the server where you store virtual servers. The firewall enables the management operating system of the compute resource to examine packets entering and leaving the virtual server. It blocks packets that do not belong to the virtual server and accepts those meeting the rules. The firewall prevents IP spoofing and packet sniffing.
- Control Panel — Virtual servers in OnApp are completely controlled by the administrator. Administrators have full root (Linux) or Administrator (Windows) access to accounts and servers. The Control Panel also lets you assign different levels of user access to virtual servers, compute resources, consoles and disks.
- Network Security is provided by completely isolating virtual servers from each other using VLANs. Each customer can be assigned their own VLAN, so using their private IP they can only access addresses within that VLAN. Using a public IP, they can only access those boxes which are manually specified, using the Integrated Console.