Upload
truongdung
View
227
Download
2
Embed Size (px)
Citation preview
v2.9 All Rights Reserved, Copyright FUJITSU LIMITED 2015
FUJITSU Cloud IaaS Trusted Public S5
Service Catalog
November, 2015
FUJITSU LIMITEDNOTE: This presentation is only a summary and does not constitute a legal contract.
Please see the terms and conditions of your services contracts for the controlling language.
3 v2.9 All Rights Reserved, Copyright FUJITSU LIMITED 2015
Service Outline
Create virtual systems of variable scale depending on user’s requirements. Load balancer and firewall are available for the virtual system. Users can login as the administrator of the virtual machine OS and have no restriction to
install any type of software or develop applications.
FUJITSU Cloud IaaS Trusted Public S5 (here after called "S5”)
creates and provides a private virtual system environment for users
within the large scale resources of Fujitsu data center (DC) by
using
virtualization technology.
Resource pool
Virtual system
Private virtual system is allocated from resource pool.
FUJITSU DC
Users
4 v2.9 All Rights Reserved, Copyright FUJITSU LIMITED 2015
5 Features
Speedy
Just select the system configuration that best meets
your purpose of use from the System Template Library.
Provides an environment that is already protected against
threats coming from the Internet. (DMZ, Firewall)
Self-service
Easily create and customize
servers/storages from the Service Portal.
It is also possible to monitor operation status, start/stop virtual
machines (VMs) and back-up/restore, all from the Service Portal.
Scalable
Create, delete, increase or decrease servers/storages
on the spot, whenever needed.
Hourly-based charge system for efficient usage.
Data protection by redundancy, performance assurance
of VM resources (CPU/Memory), and VPN connection.Secure
StandardizationJoined the leadership board of the DMTF Open Cloud
Standards Incubator, and endeavors for Cloud
standardization.
5 v2.9 All Rights Reserved, Copyright FUJITSU LIMITED 2015
Speedy
Simplify infrastructure creation by using system templates.
Provides a variety of templates which can set VMs separated on
multiple segments.
Easy to add extra VMs to the template.
Additional resources
1. Select
3. Deploy
Windows
ServerCentOS
Server
Virtual System
2. Customize
System Template Library
System templates
WEB
Server
WEB
Server
DB
Server
CentOS
Server
DM
Z
Secur
e
VMs
User Private Environment
6 v2.9 All Rights Reserved, Copyright FUJITSU LIMITED 2015
Scalable
It is possible to increase/decrease
the number of load-balanced VMs,
corresponding to online-business
peak hours. Can be used as temporary
development/test environment.
Start with small scale. Add more disks to meet data
volume, whenever necessary. Easily increase or decrease disk
capacity.
Start with minimal initial investment. Scale up VM performance,
corresponding to business growth.
* Additional costs for OS and Software
licensing, typically per month billing
Start using VMs within one hour after system deployment.
Pay as you go. (*)
Flexibly scale out/up at any time.
User Business
peak hourNormal hour
Increase Decrease
Business scale
expansion
Initial Operation Performance reinforcement
Initial Operation Data reinforcement
Normal hour
Setting
Setting
User
User
SettingIncrease Increase
7 v2.9 All Rights Reserved, Copyright FUJITSU LIMITED 2015
DesignStudio
Self-service
Select and customize system templates. Resource setup:
Deploy or delete VMs
Add/remove or attach/detach additional
disks
Systems operations can be executed from a web browser.
Select a template and easily deploy a system with
"DesignStudio".
Operate or check the system status with "System Manager".
System Manager
Operate VMs (start/stop/restart/backup/restore). Specify Firewall/Load Balancer. Update firmware. Verify VM status (“Running”, “Stopped”,
“Deploying”…) Notice about trouble occurrence (information about
fail-over, etc.). Create VM images and system templates. Performance monitor (CPU, disk, network, etc.).
8 v2.9 All Rights Reserved, Copyright FUJITSU LIMITED 2015
Complete redundancy of components, equipment and networks.
Server
Redundant
underfloor LAN
wiring-network
Stocks of spare
components for
maintenance
Storage
Secure
High-availability by system redundancy and fail-over feature.
Performance assurance of VM resources (CPU/Memory).
Secure connection with VMs by SSL-VPN connection.
Secure access to VMs by
SSL-VPN connection
Automatic fail-over in
case of hardware
malfunction
SSL-VPN
Redundant network
devices (switch,
router)
Redundant disk
Mirroring between
cabinets
Redundant storage
VMRedundant power
supply
SSL-VPN
VM
VM
9 v2.9 All Rights Reserved, Copyright FUJITSU LIMITED 2015
Approach in DMTF
Standardization
Joined leadership board of the DMTF Open Cloud Standards
and is engaged with Cloud standardization
Fujitsu Submit Cloud API specification to DMTF
Fujitsu Cloud API
DMTF (Distributed Management Task Force):
International standardization group about operation management and virtualization
technology
Fujitsu have been elected as a promotional leader.
DMTF Star Award
Jacques Durand, who works for Fujitsu America Inc., was recognized for his continuous contributions to Cloud standardization and was awarded the “DMTF Star Award”.
We provide the Fujitsu Cloud API for programmatically controlling virtual systems.
Users can operate virtual machines automatically (start, stop, backup, etc.).
S5
user SoftwareAPI calls can be scripted to
automate regular tasks such
as:
EX) - Stop virtual machines
- Backup data
- Reboot virtual machines
Cloud API
WEB
Server
WEB
Server
DB
Server
CentOS
Server
DM
Z
Se
cu
r
e
Virtual System
10 v2.9 All Rights Reserved, Copyright FUJITSU LIMITED 2015
Service Usage Flow1. Select a template at the Service Portal.
2. Deploy the selected template as a virtual system.
3. Connect via SSL-VPN, log-in to VMs and build applications.
4. Set the firewall, then make services available via Internet/private
network.
Virtual system
user
System Template Library
Deployed system can obtain the Internet connection,
VPN, and the Intranet connection easily.
Firewall/NAT (Network Address
Translation)
1. Select template
2. Deployment
3. Connect via
SSL-VPN, log-in to
VM.
4. Set the firewall,
then connect to the
Internet or Intranet
Access via the
Internet
Patches of System template
are
updated regularly.
Single
Web
Server
Web Server x3
+ AP/DB Server
x1
+ Interior FW/LB
+ Additional disk
Web Server x3
+ AP Server x2
+ DB Server x1
+ etc..
Internet/Intranet
Service
Portal
12 v2.9 All Rights Reserved, Copyright FUJITSU LIMITED 2015
Service Menu Outline
Category Menu Description
Network
Virtual Subnet Provides private IP address.
This enables communication between VMs inside the system template.
Firewall Provides Firewall for controlling the communication with the Internet
and between virtual subnets.
Features such as session log display, rules import/export, setup for
DNAT/SNAPT and Static NAT are also provided.
Load Balancer Network traffic to a private IP address are dispersed among multiple
registered VMs.
It also provides a packet capture log feature.
NAT (Network Address
Translation)
Provides NAT function for global IP address communication.
Update Servers Provides access to WSUS server for Windows update, yum repository
server for CentOS update, and RHUI server for RHEL update. (*1)
Monitor
Hardware monitoring Monitors hardware looking for malfunctions.
If a malfunction is detected, it automatically restarts VMs at a different
server and notifies users by e-mail.
VM Health Checking Monitors the running status of the VM.
Service
Portal
Design Studio Select the system template, deploy and change the settings.
System Manager Operate and confirm the status of the system.
Server Console Verify and solve troubles, such as OS startup latency due to fsck,
using a web-based console.*1 : In order to use the update server, it is necessary for the virtual system to have access to the internet.
13 v2.9 All Rights Reserved, Copyright FUJITSU LIMITED 2015
Network Layer Types
Subnet Firewall-controllable traffic Conceptual diagram
1 Tier • Internet <----> DMZ
2 Tier• Internet <---> DMZ
• DMZ <---> Secure 1
3 Tier
• Internet<--->DMZ
• DMZ<--->Secure 1
• DMZ<--->Secure 2
• Secure 1<--->Secure 2
Firewall is provided by default.
One firewall can control the traffic between the Internet and also between Intranets.
DM
Z
DMZ
Secure 1
Secure 2
DMZ
Secure 1
14 v2.9 All Rights Reserved, Copyright FUJITSU LIMITED 2015
Monitoring
Types Description
Hardware Monitoring
Virtual Machine
Monitoring
Virtual Machines are automatically rebooted when transferred.
Notification e-mails are sent to users when the transfer starts and when it finishes.
Transfer the VMs to an operational physical server
Monitor the physical servers for malfunctions.
If a physical server goes down because of a
failure, the VMs running on that server are
transferred to another operational server.
Transfer the VMs to an operational physical server
If any trouble occurs on the Virtual Machine
due to an abnormality on the hypervisor or the
physical server, VMs running on that
hypervisor or physical server are transferred
to a normally operating physical server.
VM
Hypervisor
VM VM
OS OS OS
Physical
Server
VM
Hypervisor
VM VM
OS OS OS
Physical
Server
Failure
Abnormality
15 v2.9 All Rights Reserved, Copyright FUJITSU LIMITED 2015
VM Type (1)
TypeCPU Performance index
*1Number of virtual CPU *2 Memory (GB)
Mini 0.5 1 1.7
Economy 1 1 1.7
Standard 2 1 3.4
Standard 7 2 1 7.5
Standard 15 2 1 15
Standard 30 2 1 30
Advanced 3 4 1 3.4
Advanced 4 1 7.5
Advanced 15 4 1 15
Advanced 30 4 1 30
High-performance 3 8 2 3.4
High-performance 7 8 2 7.5
High-performance 8 2 15
Double High 7 16 4 7.5
Double High 15 16 4 15
Double High (*3) 16 4 30
Quad High15 (*3) (*4) 32 8 15
Quad High30 (*3) (*4) 32 8 30
Quad High (*3) (*4) 32 8 60
*1: Appropriately Xeon 1.0GHz (in 2007) per CPU Performance index 1.
*2: Number of virtual CPUs could be varied in future requirements. Since CPU resource is statically assigned to
each VM, VM usage does not affect other VM’s performance.
*3: This VM type cannot be applied with “Red Hat Enterprise Linux 5.x(32bit)”, “Red Hat Enterprise Linux
6.x(32bit)”, “CentOS 5.x(32bit)” and “CentOS 6.x(32bit)” due to non-assurance of sufficient memory.
*4: This VM type is available for Japan(East/West), Europe-Germany and Europe-UK(London East/North).
16 v2.9 All Rights Reserved, Copyright FUJITSU LIMITED 2015
VM Type (2)
DiskCapacity of
CentOS / Ubuntu
Capacity of
Windows Server 2003 / RHEL
Capacity of
Windows Server 2008 /
2012
System Disk 10 GB 40 GB 180 GB
OS is installed in the system disk. The space requirement varies by OS. (The capacity above is the total, including the
OS.)
System disk will be deleted when VM is deleted.
For saving data, use the additional disk service provided.
17 v2.9 All Rights Reserved, Copyright FUJITSU LIMITED 2015
VM Type (2)
Installed OS Version
WindowsWindows Server
(*1)
Windows Server 2008 R2 SP1 SE 64bit English Processor
License
Windows Server 2008 R2 SP1 EE 64bit English Processor
License
Windows Server 2012 SE 64bit English Processor License
Windows Server 2012 R2 SE 64bit English Processor
License
Linux
Red Hat Enterprise
Linux
Red Hat Enterprise Linux 5.7 32/64bit (English)
Red Hat Enterprise Linux 5.8 32/64bit (English)
Red Hat Enterprise Linux 5.9 32/64bit (English)
Red Hat Enterprise Linux 6.3 32/64bit (English)
Red Hat Enterprise Linux 6.4 32/64bit (English)
CentOS
CentOS 5.6 32/64bit (English)
CentOS 5.9 32/64bit (English)
CentOS 5.11 32/64bit (English)
CentOS 6.2 32/64bit (English)
CentOS 6.4 32/64bit (English)
CentOS 6.6 32/64bit (English)
Ubuntu Ubuntu Server 14 LTS 64bit (English)
OS is provided as pre-installed in the VM.
(*1) Microsoft software is provided with SPLA license. Note that there may be usage
18 v2.9 All Rights Reserved, Copyright FUJITSU LIMITED 2015
System Template Service
Service Menu Description
System Template
Service
• Provides templates to create multi-layer subnet systems with only a few
clicks.
• OS and middleware are included and basic network settings are configured
by default.
• Access to the system from the Internet requires firewall settings.
• Communication between VMs of different layers also goes through the
firewall.
Example of a 3 Tier system template.• Users can deploy a 3 Tier system as the diagram below.
• Users can select from a wide variety of system templates.
Templates OS/software
Web/DB CentOS [5.4/32bit/2-tier] CentOS5.6 32bit
Web/DB Windows [2003 SE/SP2/2-
tier]
Windows2003 R2 SE 32bit
SQL Server 2008 SE
Web/DB Windows [2008 R2 SE/2-tier]
Windows Server 2008 R2 SE
64bit
SQL Server 2008 SE
Examples of templates
WE
B
WE
B
WE
B
AP AP
DB
DMZ
Secure 1
Secure 2
19 v2.9 All Rights Reserved, Copyright FUJITSU LIMITED 2015
Middleware Service
Service Menu Description
Middleware Service
Microsoft SQL Server 2008 R2 SE
Microsoft SQL Server 2012 SE
Microsoft SQL Server 2014 SE
Provides system templates with middleware included.
VMs are also provided with pre-installed middleware.
20 v2.9 All Rights Reserved, Copyright FUJITSU LIMITED 2015
Network Service (1)
Service Menu Description
Internet Connection
Feature
Provides Internet connection environment for VMs.
Also provides the environment for SSL-VPN connection via Internet to the S5’s
virtual system.(*1)
IPsec VPN Service
All virtual Systems on S5 can easily establish IPsec VPN connection with other
environments via virtual VPN gateway.
Mobile internet VPN and Hub & Spoke functionalities are also provided.
IPsec VPN Service
All virtual systems on S5 contract can establish IPsec VPN connection with
other environments via virtual VPN gateway.
VPN environment can be easily set up.
DC Internal Connection
Service
Provides Fujitsu DC internal connection for users, connecting systems that are
operating inside the DC with S5 systems.
Global IP Address
ServiceProvides up to 10 global IP addresses to access from the Internet.
Multiple NIC ServiceAllows the allocation of up to 7 additional NICs per virtual machine (including
the default NIC, a maximum of 8 NICs can be installed)
*1 : Internet / Intranet connection settings can be changed after deployment.
21 v2.9 All Rights Reserved, Copyright FUJITSU LIMITED 2015
Network Service (2)
Service Menu Description
Firewall Service
Controls the network traffic between virtual systems, or between the external
network and the virtual system.
The firewall can be cloned for redundancy.
Throughput performance is as follows. (*1)
Normal 8 to 183 Mbps
Turbo 75 to 350 Mbps
Load-balancing Service
Provides internal/external load-balancing system.
Features for maintaining a session (including SSL), and for displaying an "Error
page" are also available.
The load-balancer can be cloned for redundancy.
Efficiency of SSL is as follows. (*1)
Normal Max. 30TPS [1024bit key length] Max. 10TPS [2048bit
key length]
Turbo Max. 2000TPS [1024bit key length] Max. 700TPS [2048bit
key length]
*1 : These values were measured using the Fujitsu evaluation environment and will vary based on user
architecture and workload. Actual speed cannot therefore be guaranteed.
22 v2.9 All Rights Reserved, Copyright FUJITSU LIMITED 2015
Internet Connection Feature
No need for users to prepare their own internet connection line. Translate global IP address into private IP address via firewall configuration.
Provides the environment for connecting VMs to the Internet.
Connect to the internet by simply configuring the firewall.
Provides SSL-VPN connection to VMs.
User
(operator)
Global
IP addressAddress
Translation
Feature overview
Virtual system
Configure firewall
using Service Portal.
Quickly set up an
Internet connection
Service Portal
G1
G2
G3
Private
IP address
P1
P2
P3
23 v2.9 All Rights Reserved, Copyright FUJITSU LIMITED 2015
Virtual Platform Environment Virtual Platform Environment
Virtual Platform Environment
IPsec VPN Service(1)
IPsec VPN connections between S5 virtual systems and other
environments are established through an IPsec VPN gateway
server.
Easily set up a VPN environment.
IPsec connection between on-premise environment and S5
IPsec connection between S5 regions
S5
S5
VPN
Gateway
S5
VPN
Gateway
Note: On the user’s on-premise environment side, the user needs to set up a VPN gateway.
Region-A Region-B
IPsec VPN
IPsec VPN
On-premise environment
VPN
Gateway
VPN
Gateway
Note: In this case, user does not need to set up a VPN gateway.
24 v2.9 All Rights Reserved, Copyright FUJITSU LIMITED 2015
IPsecVPN Gateway SettingsSetting Item Value Complement
ID IPsecVPN gateway unique ID Up to 10 opposite gateways can be set
Destination Gateway Global IP
Address
Global IP address of the opposite
IPsecVPN gateway
Authentication Key (PSK) Any alphanumeric charactersShould be the same as the opposite IPsecVPN gateway and client
device
Ping Monitoring DestinationPrivate IP address of the opposite
IPsecVPN gateway
After established the IPsecVPN tunnel, it monitors the opposite
IPsecVPN gateway by Ping.
Encryption Suite Cipher Suite A/Cipher Suite B
・Should be the same as the opposite IPsecVPN gateway
・Do not set when using Mobile Internet VPN
<Reference for setting>
Encryption strength: Cipher Suite A < Cipher Suite B
Encryption process efficiency: Cipher Suite A > Cipher Suite B
Hub & Spoke On / Off
Mobile Internet VPN
(L2TP/IPsecVPN)On / Off
When “On”, user needs to set the following items:
-User ID
-Password
-Target virtual system for VPN access
-Timeout
The transmission speed was measured between Japan East and West regions using a 64KB packet.
・Result: 35.5Mbps - 291.0Mbps *Depends on the network (Internet) conditions.
IPsecVPN Gateway Performance
IPsec VPN Service(2)
25 v2.9 All Rights Reserved, Copyright FUJITSU LIMITED 2015
IPsec VPN Service(3)
Specification
IPsec VPN connection is possible only with the global IP addresses that were set at the VPN gateway.
Usage fee of Internet and IP address are not charged for IPsec VPN.
The below listed VPN gateway devices have been confirmed to be operable.
•Cisco 892J(IOS:12.4 or later)•Cisco 1812J(IOS:12.4 or later)•Cisco ISR 2811(IOS:12.4 or later)•Cisco ISR 3811(IOS:12.4 or later)•IPCOM EX2300 IN(E20L21 or later)•Si-R220C(V35 or later)•Si-R G200(V1 or later)•Si-R220C(up to V34) *1•Si-R220B *1•Si-R80Brin *1
*1: Note that for these devices, when a NAT device is configured between VPN
gateways, IPsec VPN connection will NOT work.
Each virtual IPsec VPN gateway can connect simultaneously to a maximum of 10 opposite gateways or 2,000 client terminals.
26 v2.9 All Rights Reserved, Copyright FUJITSU LIMITED 2015
IPsec VPN Service(4) – Mobile Internet VPN
Client devicesTarget VSYS can
be specified
User’s Contract Organization
S5
IP Address: 64.1.1.10
IP Address: 64.1.1.11
IP Address: 64.1.1.12
⇒ Private IP address for L2TP
192.168.1.1
⇒ Private IP address for L2TP
192.168.2.1
⇒ Private IP address for L2TP
192.168.3.1
User ID
Password
PSK
Settings Example (iPhone)・No application is needed.
Easily connect by using the device’s
default VPN settings.
・In order to use L2TP,
each device gets a private IP address
from S5.
・Authentication method can be selected
from the client side(MS-CHAP-V2, CHAP, PAP)
IPsecVPN connection is possible with Windows, iOS, Mac OS and Android
devices No need to install applications on the client device. Just setup the default VPN
settings of the OS (User information, destination address, etc.)
Usage image for Mobile Internet VPN
IPsecVPN GW
Virtual System A
Virtual System B
Virtual System C
27 v2.9 All Rights Reserved, Copyright FUJITSU LIMITED 2015
Client OS Version Support
Windows
Vista(32bit/64bit)Yes
(SP1, SP2)
7(32bit/64bit)Yes
(Up to SP1)
8(32bit/64bit) Yes
8.1 Yes
iOS 5.x/6.x/7.x Yes
Android 2.x/3.x/4.x Yes
Mac OS X 10.7/10.8/10.9 Yes
Supported OS for Client Device
(*1) Windows Server and Linux are not supported
(*2) Using EAP (extendible authentication protocol) certificate for user authentication is not supported.
(*3) Using certificates for connection authentication is not supported.
(*4) The user ID and password of the client device must be set at the S5 IPsecVPN gateway beforehand.
Use Case Examples・Connecting to S5 systems securely from the user’s office without a VPN gateway.
・Connecting to S5 systems securely with mobile devices outside of the office.
・Service provider can offer mobile solution services on S5
IPsec VPN Service(5) – Mobile Internet VPN
28 v2.9 All Rights Reserved, Copyright FUJITSU LIMITED 2015
Client Terminal
Virtual System A
L2TP/IPsecVPN192.168.3.0/24
192.168.4.0/24
192.168.5.0/24
User’s Contract Organization
Virtual System B
Virtual System C
S5IP Address: 64.1.3.11
⇒Private IP address for L2TP connection
192.168.3.1
Network Address:
64.1.1.0/24
IPsecVPN GW
Network Address:
64.1.3.0/24
IPsecVPN GW
VPN connection between
on-premise terminals
are possible via S5
IPsec VPN Service(6) – Hub & Spoke
・Easily creating a network between user’s branch offices via the Internet.
・Connecting to user’s office securely from mobile devices.
・Easily configuring a hybrid cloud environment between the user’s S5 system and on-premise environments.
Through the IPsecVPN gateway, it is possible to connect a client terminal with
another terminal or mobile device by VPN
Use Case Examples
Hub & Spoke Usage Image
IPsecVPN GW
29 v2.9 All Rights Reserved, Copyright FUJITSU LIMITED 2015
DC Internal Connection Service
Hybrid infrastructures can be created by establishing connection
between S5 virtual systems and users’ systems that are hosted
inside Fujitsu DC.
Image of DC internal connection service
User system inside Fujitsu DC
Virtual System
Fujitsu DC internal network
30 v2.9 All Rights Reserved, Copyright FUJITSU LIMITED 2015
Firewall Service
(*1) These values were measured using the Fujitsu evaluation environment and will vary based on user architecture and workload. Actual speed
cannot therefore be guaranteed.
Item Firewall (Primary) Firewall (Secondary) Notes
Throughput
Performance (*1)
Normal 8~183Mbps
Turbo 75~350Mbps
Start/Stop Operation ON/OFF ON/OFFIndependent start/stop
possible
Fe
atu
re
NAT Settings DNAT / SNAPT, Static NAT
Settings unnecessary
(Automatically Updated)
Firewall Settings Rules Settings
DNS Settings
One of following :
• Do not use
• Standard DNS
• Custom DNS Settings
Log DisplayLatest 1000 items can be
viewed/ exported
Latest 1000 items can be
viewed/ exported
Primary/Secondary log can
be viewed/exported
separately
Configuration ManagementFirewall Settings’ Backup/
Restore Settings unnecessary
(Automatically Updated)VPN Environment Settings Static Route Settings
IDS / IPS Settings
Action settings
to detect intrusion
• Detect(IDS) mode
• Protect(IPS) mode
Settings unnecessary
(Automatically Updated)
Manage communications between virtual systems or between the virtual system and the
outside network
DNAT/SNAPT/Static NAT setup available
Import/Export many firewall rules at the same time
Up to 800 firewall rules can be set
31 v2.9 All Rights Reserved, Copyright FUJITSU LIMITED 2015
Firewall Redundancy Service
【Important Notice】
1. Firewall redundancy cannot be set up
when creating a new system. After
deploying a firewall, change the setup to
make it redundant. Additionally, the
firewall (primary) must be active when
doing so.
2. Equally, the primary firewall must be
running in order to end redundancy.
3. The firewall needs to be restarted in order
to start/end redundancy.
Automated switchover to secondary firewall within 10-20 second following
failure of primary.
Updating or changing type (e.g. normal to turbo) only takes a few seconds
offline.
Switching between primary and secondary can also controlled via the API.
Primary firewall settings such as global IP address and private IP address can
be automatically shared with the secondary firewall.
Firewall Redundancy Service Features
(1) Auto-switch on incidents
(2) Manual switch available
Primary Secondar
y
Primary
ON/OFF
Secondar
y
ON/OFF
WEB WEB
AP
BP
DMZ
SECURE
1
WEB
SECUR
E 2
32 v2.9 All Rights Reserved, Copyright FUJITSU LIMITED 2015
Continuous Service
Maintain Session
Monitoring and Automatic re-routing Following Failure
Load Balance Service (1)
Rule Based Load Balancing
Provides load-balancing across VMs.
Features: maintain session, monitor for failure, continuous service.
New “High-performance Turbo Load Balancer” which is more efficient than the
previous load balancer.
Monitor
server’s health.
Disconnect from
load balancer
when a
malfunction Is
detected.
Disconnect
from load
balancer
manually for
maintenance.
Reconnect to
load Balancer
after finishing
maintenance.
Disperse
requests
according to
balancing rulesWithout
session
preservation
With
session
preservation
error Maintenance Online
Requests may be
dispersed to different
servers, causing the
replies to be inconsistent.
Requests from the same
user will be sent to the
same server so that
inconsistency does not
occur.
33 v2.9 All Rights Reserved, Copyright FUJITSU LIMITED 2015
Load Balance Service (2)
(*1) These values were measured using the Fujitsu evaluation environment and will vary based on user architecture and
workload. Actual speed cannot therefore be guaranteed.
ItemLoad Balancer
(Primary)
Load Balancer
(Secondary)Notes
SSL TPS
performance (*1)
NormalMax 30TPS [1024bit key length]
Max 10TPS [2048bit key length]
TurboMax 2000TPS [1024bit key length]
Max 700TPS [2048bit key length]
Start/Stop Operation ON/OFF ON/OFFIndependent start/stop
is possible
Fe
atu
re
SLB Settings
Web accelerator settings, add group,
Sorry page settings, certificate
registration
Settings Unavailable
(Automatically Updated)
Load Balance
Situation
Display/Clear statistics , transfer to
maintenance modeInspection Available
Error Situation Display/Clear statistics
Certificate
Management
Server certificate/Intermediary
certificate registration/delete
Settings Unavailable
(Automatically Updated)
Configuration.
ManagementSettings backup/restore
Settings Unavailable
(Automatically Updated)
Packet Capture LogLog output
Output download/delete
Settings Unavailable
(Automatically Updated)
34 v2.9 All Rights Reserved, Copyright FUJITSU LIMITED 2015
Load Balancer Redundancy Service
【Important Notice】
1. Load balancer redundancy cannot be set up when
creating a new system. After deploying a load
balancer, change it's setup to make it redundant.
Additionally, the load balancer (primary) must be
active when doing so.
2. Equally, the primary load balancer must be running
in order to end redundancy.
3. The load balancer needs to be restarted in order to
start/end redundancy.
4. VMs and load balancers are included in the system
deployment limit of 20 machines.
Automated switchover to secondary load balancer within 10-20 second following failure
of primary.
Updating only takes a few seconds offline
Switching between primary and secondary can be controlled via the API or My Portal.
Primary load balancer settings such as global IP address and private IP address can be
automatically shared with the secondary load balancer.
Load Balancer Redundancy Service Features
(1) Auto-switch on incidents
(2) Manual switch available
WEB WEB WEB
Secondary
Before Incident:
After Incident:
Primary
ON/OFF
Secondary
ON/OFF
Primary
WEBWEB WEB
AP DB
DMZ
DMZ
SECURE1
35 v2.9 All Rights Reserved, Copyright FUJITSU LIMITED 2015
Multiple NICs Service (1)
* NIC (Network Interface Card) is an extension card to connect to the LAN (Local Area Network)
Allows the allocation of up to 7 additional NICs per virtual machine
(Including the default NIC, a maximum of 8 NICs can be installed)
VMs can be connected to different network segments by adding NICs.
Flexible and efficient network topologies can be implemented utilizing
multiple NICs.
Example of Multiple NICs Service Usage
Business Purpose Transmission :
Monitoring Purpose Transmission :
WEB1 WEB2
DB
Monitoring Server
DMZ
SECURE
1
SECURE
2
36 v2.9 All Rights Reserved, Copyright FUJITSU LIMITED 2015
Multiple NICs Service (2)
Multiple NICs can only be added when creating a new virtual machine. It is not possible to add NICs to a virtual machine
that is already deployed. When connecting a Secure segment and a DMZ segment, please ensure that appropriate firewall rules are implemented,
ideally with “point to point” specific rules.
[Security Guidance]
Always configure the firewall to permit authorized, ideally point-to-point traffic flow between segments and VM’s.
This is especially important when configuring external connectivity to/from the internet.
1. It is not recommended to set NAT to the Virtual Machine and enable connection from the Internet.
2. It is not recommended to set routing configuration on the Virtual machine between DMZ and Secure segment.
Important Notice
Security Notification of Multiple NICs
Precaution 1:
Precaution 2:
WEB
DB
DMZ
SECURE1
Routing
NAT
37 v2.9 All Rights Reserved, Copyright FUJITSU LIMITED 2015
Storage Service (1)
Service Menu Description
Additional Disk Service
10GB to 10TB capacity per additional disk
(data is encrypted when written on a physical disk).
It is possible to add more disks or switch connection to different VM’s
when needed.
Scale out / Switch connection to another VM.
Although disk size can be increased up to a maximum of 10TB per additional disk, please note the following
restrictions:• Red Hat Enterprise Linux 5.x 32bit/64bit: support up to 8TB • Red Hat Enterprise Linux 6.x 32bit/64bit: support up to 10TB
Attach/detach
Re-attach to
another VM
Add a disk when
needed
Additional Disk
Service
. . .
Example:
Re-attach the disk to a higher performance server
to easily transfer data.
Disk stand-by areaReserved area for disconnected disks.
DMZ
SECURE
1
SECURE
2
Restrictions
38 v2.9 All Rights Reserved, Copyright FUJITSU LIMITED 2015
Storage Service (2)
Service Menu Description
System Backup
Storage Service Provides a disk for system or data backup. (*1)
Backup VM system or additional disk by copying the entire disk. (*2)
This service is available when you execute the backup operation from the Service
Portal. It is possible to generate multiple generation backup files. (*3)Data Backup
Storage Service
System Snapshot
Storage Service Provides a disk for system or additional disk snapshot.
Take snapshot without stopping the VM.
Restoring time is reduced compared to Backup Service.(*4)Data Snapshot
Storage Service
*1 : : To use this service, the VM needs to be shut down. However, it is possible to restart it 1 or 2 minutes later.
*2 : Backup files can only be restored to original volume.
Backup files are deleted automatically when original volume is deleted.
*3 : A new backup disk is created for each backup operation. Backup managing (e.g. deleting) should be done by the user.
*4 : To restore a snapshot, the VM needs to be stopped.
When the restore operation is completed, the snapshot data is deleted.
39 v2.9 All Rights Reserved, Copyright FUJITSU LIMITED 2015
Storage Service (3)
Service Menu Description
Virtual Machine Image Storage Service
Provides storage disk for saving user-created VM images and system templates.
It is possible to extract a deployed VM or system image and create an user customized template. *1
Service charging starts from the time that the user executes "create image" at the Service Portal.
Images and templates can be used for scaling-out or for cloning a virtual system.
Create Template *2It is possible to create a system image from a deployed virtual system and use it to clone that virtual system.
Create Image *2It is possible to create a VM master image from a deployed virtual machine and use it to clone that VM.
*1: The master image remains even if the VM is deleted.
*2: To use this service, the VM needs to be shut down. However, it is possible to restart it 1 or 2 minutes later.
Virtual Machine Image Storage
Create
System
Template
Create new
virtual
system
Create
VM
master
image
Scale out
40 v2.9 All Rights Reserved, Copyright FUJITSU LIMITED 2015
Software Support Change (1)
No. Change patternApplied charge for the month
Restriction after changing
1 Support not included to Support included
The higher support charge is
applied(*2)
User cannot change the software
support to “Support not included”
for 180 days.
2
Support included
(Weekday 8:30-
19:30)
toSupport included
(24 hours 365 days) None
3Support included
(24 hours 365 days)to
Support included
(Weekday 8:30-19:30)None
4 Support included to Support not included None
*1:
- This function is only available for virtual machines that have multiple software support options. Please refer to the “OS
Environment Usage Charges” section of the “Service Charges” menu available on the Portal.
*2:
- If the VM is never started after user changed to higher support level until the end of that billing month, the cheaper support
charge is applied. If it is stopped during the whole billing month, there is no charge for the OS and middleware software,
including the support.
It is possible to disable or enable the Software Support without
rebuilding the virtual machine(*1) .
When the software support is changed, the more expensive plan will
be charged for that month’s billing.
41 v2.9 All Rights Reserved, Copyright FUJITSU LIMITED 2015
Software Support Change (2)
When creating a new VM with “Support included” or when changing from “Support not
included” to “Support included”, it is not possible to change to “Support not included” for
180 days, including the day of application.
After creating a new VM with support or adding support to an existing VM, a maximum of
5 business days are required before support is available.
Restrictions and Important Notes
Time
Support
level
Support
not included
24 hours 365 days
support
Weekday
8:00-19:00
Support
not included
Weekday
8:00-19:00
“Support not included” is
unavailable for 180 days
Change
Change
Change Change
[Possible to change]
Support included (24 hours 365 days) to
Weekday 8:00-19:00 support
[Possible to change]
From “Support not included”
to “Support included”
42 v2.9 All Rights Reserved, Copyright FUJITSU LIMITED 2015
User Community Outline
https://cloudcommunity.global.fujitsu.com/en/
Open to the public and accessible via the internet
Provides development tools for S5 API
FAQ, documentation and forums enable users to resolve many issues and
queries – and to share their own tips and workarounds
44 v2.9 All Rights Reserved, Copyright FUJITSU LIMITED 2015
Service Portal Outline
Service Portal Top Page
Menu List
Login
New Account
Notices /
Maintenance Info
Cloud Resource Management
Secure, authenticated client access
Available functionality (after login):• Easy system design via Design Studio
• Service Dashboard to monitor system status
• Administrative functions (ID/certificate management)
45 v2.9 All Rights Reserved, Copyright FUJITSU LIMITED 2015
After Login (My Portal)
Screen after login
Menu List
Minimized
Windows
Start-up
Window
Notice
Window
Easy to use, intuitive User Interface
46 v2.9 All Rights Reserved, Copyright FUJITSU LIMITED 2015
Design Studio
System template selection.
VM addition, removal, spec change.
Addition, removal and reconfiguration of firewalls, etc.
Addition, configuration and removal of optional services.
VM addition, removal and spec change.
Addition, removal and reconfiguration of firewalls, etc.
Addition, configuration and removal of optional services.
System Initial Deployment Configuration of Running Systems
Create, amend and delete Virtual System, Virtual Machine, Firewall
configurations
Easy to use graphical UI
Cumulative Monthly Cost is calculated as resources are added or
removed
• Useful as a “sandbox” for developing architectures and assessing
associated costs – before committing to deployment
47 v2.9 All Rights Reserved, Copyright FUJITSU LIMITED 2015
Building a New System - Flow
Deployment process Confirm and start system deployment.
Step1
• Search for & Select the Virtual system template
– 1, 2 or 3-Tier
Step2
• Name the virtual system template
• Select connection type (Internet/private network)
Step3
• Create/delete/modify VMs
• Add/remove/modify optional services
Step4
• Confirm estimation
• Save the estimation
Step5
• Gain approval for deployment
• Accept the service agreement
48 v2.9 All Rights Reserved, Copyright FUJITSU LIMITED 2015
Building a New System (Step 1 & 2)
Virtual system Template Search & Selection
Refine by keyword and approximate cost
Network Connectivity Selection
Step 2: Specify network environment
Step 1: Virtual System Template Selection
Template Search
Template List
Template Details
System Name Input
Network Type Selection
49 v2.9 All Rights Reserved, Copyright FUJITSU LIMITED 2015
Building a New System (Step 3 & 4)
Drag & drop inside the system outline
diagram to add a new appliance.
Change the VM spec or copy/delete a VM
deletion are possible.
System Build/Customize
Estimate Confirmation
The estimate generated is based on a
maximum monthly uptime of 744 hours. The
estimate can be saved for approvals and, once
approved, used to reconfigure or deploy the
system.
Step 3: Architect the virtual system design
System Outline Diagram
Virtual System Details
Available Appliance List (VM, storage, etc.)
Step 4: Confirm estimate
Estimation Results
50 v2.9 All Rights Reserved, Copyright FUJITSU LIMITED 2015
Building a New System (Step 5 - Start Deployment)
Customer acceptance of service contract terms and conditions
Step 5: Agree to service usage contract
Service Usage Contract
Ready to start deployment.
51 v2.9 All Rights Reserved, Copyright FUJITSU LIMITED 2015
System Manager
Check the VM status (Running / Stopped / Deploying, etc.)
Verify the malfunction occurrence state (information about Fail-over).
Confirm the resource usage state (CPU performance index, disk space).
Operate VMs (Start / Stop / Reboot / Backup / Restore).
Configure Firewalls and Load Balancers, update the firmware.
Create VM Images and System Templates.
Running Status Display Resource Operations
Service Dashboard for checking the system status.
Administrative functionalities for management of virtual
systems and VMs
52 v2.9 All Rights Reserved, Copyright FUJITSU LIMITED 2015
System Manager – Virtual System
Overview
System Summary (Composition View)
System Details
Log-in to OS,
Change system
composition, Return
machine
System Summary
Operation Buttons
List of VMs on the Selected System
53 v2.9 All Rights Reserved, Copyright FUJITSU LIMITED 2015
System Manager - Virtual Machines
VM Summary Page
Displays VM information:
- VM status
- VM name
- IP address
- Backup/restore status
- Number of backups
etc.
Backup Screen
Summary of stored backup data
Start backup
Start restore
Delete backup data
Operation Buttons
VM Summary List
Backup Data List
Backup History
Operation Buttons
VM start/shutdown
54 v2.9 All Rights Reserved, Copyright FUJITSU LIMITED 2015
System Replica Distribution
[Restriction]
- FW/SLB settings cannot be copied in this function.
- Private IP address and Global IP address will change.
- Cannot use this function between different regions.
- Please do not infringe or violate the intellectual property right of others.
With the System Replica Distribution function, users may copy configured virtual systems,
virtual machines and attached additional disks, and then deploy those copied resources
to another contract ID’s system
It is also possible to copy user data from one additional disk to another one in the same
contract ID system
Use Case
With old contract ID's system(*1), the user cannot use high
performance type of VM. However, by copying the current system to a
new contract ID's system(*2), the user can user high performance type
of VM.
*1: Contract ID applied on before July 11, 2012
*2: Contract ID applied on after July 12, 2012
User can
migrate
whole
system easily.
Service Provider Capabilities
business
system
business
system
B
C
Contract ID: A
DMZ
Secure
DMZ
Secure
Old contract ID's
system
Unable to use high
performance VM
DMZ
SECURE1
New contract
ID‘s system
Able to use high
performance VM
DMZ
SECURE1
business
systemA
Contract ID: B
DMZ
Secure
business
systemX
Contract ID: C
DMZ
Secure
business
systemY
Contract ID: D
DMZ
Secure
Copy
whole
virtual
system
Copy VMs
only
Copy only
user data
in additional
disk
business
systemA
DMZ
Secure
55 v2.9 All Rights Reserved, Copyright FUJITSU LIMITED 2015
Multiple private IP addresses
Private IP address (DHCP)Private IP address
(Manual setting)Multiple NIC Service
Segment Same as VM Same as VM Can connect to other segments
NIC Only 1 (default) Only 1 (default) Up to 7 additional NICs
Private IP address range
setting between each
segment
• Users set the range of private IP address manually on the service portal.
[Addressing private IP address range]
Class A:10.0.0.0~10.255.255.255
Class B:172.16.0.0~172.21.255.255
Class C:192.168.0.0~192.168.255.255
*In the above address range, the range “10.128.0.0/16” is not available.
Private IP address
configuration
to a VM
Private IP address (DHCP) is
allocated automatically from the
network address range (24bit
mask) allocated to each segment.
In the network address range
from “xxx.xxx.xxx.151/24” to
“xxx.xxx.xxx.200/24”, user can
set static IP address manually.
Private IP address (DHCP) is
allocated automatically from
the network address range
(24bit mask) allocated to each
segment.
Firew
all
Rule setting Available Available Available
NAT setting Available Available Available
SLB load balancing
settingsAvailable Unavailable Available
Private IP address display
on the service portalAvailable Unavailable Available
Assign multiple IP addresses to a VM.
Static IP addresses can be added in addition to the
automatically allocated private IP address.
Enables multi-Domain configuration of VM.
56 v2.9 All Rights Reserved, Copyright FUJITSU LIMITED 2015
VPN Connection Environment Setting
Setting Internet VPN environment using static route function (Example) :
It is possible to connect Secure1 and Secure 2 network with servers on the user’s LAN by VPN connection.
Static routes can be configured within the virtual system’s Firewall settings
Users can construct the Internet VPN environment on the S5 using VPN
software (e.g. OpenVPN) and the static route setting at Firewall.
Enables easy configuration of Internet VPN connectivity
S5
VM VM
VM2VM1 VM3
VM5VM4 VM6
User on-premises environment
User LAN “A”
User LAN “B”
Installed OpenVPN
VPN
VPN
VPN
VPN
Installed OpenVPN Clients
DMZ
Secure1
Secure2
VM0
57 v2.9 All Rights Reserved, Copyright FUJITSU LIMITED 2015
Server Console
Service Specification
• Usage fee: Free
• Supported OS: Windows7(32/64bit), Windows8(32/64bit), Windows8.1(32/64bit)
• Supported Browser: Internet Explorer 10 / 11, Firefox ESR24
• 1VM connection per one contract user
• Session time limit: 30 min
• Supported keyboard: en-us type
(1) Select target VM
(2) Click ‘Console’ button
(3) ‘Server Console’ screen will appear
Provides Command Line administration functionality
Enables administration when VM connectivity has been lost; e.g. no SSH or
RDP
58 v2.9 All Rights Reserved, Copyright FUJITSU LIMITED 2015
VM Import Service (1)
*For the detailed procedure from(1)to (7), refer to the next slide.
The VM Import service allows the VMware format VM image created in the vSphere and
Resource Orchestrator (ROR) environments to be imported directly from the Service
Portal.
Provides:• VM import functionality from legacy or 3rd party environments
• Ease of migration for ad-hoc or multiple moves as part of User transition
• Enhances Business Continuity options by enabling the creation of “standby” VM images
Flow of VM Import Service
(1) Prepare VM image
(2) Prepare
additional disk
(3) Transfer VM image
to additional disk
User
S5
SSL-VPN
Client machine
(4) Start “VM Import”
(5) Importing
(6) Import Completed
(7) Create VM from
private image
59 v2.9 All Rights Reserved, Copyright FUJITSU LIMITED 2015
VM Import Service (2)
No. Implementation items Contents Charge
(1) Prepare VM imagePrepare a VM image of vmdk format on user
environment.-
(2) Prepare additional diskCreate VM on the Service Portal of S5
and mount an additional disk.-
(3)Transfer VM image
to additional diskTransfer the image file (vmdk) to additional disk. -
(4) Start “VM Import”Unmont the additional disk, click on “VM Import”, insert the
necessary information about the image and start importing.-
(5) Importing Import progress can be checked at “Image Manager”. -
(6) Import Completed
When the import is successfully completed, the completion
date is shown at “Image Manager” and a message is
displayed on the Event Log.
“Image Storage Service” is charged
accordingly to the image size.
(7)Create VM from private image Create VM from the registered VM image
(private image) and start using.
The usual service charges are applied.
Also, other related services (such as OS
License, OS Support) used with the
imported VM image shall also be charged
accordingly.
VM Import Workflow Details
60 v2.9 All Rights Reserved, Copyright FUJITSU LIMITED 2015
VM Import Service (3)
OS Category Importable OS License Certification Image type
Windows
Windows Server 2003 R2 SE 32bit SP2
Obtain license recertification through the
T5 KMS service.
vmdk
Windows Server 2003 R2 EE 32bit SP2
Windows Server 2008 SE 32bit SP2
Windows Server 2008 R2 SE SP1 64bit
Windows Server 2008 R2 EE SP1 64bit
Windows Server 2012 SE 64bit
Windows Server 2012 R2 SE 64bit
CentOS
(*)
CentOS 5.x 32bit
No need of recertification.
CentOS 5.x 64bit
CentOS 6.x 32bit
CentOS 6.x 64bit
UbuntuUbuntu Server 14LTS(64bit)
Ubuntu Server 12LTS(64bit)
The following table identifies which OS can be imported and how to certificate each of them. After importing
the OS, the usual S5 OS charges are applied.
No additional charges are applied for VM import. However, the imported VM image is stored by the
“Image Storage Service”, which is charged accordingly to the size of the image. Also, when a VM is
created from the imported image, charges for the VM, OS and other related services will be charged
accordingly. Inconsistencies between VM specification on the application form and the actual VM may impact the
import and operation of the VM.
Importable OS
Notice
(*) CentOS 6.0 and 6.1 are not importable.
61 v2.9 All Rights Reserved, Copyright FUJITSU LIMITED 2015
VM Import Service (4)
Item VM Image Requirements CentOS / Ubuntu
Hypervisor VMware
Image file type .vmdk
Mandatory driver and tool Before extracting VMware image, install the following files to the target VM image.
VM transfer agent / PV driver / Support tool
VMware tools If there are VMware tools installed, they must be deleted.
Network setting (local area connection) IPv4 DHCP
Number of Network adaptor 1 adaptor
Firewall setting , security software setting Must turn off
Sysprep In case the copy source VM and destination VM needs to be started at the same time, execute Sysprep
before extracting the VM image. Otherwise, Sysprep operation is not needed.
MD5 Check Obtain the image MD5 checksum value and indicate it in the application form.
Hypervisor software for extracting vmdk file ROR V3.1.2 Cloud Edition
ESX/ESXi 5.1 and 5.0
ESX 4.1 and 4.0
ServerView Resource Orchestrator V3.1.2 Cloud
Edition
ESXi 5.0.0
Client 5.0.0
VM disk size User can specify the range between 10GB and 300GB (per 10GB unit).
*Allowed number of hard disk is one.
*Delete floppy drive and CDROM/DVD drive.
VM with snapshot After exporting by using “Export by OVF format” provided by vSphere client,
the integrated vmdk file can be used.
BIOS/UEFI Only BIOS is supported.
Windows OS – Import Requirements and Restrictions
62 v2.9 All Rights Reserved, Copyright FUJITSU LIMITED 2015
VM Export Service (1)
No. Implementation items Contents Charge
(1)Select VM image
and execute Export
After user selects the VM image that has been
imported or created, set the VM information and
execute Export.
-
(2)
Generate an additional
disk and VM image is put
into the disk
An additional disk is generated automatically on
the target virtual system for the export. And then
the exported image is stored.-
(3)Notification completion When export is complete, the notification is
reported on event log.
In the timing of creating an additional
disk, the charge of the additional disk
environment service is needed.
If the image is not needed, please
delete the additional disk.
(4)
Mount the additional disk
and take the image out
from the disk
Attach the additional disk to the virtual machine
that has been formatted by ext3 like
CentOS/Redhat for taking the exported image out
from the disk.
(5)
Transfer the exported
image and deploy virtual
machines
Customers transfer and import the exported
image into their own VMware environment, and
the virtual machine can be created by the image.
VM Export Workflow Details
The image that has been imported for development and system verification
can be exported and used for the developed virtual machine
without re-constructing the system in on-premise. It is easy to move users own system between S5 regions. The VM images can be
transferred from one region to another using the import/export service.
VM Export Workflow Details
63 v2.9 All Rights Reserved, Copyright FUJITSU LIMITED 2015
VM Export Service (2)
OS Category Exportable OS Image type
Windows
Windows Server 2003 R2 SE 32bit SP2
vmdk
Windows Server 2003 R2 EE 32bit SP2
Windows Server 2008 SE 32bit SP2
Windows Server 2008 R2 SE SP1 64bit
Windows Server 2008 R2 EE SP1 64bit
Windows Server 2012 SE 64bit
Windows Server 2012 R2 SE 64bit
CentOS
(*)
CentOS 5.x 32bit
CentOS 5.x 64bit
CentOS 6.x 32bit
CentOS 6.x 64bit
UbuntuUbuntu Server 14LTS(64bit)
Ubuntu Server 12LTS(64bit)
The following table identifies which OS can be exported and how to certificate each of them. After exporting the OS, the usual
S5 OS charges are applied.
An image of the virtual machine that is offered as a s5 OS service does not work properly in on-premise
environment. So do not export and use it in on-premise and other cloud services. The images can be
exported only to other S5 regions following the region’s export/import legal matter.
The image that has originally been imported from outside of S5 to S5 can be exported to anywhere, and
no restriction.
Exportable OS
Notice(*) CentOS 6.0 and 6.1 are not importable.
64 v2.9 All Rights Reserved, Copyright FUJITSU LIMITED 2015
VM Export Service (3)
Item Description
Export target hyper visor VMware
Exported image file format .vmdk
Configuration Information
Definition File
OVF file is exported with vmdk file.
Required driver and tools
(For Windows OS only)
Uninstalling PV driver is not required, before exporting.
When user use the following OS, Transport Agent is required:
・ Windows2012
After export and import the image into VMware environment, please uninstall the Transport Agent.
・ Export Windows to “Fujitsu Server View Resource Orchestrator(RoR)V3.2.0 Cloud Edition”
Please refer to “VM Import/Export Function - Transport Agent Guide” for Agent installation.
VMware tools Please install if it is required.
Sysprep
(Only for Windows OS)
Please do not run Sysprep on any image before exporting since the image cannot be exported correctly.
Sysprep is not necessary if no virtual machines run simultaneously:
An example of virtual machines not running simultaneously:
・ System Migration (Source VM is either Stopped or Deleted)
・ Disaster Recovery (Source VM is Stopped or Virtual Import
Environment is Stopped and in Hot Standby Mode)
vmdk Hypervisor software
support for the exported
images
・ Fujitsu Server View Resource Orchestrator(RoR)V3.2.0 Cloud Edition
・ VMWare ESX/ESXi 5.5, 5.1 and 5.0
VMWare ESX 4.1 and 4.0
Additional disk Additional disk cannot be exported.
License certification Windows license should be re-certificated on the user own environment. Please re-certificate the license
according to your contract.
OS support Please inquiry using the support of your own contract. Support of the FUJITSU Cloud IaaS S5 is not
available.
Windows OS – Export Requirements
The user VM which need to be exported to S5 environment needs to meet below requirements.
66 v2.9 All Rights Reserved, Copyright FUJITSU LIMITED 2015
Cloud API
• Automation/systematization of operations is possible.
• Users and Service Providers can build original services.
DesignStudio and System Manager functionality are provided by
API.
By using the API, the same functions as the GUI can be
integrated into custom applications or scripts.
Secure access by client authentication.
API
Developers and
System
Administrators
Development of original
apps that use the API
Examples:
VM deploy, delete, startup, shutdown, backup, etc.
Management/operation
automation apps
API
Virtual system
System
67 v2.9 All Rights Reserved, Copyright FUJITSU LIMITED 2015
API Usage Scenario
Management and Operation
Automation / Systematization
Building of a Branded Service by
a Third-Party.
Automation/Systematization of administrative operations
• Automatically scale up/down or backup (etc.) based on schedule or load.
• Develop original portals implementing only the necessary functions.
• Develop portals for mobile devices.
Selling via Original Brand
• High-Level (PaaS/SaaS) service
System Administrator
Use only the
necessary
functions
Operator
Use Service
(API)
Tool
developmentUse Mobile
Service provider’s clients
Use Service Provide Service
Use Service
(API)
Provide Service
Original portal Portal for mobile Automation tools
S5
Service Provider Service (Third party)
S5
68 v2.9 All Rights Reserved, Copyright FUJITSU LIMITED 2015
Cloud API – Open Cloud Alignment
Fujitsu, today, has joined the leadership board of the Open Cloud Standards Incubator in the DMTF (Distributed Management Task Force).
The Open Cloud Standards Incubator was formed as part of the DMTF Standards Incubation process, which enables like-minded DMTF members to work together and produce informational specifications that can later be fast-tracked through the standards development process. It now consists of 37 major IT companies such as IBM, Microsoft, VMware etc. By joining the leadership board, Fujitsu applies know-how of the 'Trusted-Service Platform' the Cloud Service Infrastructure provided by Fujitsu, and is promoting Could Computing standardization, promoted by the 'Open Cloud Standards Incubator'.
Fujitsu and Fujitsu Laboratories Ltd. has submitted a proposal Cloud API specification (Interface for deployment of ICT resource in the cloud, configuration, deletion) to the DMTF. We will contribute to standardization of the API.
The standardization of Cloud APIs enables users to select from a broad range of
cloud computing service vendors thereby avoiding potential vendor lock-in.
http://pr.fujitsu.com/jp/news/2009/11/19.html
Cloud Computing has 2 types:
• Public/private cloud - User uses the ICT system resources as a service by a provider.
• Enterprise Cloud - User owns the ICT system and builds/installs/configures it.
Many service providers offer these 2 types of cloud system. While Cloud Computing propagate throughout the world, it is possible to lose the ease of use for users because multiple cloud APIs exist.
Therefore, to increase ease of taking advantage of cloud computing, The “Open Cloud Standards Incubator" has been established to promote Cloud API standardization associated with the world's leading IT vendors.
69 v2.9 All Rights Reserved, Copyright FUJITSU LIMITED 2015
Cloud API – Examples (1)
Name of API Description
DestroyVSYS Delete the virtual system. All
resources in the virtual system are
discarded and becomes invalid.
GetVSYSStatus Obtain a status information of the
virtual system.
GetVSYSConfiguration
Obtain a configuration information
of the virtual system.
GetVSYSAttributes Obtain an attribute information of
the virtual system.
UpdateVSYSAttribute Update an attribute information of
the virtual system.
CreateVServer Create a VM in the virtual system.
Specifying the ID of the disk
image, which is used for initial
contents of the boot disk, is
required. Request message is
encoded in UTF-8.
Name of API Description
ListVServer Obtain a list of all VM IDs in the
virtual system.
CreateVDisk Create additional disks in the
virtual data center. Users can
attach these additional disks to
VMs.
ListVDisk Obtain a list of all additional disk
IDs in the virtual data center. The
list indicates whether additional
disks are attached to the VM or
not.
Operations of Virtual
System
70 v2.9 All Rights Reserved, Copyright FUJITSU LIMITED 2015
Cloud API –Examples (2)
Name of API Description
DestroyVServer Delete a VM.
StartVServer Start OS of the VM.
StopVServer Stop OS of the VM.
GetVServerStatus Obtain a status information of the
VM.
GetVServerAttributes Obtain an attribute information of
the VM.
UpdateVServerAttribute
Update an attribute information of
the VM.
GetVServerInitialPassword
Obtain an administrator’s initial
password of the OS in the VM.
AttachVDisk Attach an additional disk to the
VM.
DestroyVDisk Delete an additional disk as well
as the saved data in the disk.
Name of API Description
DetachVDisk Detach an additional disk from
the VM.
BackupVDisk Start a backup of additional disk.
The created backup is copied to
the newly-created backup disk.
RestoreVDisk Copy the contents of additional
disk’s backup to the another
additional disk.
ListVDiskBackup Obtain a list of the additional
disk’s backups.
GetVDiskStatus Obtain a status information of the
additional disk.
GetVDiskAttributes Obtain an attribute information of
the additional disk.
UpdateVDiskAttribute Update an attribute information of
the additional disk.
Operations of Virtual Machine Operations of Additional Disk
71 v2.9 All Rights Reserved, Copyright FUJITSU LIMITED 2015
Cloud API –Examples (3)
Name of API Description
UnregisterVSYSDescriptor
Cancel a registration of the
template.
GetVSYSDescriptorConfiguration
Obtain a configuration information
of the template.
GetVSYSDescriptorAttributes
Obtain an attribute information of
the template.
Name of API Description
CreateEFM Create a built-in server.
ListEFM Obtain a list of the built-in server.
DestroyEFM Delete a built-in server.
StartEFM Start a built-in server.
StopEFM Stop a built-in server.
GetEFMStatus Obtain a status information of the
built-in server.
GetEFMAttributes Obtain an attribute information of
the built-in server.
GetEFMConfiguration Obtain a configuration
information of the built-in server.
UpdateEFMAttribute Update an attribute information of
the built-in server. API of this
version can update the built-in
server name only.
UpdateEFMConfiguration
Update a configuration
information of the built-in server.
Operations of Template Operations of Built-in Server
Name of API Description
UnregisterDiskImage Cancel a registration of the disk
image from the virtual disk center.
GetDiskImageAttributes
Obtain an attribute information of
the disk image.
Operations of Disk Image
72 v2.9 All Rights Reserved, Copyright FUJITSU LIMITED 2015
Cloud API – Examples (4)
Name of API Description
ListVSYSDescriptor Obtain a list of the template in the
virtual data center.
CreateVSYS Create a virtual system based on
the template.
ListVSYS Obtain a list of the virtual system
in the virtual data center.
AllocatePublicIP Allocate the global IP address.
ListPublicIP Obtain a list of all global IP
addresses in the virtual data
center.
ListDiskImage Obtain a Disk Image ID in the
virtual data center.
Name of API Description
FreePublicIP Release a global IP address.
AttachPublicIP Attach a global IP address to the
virtual system.
DetachPublicIP Detach a global IP address from
the virtual system.
GetPublicIPStatus Obtain a status information of the
global IP address.
GetPublicIPAttributes Obtain an attribute information of
the global IP address.
Operations of Virtual DC (*) Operations of Global IP Address
Name of API Description
StandByConsole Prepare a connection with the
console.
Other
Operations
(*) A hypothetical data center on the cloud where users can create and use virtual systems.
74 v2.9 All Rights Reserved, Copyright FUJITSU LIMITED 2015
Pay-as-you-go for the resources and functions.
• Refer to the separate document for each service’s unit price.
• Operating time is rounded up to the next hour.
ex. Operating time : 1h 45min 2h
• Network traffic is rounded down to the previous GB.
ex. Network traffic : 31.5GB 31GB
Charging begins when resource/function starts to be used.
• The same for when the resource type is changed.
The charging system varies depending on the service used.
(Refer to the next pages for details.)
When several systems exist within one contract, the charge
is calculated separately for each service and then included in
a single bill.
Charging and Payment Considerations
75 v2.9 All Rights Reserved, Copyright FUJITSU LIMITED 2015
Charging System Types
Type Charging System Description Service Example
TYPE- I Rate-based (1-hour units) Charge corresponding usage time.
For VMs, the unit price varies with
type.
- VMs
- Global IP address Service
- Load Balancing Service
TYPE- II Rate-based (Monthly) Charging is performed even for a
single usage.
(Independent of number of VM CPU)
- VM OS Environment
[Microsoft Windows Server]
TYPE- III Rate-based (Monthly and
Number of CPUs)
Charging is performed even for a
single usage.
(Dependent on number of VM CPU)
- VM Middleware Environment
[Microsoft SQL Server]
TYPE- IV Rate-based (Time and
Capacity)
Perform charging according to
[Usage period x Guaranteed
capacity].
(Capacity is the guaranteed capacity)
- System Disk Offer Service
- Additional Disk Service
- Template Storage Service
- Disk Service for System Backup
- Disk Service for Additional Disk
Backup
TYPE- V Usage amount Charging performed on the basis of
usage.
-Internet connection
(Not charged after SR13)
TYPE- VI Usage counts Charging performed by each single
use of the service.
Unit price varies by template type
(network class).
- System Template Service
(Charged when new system is
created)
76 v2.9 All Rights Reserved, Copyright FUJITSU LIMITED 2015
Usage Period Considerations [1-Hour Unit]
Round up• Usage Period : 25min + 50min + 30min = 105min (1h45min) 2 HoursRound up
15:10 15:35 16:20 17:10 20:00 20:30
15:00 16:00 17:00 18:00 19:00 20:00 21:00
25min
50min
30min
Example
Usage time is calculated by summing minutes of resource
uptime.
The totals is rounded up to the next hour (adding 1 to 59min).
78 v2.9 All Rights Reserved, Copyright FUJITSU LIMITED 2015
Service Level
Coverage of redundancy
S5 target availability SLA is 99.95%
Object Description
VM
Provides automatic failover.
In the case of a physical server disorder, the VM is automatically
assigned to a new physical server and rebooted. Data being processed
at the time of disorder is not guaranteed.
Virtual Storage
(System, Data)
Copies of data are kept on 4 different physical disks.
Even in the case of 3 simultaneous physical disk failures, data is not lost.
All data is stored in the same DC.
Internet connectionFully redundant.
The switchover time for equipment failure is within one minute.
79 v2.9 All Rights Reserved, Copyright FUJITSU LIMITED 2015
On-Site operations
• Users cannot perform installations or setups in the DC. All operations are
executed remotely.
Maintenance
• The security supervision of virtual machines is user responsibility.
Data deletion (when deleting the VM)
• Data in the system disk will be erased when deleting the VM.
• Data in an additional disk will be erased when deleting the additional disk.
• Backup disks will be deleted when its system disk or additional disk is deleted.
• 'Zero writing' method is used to delete data.
Requirements (Service Portal)
• Resolution : 1280 x 1024 or better (recommended), 1024 x 768 (minimum)
• OS : Windows XP SP3 (32bit), Windows Vista SP2 (32bit), Windows7
(32bit/64bit), Windows8 (32bit/64bit), Windows8.1 (32bit/64bit)
• Browser : Internet Explorer 7/8/9/10/11, Mozilla Firefox ESR24
• Flash Player : Adobe Flash Player 10
• Java Runtime Environment : JRE 6.0 update24 or later
Other Notes
80 v2.9 All Rights Reserved, Copyright FUJITSU LIMITED 2015
Security Notes
Data center
• All VMs run inside Fujitsu’s safe data centers.
• No data is ever stored outside Fujitsu's data centers.
Administrator authority
• Fujitsu does not have administrator authority on VMs created by users.
Security updates
• Security updates of VMs OS and middleware must be applied by the user.
• Security updates of hypervisors, S5 management system, network and storage equipment are applied by Fujitsu.
81 v2.9 All Rights Reserved, Copyright FUJITSU LIMITED 2015
Resource Limits
VM ServiceNo. Items Limitation value
1 Max. number of Resource Controllers per contract
No explicit limit
2 Max. number of Custom Authorization Patterns per
system (Central Management Privilege pattern)
No explicit limit
3 Max. number of Custom Authorization Patterns per
contract (Virtual System Management Privilege
pattern)
No explicit limit
4 Max. number of systems per contract 140
5 Max. number of VMs, including SLB built-in servers, per segment (Except Firewall)
20
6 Max. number of VMs and SLB built-in servers per system (Except for Firewall)
20
7 Max. number of additional disks per system No explicit limit
8 Max. capacity of an additional disk 10TB ( =10000GB)
9 Max. number of attachable additional disks per
VM
14
10 Max. number of global IP address per system 10
11 Max. number of backups per system disk No explicit limit
12 Max. number of backups per additional disk No explicit limit
13 Max. number of saved system structure (on creation)
No explicit limit
14 Max. number of saved system structure (on edit)
1
15 Max. number of simultaneous VPN connections
per segment
20
No. Items Limitation value
16 Max. number of firewall rules (all directions) 800
17 Max. number of load balance groups per SLB built-in server
32
18 Max. number of VMs for load balancing per load balance group
Depends on the max. number of
VMs in a segment
19 Max. key length of the server certificate registered at SLB built-in server.
2,048bit
20 Max. file size of Error page registered at SLB built-in server.
32,767byte
21 Max. number of configuration backups per built-in server
No explicit limit
22 Max. number of user created images No explicit limit
23 Max. number of user created templates No explicit limit
24 The maximum number of possible private IP addresses
139