v2.8 All Rights Reserved, Copyright FUJITSU LIMITED 2015
FUJITSU Cloud IaaS Trusted Public S5 Service Catalog
February, 2015
FUJITSU LIMITED NOTE: This presentation is only a summary and does not constitute a legal contract. Please see the terms and conditions of your services contracts for the controlling language.
2 v2.8 All Rights Reserved, Copyright FUJITSU LIMITED 2015
Service Outline
3 v2.8 All Rights Reserved, Copyright FUJITSU LIMITED 2015
Service Outline
Create virtual systems of variable scale depending on user’s requirements. Load balancer and firewall are available for the virtual system. Users can login as the administrator of the virtual machine OS and have no restriction to install
any type of software or develop applications.
FUJITSU Cloud IaaS Trusted Public S5 (here after called "Trusted Public S5”)
creates and provides a private virtual system environment for users within the large scale resources of Fujitsu data center (DC) by using virtualization technology.
Resource pool
Virtual system
Private virtual system is allocated from resource pool.
FUJITSU DC
Users
4 v2.8 All Rights Reserved, Copyright FUJITSU LIMITED 2015
5 Features
Speedy
Just select the system configuration that best meets your purpose of use from the System Template Library.
Provides an environment that is already protected against threats coming from the Internet. (DMZ, Firewall)
Self-service
Easily create and customize servers/storages from the Service Portal.
It is also possible to monitor operation status, start/stop virtual machines (VMs) and back-up/restore, all from the Service Portal.
Scalable
Create, delete, increase or decrease servers/storages on the spot, whenever needed.
Hourly-based charge system for efficient usage.
Data protection by redundancy, performance assurance of VM resources (CPU/Memory), and VPN connection.
Secure
Standardization Joined the leadership board of the DMTF Open Cloud Standards
Incubator, and endeavors for Cloud standardization.
5 v2.8 All Rights Reserved, Copyright FUJITSU LIMITED 2015
Speedy
Simplify infrastructure creation by using system templates. Provides a variety of templates which can set VMs separated on
multiple segments. Easy to add extra VMs to the template.
Additional resources
1. Select
3. Deploy
Windows Server
CentOS Server
Virtual System
2. Customize
System Template Library
System templates
WEB Server
WEB Server
DB Server
CentOS Server
DM
Z
Secu
re
VMs
User Private Environment
6 v2.8 All Rights Reserved, Copyright FUJITSU LIMITED 2015
Scalable
It is possible to increase/decrease the number of load-balanced VMs, corresponding to online-business peak hours.
Can be used as temporary development/test environment.
Start with small scale. Add more disks to meet data volume,
whenever necessary. Easily increase or decrease disk
capacity.
Start with minimal initial investment.
Scale up VM performance, corresponding to business growth.
* Additional costs for OS and Software licensing, typically per month billing
Start using VMs within one hour after system deployment. Pay as you go. (*) Flexibly scale out/up at any time.
User Business peak hour
Normal hour
Increase Decrease
Business scale expansion
Initial Operation Performance reinforcement
Initial Operation Data reinforcement
Normal hour
Setting
Setting
User
User
Setting Increase Increase
7 v2.8 All Rights Reserved, Copyright FUJITSU LIMITED 2015
DesignStudio
Self-service
Select and customize system templates. Resource setup: Deploy or delete VMs Add/remove or attach/detach additional disks
Systems operations can be executed from a web browser.
Select a template and easily deploy a system with "DesignStudio".
Operate or check the system status with "System Manager".
System Manager
Operate VMs (start/stop/restart/backup/restore). Specify Firewall/Load Balancer. Update firmware. Verify VM status (“Running”, “Stopped”, “Deploying”…) Notice about trouble occurrence (information about
fail-over, etc.). Create VM images and system templates. Performance monitor (CPU, disk, network, etc.).
8 v2.8 All Rights Reserved, Copyright FUJITSU LIMITED 2015
Complete redundancy of components, equipment and networks.
Server
Redundant underfloor LAN wiring-network
Stocks of spare components for maintenance
Storage
Secure
High-availability by system redundancy and fail-over feature. Performance assurance of VM resources (CPU/Memory). Secure connection with VMs by SSL-VPN connection.
Secure access to VMs by SSL-VPN connection
Automatic fail-over in case of hardware malfunction
SSL-VPN
Redundant network devices (switch, router)
Redundant disk
Mirroring between cabinets
Redundant storage
VM Redundant power supply
SSL-VPN
VM
VM
9 v2.8 All Rights Reserved, Copyright FUJITSU LIMITED 2015
Approach in DMTF
Standardization
Joined leadership board of the DMTF Open Cloud Standards and is engaged with Cloud standardization
Fujitsu Submit Cloud API specification to DMTF
Fujitsu Cloud API
DMTF (Distributed Management Task Force): International standardization group about operation management and virtualization technology
Fujitsu have been elected as a promotional leader. DMTF Star Award
Jacques Durand, who works for Fujitsu America Inc., was recognized for his continuous contributions to Cloud standardization and was awarded the “DMTF Star Award”.
We provide the Fujitsu Cloud API for programmatically controlling virtual systems.
Users can operate virtual machines automatically (start, stop, backup, etc.).
FUJITSU Cloud IaaS Trusted Public S5
user Software API calls can be scripted to automate regular tasks such as: EX) - Stop virtual machines - Backup data - Reboot virtual machines
Cloud API
WEB Server
WEB Server
DB Server
CentOS Server
DM
Z
Secu
re
Virtual System
10 v2.8 All Rights Reserved, Copyright FUJITSU LIMITED 2015
Service Usage Flow
1. Select a template at the Service Portal. 2. Deploy the selected template as a virtual system. 3. Connect via SSL-VPN, log-in to VMs and build applications. 4. Set the firewall, then make services available via Internet/private network.
Virtual system
user
System Template Library
Deployed system can obtain the Internet connection, VPN, and the Intranet connection easily.
Firewall/NAT (Network Address Translation)
1. Select template
2. Deployment
3. Connect via SSL-VPN, log-in to VM.
4. Set the firewall, then connect to the Internet or Intranet
Access via the Internet
Patches of System template are updated regularly.
Single Web
Server
Web Server x3 + AP/DB Server x1 + Interior FW/LB + Additional disk
Web Server x3 + AP Server x2 + DB Server x1 + etc..
Internet/Intranet
Service Portal
11 v2.8 All Rights Reserved, Copyright FUJITSU LIMITED 2015
Service Details
12 v2.8 All Rights Reserved, Copyright FUJITSU LIMITED 2015
Service Menu Outline
Category Menu Description
Network
Virtual Subnet Provides private IP address. This enables communication between VMs inside the system template.
Firewall Provides Firewall for controlling the communication with the Internet and between virtual subnets. Features such as session log display, rules import/export, setup for DNAT/SNAPT and Static NAT are also provided.
Load Balancer Network traffic to a private IP address are dispersed among multiple registered VMs. It also provides a packet capture log feature.
NAT (Network Address Translation) Provides NAT function for global IP address communication.
Update Servers Provides access to WSUS server for Windows update, yum repository server for CentOS update, and RHUI server for RHEL update. (*1)
Monitor
Hardware monitoring Monitors hardware looking for malfunctions. If a malfunction is detected, it automatically restarts VMs at a different server and notifies users by e-mail.
VM Health Checking Monitors the running status of the VM.
Service Portal
Design Studio Select the system template, deploy and change the settings.
System Manager Operate and confirm the status of the system.
Server Console Verify and solve troubles, such as OS startup latency due to fsck, using a web-based console.
*1 : In order to use the update server, it is necessary for the virtual system to have access to the internet.
13 v2.8 All Rights Reserved, Copyright FUJITSU LIMITED 2015
Network Layer Types
Subnet Firewall-controllable traffic Conceptual diagram
1 Tier • Internet <----> DMZ
2 Tier • Internet <---> DMZ
• DMZ <---> Secure 1
3 Tier
• Internet<--->DMZ
• DMZ<--->Secure 1
• DMZ<--->Secure 2
• Secure 1<--->Secure 2
Firewall is provided by default.
One firewall can control the traffic between the Internet and also between Intranets.
DMZ
DMZ
Secure 1
Secure 2
DMZ
Secure 1
14 v2.8 All Rights Reserved, Copyright FUJITSU LIMITED 2015
Monitoring
Types Description
Hardware Monitoring
Virtual Machine Monitoring
Virtual Machines are automatically rebooted when transferred.
Notification e-mails are sent to users when the transfer starts and when it finishes.
Transfer the VMs to an operational physical server
Monitor the physical servers for malfunctions. If a physical server goes down because of a failure, the VMs running on that server are transferred to another operational server.
Transfer the VMs to an operational physical server
If any trouble occurs on the Virtual Machine due to an abnormality on the hypervisor or the physical server, VMs running on that hypervisor or physical server are transferred to a normally operating physical server.
VM
Hypervisor
VM VM
OS OS OS
Physical Server
VM
Hypervisor
VM VM
OS OS OS
Physical Server Failure
Abnormality
15 v2.8 All Rights Reserved, Copyright FUJITSU LIMITED 2015
VM Type (1)
Type CPU Performance index *1 Number of virtual CPU *2 Memory (GB)
Economy 1 1 1.7
Standard 2 1 3.4
Advanced 4 1 7.5
High-performance 8 2 15
Double-High15 (*3) 16 4 15
Double-High (*3) 16 4 30
Quad-High30 (*3) (*4) 32 8 30
Quad-High (*3) (*4) 32 8 60
*1: Appropriately Xeon 1.0GHz (in 2007) per CPU Performance index 1. *2: Number of virtual CPUs could be varied in future requirements. Since CPU resource is statically assigned to each VM, VM usage does not affect other VM’s performance. *3: This VM type cannot be applied with “Red Hat Enterprise Linux 5.x(32bit)”, “Red Hat Enterprise Linux 6.x(32bit)”, “CentOS 5.x(32bit)” and “CentOS 6.x(32bit)” due to non-assurance of sufficient memory. *4: This VM type is available for Japan, Europe-Germany and Europe-UK.
Disk Capacity of
CentOS / Ubuntu Capacity of
Windows Server 2003 / RHEL Capacity of
Windows Server 2008 / 2012
System Disk 10 GB 40 GB 180 GB
OS is installed in the system disk. The space requirement varies by OS. (The capacity above is the total, including the OS.) System disk will be deleted when VM is deleted. For saving data, use the additional disk service provided.
16 v2.8 All Rights Reserved, Copyright FUJITSU LIMITED 2015
VM Type (2)
Installed OS Version
Windows Windows Server (*1)
Windows Server 2008 R2 SP1 SE 64bit English Processor License Windows Server 2008 R2 SP1 EE 64bit English Processor License Windows Server 2012 SE 64bit English Processor License Windows Server 2012 R2 SE 64bit English Processor License
Linux
Red Hat Enterprise Linux
Red Hat Enterprise Linux 5.7 32/64bit (English) Red Hat Enterprise Linux 5.8 32/64bit (English) Red Hat Enterprise Linux 5.9 32/64bit (English) Red Hat Enterprise Linux 6.3 32/64bit (English) Red Hat Enterprise Linux 6.4 32/64bit (English)
CentOS
CentOS 5.6 32/64bit (English) CentOS 5.9 32/64bit (English) CentOS 6.2 32/64bit (English) CentOS 6.4 32/64bit (English)
Ubuntu Ubuntu Server 14 LTS 64bit (English)
OS is provided as pre-installed in the VM. (*1) Microsoft software is provided with SPLA license. Note that there may be usage restrictions on the license contract of the Microsoft products of this service.
17 v2.8 All Rights Reserved, Copyright FUJITSU LIMITED 2015
System Template Service
Service Menu Description
System Template Service
• Provides templates to create multi-layer subnet systems with only a few clicks. • OS and middleware are included and basic network settings are configured by
default. • Access to the system from the Internet requires firewall settings. • Communication between VMs of different layers also goes through the firewall.
Example of a 3 Tier system template. • Users can deploy a 3 Tier system as the diagram below. • Users can select from a wide variety of system templates.
Templates OS/software
Web/DB CentOS [5.4/32bit/2-tier] CentOS5.6 32bit
Web/DB Windows [2003 SE/SP2/2-tier] Windows2003 R2 SE 32bit SQL Server 2008 SE
Web/DB Windows [2008 R2 SE/2-tier] Windows Server 2008 R2 SE 64bit SQL Server 2008 SE
Examples of templates
WEB WEB WEB
AP AP
DB
DMZ
Secure 1
Secure 2
18 v2.8 All Rights Reserved, Copyright FUJITSU LIMITED 2015
Middleware Service
Service Menu Description
Middleware Service Microsoft SQL Server 2008 R2 SE Microsoft SQL Server 2012 SE Microsoft SQL Server 2014 SE
Provides system templates with middleware included. VMs are also provided with pre-installed middleware.
19 v2.8 All Rights Reserved, Copyright FUJITSU LIMITED 2015
Network Service (1)
Service Menu Description
Internet Connection Feature
Provides Internet connection environment for VMs. Also provides the environment for SSL-VPN connection via Internet to the Trusted Public S5’s virtual system.(*1)
IPsec VPN Service All virtual Systems on S5 can easily establish IPsec VPN connection with other environments via virtual VPN gateway. Mobile internet VPN and Hub & Spoke functionalities are also provided.
IPsec VPN Service All virtual systems on S5 contract can establish IPsec VPN connection with other environments via virtual VPN gateway. VPN environment can be easily set up.
DC Internal Connection Service
Provides Fujitsu DC internal connection for users, connecting systems that are operating inside the DC with Trusted Public S5 systems.
Global IP Address Service Provides up to 10 global IP addresses to access from the Internet.
Multiple NIC Service Allows the allocation of up to 7 additional NICs per virtual machine (including the default NIC, a maximum of 8 NICs can be installed)
*1 : Internet / Intranet connection settings can be changed after deployment.
20 v2.8 All Rights Reserved, Copyright FUJITSU LIMITED 2015
Network Service (2)
Service Menu Description
Firewall Service
Controls the network traffic between virtual systems, or between the external network and the virtual system. The firewall can be cloned for redundancy. Throughput performance is as follows. (*1)
Normal 8 to 183 Mbps
Turbo 75 to 350 Mbps
Load-balancing Service
Provides internal/external load-balancing system. Features for maintaining a session (including SSL), and for displaying an "Error page" are also available. The load-balancer can be cloned for redundancy. Efficiency of SSL is as follows. (*1)
Normal Max. 30TPS [1024bit key length] Max. 10TPS [2048bit key length]
Turbo Max. 2000TPS [1024bit key length] Max. 700TPS [2048bit key length]
*1 : These values were measured using the Fujitsu evaluation environment and will vary based on user architecture and workload. Actual speed cannot therefore be guaranteed.
21 v2.8 All Rights Reserved, Copyright FUJITSU LIMITED 2015
Internet Connection Feature
No need for users to prepare their own internet connection line. Translate global IP address into private IP address via firewall configuration.
Provides the environment for connecting VMs to the Internet. Connect to the internet by simply configuring the firewall. Provides SSL-VPN connection to VMs.
User (operator)
Global IP address
Address Translation
Feature overview
Virtual system
Configure firewall using Service Portal.
Quickly set up an Internet connection
Service Portal
G1
G2
G3
Private IP address
P1
P2 P3
22 v2.8 All Rights Reserved, Copyright FUJITSU LIMITED 2015
Virtual Platform Environment Virtual Platform Environment
Virtual Platform Environment
IPsec VPN Service(1)
IPsec VPN connections between S5 virtual systems and other environments are established through an IPsec VPN gateway server.
Easily set up a VPN environment.
IPsec connection between on-premise environment and Trusted Public S5
IPsec connection between Trusted Public S5 regions
Trusted Public S5
Trusted Public S5
VPN Gateway
Trusted Public S5
VPN Gateway
Note: On the user’s on-premise environment side, the user needs to set up a VPN gateway.
Region-A Region-B
IPsec VPN
IPsec VPN
On-premise environment
VPN Gateway
VPN Gateway
Note: In this case, user does not need to set up a VPN gateway.
23 v2.8 All Rights Reserved, Copyright FUJITSU LIMITED 2015
IPsecVPN Gateway Settings Setting Item Value Complement
ID IPsecVPN gateway unique ID Up to 10 opposite gateways can be set
Destination Gateway Global IP Address
Global IP address of the opposite IPsecVPN gateway
Authentication Key (PSK) Any alphanumeric characters Should be the same as the opposite IPsecVPN gateway and client device
Ping Monitoring Destination Private IP address of the opposite IPsecVPN gateway
After established the IPsecVPN tunnel, it monitors the opposite IPsecVPN gateway by Ping.
Encryption Suite Cipher Suite A/Cipher Suite B
・Should be the same as the opposite IPsecVPN gateway ・Do not set when using Mobile Internet VPN <Reference for setting> Encryption strength: Cipher Suite A < Cipher Suite B Encryption process efficiency: Cipher Suite A > Cipher Suite B
Hub & Spoke On / Off
Mobile Internet VPN (L2TP/IPsecVPN)
On / Off
When “On”, user needs to set the following items: -User ID -Password -Target virtual system for VPN access -Timeout
The transmission speed was measured between Japan East and West regions using a 64KB packet.
・Result: 35.5Mbps - 291.0Mbps *Depends on the network (Internet) conditions.
IPsecVPN Gateway Performance
IPsec VPN Service(2)
24 v2.8 All Rights Reserved, Copyright FUJITSU LIMITED 2015
IPsec VPN Service(3)
Specification IPsec VPN connection is possible only with the global IP addresses that were set at the VPN gateway.
Usage fee of Internet and IP address are not charged for IPsec VPN.
The below listed VPN gateway devices have been confirmed to be operable. •Cisco 892J(IOS:12.4 or later) •Cisco 1812J(IOS:12.4 or later) •Cisco ISR 2811(IOS:12.4 or later) •Cisco ISR 3811(IOS:12.4 or later) •IPCOM EX2300 IN(E20L21 or later) •Si-R220C(V35 or later) •Si-R G200(V1 or later) •Si-R220C(up to V34) *1 •Si-R220B *1 •Si-R80Brin *1
*1: Note that for these devices, when a NAT device is configured between VPN gateways, IPsec VPN connection will NOT work.
Each virtual IPsec VPN gateway can connect simultaneously to a maximum of 10 opposite gateways or 2,000 client terminals.
25 v2.8 All Rights Reserved, Copyright FUJITSU LIMITED 2015
IPsec VPN Service(4) – Mobile Internet VPN
Client devices Target VSYS can
be specified
User’s Contract Organization
Trusted Public S5
IP Address: 64.1.1.10
IP Address: 64.1.1.11
IP Address: 64.1.1.12
⇒ Private IP address for L2TP
192.168.1.1
⇒ Private IP address for L2TP
192.168.2.1
⇒ Private IP address for L2TP
192.168.3.1
User ID
Password
PSK
Settings Example (iPhone) ・No application is needed.
Easily connect by using the device’s
default VPN settings.
・In order to use L2TP,
each device gets a private IP address
from Trusted Public S5.
・Authentication method can be selected
from the client side(MS-CHAP-V2, CHAP, PAP)
IPsecVPN connection is possible with Windows, iOS, Mac OS and Android devices No need to install applications on the client device. Just setup the default VPN settings of the
OS (User information, destination address, etc.)
Usage image for Mobile Internet VPN
IPsecVPN GW
Virtual System A
Virtual System B
Virtual System C
26 v2.8 All Rights Reserved, Copyright FUJITSU LIMITED 2015
Client OS Version Support
Windows
Vista(32bit/64bit) Yes
(SP1, SP2)
7(32bit/64bit) Yes
(Up to SP1)
8(32bit/64bit) Yes
8.1 Yes
iOS 5.x/6.x/7.x Yes
Android 2.x/3.x/4.x Yes
Mac OS X 10.7/10.8/10.9 Yes
Supported OS for Client Device
(*1) Windows Server and Linux are not supported (*2) Using EAP (extendible authentication protocol) certificate for user authentication is not supported. (*3) Using certificates for connection authentication is not supported. (*4) The user ID and password of the client device must be set at the TPS5 IPsecVPN gateway beforehand.
Use Case Examples ・Connecting to TPS5 systems securely from the user’s office without a VPN gateway. ・Connecting to TPS5 systems securely with mobile devices outside of the office. ・Service provider can offer mobile solution services on TPS5
IPsec VPN Service(5) – Mobile Internet VPN
27 v2.8 All Rights Reserved, Copyright FUJITSU LIMITED 2015
Client Terminal
Virtual System A
L2TP/IPsecVPN 192.168.3.0/24
192.168.4.0/24
192.168.5.0/24
User’s Contract Organization
Virtual System B
Virtual System C
Trusted Public S5 IP Address: 64.1.3.11
⇒Private IP address for L2TP connection 192.168.3.1
Network Address: 64.1.1.0/24
IPsecVPN GW
Network Address: 64.1.3.0/24
IPsecVPN GW
VPN connection between on-premise terminals are possible via TPS5
IPsec VPN Service(6) – Hub & Spoke
・Easily creating a network between user’s branch offices via the Internet. ・Connecting to user’s office securely from mobile devices. ・Easily configuring a hybrid cloud environment between the user’s TPS5 system and on-premise environments.
Through the IPsecVPN gateway, it is possible to connect a client terminal with
another terminal or mobile device by VPN
Use Case Examples
Hub & Spoke Usage Image
IPsecVPN GW
28 v2.8 All Rights Reserved, Copyright FUJITSU LIMITED 2015
DC Internal Connection Service
Hybrid infrastructures can be created by establishing connection between S5 virtual systems and users’ systems that are hosted inside Fujitsu DC.
Image of DC internal connection service
User system inside Fujitsu DC
Virtual System
Fujitsu DC internal network
29 v2.8 All Rights Reserved, Copyright FUJITSU LIMITED 2015
Firewall Service
(*1) These values were measured using the Fujitsu evaluation environment and will vary based on user architecture and workload. Actual speed cannot therefore be guaranteed.
Item Firewall
(Primary) Firewall
(Secondary) Notes
Throughput Performance (*1)
Normal 8~183Mbps
Turbo 75~350Mbps
Start/Stop Operation ON/OFF ON/OFF Independent start/stop possible
Fea
ture
NAT Settings DNAT / SNAPT, Static NAT
Settings Unavailable (Automatically Updated)
Firewall Settings Rules Settings
DNS Settings
One of following : • Do not use • Standard DNS • Custom DNS Settings
Log Display Latest 1000 items can be viewed/ exported
Latest 1000 items can be viewed/ exported
Primary/Secondary log can be viewed/exported separately
Configuration Management
Firewall Settings’ Backup/ Restore Settings Unavailable
(Automatically Updated)
VPN Environment Settings
Static Route Settings
Manage communications between virtual systems or between the virtual system and the outside network
DNAT/SNAPT/Static NAT setup available Import/Export many firewall rules at the same time Up to 800 firewall rules can be set
30 v2.8 All Rights Reserved, Copyright FUJITSU LIMITED 2015
Firewall Redundancy Service
【Important Notice】 1. Firewall redundancy cannot be set up
when creating a new system. After deploying a firewall, change the setup to make it redundant. Additionally, the firewall (primary) must be active when doing so.
2. Equally, the primary firewall must be running in order to end redundancy.
3. The firewall needs to be restarted in order to start/end redundancy.
Automated switchover to secondary firewall within 10-20 second following failure of primary.
Updating or changing type (e.g. normal to turbo) only takes a few seconds offline. Switching between primary and secondary can also controlled via the API. Primary firewall settings such as global IP address and private IP address can be
automatically shared with the secondary firewall.
Firewall Redundancy Service Features
(1) Auto-switch on incidents
(2) Manual switch available
Primary Secondary
Primary ON/OFF
Secondary ON/OFF
WEB WEB
AP
BP
DMZ
SECURE 1
WEB
SECURE 2
31 v2.8 All Rights Reserved, Copyright FUJITSU LIMITED 2015
Continuous Service
Maintain Session
Monitoring and Automatic re-routing Following Failure
Load Balance Service (1)
Rule Based Load Balancing
Provides load-balancing across VMs. Features: maintain session, monitor for failure, continuous service. New “High-performance Turbo Load Balancer” which is more efficient than the previous load
balancer.
Monitor server’s health.
Disconnect from load balancer when a malfunction Is detected.
Disconnect from load balancer manually for maintenance.
Reconnect to load Balancer after finishing maintenance.
Disperse requests according to balancing rules Without session
preservation
With session preservation
error Maintenance Online
Requests may be dispersed to different servers, causing the replies to be inconsistent.
Requests from the same user will be sent to the same server so that inconsistency does not occur.
32 v2.8 All Rights Reserved, Copyright FUJITSU LIMITED 2015
Load Balance Service (2)
(*1) These values were measured using the Fujitsu evaluation environment and will vary based on user architecture and workload. Actual speed cannot therefore be guaranteed.
Item Load Balancer
(Primary) Load Balancer (Secondary)
Notes
SSL TPS performance (*1)
Normal Max 30TPS [1024bit key length] Max 10TPS [2048bit key length]
Turbo Max 2000TPS [1024bit key length] Max 700TPS [2048bit key length]
Start/Stop Operation ON/OFF ON/OFF Independent start/stop is possible
Fea
ture
SLB Settings Web accelerator settings, add group, Sorry page settings, certificate registration
Settings Unavailable (Automatically Updated)
Load Balance Situation
Display/Clear statistics , transfer to maintenance mode
Inspection Available
Error Situation Display/Clear statistics
Certificate Management
Server certificate/Intermediary certificate registration/delete
Settings Unavailable (Automatically Updated)
Configuration. Management
Settings backup/restore Settings Unavailable (Automatically Updated)
Packet Capture Log Log output Output download/delete
Settings Unavailable (Automatically Updated)
33 v2.8 All Rights Reserved, Copyright FUJITSU LIMITED 2015
Load Balancer Redundancy Service
【Important Notice】 1. Load balancer redundancy cannot be set up when
creating a new system. After deploying a load balancer, change it's setup to make it redundant. Additionally, the load balancer (primary) must be active when doing so.
2. Equally, the primary load balancer must be running in order to end redundancy.
3. The load balancer needs to be restarted in order to start/end redundancy.
4. VMs and load balancers are included in the system deployment limit of 20 machines.
Automated switchover to secondary load balancer within 10-20 second following failure of primary.
Updating only takes a few seconds offline Switching between primary and secondary can be controlled via the API or My Portal. Primary load balancer settings such as global IP address and private IP address can be
automatically shared with the secondary load balancer.
Load Balancer Redundancy Service Features
(1) Auto-switch on incidents
(2) Manual switch available
WEB WEB WEB
Secondary
Before Incident:
After Incident:
Primary ON/OFF
Secondary ON/OFF
Primary
WEB WEB WEB
AP DB
DMZ
DMZ
SECURE1
34 v2.8 All Rights Reserved, Copyright FUJITSU LIMITED 2015
Multiple NICs Service (1)
* NIC (Network Interface Card) is an extension card to connect to the LAN (Local Area Network)
Allows the allocation of up to 7 additional NICs per virtual machine (Including the default NIC, a maximum of 8 NICs can be installed)
VMs can be connected to different network segments by adding NICs. Flexible and efficient network topologies can be implemented utilizing
multiple NICs.
Example of Multiple NICs Service Usage Business Purpose Transmission :
Monitoring Purpose Transmission :
WEB1 WEB2
DB
Monitoring Server
DMZ
SECURE 1
SECURE 2
35 v2.8 All Rights Reserved, Copyright FUJITSU LIMITED 2015
Multiple NICs Service (2)
Multiple NICs can only be added when creating a new virtual machine. It is not possible to add NICs to a virtual machine that is already deployed.
When connecting a Secure segment and a DMZ segment, please ensure that appropriate firewall rules are implemented, ideally with “point to point” specific rules.
[Security Guidance] Always configure the firewall to permit authorized, ideally point-to-point traffic flow between segments and VM’s. This is especially important when configuring external connectivity to/from the internet.
1. It is not recommended to set NAT to the Virtual Machine and enable connection from the Internet. 2. It is not recommended to set routing configuration on the Virtual machine between DMZ and Secure segment.
Important Notice
Security Notification of Multiple NICs Precaution 1:
Precaution 2:
WEB
DB
DMZ
SECURE1
Routing
NAT
36 v2.8 All Rights Reserved, Copyright FUJITSU LIMITED 2015
Storage Service (1)
Service Menu Description
Additional Disk Service
10GB to 10TB capacity per additional disk (data is encrypted when written on a physical disk). It is possible to add more disks or switch connection to different VM’s when needed.
Scale out / Switch connection to another VM.
Although disk size can be increased up to a maximum of 10TB per additional disk, please note the following restrictions: • Red Hat Enterprise Linux 5.x 32bit/64bit: support up to 8TB • Red Hat Enterprise Linux 6.x 32bit/64bit: support up to 10TB
Attach/detach
Re-attach to another VM
Add a disk when needed
Additional Disk Service
. . .
Example: Re-attach the disk to a higher performance server to easily transfer data.
Disk stand-by area Reserved area for disconnected disks.
DMZ
SECURE 1
SECURE 2
Restrictions
37 v2.8 All Rights Reserved, Copyright FUJITSU LIMITED 2015
Storage Service (2)
Service Menu Description
System Backup Storage Service Provides a disk for system or data backup. (*1)
Backup VM system or additional disk by copying the entire disk. (*2) This service is available when you execute the backup operation from the Service Portal. It is possible to generate multiple generation backup files. (*3) Data Backup
Storage Service
System Snapshot Storage Service
Provides a disk for system or additional disk snapshot. Take snapshot without stopping the VM. Restoring time is reduced compared to Backup Service.(*4)
Data Snapshot Storage Service
*1 : : To use this service, the VM needs to be shut down. However, it is possible to restart it 1 or 2 minutes later.
*2 : Backup files can only be restored to original volume.
Backup files are deleted automatically when original volume is deleted.
*3 : A new backup disk is created for each backup operation. Backup managing (e.g. deleting) should be done by the user.
*4 : To restore a snapshot, the VM needs to be stopped.
When the restore operation is completed, the snapshot data is deleted.
38 v2.8 All Rights Reserved, Copyright FUJITSU LIMITED 2015
Storage Service (3)
Service Menu Description
Virtual Machine Image Storage Service
Provides storage disk for saving user-created VM images and system templates. It is possible to extract a deployed VM or system image and create an user customized template. *1 Service charging starts from the time that the user executes "create image" at the Service Portal. Images and templates can be used for scaling-out or for cloning a virtual system.
Create Template *2 It is possible to create a system image from a deployed virtual system and use it to clone that virtual system.
Create Image *2 It is possible to create a VM master image from a deployed virtual machine and use it to clone that VM.
*1: The master image remains even if the VM is deleted.
*2: To use this service, the VM needs to be shut down. However, it is possible to restart it 1 or 2 minutes later.
Virtual Machine Image Storage
Create System Template
Create new virtual system
Create VM master image
Scale out
39 v2.8 All Rights Reserved, Copyright FUJITSU LIMITED 2015
Software Support Change (1)
No. Change pattern Applied charge for the month
Restriction after changing
1 Support not included to Support included
The higher support charge is applied(*2)
User cannot change the software support to “Support not included” for 180 days.
2 Support included (Weekday 8:30-19:30)
to Support included (24 hours 365 days) None
3 Support included (24 hours 365 days)
to Support included (Weekday 8:30-19:30)
None
4 Support included to Support not included None
*1: - This function is only available for virtual machines that have multiple software support options. Please refer to the “OS
Environment Usage Charges” section of the “Service Charges” menu available on the Portal. *2: - If the VM is never started after user changed to higher support level until the end of that billing month, the cheaper support
charge is applied. If it is stopped during the whole billing month, there is no charge for the OS and middleware software, including the support.
It is possible to disable or enable the Software Support without rebuilding the virtual machine(*1) .
When the software support is changed, the more expensive plan will be charged for that month’s billing.
40 v2.8 All Rights Reserved, Copyright FUJITSU LIMITED 2015
Software Support Change (2)
When creating a new VM with “Support included” or when changing from “Support not included” to “Support included”, it is not possible to change to “Support not included” for 180 days, including the day of application.
After creating a new VM with support or adding support to an existing VM, a maximum of 5
business days are required before support is available.
Restrictions and Important Notes
Time
Support level
Support not included
24 hours 365 days support
Weekday 8:00-19:00
Support not included
Weekday 8:00-19:00
“Support not included” is unavailable for 180 days
Change
Change
Change Change
[Possible to change] Support included (24 hours 365 days) to Weekday 8:00-19:00 support
[Possible to change] From “Support not included” to “Support included”
41 v2.8 All Rights Reserved, Copyright FUJITSU LIMITED 2015
User Community Outline
https://cloudcommunity.global.fujitsu.com/en/
Open to the public and accessible via the internet Provides development tools for TPS5 API FAQ, documentation and forums enable users to resolve many issues and queries –
and to share their own tips and workarounds
42 v2.8 All Rights Reserved, Copyright FUJITSU LIMITED 2015
Service Portal
43 v2.8 All Rights Reserved, Copyright FUJITSU LIMITED 2015
Service Portal Outline
Service Portal Top Page
Menu List
Login
New Account
Notices / Maintenance Info
Cloud Resource Management Secure, authenticated client access Available functionality (after login):
• Easy system design via Design Studio • Service Dashboard to monitor system status • Administrative functions (ID/certificate management)
44 v2.8 All Rights Reserved, Copyright FUJITSU LIMITED 2015
After Login (My Portal)
Screen after login
Menu List
Minimized Windows
Start-up Window
Notice Window
Easy to use, intuitive User Interface
45 v2.8 All Rights Reserved, Copyright FUJITSU LIMITED 2015
Design Studio
System template selection. VM addition, removal, spec change. Addition, removal and
reconfiguration of firewalls, etc. Addition, configuration and removal
of optional services.
VM addition, removal and spec change.
Addition, removal and reconfiguration of firewalls, etc.
Addition, configuration and removal of optional services.
System Initial Deployment Configuration of Running Systems
Create, amend and delete Virtual System, Virtual Machine, Firewall configurations
Easy to use graphical UI Cumulative Monthly Cost is calculated as resources are added or removed
• Useful as a “sandbox” for developing architectures and assessing associated costs – before committing to deployment
46 v2.8 All Rights Reserved, Copyright FUJITSU LIMITED 2015
Building a New System - Flow
Deployment process Confirm and start system deployment.
Step1
•Search for & Select the Virtual system template – 1, 2 or 3-Tier
Step2
•Name the virtual system template •Select connection type (Internet/private network)
Step3
•Create/delete/modify VMs •Add/remove/modify optional services
Step4
•Confirm estimation •Save the estimation
Step5
•Gain approval for deployment •Accept the service agreement
47 v2.8 All Rights Reserved, Copyright FUJITSU LIMITED 2015
Building a New System (Step 1 & 2)
Virtual system Template Search & Selection
Refine by keyword and approximate cost
Network Connectivity Selection
Step 2: Specify network environment
Step 1: Virtual System Template Selection
Template Search
Template List
Template Details
System Name Input
Network Type Selection
48 v2.8 All Rights Reserved, Copyright FUJITSU LIMITED 2015
Building a New System (Step 3 & 4)
Drag & drop inside the system outline diagram to add a new appliance.
Change the VM spec or copy/delete a VM deletion are possible.
System Build/Customize
Estimate Confirmation
The estimate generated is based on a maximum monthly uptime of 744 hours. The estimate can be saved for approvals and, once approved, used to reconfigure or deploy the system.
Step 3: Architect the virtual system design
System Outline Diagram
Virtual System Details
Available Appliance List (VM, storage, etc.)
Step 4: Confirm estimate
Estimation Results
49 v2.8 All Rights Reserved, Copyright FUJITSU LIMITED 2015
Building a New System (Step 5 - Start Deployment)
Customer acceptance of service contract terms and conditions
Step 5: Agree to service usage contract
Service Usage Contract
Ready to start deployment.
50 v2.8 All Rights Reserved, Copyright FUJITSU LIMITED 2015
System Manager
Check the VM status (Running / Stopped / Deploying, etc.)
Verify the malfunction occurrence state (information about Fail-over).
Confirm the resource usage state (CPU performance index, disk space).
Operate VMs (Start / Stop / Reboot / Backup / Restore).
Configure Firewalls and Load Balancers, update the firmware.
Create VM Images and System Templates.
Running Status Display Resource Operations
Service Dashboard for checking the system status. Administrative functionalities for management of virtual systems
and VMs
51 v2.8 All Rights Reserved, Copyright FUJITSU LIMITED 2015
System Manager – Virtual System Overview
System Summary (Composition View)
System Details
Log-in to OS, Change system composition, Return machine
System Summary
Operation Buttons
List of VMs on the Selected System
52 v2.8 All Rights Reserved, Copyright FUJITSU LIMITED 2015
System Manager - Virtual Machines
VM Summary Page
Displays VM information: - VM status - VM name - IP address - Backup/restore status - Number of backups etc.
Backup Screen
Summary of stored backup data
Start backup Start restore Delete backup data
Operation Buttons
VM Summary List
Backup Data List
Backup History
Operation Buttons
VM start/shutdown
53 v2.8 All Rights Reserved, Copyright FUJITSU LIMITED 2015
System Replica Distribution
[Restriction] - FW/SLB settings cannot be copied in this function. - Private IP address and Global IP address will change. - Cannot use this function between different regions. - Please do not infringe or violate the intellectual property right of others.
With the System Replica Distribution function, users may copy configured virtual systems, virtual machines and attached additional disks, and then deploy those copied resources to another contract ID’s system
It is also possible to copy user data from one additional disk to another one in the same contract ID system
Use Case
With old contract ID's system(*1), the user cannot use high performance type of VM. However, by copying the current system to a new contract ID's system(*2), the user can user high performance type of VM. *1: Contract ID applied on before July 11, 2012 *2: Contract ID applied on after July 12, 2012
User can migrate
whole system easily.
Service Provider Capabilities
business system
business system
B
C
Contract ID: A
DMZ
Secure
DMZ
Secure
Old contract ID's system
Unable to use high performance VM
DMZ
SECURE1
New contract ID‘s system
Able to use high performance VM
DMZ
SECURE1
business system A
Contract ID: B
DMZ
Secure
business system X
Contract ID: C
DMZ
Secure
business system Y
Contract ID: D
DMZ
Secure
Copy whole virtual system
Copy VMs only
Copy only user data
in additional disk
business system A DMZ
Secure
54 v2.8 All Rights Reserved, Copyright FUJITSU LIMITED 2015
Multiple private IP addresses
Private IP address (DHCP) Private IP address (Manual setting)
Multiple NIC Service
Segment Same as VM Same as VM Can connect to other segments
NIC Only 1 (default) Only 1 (default) Up to 7 additional NICs
Private IP address range setting between each segment
• Users set the range of private IP address manually on the service portal. [Addressing private IP address range]
Class A:10.0.0.0~10.255.255.255 Class B:172.16.0.0~172.21.255.255 Class C:192.168.0.0~192.168.255.255 *In the above address range, the range “10.128.0.0/16” is not available.
Private IP address configuration to a VM
Private IP address (DHCP) is allocated automatically from the network address range (24bit mask) allocated to each segment.
In the network address range from “xxx.xxx.xxx.151/24” to “xxx.xxx.xxx.200/24”, user can set static IP address manually.
Private IP address (DHCP) is allocated automatically from the network address range (24bit mask) allocated to each segment.
Firewall
Rule setting Available Available Available
NAT setting Available Available Available
SLB load balancing settings Available Unavailable Available
Private IP address display on the service portal
Available Unavailable Available
Assign multiple IP addresses to a VM. Static IP addresses can be added in addition to the automatically
allocated private IP address. Enables multi-Domain configuration of VM.
55 v2.8 All Rights Reserved, Copyright FUJITSU LIMITED 2015
VPN Connection Environment Setting
Setting Internet VPN environment using static route function (Example) :
It is possible to connect Secure1 and Secure 2 network with servers on the user’s LAN by VPN connection.
Static routes can be configured within the virtual system’s Firewall settings Users can construct the Internet VPN environment on the S5 using VPN software
(e.g. OpenVPN) and the static route setting at Firewall. Enables easy configuration of Internet VPN connectivity
Trusted Public S5
VM VM
VM2 VM1 VM3
VM5 VM4 VM6
User on-premises environment
User LAN “A”
User LAN “B”
Installed OpenVPN
VPN
VPN
VPN
VPN
Installed OpenVPN Clients
DMZ
Secure1
Secure2
VM0
56 v2.8 All Rights Reserved, Copyright FUJITSU LIMITED 2015
Server Console
Service Specification • Usage fee: Free
• Supported Browser: IE10/11(Windows7), Firefox ESR24(Windows7/Windows8)
• 1VM connection per one contract user
• Session time limit: 30 min
• Supported keyboard: en-us type
(1) Select target VM
(2) Click ‘Console’ button
(3) ‘Server Console’ screen will appear
Provides Command Line administration functionality Enables administration when VM connectivity has been lost; e.g. no SSH or
RDP
57 v2.8 All Rights Reserved, Copyright FUJITSU LIMITED 2015
VM Import Service (1)
*For the detailed procedure from(1)to (7), refer to the next slide.
The VM Import service allows the VMware format VM image created in the vSphere and Resource Orchestrator (ROR) environments to be imported directly from the Service Portal.
Provides: • VM import functionality from legacy or 3rd party environments • Ease of migration for ad-hoc or multiple moves as part of User transition • Enhances Business Continuity options by enabling the creation of “standby” VM images
Flow of VM Import Service
(1) Prepare VM image
(2) Prepare additional disk
(3) Transfer VM image to additional disk
User
Trusted Public S5
SSL-VPN
Client machine
(4) Start “VM Import”
(5) Importing
(6) Import Completed
(7) Create VM from private image
58 v2.8 All Rights Reserved, Copyright FUJITSU LIMITED 2015
VM Import Service (2)
No. Implementation items Contents Charge
(1) Prepare VM image Prepare a VM image of vmdk format on user environment.
-
(2) Prepare additional disk Create VM on the Service Portal of Trusted Public S5 and mount an additional disk.
-
(3) Transfer VM image to additional disk
Transfer the image file (vmdk) to additional disk. -
(4) Start “VM Import” Unmont the additional disk, click on “VM Import”, insert the necessary information about the image and start importing.
-
(5) Importing Import progress can be checked at “Image Manager”. -
(6) Import Completed When the import is successfully completed, the completion date is shown at “Image Manager” and a message is displayed on the Event Log.
“Image Storage Service” is charged accordingly to the image size.
(7) Create VM from private image
Create VM from the registered VM image (private image) and start using.
The usual service charges are applied. Also, other related services (such as OS License, OS Support) used with the imported VM image shall also be charged accordingly.
VM Import Workflow Details
59 v2.8 All Rights Reserved, Copyright FUJITSU LIMITED 2015
VM Import Service (3)
OS Category Importable OS License Certification Image type
Windows
Windows Server 2003 R2 SE 32bit SP2
Obtain license recertification through the TPS5 KMS service.
vmdk
Windows Server 2003 R2 EE 32bit SP2 Windows Server 2008 SE 32bit SP2
Windows Server 2008 R2 SE SP1 64bit
Windows Server 2008 R2 EE SP1 64bit
Windows Server 2012 SE 64bit
CentOS (*)
CentOS 5.x 32bit
No need of recertification.
CentOS 5.x 64bit
CentOS 6.x 32bit
CentOS 6.x 64bit
Ubuntu Ubuntu Server 14LTS(64bit)
Ubuntu Server 12LTS(64bit)
The following table identifies which OS can be imported and how to certificate each of them. After importing the OS, the usual Trusted Public S5 OS charges are applied.
No additional charges are applied for VM import. However, the imported VM image is stored by the “Image Storage Service”, which is charged accordingly to the size of the image. Also, when a VM is created from the imported image, charges for the VM, OS and other related services will be charged accordingly.
Inconsistencies between VM specification on the application form and the actual VM may impact the import and operation of the VM.
Importable OS
Notice
(*) CentOS 6.0 and 6.1 are not importable.
60 v2.8 All Rights Reserved, Copyright FUJITSU LIMITED 2015
VM Import Service (4)
Item VM Image Requirements CentOS / Ubuntu
Hypervisor Vmware
Image file type .vmdk
Mandatory driver and tool Before extracting VMware image, install the following files to the target VM image. VM transfer agent / PV driver / Support tool
VMware tools If there are VMware tools installed, they must be deleted.
Network setting (local area connection)
IPv4 DHCP
Number of Network adaptor 1 adaptor
Firewall setting , security software setting
Must turn off
Sysprep In case the copy source VM and destination VM needs to be started at the same time, execute Sysprep before extracting the VM image. Otherwise, Sysprep operation is not needed.
MD5 Check Obtain the image MD5 checksum value and indicate it in the application form.
Hypervisor software for extracting vmdk file
ROR V3.1.2 Cloud Edition ESX/ESXi 5.1 and 5.0
ESX 4.1 and 4.0 ServerView Resource Orchestrator V3.1.2 Cloud Edition
ESXi 5.0.0 Client 5.0.0
VM disk size User can specify the range between 10GB and 300GB (per 10GB unit). *Allowed number of hard disk is one.
*Delete floppy drive and CDROM/DVD drive.
VM with snapshot After exporting by using “Export by OVF format” provided by vSphere client, the integrated vmdk file can be used.
BIOS/UEFI Only BIOS is supported.
Windows OS – Import Requirements and Restrictions
61 v2.8 All Rights Reserved, Copyright FUJITSU LIMITED 2015
Cloud API
62 v2.8 All Rights Reserved, Copyright FUJITSU LIMITED 2015
Cloud API
• Automation/systematization of operations is possible. • Users and Service Providers can build original services.
DesignStudio and System Manager functionality are provided by API. By using the API, the same functions as the GUI can be integrated
into custom applications or scripts. Secure access by client authentication.
API
Developers and System Administrators
Development of original apps that use the API
Examples: VM deploy, delete, startup, shutdown, backup, etc.
Management/operation automation apps
API
Virtual system
System
63 v2.8 All Rights Reserved, Copyright FUJITSU LIMITED 2015
API Usage Scenario
Management and Operation Automation / Systematization
Building of a Branded Service by a Third-Party.
Automation/Systematization of administrative operations
• Automatically scale up/down or backup (etc.) based on schedule or load.
• Develop original portals implementing only the necessary functions.
• Develop portals for mobile devices.
Selling via Original Brand • High-Level (PaaS/SaaS) service
System Administrator
Use only the necessary functions
Operator
Use Service (API)
Tool development
Use Mobile
Service provider’s clients
Use Service Provide Service
Use Service (API)
Provide Service
Original portal Portal for mobile Automation tools
Trusted Public S5
Service Provider Service (Third party)
Trusted Public S5
64 v2.8 All Rights Reserved, Copyright FUJITSU LIMITED 2015
Cloud API – Open Cloud Alignment
Fujitsu, today, has joined the leadership board of the Open Cloud Standards Incubator in the DMTF (Distributed Management Task Force).
The Open Cloud Standards Incubator was formed as part of the DMTF Standards Incubation process, which enables like-minded DMTF members to work together and produce informational specifications that can later be fast-tracked through the standards development process. It now consists of 37 major IT companies such as IBM, Microsoft, VMware etc. By joining the leadership board, Fujitsu applies know-how of the 'Trusted-Service Platform' the Cloud Service Infrastructure provided by Fujitsu, and is promoting Could Computing standardization, promoted by the 'Open Cloud Standards Incubator'.
Fujitsu and Fujitsu Laboratories Ltd. has submitted a proposal Cloud API specification (Interface for deployment of ICT resource in the cloud, configuration, deletion) to the DMTF. We will contribute to standardization of the API.
The standardization of Cloud APIs enables users to select from a broad range of cloud computing service vendors thereby avoiding potential vendor lock-in.
http://pr.fujitsu.com/jp/news/2009/11/19.html
Cloud Computing has 2 types:
• Public/private cloud - User uses the ICT system resources as a service by a provider.
• Enterprise Cloud - User owns the ICT system and builds/installs/configures it.
Many service providers offer these 2 types of cloud system. While Cloud Computing propagate throughout the world, it is possible to lose the ease of use for users because multiple cloud APIs exist.
Therefore, to increase ease of taking advantage of cloud computing, The “Open Cloud Standards Incubator" has been established to promote Cloud API standardization associated with the world's leading IT vendors.
65 v2.8 All Rights Reserved, Copyright FUJITSU LIMITED 2015
Cloud API – Examples (1)
Name of API Description
DestroyVSYS Delete the virtual system. All resources in the virtual system are discarded and becomes invalid.
GetVSYSStatus Obtain a status information of the virtual system.
GetVSYSConfiguration Obtain a configuration information of the virtual system.
GetVSYSAttributes Obtain an attribute information of the virtual system.
UpdateVSYSAttribute Update an attribute information of the virtual system.
CreateVServer Create a VM in the virtual system. Specifying the ID of the disk image, which is used for initial contents of the boot disk, is required. Request message is encoded in UTF-8.
Name of API Description
ListVServer Obtain a list of all VM IDs in the virtual system.
CreateVDisk Create additional disks in the virtual data center. Users can attach these additional disks to VMs.
ListVDisk Obtain a list of all additional disk IDs in the virtual data center. The list indicates whether additional disks are attached to the VM or not.
Operations of Virtual System
66 v2.8 All Rights Reserved, Copyright FUJITSU LIMITED 2015
Cloud API –Examples (2)
Name of API Description
DestroyVServer Delete a VM.
StartVServer Start OS of the VM.
StopVServer Stop OS of the VM.
GetVServerStatus Obtain a status information of the VM.
GetVServerAttributes Obtain an attribute information of the VM.
UpdateVServerAttribute Update an attribute information of the VM.
GetVServerInitialPassword
Obtain an administrator’s initial password of the OS in the VM.
AttachVDisk Attach an additional disk to the VM.
DestroyVDisk Delete an additional disk as well as the saved data in the disk.
Name of API Description
DetachVDisk Detach an additional disk from the VM.
BackupVDisk Start a backup of additional disk. The created backup is copied to the newly-created backup disk.
RestoreVDisk Copy the contents of additional disk’s backup to the another additional disk.
ListVDiskBackup Obtain a list of the additional disk’s backups.
GetVDiskStatus Obtain a status information of the additional disk.
GetVDiskAttributes Obtain an attribute information of the additional disk.
UpdateVDiskAttribute Update an attribute information of the additional disk.
Operations of Virtual Machine Operations of Additional Disk
67 v2.8 All Rights Reserved, Copyright FUJITSU LIMITED 2015
Cloud API –Examples (3)
Name of API Description
UnregisterVSYSDescriptor
Cancel a registration of the template.
GetVSYSDescriptorConfiguration
Obtain a configuration information of the template.
GetVSYSDescriptorAttributes
Obtain an attribute information of the template.
Name of API Description
CreateEFM Create a built-in server.
ListEFM Obtain a list of the built-in server.
DestroyEFM Delete a built-in server.
StartEFM Start a built-in server.
StopEFM Stop a built-in server.
GetEFMStatus Obtain a status information of the built-in server.
GetEFMAttributes Obtain an attribute information of the built-in server.
GetEFMConfiguration Obtain a configuration information of the built-in server.
UpdateEFMAttribute Update an attribute information of the built-in server. API of this version can update the built-in server name only.
UpdateEFMConfiguration Update a configuration information of the built-in server.
Operations of Template Operations of Built-in Server
Name of API Description
UnregisterDiskImage Cancel a registration of the disk image from the virtual disk center.
GetDiskImageAttributes
Obtain an attribute information of the disk image.
Operations of Disk Image
68 v2.8 All Rights Reserved, Copyright FUJITSU LIMITED 2015
Cloud API – Examples (4)
Name of API Description
ListVSYSDescriptor Obtain a list of the template in the virtual data center.
CreateVSYS Create a virtual system based on the template.
ListVSYS Obtain a list of the virtual system in the virtual data center.
AllocatePublicIP Allocate the global IP address.
ListPublicIP Obtain a list of all global IP addresses in the virtual data center.
ListDiskImage Obtain a Disk Image ID in the virtual data center.
Name of API Description
FreePublicIP Release a global IP address.
AttachPublicIP Attach a global IP address to the virtual system.
DetachPublicIP Detach a global IP address from the virtual system.
GetPublicIPStatus Obtain a status information of the global IP address.
GetPublicIPAttributes Obtain an attribute information of the global IP address.
Operations of Virtual DC (*) Operations of Global IP Address
Name of API Description
StandByConsole Prepare a connection with the console.
Other Operations
(*) A hypothetical data center on the cloud where users can create and use virtual systems.
69 v2.8 All Rights Reserved, Copyright FUJITSU LIMITED 2015
Charging System
70 v2.8 All Rights Reserved, Copyright FUJITSU LIMITED 2015
Pay-as-you-go for the resources and functions. • Refer to the separate document for each service’s unit price.
• Operating time is rounded up to the next hour.
ex. Operating time : 1h 45min 2h
• Network traffic is rounded down to the previous GB.
ex. Network traffic : 31.5GB 31GB
Charging begins when resource/function starts to be used. • The same for when the resource type is changed.
The charging system varies depending on the service used.
(Refer to the next pages for details.)
When several systems exist within one contract, the charge is calculated separately for each service and then included in a single bill.
Charging and Payment Considerations
71 v2.8 All Rights Reserved, Copyright FUJITSU LIMITED 2015
Charging System Types
Type Charging System Description Service Example
TYPE- I Rate-based (1-hour units) Charge corresponding usage time. For VMs, the unit price varies with type.
- VMs - Global IP address Service - Load Balancing Service
TYPE- II Rate-based (Monthly) Charging is performed even for a single usage. (Independent of number of VM CPU)
- VM OS Environment [Microsoft Windows Server]
TYPE- III Rate-based (Monthly and Number of CPUs)
Charging is performed even for a single usage. (Dependent on number of VM CPU)
- VM Middleware Environment [Microsoft SQL Server]
TYPE- IV Rate-based (Time and Capacity)
Perform charging according to [Usage period x Guaranteed capacity]. (Capacity is the guaranteed capacity)
- System Disk Offer Service - Additional Disk Service - Template Storage Service - Disk Service for System Backup - Disk Service for Additional Disk Backup
TYPE- V Usage amount Charging performed on the basis of usage.
-Internet connection (Not charged after SR13)
TYPE- VI Usage counts Charging performed by each single use of the service. Unit price varies by template type (network class).
- System Template Service (Charged when new system is created)
72 v2.8 All Rights Reserved, Copyright FUJITSU LIMITED 2015
Usage Period Considerations [1-Hour Unit]
Round up • Usage Period : 25min + 50min + 30min = 105min (1h45min) 2 Hours Round up
15:10 15:35 16:20 17:10 20:00 20:30
15:00 16:00 17:00 18:00 19:00 20:00 21:00
25min
50min
30min
Example
Usage time is calculated by summing minutes of resource uptime.
The totals is rounded up to the next hour (adding 1 to 59min).
73 v2.8 All Rights Reserved, Copyright FUJITSU LIMITED 2015
Other Terms
74 v2.8 All Rights Reserved, Copyright FUJITSU LIMITED 2015
Service Level
Coverage of redundancy
S5 target availability SLA is 99.95%
Object Description
VM
Provides automatic failover. In the case of a physical server disorder, the VM is automatically assigned to a new physical server and rebooted. Data being processed at the time of disorder is not guaranteed.
Virtual Storage
(System, Data)
Copies of data are kept on 4 different physical disks. Even in the case of 3 simultaneous physical disk failures, data is not lost. All data is stored in the same DC.
Internet connection Fully redundant. The switchover time for equipment failure is within one minute.
75 v2.8 All Rights Reserved, Copyright FUJITSU LIMITED 2015
On-Site operations
• Users cannot perform installations or setups in the DC. All operations are executed remotely.
Maintenance
• The security supervision of virtual machines is user responsibility.
Data deletion (when deleting the VM)
• Data in the system disk will be erased when deleting the VM.
• Data in an additional disk will be erased when deleting the additional disk.
• Backup disks will be deleted when its system disk or additional disk is deleted.
• 'Zero writing' method is used to delete data.
Requirements (Service Portal)
• Resolution : 1280 x 1024 or better (recommended), 1024 x 768 (minimum)
• OS : Windows XP SP3 (32bit), Windows Vista SP2 (32bit), Windows7 (32bit/64bit), Windows8 (32bit/64bit)
• Browser : Internet Explorer 7/8/9/10/11, Mozilla Firefox ESR24
• Flash Player : Adobe Flash Player 10
• Java Runtime Environment : JRE 6.0 update24 or later
Other Notes
76 v2.8 All Rights Reserved, Copyright FUJITSU LIMITED 2015
Security Notes
Data center • All VMs run inside Fujitsu’s safe data centers.
• No data is ever stored outside Fujitsu's data centers.
Administrator authority • Fujitsu does not have administrator authority on VMs created by users.
Security updates • Security updates of VMs OS and middleware must be applied by the user.
• Security updates of hypervisors, TPS5 management system, network and storage equipment are applied by Fujitsu.
77 v2.8 All Rights Reserved, Copyright FUJITSU LIMITED 2015
Resource Limits
VM Service No. Items Limitation value
1 Max. number of Resource Controllers per contract No explicit limit
2 Max. number of Custom Authorization Patterns per system (Central Management Privilege pattern)
No explicit limit
3 Max. number of Custom Authorization Patterns per contract (Virtual System Management Privilege pattern)
No explicit limit
4 Max. number of systems per contract 140
5 Max. number of VMs, including SLB built-in servers, per segment (Except Firewall)
20
6 Max. number of VMs and SLB built-in servers per system (Except for Firewall)
20
7 Max. number of additional disks per system No explicit limit
8 Max. capacity of an additional disk 10TB ( =10000GB)
9 Max. number of attachable additional disks per VM
14
10 Max. number of global IP address per system 10
11 Max. number of backups per system disk No explicit limit
12 Max. number of backups per additional disk No explicit limit
13 Max. number of saved system structure (on creation)
No explicit limit
14 Max. number of saved system structure (on edit) 1
15 Max. number of simultaneous VPN connections per segment
20
No. Items Limitation value
16 Max. number of firewall rules (all directions) 800
17 Max. number of load balance groups per SLB built-in server
32
18 Max. number of VMs for load balancing per load balance group
Depends on the max. number of VMs in a
segment
19 Max. key length of the server certificate registered at SLB built-in server.
2,048bit
20 Max. file size of Error page registered at SLB built-in server.
32,767byte
21 Max. number of configuration backups per built-in server
No explicit limit
22 Max. number of user created images No explicit limit
23 Max. number of user created templates No explicit limit
24 The maximum number of possible private IP addresses
139