Technical Whitepaper

Version: ZStack 3.8.0

Issue: V3.8.0
 Technical Whitepaper / Copyright Statement

Copyright Statement
Copyright © 2020 Shanghai Yunzhou Information and Technology Ltd. All rights reserved.

Without its written consent, any organization and any individual do not have the right to extract,
copy any part or all of, and are prohibited to disseminate the contents of this documentation in any
manner.

Trademark

Shanghai Yunzhou Information and Technology Ltd. reserves all rights to its trademarks, including
, but not limited to ZStack and other trademarks in connection with Shanghai Yunzhou Information
and Technology Ltd.

Other trademarks or registered trademarks presented in this documentation are owned or

controlled solely by its proprietaries.

Notice

The products, services, or features that you purchased are all subject to the commercial contract
and terms of Shanghai Yunzhou Information and Technology Ltd., but any part or all of the
foregoing displayed in this documentation may not be in the scope of your purchase or use.
Unless there are additional conventions, Shanghai Yunzhou Information and Technology Ltd. will
not claim any implicit or explicit statement or warranty on the contents of this documentation.

In an event of product version upgrades or other reasons, the contents of this documentation will
be irregularly updated and released. Unless there are additional conventions, this documentat
ion, considered solely as a using manual, will not make any implicit or explicit warranty on all the
statements, information, or suggestions.

Issue: V3.8.0 I
 Technical Whitepaper / Contents

Contents

Copyright Statement................................................................................ I
1 Product Overview................................................................................. 1
2 Product Profiles....................................................................................2
2.1 ZStack Functional Architecture........................................................................................ 2
2.2 ZStack Resource Model...................................................................................................5
3 Product Features................................................................................ 10
4 Product Highlights............................................................................. 52
Glossary................................................................................................ 54

II Issue: V3.8.0
 Technical Whitepaper / 1 Product Overview

1 Product Overview

ZStack is the next-generation, open-source IaaS software designed mainly for future-oriented,
smart data centers. Additionally, it manipulates multiple data center resources of compute,
storage, and network by providing flexible and comprehensive APIs. You can quickly create your
own smart cloud data center by using ZStack, and set up flexible cloud application scenarios, such
as VDI, PaaS, and SaaS, on the stable ZStack.

Figure 1-1: ZStack Framework

Issue: V3.8.0 1
 Technical Whitepaper / 2 Product Profiles

2 Product Profiles

2.1 ZStack Functional Architecture

The functional architecture of ZStack is shown in Figure 2-1: ZStack Functional Architecture.

Figure 2-1: ZStack Functional Architecture

ZStack helps enterprises better manage infrastructure resources, such as the compute, storage,
and network resources, in their data centers. The bottom layer of ZStack supports both KVM and
VMware virtualization technologies. In addition, ZStack supports various storage types, such as
DAS, NAS, SAN, and DFS. To be more specific, local storage, NFS storage, SAN storage, and
distributed block storage are supported. ZStack also supports various network models, such as
VLAN and VXLAN.

ZStack uses a message bus to communicate with the MariaDB database and different service
modules, providing diversified features such as VM instance management, host management,
storage management, network management, billing management, and real-time monitoring. That
is the core cloud engine of ZStack. In addition, ZStack provides Java SDKs and Python SDKs,
and allows you to schedule and manage resources by using RESTful APIs. With ZStack, you can
build a private cloud that is Simple, Strong, Scalable, and Smart.

Highlights of ZStack functional architecture:

1. Asynchronous Architecture: asynchronous message, asynchronous method, and

asynchronous HTTP call

2 Issue: V3.8.0
 Technical Whitepaper / 2 Product Profiles

• ZStack uses a message bus to connect various services. When a service calls another
service, the source service sends a message to the destination service, registers a callback
function, and then returns back immediately. Once the destination service finishes the task,
it gives a feedback on the task result by triggering the callback function that was registered
by the source service. Asynchronous messages can be processed in parallel.

• Services in ZStack communicate with each other through asynchronous messages. Inside
services, the associated components and plugins are also called by using asynchronous
methods. These methods are consistent with that of calling asynchronous messages.

• Every plugin in ZStack has a corresponding agent. ZStack puts a callback URL in the HTTP
header of every request. Therefore, agents can send responses to the URL of the caller
when tasks are finished.

• Based on asynchronous message, asynchronous method, and asynchronous HTTP call

, ZStack builds a layered architecture to ensure that asynchronous operations can be
performed on all components.

• Based on the asynchronous architecture, a single ZStack management node can process
tens of thousands of concurrent API requests per second, and simultaneously manage tens
of thousands of servers and hundreds of thousands of VM instances.

2. Stateless Service: A single request does not rely on other requests.

• In ZStack, requests sent by compute node agents, storage agents, network services,
console agent services, and configuration services can be processed without relying on
other requests. The sent requests contain all the required information, and related nodes do
not need to maintain and store any information.

• ZStack authenticates resources such as management nodes and compute nodes through
consistent hashing ring by using their UUIDs as the unique ID. Because of the consistent
hashing ring, a message sender does not need to know which service instance is about
to handle the message. Services do not need to maintain and exchange information about
what resources they are managing. All the services need to do is to handle the incoming
messages.

• Little information is shared among ZStack management nodes. Therefore, a minimum of two
management nodes can meet the requirements of high availability and scalability.

• The stateless service mechanism makes the system more robust. Restarting the server will
not lose any state information. This also simplifies the scaling out and scaling in of a data
center.

Issue: V3.8.0 3
 Technical Whitepaper / 2 Product Profiles

3. Lock-free Architecture: consistent hashing algorithm

• The consistent hashing algorithm guarantees all messages of the same resource are
always handled by the same service instance. In this way, messages are congregated to a
specified node, reducing the complexity of synchronization and concurrency.

• ZStack uses work queue to avoid lock contention. Serial tasks are stored in memory as
work queues. Work queues can process any operation of any resource in parallel to improve
system concurrency.

• The queue-based lock-free architecture enables tasks to run in parallel, thereby improving
the system performance.

4. In-Process Microservices Architecture: microservices decoupling

• ZStack uses a message bus to isolate and control various services, such as VM instance
services, identity authentication services, snapshot services, volume services, network
services, and storage services. All microservices are enclosed in the same process of a
management node. These services communicate with each other through the message bus
. After all messages are sent to the message bus, the destination service is selected by the
consistent hashing ring for message forwarding.

• In-process microservices provide a star-like architecture, ensuring every service in

microservices to run independently. This architecture also decouples the highly centralize
d control business, and achieves a high degree of autonomy and isolation of the system.
Failure of any service does not affect other components. This effectively guarantees the
system reliability and stability.

5. Versatile Plugin System: supports horizontal expansion of plugins

• In ZStack, every plugin provides services independently. Any newly added plugin has no
impact on other existing plugins.

• ZStack concludes plugins into two patterns: strategy pattern and observer pattern. Strategy
pattern plugins will inherit parent-class interfaces and then perform specific implementations
. Observer pattern plugins will register a listener to monitor event changes of the internal
business logic in an application. Once an event is detected inside the application, the
observer pattern plugins will respond to this event automatically and execute a piece of
code to affect the corresponding business flow.

• ZStack supports horizontal expansion of plugins. The cloud can be quickly upgraded, and
the overall system architecture still remains robust.

6. Workflow Engine: sequence-based management, rollback on errors

4 Issue: V3.8.0
 Technical Whitepaper / 2 Product Profiles

• ZStack clearly defines every workflow by using XML files. Every flow can be rolled back on
errors. A workflow can roll back all prior executed steps and clean up the garbage resources
during the execution when an error happens in a step.

• Every workflow can contain sub-flow to decouple the business logic further.

7. Tag System: extends the business logic and adds resource properties

• ZStack uses system tags and plugins to extend the original business logic.

• You can use tags to group your resources and search for resources with specific tags.

8. Cascade Framework: supports cascading operations on resources

• ZStack uses a cascade framework to perform cascading operations on resources. The

cascade framework allows an operation to be cascaded from one resource to other
resources. For example, the operation of uninstalling or deleting a resource can be
cascaded to the descendant resources.

• Resources can join a cascade framework through a plugin. Joining or quitting the cascade
framework will not affect other resources.

• The cascading mechanism makes the configuration of ZStack more flexible and simple,
meeting the requirements of resource configuration changes.

9. Full Automation By Ansible: automated deployment by agentless Ansible

• Being seamlessly integrated with Ansible (which is agentless), ZStack can automatically
install dependencies, configure physical resources, and deploy agents. This whole process
is transparent to users and requires no additional intervention. You can upgrade your agents
simply by reconnecting the agents.

10.Comprehensive Query API: Every property of every resource can be queried.

• ZStack supports millions of query conditions, comprehensive query APIs, and any way of
condition combinations.

2.2 ZStack Resource Model

ZStack is essentially a configuration management system for resources in the cloud. The following
figure describes the resource model managed by ZStack, as shown in Figure 2-2: ZStack
Resource Model.

Issue: V3.8.0 5
 Technical Whitepaper / 2 Product Profiles

Figure 2-2: ZStack Resource Model

ZStack mainly has the following resources:

• Zone: the largest resource scope defined in ZStack. A zone is a logical group of resources,
such as clusters, L2 networks, and primary storages.

• Cluster: a logical group of analogy hosts (compute nodes).

• Host: also known as a compute node, is a physical server that provides VM instances with
compute, network, and storage resources.

• Primary storage: a storage system that stores disk files, including root volumes, data volumes
, root volume snapshots, data volume snapshots, and image caches, for VM instances. The
types of primary storage include local storage, NFS, Shared Mount Point, SharedBlock, and
Ceph.

6 Issue: V3.8.0
 Technical Whitepaper / 2 Product Profiles

• Backup storage: a storage system that stores image templates. The types of backup storage
include ImageStore, SFTP, and Ceph.

• VXLAN pool: an underlay network in VXLAN. You can create multiple VXLAN overlay networks
(VXLAN) in a VXLAN pool. The overlay networks can operate on the same underlay network
device. The types of VXLAN pool include software SDN and hardware SDN.

• L2 network: a layer 2 broadcast domain used for layer 2 isolation. Generally, L2 networks
are identified by names of devices on the physical network. The types of L2 network include
L2NoVlanNetwork, L2VlanNetwork, VxlanNetwork, and HardwareVxlanNetwork.

• L3 network: a collection of network configurations for VM instances, including the IP range,

gateway, DNS, and network services.

• Instance offering: a specification of the VM instance CPU, memory, disk bandwidth, and
network bandwidth.

• Disk offering: a specification of a volume, which defines the size of a volume and how the
volume will be created.

• VM instance: a virtual machine instance running on a host. A VM instance has its own IP
address to access public network and run application services. VM instances are core
components of ZStack.

• Image: an image template used by a VM instance or volume. Image template includes root
volume images and data volume images. The types of root volume image include ISO and
Image, while the type of data volume image is Image.

• Root volume: the system disk where the VM instance operating system is installed.

• Data volume: the data disk that provides additional storage for a VM instance.

• Snapshot: a point-in-time capture of data in a disk. Snapshots are captured incrementally.

• Network service module: a module for providing network services. This resource is hidden in
the UI.

• Network service: provides various network services for VM instances, including VPC firewall,
security group, virtual IP (VIP), elastic IP (EIP), port forwarding, load balancing, IPsec tunnel,
and flow monitoring.

• VPC firewall: manages north-south traffic of the VPC network. You can manage the network
access policy by configuring rule sets and rules.

• Security group: provides L3 network firewall control over the VM instances, and controls TCP,
UDP, and ICMP data packets for effective filtering. You can use a security group to effectively
control specified VM instances on specified networks according to specified security rules.

Issue: V3.8.0 7
 Technical Whitepaper / 2 Product Profiles

• Virtual router offering: an instance offering that defines the CPU, memory, virtual router (
vRouter) image, management network, and public network used by a vRouter (including
ordinary vRouter, VPC vRouter, and ARM vRouter).

• Virtual router (vRouter): a custom Linux VM instance that provides network services such as
DHCP, DNS, SNAT, route table, EIP, port forwarding, load balancing, and IPsec tunnel.

• VPC vRouter: a router created directly from vRouter offering. VPC vRouter, which has a
public network and a management network, is the core of VPC. VPC vRouter provides various
network services, including DHCP, DNS, SNAT, route table, EIP, port forwarding, load
balancing, IPsec tunnel, dynamic routing, multicast routing, VPC firewall, and Netflow.

The resource relationships in ZStack are as follows:

• Parent-child: A resource can be the parent or child of another resource. For example, a host is
the child resource of cluster, while a host is the parent resource of VM instance.

• Sibling: Resources sharing the same parent resource are siblings. For example, clusters and
L2 networks are sibling resources because all of them are child resources of zone.

• Ancestor-descendant: A resource can be the lineal ancestor or lineal descendant of another

resource. For example, a cluster is the ancestor resource of VM instance, while a host is a
descendant resource of zone.

• Friend: Resources that do not have the above three relationships but still need to cooperate
with each other in some scenarios are friends. For example, primary storage and backup
storage are friends. Also, zone and backup storage are friends.

Note:
Relationship between primary storage and backup storage:

• When you create a VM instance, primary storage needs to download images of the VM
instance as caches from backup storage.

• When you create an image, primary storage needs to copy the root volume to backup
storage and save it as a template.

The following properties are common to almost all resources in ZStack:

• UUID: the universally unique identifier. ZStack uses version 4 UUIDs to uniquely identify a
resource.

• Name: a human readable string that is used to identify resources. Names can be duplicated
and are usually required.

8 Issue: V3.8.0
 Technical Whitepaper / 2 Product Profiles

• Description: also known as a brief introduction that is used to briefly describe a resource.
Description is usually optional.

• Creation date: the date and time when a resource was created.

• Last operation date: the date and time when a resource was updated last time.

Resources support full or partial Create, Read, Update, Delete (CRUD) operations.

• Create: create or add a new resource.

• Read: read or query information about a resource.

• Update: update information about a resource.

• Delete: delete a resource. Due to the cascade framework provided by ZStack, if a parent
resource is deleted, its associated child resources and descendant resources will also be
deleted.

Issue: V3.8.0 9
 Technical Whitepaper / 3 Product Features

3 Product Features

As a productionized private cloud, ZStack allows you to manage and schedule the compute,
storage, network, and other resources in your data center. By using ZStack, you can quickly
configure your private cloud environment, and create VM instances, allocate volumes, and
automatically configure the networks of the VM instances.

The following table lists the features of ZStack Enterprise.

Type Feature ZStack Enterprise

• Supports multi-zone creation and manipulation. We

recommend that you use a zone to manipulate a
Multi-zone physical data center.
Zone
management • Supports zone isolation. You can create an
independent cluster, primary storage, network, and
other resources in a zone.

Takes over multiple VMware vCenters via public APIs

provided by VMware. In addition, highly compatible
with and manipulates a portion of features of VMware
vCenter Server to achieve unified managements of
multiple virtualization platforms.

• Allows you to manipulate vSphere servers, VM

instances, volumes, and image resources managed
by VMware vCenter Server, and to perform
vCenter common operations on the manipulated resources
management in your virtual data center.
• Allows you to check VM instances, volumes,
images, and other resources by vCenter.
vCenter • Allows you to manually synchronize all or some
vCenter data, ensuring information consistencies.
• Allows you to configure vCenter to automatically
synchronize data on the global settings. After the
setting, the cloud automatically synchronizes all
vCenter data periodically.

Tenants (common accounts or project members) can

manipulate the resources of the vCenter that you took
vCenter multiple- over.
tenant management • Tenants can perform common operations on VM
instances and volume resources in the vCenter that
you took over.

10 Issue: V3.8.0
 Technical Whitepaper / 3 Product Features

Type Feature ZStack Enterprise

• Tenants can use vCenter networks and image

resources shared by admins.
• The home page of the tenant view can display
KVM VM utilizations and vCenter VM utilizations,
respectively.
• The tenant view can display KVM billing information
and vCenter billing information, respectively.
• Project members can apply for vCenter VM
instances via ticket managements.

• Synchronize the resource pool information and the

related VM information from the vCenter that you
vCenter
took over and displays the information in tier.
resource pool
• Displays the CPU capacity limitations, memory
capacity limitations, and other resource quotas.

• Allows you to manage the lifecycle of ESX VM

instances, including creating, starting, stopping,
rebooting, pausing, resuming, powering off, and
deleting an ESX VM instance.
• Allows you to perform operations on an ESX VM
ESX VM instance
instance, such as migrating an ESX VM instance,
cloning an ESX VM instance, changing the instance
offering for an ESX VM instance, setting the high
availability level, opening consoles, and setting a
console password.

• Allows you to create networks according to

vSwitches or dvSwitches.
• Allows you to create public networks and private
networks. Specifically, a private network includes
Network two types of network: flat network and vRouter
network.
• A vRouter supports all network services, including
VIP, EIP, port forwarding, load balancing, and
IPsec tunnel.

Differentiates primary storages from backup storages

Storage
according to datastore.

Manipulates image associated lifecycles, such as

Image
adding, deleting, enabling, and disabling an image.

Issue: V3.8.0 11
 Technical Whitepaper / 3 Product Features

Type Feature ZStack Enterprise

Manipulates host associated lifecycles, such as

Host
placing a host in maintenance mode.

Manipulates volume associated lifecycles, such as

Volume
creating, deleting, attaching, and detaching a volume.

Real-time Collects data of the ESX VM CPU, memory, storage,

performanc and network, and provides a visual, real-time display
e monitoring of these data in the UI.

Uses homogeneous storage services within clusters

Storage , allows you to attach storage services to the clusters
infrastructure , and provides high availability features for VM
instances.

Supports host managements within a cluster. For a

host, provides real-time display of all CPU utilizations
Host
, all memory utilization percentages, all inbound and
outbound speeds of NICs, and all write or read IOPS.

Supports VM managements within a cluster. For a

VM instance, provides real-time display of all CPU
VM instance utilizations, all memory utilization percentages, all
inbound and outbound speeds of NICs, and all write or
read IOPS.

Provides high availability features, and defines cluster

Cluster functionality
properties based on the CPU infrastructure of a host.
Cluster
• Allows you to attach a VLAN network and a
VXLAN network to the same cluster for a unified
management, and provides self-service networks (
Network service
IP pool management and elastic network).
• Allows you to specify a migration network for a
cluster.

Monitors and manages CPUs or memory workloads

of hosts by cluster, and offers scheduling suggestion
Distributed resource s according to the configured scheduling strategies.
scheduler (DRS) You can manually migrate VM instances according to
the scheduling suggestions to effectively improve your
cloud stability while balancing cluster workloads.

• Configures memory overcommitment ratios,

Advanced settings reserved memories of hosts, CPU overcommitment
ratios, and other advanced settings by cluster.

12 Issue: V3.8.0
 Technical Whitepaper / 3 Product Features

Type Feature ZStack Enterprise

• Allows you to enable the huge page mode for

clusters to effectively lower CPU performance
losses of VM instances.

Supports KVM and VMware virtualization technologies

Virtualization
.

ZStack Custom ISO has two versions: c76 ISO and

c74 ISO.

• c76 ISO is a type of ZStack custom ISO based on

an in-depth customization of CentOS 7.6. If you
install ISO for the first time, we recommend that
Custom ISO
you use c76 ISO.
• c74 ISO is a type of ZStack custom ISO based on
an in-depth customization of CentOS 7.4. If you
deployed ZStack by using c74 ISO, use this version
to upgrade your cloud.

Resource Allows you to set overcommitment ratios for CPUs

overcommit , memories, and primary storages to meet different
ment settings resource usage requirements in cloud environments.

Supports KVM or ESXi nested virtualizations. You

Host
Nested virtualization can enable CPU hardware virtualization within VM
instances.

Collects data of the host CPU, memory, disk I/O, disk

Real-time
capacity, and associated network, and provides a
monitoring
visual, real-time display of these data in the UI.

• Allows you to set host properties for better

management.
Disable and enable • After a host is disabled, you cannot create
resources on this host. Note that the existing
resources on this host are not affected.

• Places a host in maintenance mode, which applies

scenarios such as scheduled O&M operations for
hosts.
Maintenance mode
• After a host enters maintenance mode, VM
instances that are running on the host will be
automatically migrated (shared storage).

Issue: V3.8.0 13
 Technical Whitepaper / 3 Product Features

Type Feature ZStack Enterprise

Entirely passes through all peripheral devices (GPU

graphics cards, GPU sound cards, and other small
Physical GPU
devices on other GPUs) on physical GPU devices
pass-through
as a group to effectively improve high-performance
compute and graphics processing capabilities.

• Allows you to generate vGPUs for both NVIDIA

graphics cards and AMD graphics cards at the
vGPU same time.
• Allows you to attach vGPUs to VM instances by
either specifying specifications or devices.

• Directly passes through USB devices to VM

instances to cater to application scenarios of
USB pass-through multiple USB types.
• Supports direct pass-through and transmission
pass-through.

Allows you to disable the Intel EPT hardware support

Intel EPT to effectively address the problem that CPU models
hardware support that are too old will lead to failure in creating VM
instances.

Encrypted
Allows you to store encrypted passwords for hosts.
password storing

Displays audit information associated with event login

Operation logs
operations when you manage and operate hosts.

Allows you to export host lists in CSV format to

CSV file exporting
facilitate the statistics analysis of your hosts.

Batch operation Manages VM instances in bulk.

VM instance Provides multiple strategies to create VM instances to

creation effectively use resources.

Manipulates basic VM lifecycles, such as creating,

VM lifecycle stopping, booting, rebooting, powering off, deleting,
VM instance
pausing, and recovering VM instances.

Online resizing Online resizes the capacity for a VM root volume to

for root volume change VM configurations.

Online resizing Online resizes the capacity for a VM data volume,

for data volume which will take effect immediately after the resizing.

14 Issue: V3.8.0
 Technical Whitepaper / 3 Product Features

Type Feature ZStack Enterprise

• Allows you to access VM instances through

terminals without using remote tools.
• A VM console supports three modes: SPICE, VNC
VM console , and SPICE+VNC. Specifically, the SPICE protocol
has added an SSL encryption tunnel to further
protect your desktop securities.
• Allows you to set console passwords.

• Allows you to reserve temporarily the state of root

volumes or data volumes at a specific time point
before you perform important operations. In this
regard, you can quickly perform rollback operations
on failures.
• Includes two types of snapshot: single snapshot
and batch snapshot. Specifically, a batch snapshot
can be recovered in bulk as a group.
VM snapshot • Takes snapshots for VM instances that are in
the running state (ImageStore and Ceph backup
storages are supported).
• Takes snapshots for VM instances that are in the
stopped state （ImageStore, SFTP, and Ceph
backup storages are supported).
• Automatically boots VM instances after restoring
from snapshots.
• Allows you to delete VM snapshots in bulk.

Binds a logical CPU of a VM instance to a physical

CPU binding
CPU of a compute node.

Online password Allows you to change passwords online for Windows

changing or Linux VM instances.

Online image Allows you to create images online for running VM

creation instances.

Flexibly controls and manages the state of the QEMU

QGA switch
guest agent.

For a VDI UI, opens consoles in RDP mode by default

RDP mode switch
after the RDP switch is enabled.

Graphics card Provides multiple VM graphics card types, including

changing QXL, Cirrus, and VGA.

Issue: V3.8.0 15
 Technical Whitepaper / 3 Product Features

Type Feature ZStack Enterprise

Graphics card Passes through an NVIDIA CPU device or an AMD

pass-through GPU device directly to a VM instance.

Allows you to import User data when you create a VM

User data importing
instance.

• Quickly creates multiple VM instances by cloning a

VM instance.
• Clones a VM instance that is in the running state
VM cloning without (ImageStore and Ceph backup storages are
data volume supported).
• Clones a VM instance that is in the stopped state
(ImageStore and Ceph backup storages are
supported).

• Clones both root volumes and data volumes of VM

instances. If a VM instance has shared volumes
attached, the data volumes of the VM instance
VM cloning with cannot be cloned with the VM instance.
data volume • Supports only ImageStore backup storages.
• For LocalStorage, NFS, SMP, Ceph, and Shared
Block primary storages, allows you to clone VM
instances that are running, paused, or stopped.

Operating Allows you to change the operating system for a VM

system changing instance that is in the stopped state.

Rests VM instances to their initial image state, and

VM resetting
overwrites all data in root volumes.

Allows you to resize a root volume of a VM instance

Root volume
that is running or stopped to change VM configurations
resizing
.

• Deploys VM instances based on ISO system disk to

instruct you to install the operating system.
ISO-based
• Allows you attach multiple ISO images to the same
deployment
VM instance to improve business deployment
efficiencies.

Template-based
Creates VM instances based on system templates.
deployment

16 Issue: V3.8.0
 Technical Whitepaper / 3 Product Features

Type Feature ZStack Enterprise

• Inherits the chosen BISO mode when you create a

VM instance. The BIOS mode includes Legacy and
UEFI.
BIOS mode • Inherits the BIOS mode of the original image when
you create a VM image or clone a VM instance.
• Allows you to dynamically change the BIOS mode
on the VM details page.

Makes a template image based on the current VM

instance so that you can create VM instances in bulk
in a custom manner.

• Allows you to create an image for a VM instance

VM image creation that is in the running state (ImageStore and Ceph
backup storages are supported).
• Allows you to create an image for a VM instance
that is in the stopped state (ImageStore, SFTP, and
Ceph backup storages are supported).

• Allows you to specify an MAC address when you

create a VM instance.
Custom MAC
• Allows you to change the MAC address for existing
VM instances.

Adjusts VM boot orders to change the ISO boot mode

VM boot order . Currently, the following boot devices are supported:
CD-ROM, hard disk, and network.

Dynamically Allows you to dynamically attach a volume to or

attaching or detach a volume from a VM instance, to optimize drive
detaching volume models, and to provide SCSI WWN.

Dynamically
Allows you to dynamically attach a NIC to or detach a
attaching or
NIC from a VM instance, and to set the default NIC.
detaching NIC

Allows you to dynamically attach a virtual drive to or

Dynamically
detach a virtual drive from a VM instance, and attach
attaching or
ISOs to or detach ISOs from each virtual drive. This
detaching
will meet your needs, enhance the flexibilities, and
virtual drive
improve the user experience.

Allows you to attach a GPU device when you create a

Attaching GPU card
VM instance.

Issue: V3.8.0 17
 Technical Whitepaper / 3 Product Features

Type Feature ZStack Enterprise

For Ceph and Shared Block primary storages, multiple

Shared volume
VM instances can share the same data volume.

Displays VM workloads in real time for popular

systems, such as Linux, Windows, and Chinese
domestic operating systems.

• External monitoring: Collects data of the VM CPU,

memory, disk I/O, network, and other data by using
Real-time
libvirt and provides a visual display of these data in
performanc
the UI.
e monitoring
• Internal monitoring: Collects data of the VM CPU,
memory, disk capacity, and other data by using an
agent, and provide a visual display of these data in
the UI. You can manually install the agent by using
a performance optimization tool (guest tool).

Automatically reboots a VM instance if its host

High availability(HA) encounters failures, and displays the rebooting
process in the UI.

Online changing for Changes CPU or memory configurations online

VM CPU or memory without rebooting a VM instance.

Real-time update Allows you set QoS for the root volume and NIC of
of volume QoS a VM instance, avoiding that a single VM instance
and network QoS occupies too many resources.

• Allows you to perform SSH key injection for VM

instances in both Linux and BSD operating systems
.
SSH key injection • Allows you to create or delete a key for a VM
instance.
• Disables VyOS SSH login authentication by default
to improve the cloud security.

Custom Allows you to customize an instance offering to meet

instance offering the resource consumption requirements.

Allows you to customize tags to meet the querying and

Custom tag
compiling scheduler tasks.

Allows you to either customize display items of a VM

Custom VM list
list or to export the VM list in CSV format.

18 Issue: V3.8.0
 Technical Whitepaper / 3 Product Features

Type Feature ZStack Enterprise

Moves deleted VM instances to a recycle bin, allowing

Resource deleting
you to recover or completely delete the VM instances
protection
as needed.

• Allows you migrate a VM instance that is attached

to a local storage when the VM instance is in the
stopped state.
Cold migration
• Allows you migrate a VM instance or volume
according to the workload of the destination
compute node.

• Allows you to migrate online VM instances that are

attached to a primary storage.
Online migration • Allows you to migrate a VM instance or volume
according to the workload of the destination
compute node.

• Supports cold migration of VM instances across

primary storages of the same type in the cloud.

▬ You can cold migrate a VM instance across

multiple NFS primary storages without migrating
the attached volumes.
▬ You can cold migrate a VM instance across
multiple Ceph primary storages without
migrating the attached volumes.
▬ You can cold migrate a VM instance as well as
its attached volumes (except for shared volumes
) across multiple Shared Block primary storages.
Storage migration • Supports hot migration (without snapshots) of VM
instances across multiple primary storages of
different types. For example, migration between
Ceph primary storage and Shared Block primary
storage, between LocalStorage primary storage
and SharedBlock primary storage, and between
LocalStorage primary storage and Ceph primary
storage.
• Displays the original data reserved during storage
migrations in the UI, and allows you to clean up
the data. You can manually clean up the data to
release storage space after verifying that the data
is complete and intact.

Issue: V3.8.0 19
 Technical Whitepaper / 3 Product Features

Type Feature ZStack Enterprise

Allows you to configure a cross-cluster HA policy for a

VM instance or VPC vRouter. Then, the VM instance
Cross-cluster
or VPC vRouter will be stuck to the cluster to which the
HA policy
VM instance or VPC vRouter belongs when the policy
takes effect.

Displays audit information that is associated to an

Operation logs operation process event and a login operation of a VM
instance.

• Provides guest tools for Windows and Windows

Virtio operating systems, and supports one-click
installation of Virtio drive, agent, and QGA.
Guest tools • Provides guest tools for Linux operating systems
, and allows you to install agents. After you install
the agents successfully, you can obtain internal
monitoring data from VM instances.

Redirects a USB device on a VDI client to a VM

USB redirection
instance.

Allows you to export a VM list in CSV format, which

CSV file exporting
facilitates statistics analysis.

• Sets the anti-spoofing switch for a VM instance on

the Global Settings to improve the cloud security.
Anti-spoofing
• Sets the anti-spoofing switch for a single VM
instance to increase flexibilities.

Configures a VM instance from a granular level,

including setting NUMA for a single VM instance,
Advanced settings setting the Hyper-V switch for a VM instance, and
managing other advanced settings on the Global
Settings.

• Provides two types of VM priority: normal and

high. When the host workload rates are extremely
high, and then resources contend with each other,
VM priority resources of a VM instance that are with the High
resource priority will be prioritized than those
of other VM instances that are with the Normal
resource priority.

20 Issue: V3.8.0
 Technical Whitepaper / 3 Product Features

Type Feature ZStack Enterprise

• Improves the resource priority of a VPC vRouter

by default to ensure that resources of the VPC
vRouter will be higher than those of a VM instance.

Allows you to enable multi-gateway by running

VM multi-gateway zstack-cli. After enabled, each NIC has an
independent gateway.

Allows you to log in to the cloud with the SSH

authentication method. When you create a VM
Hostname or
instance, you can set a hostname or password in the
password setting
UI with simple operations. These simple operations
can improve user experience.

Manipulates lifecycles associated to an auto scaling

Lifecycle
group, including creating, enabling, disabling, and
management
deleting the auto scaling group.

Allows you to customize the health check method,

Health check
health check time, and health check grace period.

• Supports scale-out policy by which you can

customize a trigger metric, trigger condition,
duration, cooldown time, and VMs to be added
each time.
• Supports scale-in policy by which you can
customize a trigger metric, trigger condition,
Auto scaling
Auto scaling policy duration, cooldown time, removal policy, and VMs
group
to be removed each time.
• After a scaling policy is triggered, automatica
lly adds or removes a specified number of VM
instances according to the scaling policy.
• Allows you to monitor the CPU utilization and
memory utilization.

• Checks scaling records.

• Allows you to select whether to receive notifications
Notification of scaling activities.
• Sends notifications of scaling activities to you via
ZWatch and cloud messages.

Volume Batch operation Manipulates volumes in bulk.

Issue: V3.8.0 21
 Technical Whitepaper / 3 Product Features

Type Feature ZStack Enterprise

• Manipulates lifecycles associated to a volume,

including creating, enabling, disabling, attaching,
detaching, and deleting the volume.
Volume • Supports common operations associated to a
management volume, including migrating the volume, creating
a snapshot, creating a volume image, resizing a
volume, changing a volume owner, and migrating a
volume storage.

• Allows you to create a snapshot for a volume after

the volume is used by a VM instance and data
Volume snapshot
writing.
• Allows you to delete volume snapshots in bulk.

Snapshot Unified snapshot Uniformly manages VM snapshots and volume

management snapshots. All VM instances or volumes that have
snapshots will be displayed on the snapshot details
page. In addition, the VM instances or volumes can
be sorted by the number of the snapshots or total
capacities to improve O&M efficiencies. Doing so can
help you to quickly identify snapshots that need to be
cleared.

Batch snapshot • Allows you to create batch snapshots for VM

instances and the attached volumes. You can
restore a VM instance and its attached snapshots
by recovering the batch snapshot of the VM
instance.
• Allows you to unbind a batch snapshot and recover
the batch snapshot to a single snapshot.

• Allows you to create, enable, disable, delete a disk

offering, share a disk offering globally, recall a disk
offering globally, and set QoS for a disk offering.
Disk offering • Allows you to classify different types of data
management volumes via advanced parameters for independen
Disk offering t billing or display. The supported multiple types of
primary storages include Ceph, LocalStorage, NFS
, and SharedBlock.

Allows you to set QoS for a volume by configuring the

QoS setting total bandwidth or read and write bandwidths when
you create a disk offering.

22 Issue: V3.8.0
 Technical Whitepaper / 3 Product Features

Type Feature ZStack Enterprise

• Allows you to create, enable, disable, delete an

instance offering, share an instance offering
globally, recall an instance offering globally, and
set the disk QoS and network QoS for an instance
offering.
• Allows you to select the host allocation strategy,
including host with minimum number of running
VMs, host with minimum number of CPU utilization
, host with minimum memory utilization, host with
maximum number of running VMs, host where the
Instance offering VM is located last time, and random host allocation
Instance offering
management to create VM instances.
• When the host allocation strategy is the host with
minimum number of CPU utilization or host with
minimum memory utilization, you can select the
mandatory strategy mode or non-mandatory
strategy mode.
• Allows you to classify different types of root
volumes via advanced parameters for independen
t billing or display. The supported multiple types of
primary storages include Ceph, LocalStorage, NFS
, and SharedBlock.

GPU specification GPU specification • Automatically detects available physical GPU

specifications and vGPU specifications on the cloud
and then manages both specifications in a unified
way. When you create a VM instance, you can add
a GPU device for the VM instance by specifying a
GPU specification.
• If you attached a GPU device to a VM instance
by using a GPU specification, you can configure
the advanced setting to uninstall the GPU device
automatically after the VM instance is stopped.

Allows you to use a system template, including qcow2

System template
and raw to automatically match image types.

Image Guides a VM instance to install an operating system

ISO image
management via an ISO image.

BIOS mode • Provides two types of BIOS mode, including

Legacy and UEFI, to add an image.

Issue: V3.8.0 23
 Technical Whitepaper / 3 Product Features

Type Feature ZStack Enterprise

• Inherits the BIOS mode of the original image when

you create a VM instance, a VM image, or clone a
VM instance.

System image Allows you to upload a system image by using a URL

uploading or a local browser.

Volume image Allows you to upload a volume image by using a URL

uploading or a local browser.

Allows you to migrate images on a Ceph primary

Image migration
storage across multiple storage devices.

Stores image data, including ISO and system template

Image storing
.

Image exporting Exports an image URL.

When you add ImageStore backup storage, obtain

Existing image
the existing image file by using the image URL in the
obtainment
backup storage.

• Supports image transmissions among ImageStore

s. Note that the image transmissions can be
Image
completed across multiple zones.
synchronization
• Supports image synchronization among different
ImageStores in the same management node.

ImageStore Visually cleans up the expunged invalid data in a

ImageStore cleaning backup storage to release more spaces.

Standard Supports Windows, Red Hat, Ubuntu, and other

system image operating systems of open source Linux.

Supports the following softwares to run your

environments:

• Supports Windows IIS and Dot Net Framework.

• Supports Linux Tomcat, JAVA, Apache Web,
Running Jboss, PHP, Node JS, Golang, Python, and other
image preset languages or development environments.
• Supports Oracle, MySQL, Postgres, Mongodb,
Influxdb, Cassandra, Redis, and other database
services.
• Supports a wide range of application middlewares.

24 Issue: V3.8.0
 Technical Whitepaper / 3 Product Features

Type Feature ZStack Enterprise

Supports the following application systems:

• Supports common application systems, such as

BBS, SNS, blog, and the twitter-like Weibo.
Application
• Supports multiple O&M management applications,
image preset
such as phpmyadmin.
• Supports multiple application images provided by
vendors.

To store image files with the incremental method and

realize the duplication feature intelligently, customize
images that are suitable for system development
Custom image
environments of your own businesses according to the
standard system image and the preconfigured running
image.

Supported Seamlessly supports primary storages with the

storage type LocalStorage, NFS, SMP, Ceph, Shared Block types.

• Allows you to store your volumes to local hosts.

• Provides real-time display of used capacity
LocalStorage
percentages of the LocalStorage primary storage.
primary storage
• Allows you to set the volume allocation policy,
including thick provisioning and thin provisioning.

• Allows you to store your volumes to NFS protocol

storage through which hosts can intercommunicate.
• Supports the MN HA solution of the shared file
system.
NFS primary • Allows you to specify a storage network, and
Storage storage supports network isolation between the storage
Management network and the management network to improve
high availability of VM instances.
• Provides real-time display of used capacity
percentages of the NFS primary storage.

• Allows you to store your volumes to shared

storages compatible with POSIX, and supports
iSCSI or FC storage.
Shared Mount Point
primary storage • Supports the MN HA solution of the shared file
system.
• Allows you to specify a storage network, and
support network isolation between the storage

Issue: V3.8.0 25
 Technical Whitepaper / 3 Product Features

Type Feature ZStack Enterprise

network and the management network to improve

high availability of VM instances.
• Provides real-time display of used capacity
percentages of the Shared Mount Point primary
storage.

• Allows you to add an iSCSI or FC protocol storage

through which hosts can intercommunicate.
• Allows you to add an iSCSI server, to automatically
scan and discover disks online, and to automatica
lly configure iSCSI.
• Supports shared volumes.
• Allows you to add multiple LUN devices.
• Displays a candidate list of LUN devices when you
add SharedBlock primary storage.
• Allows you to set the provisioning method, including
thin provisioning and thick provisioning, when
you create VM instances or volumes by using
SharedBlock primary storage.
SharedBlock
• Supports FC-SAN pass-through, provides direct
primary storage
display of pass-through FC storages, and allows
you to attach the pass-through LUN devices to VM
instances.
• Supports iSCSI pass-through. The pass-through
LUN devices can directly attach VM instances.
• Allows you to clean up VG data when you add
SharedBlock primary storage.
• Allows you to specify a storage network, and
supports network isolation between the storage
network and the management network to improve
high availability of a VM instance.
• Provides real-time display of used capacity
percentages of the SharedBlock primary storage.

• Supports shared volumes.

• Allows you to specify disk volumes with different
Ceph primary performances when you create volumes.
storage • Allows you to store your volumes to Ceph distribute
d storages.
• Supports cold migration for data.

26 Issue: V3.8.0
 Technical Whitepaper / 3 Product Features

Type Feature ZStack Enterprise

• Allows you to specify a storage network, and

supports network isolation between the storage
network and the management network to improve
high availability of a VM instance.
• Allows you to create a Ceph pool, to calculate
capacities via the pool, and to set the displayed
name.
• Supports LUN device clearing. You can force to
clear file systems, RAID, or signatures of partition
tables.
• Resizes a Ceph primary storage by adding a pool,
and allows you to specify a pool when you create a
VM instance or volume.
• Provides real-time display of used capacity
percentages of the Ceph primary storage.
• Provides expiration notifications of storage license
services by manipulating Ceph ZStack Enterprise.

• The same cluster can attach multiple LocalStorage

primary storages.
• The same cluster can attach multiple NFS primary
storages.
• The same cluster can attach multiple SharedBlock
Multiple primary primary storages.
storage support • The same cluster can attach one LocalStorage
primary storage and one NFS, SMP, or SharedBloc
k primary storage.
• The same cluster can attach one Ceph primary
storage and multiple SharedBlock primary storages
.

VLAN L2 isolation Uses VLAN 802.1q as the network isolation method.

• Supports a VXLAN network to effectively address a

shortage of logical network segments in the cloud
Network data center and MAC flooding of a upper layer
management switch.
VXLAN network
• Allows you to change a VNI name. Specifically,
you can either customize the VNI name that you
entered or enter a VNI name when you create a
VNI range.

Issue: V3.8.0 27
 Technical Whitepaper / 3 Product Features

Type Feature ZStack Enterprise

To lower network latencies and improve VXLAN

Hardware network performances, manipulate an SDN networks
VXLAN network of a hardware switch in the cloud by adding a SDN
controller.

• Allows a VM instance to use a real network IP

Distributed resource.
flat network • Provides two types of IP address type: IPv4 and
IPv6.

Distributed Allows a VM instance to use a virtual network address

elastic network which can map a real network.

• Allows a VM instance to automatically obtain the

allocated IP address.
Distributed
• Allows you to specify an IP address for the DHCP
DHCP service
service to avoid IP conflicts during your network
planning when you create an L3 network.

Network address Reserves network address spaces to couple with a

space reservation physical network.

Dynamic and Not only allows you to dynamically allocate an IP

static IP allocation address, but also allows you to specify an IP address.

Multi-level network A VM instance can connect to multiple networks to

management build businesses of complex scenarios.

Limits QoS for a VIP to achieve effective allocation

VIP QoS setting
managements of network services.

MTU Customizes the limit of network packets.

• Allows you to specify a gateway when you add a

network range with the IP range.
Custom gateway • Allows you to specify a gateway when you add a
network range with CIDR, and uses the first or the
last address of CIDR as the gateway.

• Manipulates basic VPC vRouter lifecycles, such as

creating, deleting, starting, stopping, and rebooting
a VPC vRouter.
VPC vRouter • Supports common operations associated to a
VPC vRouter, including migrating a VPC vRouter,
attaching or detaching a VPC network, and setting
east-west traffics.

28 Issue: V3.8.0
 Technical Whitepaper / 3 Product Features

Type Feature ZStack Enterprise

• Supports all network services.

• Allows you to uniformly set DNS on a VPC vRouter.
• Allows you to enable or disable the SNAT network
service in a custom manner.
• Supports OSPF dynamic routing protocol.
• Supports the multicast feature. You can forward
multicast messages sent by a multicast source to a
VM instance.
• Supports the advanced feature of a distributed
routing to optimize east-west traffics.
• Specifies a default IP address when you create a
single VPC vRouter.
• By default, the resource priority of a VPC vRouter
is higher than that of a normal VM instance. When
resources contend with each other on hosts, a VPC
vRouter has higher resource grabbing capability.

• Allows you to configure a firewall for a VPC vRouter

. Specifically, after you complete creating a VPC
firewall, the system will automatically configure an
inbound rule set for the VPC vRouter. In addition,
you can flexibly configure an outbound rule set for
the VPC vRouter.
• Each interface direction of a VPC vRouter is
allowed to use a rule set. In addition, the south
-north traffics of the interface will be filtered to
effectively protect the communication security of
Firewall
the entire VPC and the security of the VPC vRouter
.
• By default, the inbound direction of a VPC vRouter
NIC will bind one rule set.
• Allows you to add a firewall rule via an IP address,
IP range, and CIDR. In addition, multiple IP formats
are supported to lower the complexity of rule
configurations, thus improving the feature usability.
• Allows you to select whether to take effect a firewall
rule immediately.

VPC vRouter • Supports the high availability feature of a VPC

HA group vRouter. Specifically, a pair of VPC vRouters with

Issue: V3.8.0 29
 Technical Whitepaper / 3 Product Features

Type Feature ZStack Enterprise

the active backup mode are deployed within a VPC

vRouter HA group.
• When the master VPC vRouter is abnormal, the
high availability will be triggered in seconds to
ensure your business continuity, and the master
VPC vRouter will be automatically switched to the
slave VPC vRouter.
• Allows you to specify a VIP when you create a VPC
vRouter HA group.

• Allows you to create or delete a VPC network,

add a network range, and attach or detach a VPC
vRouter.
• A VPC network supports multiple network services
, including security group, public VIP, private VIP,
VPC network EIP, port forwarding, load balancing of an external
network, and load balancing of an internal network.
• Load balancing supports TCP, HTTP, HTTPS, or
UDP protocol.
• TUI supports real-time traffic monitoring of a load
balancer.

• Allows you to create a VM instance.

• Provides VIPs for network services.
Public network
• Provides two types of IP address type: IPv4 and
IPv6.

Uses as a management network, storage network, and

System network
migration network.

• A vRouter supports multiple network services,

including security, VIP, EIP, port forwarding, and
load balancing.
• Load balancing supports TCP, HTTP, HTTPS, or
UDP protocol.
• TUI supports real-time traffic monitoring of a load
vRouter network
balancer.
• Supports the IPsec tunnel service based on a
vRouter.
• Allows you to attach multiple EIPs to one VM NIC.
• Allows one vRouter to connect to multiple public
networks.

30 Issue: V3.8.0
 Technical Whitepaper / 3 Product Features

Type Feature ZStack Enterprise

• Allows you to configure a static vRouter table.

• Supports distributed DHCP to improve service
performances.

• Displays the global network diagram of your cloud,

and supports highlighting display of a resource.
Network diagram
• Allows you to select the resources that you need to
display their network diagram in a custom manner.

• A VPC vRouter has a new added network service

, namely Netflow. You can analyze and monitor
inbound and outbound traffics of a VPC vRouter
Netflow
NIC by using Netflow.
• Supports two types of data flow output format,
including Netflow V5 and Netflow V9.

• Allows you to check the IP utilization of an L3

network (private network, public network, and VPC
network).
IP statistics • On the IP statistics details page of the L3 network
, you can quickly check used IP addresses, other
associated resources, and states of the used IP
addresses.

• Analyzes the obtained business messages via

port mirroring to facilitate your monitoring and
management of internal enterprise network data
Port mirroring and to quickly locate network failures.
• Allows you to configure independent traffic
networks which can be used by port mirroring to
transfer data.

Provides scheduling operations of VM instances and

Scheduled subject
volumes.

• Allows you to stop or reboot a VM instance, and to

Scheduled job create scheduled jobs for a volume snapshot.
Scheduling • When you create a scheduled job for VM instances
operations or volume snapshots, sets the number of reserved
snapshots if all VM instances or volumes that you
selected use a Ceph primary storage.

Issue: V3.8.0 31
 Technical Whitepaper / 3 Product Features

Type Feature ZStack Enterprise

• Allows you to create a resource stack via online

formation and template.
• Allows you to preview or check resource contents,
Resource stack
and to inject User Data into a VM instance.
• Allows you to delete resource stacks and cascade
delete all resources in a resource stack.

Allows you to create a resource stack template via

Custom template text editor and local uploading, and to create, check,
CloudFormation change, delete, and preview a stack template.

The resource stack template sample that is provided

Sample template by the cloud by default can be used as a reference
template.

• Allows you to create a resource stack template by

visually dragging and dropping resources.
Visual resource
• Allows you to review templates, generate resource
formation
stacks, and save as resources templates.
• Allows you to undo, redo, delete, and clear canvas.

L3 security policy Supports security policies based on TCP or UDP port.

• Allows a security group to uniformly manage VM

Security security policies to achieve intercommunication
Unified
management within the security group. Specifically, a security
management of
policy can be applied to all resources within the
security group
same security group.
• Allows you to enable and disable a security group.

• Supports sorting for multiple resources, including

host, VM instance, vRouter, VIP, and L3 network,
and allows you to customize data source display at
Performance TOP5 different periods.
Performanc • Allows you to switch data sources, including
e TOP5 and external monitoring and internal monitoring. For
performanc internal monitoring, you need to install an agent.
e analysis
• Allows you to customize data source display at
VM performanc different periods, to specify a resource range, and
e analysis to specify an owner range. By using the filter,
analyzes and sorts VM CPU utilization, memory
utilization, disk read speed, disk write speed, NIC

32 Issue: V3.8.0
 Technical Whitepaper / 3 Product Features

Type Feature ZStack Enterprise

in speed, NIC out speed, NIC in packets, NIC out

packets, NIC in errors, and NIC out errors.
• Allows you to switch data sources, including
external monitoring and internal monitoring. For
internal monitoring, you need to install an agent.

• Allows you to customize data source display at

different periods, to specify a resource range, and
to specify an owner range. By using the filter,
analyzes and sorts router CPU utilization, memory
Router performanc utilization, disk read speed, disk write speed, NIC
e analysis in speed, NIC out speed, NIC in packets, NIC out
packets, NIC in errors, and NIC out errors.
• Allows you to switch data sources, including
external monitoring and internal monitoring. For
internal monitoring, you need to install an agent.

Allows you to customize data source display at

different periods, and to specify a resource range. By
using the filter, analyzes and sorts host CPU utilization
Host performanc , memory utilization, disk read speed, disk write speed
e analysis , disk used capacity, disk read IOPS, disk write IOPS,
disk used capacity in percent, NIC in speed, NIC out
speed, NIC in packets, NIC out packets, NIC in errors,
and NIC out errors.

Allows you to customize data source display at

L3 network different periods, and to specify a resource range. By
performanc using the filter, analyzes and sorts used IP count, used
e analysis IP in percent, available IP count, and available IP in
percent.

Allows you to customize data source display at

different periods, to specify resource range, and to
VIP performanc specify owner range. By using the filter, analyzes and
e analysis sorts VIP inbound traffic in bytes, inbound traffic in
packages, outbound traffic in bytes, and outbound
traffic in packages.

Allows you to customize data source display at

Backup storage
different periods, and to specify a resource range. By
performanc
using the filter, analyzes and sorts available backup
e analysis
storage capacity in percent.

Issue: V3.8.0 33
 Technical Whitepaper / 3 Product Features

Type Feature ZStack Enterprise

Provides real-time monitoring of running hosts, and

Host monitoring displays sequential diagram for monitoring CPU,
memory, disk, and network.

Provides real-time monitoring of running VM instances

VM monitoring , and displays a sequential diagram for monitoring
CPU, memory, disk, and network.

• Monitors sequential data of the system, including

VM memory utilization and host CPU utilization.
• Monitors system events, including VM state event
Monitoring and host disconnection event.
• The main page allows you to check the visual
diagram of host workloads according to different
periods of time.

• Through resourceful metric items, monitors and

sounds alarms for a VM instance, BareMetal
instance, router, image, backup storage, system
data directory, host, L3 network, volume, VIP,
primary storage, load balancer listener, and other
ZWatch
resources.
• Sets alarms for sequential data and event, and
receives alarm messages via SNS notification,
and allows you to receive alarm messages via
email, DingTalk, HTTP application, or Aliyun short
message.
• Provides commonly default alarms to monitor
Alarm states of basic resources at real time.
• Selects the monitoring range as needed, and
allows you to monitor a single resource or all
resources of a monitoring object.
• ZWatch converges alarm messages, so an event
alarm message policy can be adjusted to notify you
once. You can select Once for the alarm period
type in a resource alarm. Specifically, you can
flexibly configure an alarm policy as needed.
• ZWatch alarm messages support notifications of
the read state and unread state. You can quickly
locate problems to improve O&M efficiencies via
the notifications.

34 Issue: V3.8.0
 Technical Whitepaper / 3 Product Features

Type Feature ZStack Enterprise

• After ZWatch alarm recovers, notifications are

supported.
• An alarm message supports bilingual version (EN
-CN) to improve readability and understandability,
which allows you to quickly locate problems.
• Allows you to select an emergency level for a
resource alarm or event alarm. Different emergency
levels of alarms will send out the corresponding
emergency levels of alarm messages. In this regard
, you can classify and check alarms as needed to
improve O&M efficiencies.

• Supports multiple endpoints, including email,

DingTalk, HTTP application, and Aliyun short
message.
Multiple endpoint
• The email endpoint and the Aliyun short message
endpoint allow you to add multiple endpoint
addresses.

• Supports audit queries for all resources. You can

audit all operation behaviors of a resource to
effectively protect your core data security in the
cloud.
Auditing Resource auditing • Allows you to check call API name, time consumed
, task result, operator, creation time, completion
time, and message details of API actions. In
addition, allows you to export the preceding
information with the CSV format.

• Displays the operation description, task result,

operator, login IP, creation time, completion date,
and message details returned by operations. In this
regard, you can achieve fine-grained management
s for resources and can export the operation
information with the CSV format.
Operation log Operation log • Allows you to configure log reservation time as
needed.
• Displays event audits and login audits of performed
operations.
• Global settings allows you to set log reservatio
n time of a management node and reservation
capacities as needed.

Issue: V3.8.0 35
 Technical Whitepaper / 3 Product Features

Type Feature ZStack Enterprise

The account management feature includes account

Account and user
and user. Specifically, an account is a resource billing
management
group, while a user can define operation permissions.

• Allows you to add an AD or LDAP account, and to

bind regular users.
AD/LDAP account
• Allows you to clean binding filters in a custom
manner.

Allows you to allocate the largest available resources

to an account in a custom manner, including the
Account
number of running VM instances, CPU, CPU, memory
resource quota
, volume count, total capacity of a volume, image
count, total capacity of an image, and EIP count.

Permission
Supports permission allocation of a user group to
allocation of
uniformly manipulate user permissions.
user group

Permission
Allows you to allocate permissions for users.
allocation of user
Account Allows you to change a VM owner and specify an
Changing VM owner
management account where the VM instance belongs.

Changing Allows you to change volume owner, and to specify

volume owner the account where the volume belongs.

Allows you to share an instance offering to others.

Specified allocation
Specifically, you can specify whether an account can
of instance offering
use the instance offering.

Allows you to share an image resource. Specifically

Specified allocation
, you can specify whether an account can use the
of image resource
image resource.

Allows you to share a disk offering. Specifically, you

Specified allocation
can specify whether an account can use the disk
of disk offering
offering.

Allows you to share an L2 network resource and an

Specified allocation L3 network resource. Specifically, you can specify
of network resource whether an account can use the L2 network resource
and the L3 network resource.

Allows you to directly perform global settings on

Global settings
various properties on the UI.

36 Issue: V3.8.0
 Technical Whitepaper / 3 Product Features

Type Feature ZStack Enterprise

• Each global settings has one default value, and

supports one-click restoration settings (restore
defaults).
• If you want to update global settings, do not need to
restart your management node.
• Supports templates, and provides one-click
template settings in the global settings according
to your real production scenarios. This will quickly
set the cloud to meet your requirements, which can
improve O&M inefficiencies.

Changing admin If you forget the login password of an admin, run

account password zstack-ctl reset_password to restore defaults.

• Each resource pricing unit will be integrated as one

pricing list to provide the billing experience of a
quasi public cloud. The supported billing resource
type includes CPU, memory, root volume, data
volume, GPU device, public IP (flat network), and
Custom pricing list
public IP (VIP).
• A pricing unit includes second, minute, hour, day,
week, and month (30 days).
• The pricing unit that can be dynamically adjusted
can meet the need of periodical promotions.

Supports project-based or account-based billings to

calculate expenses of each resource. Each project or
Billing method
account allows you to use different pricing lists and to
Billing customize different pricing strategies.

Disk performanc Different types of disks allow you to set different

e-based pricing pricing units independently.

Allows you to set a billing currency symbol on the

global settings. The supported currency unit includes
CNY - Chinese Yuan (￥), USD - US Dollar ($), EUR
Billing currency
- Euro (€), GBP - British Pound (£ ), AUD - Australian
symbol
Dollar (A$), HKD (HK$), JPY - Japanese Yen ( ¥ ),
CHF - Swiss Franc (CHF), and CAD - Canadian Dollar
(C$).

Calculates and displays resource expense information

Bills of an admin and all users (tenants).

• Provides real-time display of bills.

Issue: V3.8.0 37
 Technical Whitepaper / 3 Product Features

Type Feature ZStack Enterprise

• Supports project bills, department bills, and account

bills. A project can be attached to a department.
• By default, billing details are generated once at 00:
00 each day. You can change creation time of the
billing details via global settings.

Supports common O&M operations and custom OS UI

TUI
.

Allows you to access GUI page to manage the cloud (

GUI
UI page) via HTTP or HTTPS.

• To better meet language habits of users at different

geographical locations, make sure that the default
UI language is consistent with the browser of the
UI language current user.
• Allows you to customize and record the UI
language with which you can interact. This can
improve user experiences.

• Allows you to authenticate with dynamic authentica

tion codes to avoid malicious logins.
• Supports two-factor authentication, and adds extra
security codes for authenticating your identity to
further increase your account security.
Access
• Supports login password complexity settings. You
can set the password length in a custom manner,
and use the password strategy with a combination
of numeric, case-sensitive, and special characters.
• Supports password expiration settings. You can set
the password update cycle in a custom manner.
Login security We recommend that you change the cloud login
password regularly to ensure the login security.
• Allows you to set the history password check.
You can set unrepeated times of failed logins in a
custom manner.
• Allows you to set the password lock mechanism.
You can set the maximum number of failed logins
and the maximum login number of locking a user
for a period of time. When your continuous failed
logins exceed the value that you set, your user and
account will be locked for a period of time to ensure
the login security.

38 Issue: V3.8.0
 Technical Whitepaper / 3 Product Features

Type Feature ZStack Enterprise

• Supports the IP blacklist or whitelist. You can set IP

blacklist or whitelist as needed to detect and filter
visitor identities and to improve the cloud access
control security.
• The same user supports multiple session logins
while disabling multiple session logins.

Allows you to access the cloud via command line.

The command line supports full feature accesses. In
Command line
addition, an account and a user can be logged in via
command lines.

Supports full feature API operations where APIs

supports Java SDK (compatibility version: Java 8
API
), Python (compatibility version: Python 2.7), and
standard RESTful interface accesses.

Operation Intelligent Provides intelligent environment checks and operation

assistant notification guides for key cloud operations.

To reasonably schedule cloud resources, provides two

Affinity group Anti-affinity types of affinity group strategy: anti-affinity (soft) and
anti-affinity (hard).

Custom product Allows you to customize the product logo, product

information name, and other information via custom UI.

• Provides multiple magnificent themes of a large

screen to display your cloud resource information.
• Allows you to switch virtualizations to display KVM
or vCenter large screen respectively.
Large-screen
UI augmentation • Allows you switch zones to display the large screen
home page
of all zones or a zone.
• Allows you switch data sources, including external
monitoring and internal monitoring. For internal
monitoring, you need to install an agent.

Encryption access Allows you to securely log in to the cloud via HTTPS.

In-process display Adds progress bars of multiple scenarios.

• Supports SPICE, RDP, and VNC, and has

optimized them via custom client side.
VDI Solution • Allows you to specify a VDI network.
• Supports USB redirection, which means multiple
USB devices are compatible.

Issue: V3.8.0 39
 Technical Whitepaper / 3 Product Features

Type Feature ZStack Enterprise

• Allows you to set a VDI network independently.

• Supports multi-screen display.
• Supports microphones.
• Supports SPICE to optimize traffics.

Adds a quick entrance to the product and service, and

UI navigation Quick entrance
supports resource highlighting.

List information Exports VM and host main list information. You can
UI informatio
exporting with manage and edit parameters for a VM instance and a
n exporting
CSV format host offline in a graphical format.

• Allows you to create tags of different names or

colors, and binds them to VM instances or volumes
Tag Resource tag to manage and search resources.
• Resource tags allow you to sort resources
according to the time or names that you bound.

Allows you to add application plugins, such as storage

Application center Application center
, database, security, IaaS, PaaS, and SaaS.

Allows you to generate AccessKey that other

AccessKey clouds can call APIs. This AccessKey has the
AccessKey
management same permission as the creator who generated the
AccessKey.

• Basic License includes enterprise edition and

hybrid edition.
• Allows you to upload Basic License via a local
browser.
Cloud license • Supports expiration notifications of Basic License.
• Enterprise standalone unlimited version supports all
features.
• Supports two types of authorization method: CPU
License
and host.

• Plus License provides additional functionality.

• Depends on Basic License.
• Currently includes Enterprise Management module
Module license , VMware Management module, BareMetal
Management, Backup Service, Migration Service
, ARM64 Management module, and After-Sales
Service (5x8 and 7x24).

40 Issue: V3.8.0
 Technical Whitepaper / 3 Product Features

Type Feature ZStack Enterprise

• Allows you to upload Plus License via a local

browser.
• Supports expiration notifications of the Plus License
.

• Supports x86 server infrastructure license. KVM

and vCenter can be used separately to provide
independent CPU permissions for a compute node.
CPU infrastruc
• Supports ARM64 server management license. In
ture license
addition, allows you to add an ARM64 server to the
cloud via a license. You can specify CPU counts or
host counts for the ARM64 server.

License uploading Allows you to uniformly upload a license as needed.

• Supports multi-host management node HA. You

can use the active backup mode. Specifically, after
a management node fails, another management
node will be used to ensure your business
continuity.
Multi-host • Allows you to add licenses for the master
management management node and the slave management
Management node HA node respectively via VIP login.
node
• Multi-MN HA environment allows you to listen the
management node HA and check the health status
. In addition, by default, a resource alarm will be
triggered if the monitor IP cannot be reached, or if
dual MN database cannot synchronize.

A management node supports coexistence of different

Management node
versions of source files.

• Allows you to add hosts in bulk according to the

Compute node Batch host addition network range that you entered.
• Allows you to add hosts in bulk with a template.

Allows you to collect logs of a management node.

You can easily collect logs of a management node to
Log server Log server
quickly locate questions and to improve O&M efficienci
es of the cloud.

One-click • Allows you to run just one command to complete

Installation installing and deploying the cloud from scratch
installation
within just 30 minutes.

Issue: V3.8.0 41
 Technical Whitepaper / 3 Product Features

Type Feature ZStack Enterprise

• Supports three installation modes: ZStack

Enterprise Management Node, ZStack Community
Management Node, and ZStack Expert Mode.

Allows you to seamlessly upgrade your cloud from

Seamless upgrade
earlier to later.

Incrementa Supports incremental upgrade to improve the upgrade

Upgrade
l upgrade speed greatly.

Environmen Allows you to customize installation and upgrade via

t upgrade ZStack Expert mode.

The following table lists the features of ZStack Enterprise Management module.

Type Feature ZStack Enterprise Management Module

• A user is the most basic unit in Enterprise

Management.
• An admin or platform user can create users, and
builds the corresponding organization structure
based on users.
• You can add users, delete users, change user
names, change passwords, change personal
information, join departments, remove from
departments, join projects, and remove from
User
projects.
• Personal information of a user includes name,
mobile phone number, email address, and identifier
.
Organization
• Provides two types of user creation mode: manual
addition and template importing. Specifically, if you
import a template, organization relationship among
users and the information of projects where the
users belong can be synchronously imported.

• An organization is the basic unit in Enterprise

Management. An admin or platform user can see
all organization structure trees of the cloud, while
a regular platform user or project member can only
Organization
see the structure tree of the organization where
regular users or project members belong.
• An organization can be displayed by an organizati
on structure tree, and includes a top-level

42 Issue: V3.8.0
 Technical Whitepaper / 3 Product Features

Type Feature ZStack Enterprise Management Module

department and a department. The top-level

department is the first level department where you
can add multiple lower-level departments. You can
create multiple top-level departments.
• The binding relationship between a department
head and a department is weakened to allow the
department to not set the head of department.
• You can add an organization, delete an organizati
on, change a parent department, create a
subsidiary department, delete a subsidiary
department, add a user, and remove a user.

• A role has a group of permissions and can endow

users with permissions used for calling related APIs
to manipulate resources.
• Tenants and roles are separated in Enterprise
Management. Roles can be bound to tenants or
removed from tenants in Enterprise Management. A
role includes system role and custom role.
• GUI has permission controls of the API level for
tenants to flexibly meet permission configurations of
various scenarios.
• A super administrator (admin), platform admin, or
regular platform user can have permission controls
Role
on a project member (project admin, project
operator, or regular project member).
• A platform admin can serve as a user. If you bind
a platform admin role to a user, this user can be
endowed with the corresponding role and the
corresponding permissions.
• Provides platform admin role, project admin role,
project operator role, and dashboard role. Specifical
ly, a user with the dashboard role can only have
the permission to check the dashboard. If you log
in to the cloud via this user, you will jump to the
dashboard page.

• Allows you to add an AD or LDAP server. After you

3rd party add an AD or LDAP server successfully, you can
authentication automatically import 3rd party users or organizati
ons (only for AD server) to the cloud.

Issue: V3.8.0 43
 Technical Whitepaper / 3 Product Features

Type Feature ZStack Enterprise Management Module

• Allows you to set a user mapping and organization

mapping (only for AD server). You can synchronize
3rd party users or organizations (only for AD server
) according to the mapping rule that you set.
• Allows you to customize filter rules where users that
you do not need to synchronize will be filtered.

• Specifies related people to accomplish specific

target tasks at a specific time, and with a specific
resource and budget.
• Enterprise Management is project-driven to
schedule resources. You can build an independent
resource pool for a specific project.
• Allows you to create a project, delete a project,
enable a project, disable a project, change a project
Project admin, generate a project template, add a member
, remove a member, stop project resources, recover
the expired project, attach an organization, and
detach an organization.
• The binding relationship between a project admin
and a project is weakened to allow the project to
not set the project admin.
• Allows you to recover a project via job scheduling
Project
recovery or billing recovery.
management
• Identifies the template of each resource quota.
• Allows you to directly use the quota defined by the
project template template to quickly create a project.
• Allows you to create a project template and delete a
project template.

• A project member is the basic member of a project.

Generally, an admin, platform user, project admin,
or project operator can be added to a project.
project member
• Permissions of a project member can be controlled
correspondingly by an admin, platform user, project
admin, or project operator.

• An admin, platform user, project admin, or project

Member group operator can create multiple member groups in a
project and manages users by groups.

44 Issue: V3.8.0
 Technical Whitepaper / 3 Product Features

Type Feature ZStack Enterprise Management Module

• You can endow a member group as a unit with a

role on which you can have permission controls.

• An admin or platform user can set QoS for a VM,

volume, and NIC.
• You can set the total bandwidth or read and write
bandwidth for a disk QoS.
QoS Setting
• You can control QoS setting range. QoS limit of a
regular account or project member must not exceed
the values that are set by an admin or platform
admin.

• A project member (project admin, project operator,

or regular project member) can apply for tickets for
Ticket applying cloud resources.
• A project member can create, reject, reopen, and
delete a ticket.

• An admin or project admin can approve, deploy,

and reject tickets.
• Supports the default process approval and custom
process approval.
• The default process approval includes that a project
member submits a ticket application, and an admin
performs a one-click approval. After your ticket
process has been approved, resources will be
Ticket automatically deployed successfully and distributed
management Ticket examinatio
to your project.
n and approval
• The custom process approval includes that a
project member submits a ticket application, and
approvers of each approval flow will perform
approvals according to the custom process
approval. Finally, an admin or project admin
will perform one-click approvals. After all ticket
processes has been approved, resources will be
automatically deployed successfully and distributed
to your project.

• An admin can set different types of custom ticket

Custom process process for different projects.
management • The multiple supported ticket types include applying
for a VM instance, deleting a VM instance,

Issue: V3.8.0 45
 Technical Whitepaper / 3 Product Features

Type Feature ZStack Enterprise Management Module

changing a project cycle, changing VM configurat

ions, and modifying a project quota.
• The custom ticket process allows you to add project
members to each approval flow.
• Allows you to enable, disable, change, and delete
custom ticket process.

• A platform admin is mainly an administrator who

can add or remove zones.
• An admin can allocate different zones to different
platform admins. In this regard, these platform
Platform admin admins can manipulate data centers of different
zones.
• Allows you to create or delete a platform admin,
change passwords, add a zone, and remove a zone
Independent zone
.
management

• Allows you to specify the corresponding zone

admins for each zone based on the fact that
resources are isolated on zones. Doing so will
Resource isolation achieve independent managements for each
machine room.
• Meanwhile, an admin can check and manage all
zones.

The following table lists the features of ZStack BareMetal Management module.

Type Feature BareMetal Management Module

• Manages BareMetal hosts by creating a BareMetal

cluster.
BareMetal cluster
• Allows you to attach a BareMetal cluster to an L2
network.

BareMetal • Automatically installs and deploys the system for

management newly-created BareMetal chassis via a deployment
Deployment server server.
• Allows you to deploy a deployment (PXE) server
independently.

BareMetal chassis • Deploys BareMetal chassis in bulk via an IPMI

network.

46 Issue: V3.8.0
 Technical Whitepaper / 3 Product Features

Type Feature BareMetal Management Module

• Allows you to manage powers of BareMetal chassis

remotely.
• Adds BareMetal chassis in bulk according to the
network range that you entered.
• Allows you to add BareMetal chassis in bulk via
template importing.
• Allows you to open the IPMI management page (
login page) of BareMetal chassis via a console. You
can log in to the BareMetal chassis by entering the
configured IPMI user name and the IPMI password.

• Allows you to install Linux operating system for

BareMetal chassis with an ISO image.
• Allows you to install Ubuntu, CentOS, and SUSE in
an unattended manner.
• Allows you to add network configurations for a
BareMetal instance.
• Provides real-time monitoring of internal workloads
BareMetal instance
. For BareMetal instance monitoring, you need to
install an agent. You can check CPU, memory,
disk, NIC, and other performance inductors of a
BareMetal instance.
• Provides associated monitoring items of a
BareMetal instance, including CPU, memory, disk,
and NIC.

following table lists the features of ZStack Backup Service module.

Type Feature Backup Service Module

• Allows you to create a backup task for a VM

instance, volume, and management node database
. Specifically, supports backups of entire VM
instances.
• Greatly improves the backup performance of large
Backup service Backup files by optimizing the backup mechanism of large
files, and supports physical tape library (PTL) and
virtual tape library (VTL).
• Allows you to set the backup strategy for a backup
task according to week, day, or hour. The backup
task that you created allows you to update the
backup strategy.

Issue: V3.8.0 47
 Technical Whitepaper / 3 Product Features

Type Feature Backup Service Module

• Saves backup file data according to count or time.

• Allows you to perform backups immediately and
fully back up your data on schedule after you create
a backup task.
• Allows you to back up your data on the local
backup storage and synchronize the data to the
remote backup storage.
• Allows you to check the local backup data or
remote backup data of a VM instance, volume, and
database.
• Allows you to delete a local backup data or remote
backup data.
• Allows you to either use the ImageStore backup
storage that you have deployed on the local data
center as a local backup storage or to deploy a new
local backup storage directly.
• Supports active backup seamless switch when
a backup task specifies multiple local backup
storages.
• Only allows you to add a remote backup storage,
including remote backup and Aliyun backup.
• A backup data only can be synchronized from a
local backup storage to a remote backup storage.
• The invalid backup data that has been deleted
completely on a local backup storage or remote
backup storage will be cleaned to release more
storage spaces.
• A backup task allows you to set disk QoS and
network QoS.
• A backup task allows you to check the backup
progress.
• Allows you to automatically obtain backup data
when you add the existing backup storages.

• Allows you to create new resources or overwrite

original resources when you recover resource from
a local VM instance, local backup data of a volume
Recovery , or remote backup data of a volume.
• Allows you to recover an entire VM instance.
• A local VM instance or remote backup data of a
volume must be synchronized to a local backup

48 Issue: V3.8.0
 Technical Whitepaper / 3 Product Features

Type Feature Backup Service Module

storage in advance before you recover the VM

instance or the remote backup data of the volume
to the local backup storage. The remote backup
data of database can be recovered directly to the
local backup storage.
• Allows you to perform one-click recovery for the
data center via the local backup storage of a
database or remote backup storage of a database.
This is applied to the scenario that the local backup
storage attaches a zone and has data.
• Allows you to recover the data center by means
of the Wizard guidance page via the local backup
data of the database or remote backup data of the
database. This is applied to the scenario that the
local backup storage has no any zone and any data
.
• Allows you to export and then manually recover
the local backup data or remote backup data of
database.

The following table lists the features of ZStack Migration Service module.

Type Feature Migration Service Module

• Migrates vCenter VM instances that you took over

to the current cloud.
• Allows you to perform one-click V2V bulk
migrations for VM instances. After the migrations
were completed successfully, the provisioning
method keeps unchanged.
• Allows you to customize configurations for target
V2V migration VM instances when you create a V2V migration job.
Migration service
for VMware • Allows you to set a migration network and QoS.
• Allows you to cancel and restart a V2V migration
job.
• Provides safe, resource-efficient migration services
. Files that are migrated will be compressed and
saved on the source primary storage.
• Supports multiple versions of source vCenter
platform, including 5.0, 5.1, 5.5, 6.0, 6.5, and 6.7.

Issue: V3.8.0 49
 Technical Whitepaper / 3 Product Features

Type Feature Migration Service Module

• Allows you to perform V2V migrations for VM

instances with multiple types of operating system.
The supported types of operating system for V2V
migrations include RHEL/CentOS 5.x/6.x/7.x, SLES
11/12/15, Ubuntu 12/14/16/18, and Windows 7/
2003/2008/2012/2016.
• Provides unlimited types of source primary storage
. Currently, the target primary storage supports
Ceph, SharedBlock, NFS, and LocalStorage.

• Does not need you to take over KVMs. You can

migrate VM instances online from a KVM cloud to
the current cloud.
• Allows you to perform V2V migrations (KVM) for
VM instances that are in the running state and the
stopped state.
• Supports unlimited types of primary storage.
V2V migration • Migrates data volumes synchronously that you
for KVM attached when you perform V2V migrations
for KVMs, and allows you to modify CPUs and
memories.
• Does not migrate VM snapshots synchronously
when you perform V2V migrations for KVMs.
• Provides unlimited types of primary storage.
Currently, the target primary storage supports Ceph
, SharedBlock, NFS, and LocalStorage.

The following table lists the features of ZStack Rights Separation module.

Type Feature Rights Separation

Permissions of a super admin (admin) are separated

into three roles: system administrator (sysadmin
), security administrator (secadmin), and security
auditor (secauditor). These three roles are mutually
Rights management
independent and mutually balanced to further enhance
Rights Separation the cloud security. Doing so will effectively lower the
security risk that permissions of a super administrator
are too large.

The sysadmin manages resources on the cloud and

System admin manipulates the lifecycle of resources on the cloud
excluding managements of associated permissions.

50 Issue: V3.8.0
 Technical Whitepaper / 3 Product Features

Type Feature Rights Separation

The secadmin manages cloud permissions, and

Security admin
allocates permissions to users or roles.

The secauditor manages cloud auditing, and has

Security auditor permission controls to check and export logs that are
used to audit operations of other users.

Issue: V3.8.0 51
 Technical Whitepaper / 4 Product Highlights

4 Product Highlights

ZStack is the next-generation, private cloud IaaS software featuring Simple, Strong, Scalable and
Smart (4S).

1. Simple

• Easy installation and deployment: allows you to download installation packages from our
official website. You can install and deploy the cloud from scratch within just 30 minutes.

• Easily-managed cloud: supports bulk operations of VM instances, such as creating or

deleting VM instances in bulk, and provides list displays and sliding window details.

• Simple, practical operations: provides a thorough User Guide with ample help information, a
productive community, and standard APIs.

• Friendly UI: provides you with a well-designed, friendly user interface to realize powerful
features by performing simple operations.

2. Strong

• Stable, efficient system architecture design: ZStack has an asynchronous architecture, in

-process microservices architecture, lock-free architecture, stateless service architecture,
and consistent hashing ring to ensure the system efficiency and stability. Currently, ZStack
has achieved various functions. For example, a single management node can manage tens
of thousands hosts, and hundreds of thousands of VM instances. A cluster that contains
multiple management nodes can use a database and a set of message buses to manage
hundreds of thousands of hosts and millions of VM instances, and handle tens of thousands
of concurrent APIs.

• High concurrent API requests: A single ZStack management node can easily handle tens of
thousands of concurrent API call requests per second.

• Stringent HA requirements: When a network or management node is unavailable, appliance

VM instances can be automatically switched to another management node that is detected
as healthy. The management node virtualization helps to achieve the high availability for a
single management node. That is, backup management nodes will be dynamically applied
within seconds if any management node is disconnected, thus ensuring your business
continuity.

3. Scalable

• Large scale: Technically, a single management node can manage one to tens of thousands
of hosts and hundreds of thousands of VM instances.

52 Issue: V3.8.0
 Technical Whitepaper / 4 Product Highlights

• Comprehensive API: ZStack provides a whole set of IaaS APIs. In this regard, you can
create brand-new, available zones across multiple geographical locations, modify network
configurations, and upgrade physical servers.

• Resource allocation based on your needs: Important resources such as VM instances and
cloud storages can be resized according to your demands. ZStack not only allows you to
modify online the CPU, memory, and other resources for a VM instance, but also allows you
to dynamically adjust its network bandwidth, disk bandwidth, and other resources for a VM
instance.

4. Smart

• Automatic O&M: In ZStack environment, all O&M operations can be managed by ZStack
APIs. By using the Ansible inventory, ZStack can realize full-automatic deployment and
upgrade as well as automatic detection and reconnection. If network jitters happen or hosts
restart, each management node can be automatically reconnected to the networks or the
hosts. Note that a ZStack scheduler allows you to start or stop VM instances on schedule,
and allows you to take VM snapshots on schedule with the round-robin policy.

• Online seamless upgrade: ZStack provides one-click seamless upgrade within 5 minutes.
You only need to upgrade and manipulate management nodes. After the cloud is upgraded
successfully and started, the compute node, storage node, and network node will be
automatically upgraded as well.

• Intelligent UI interaction: Compute resources are displayed in real time, which helps to avoid
misoperations.

• Real-time global monitoring: You can manage and control the current resource consumption
of the entire cloud. With the real-time monitoring, you can adjust your resources intelligently
to save IT software and hardware resources.

Issue: V3.8.0 53
 Technical Whitepaper / Glossary

Glossary

Zone
A zone is a logical group of resources such as clusters, L2 networks, and primary storages. Zone
is the largest resource scope defined in ZStack.

Cluster
A cluster is a logical group of analogy hosts (compute nodes). Hosts in the same cluster must be
installed with the same operating system, have the same network configuration, and be able to
access the same primary storage. In a real data center, a cluster usually maps to a rack.

Management Node
A management node is a host with operating system installed to provide UI management and
cloud platform deployment.

Compute Node
A compute node is a physical server (also known as a host) that provides VM instances with
compute, network, and storage resources.

Primary Storage
A primary storage is a storage server used to store disk files in VM instances. Local storage, NFS,
Ceph, Shared Mount Point, and SharedBlock are supported.

Backup Storage
A backup storage is a storage server used to store image template files. ImageStore, SFTP
(Community Edition), and Ceph are supported. We recommend that you deploy backup storage
separately.

ImageStore
ImageStore is a type of backup storage. You can use ImageStore to create images for VM
instances that are in the running state and manage image version updates and release.
ImageStore allows you quickly upload, download, export images, and create image snapshots as
needed.

54 Issue: V3.8.0
 Technical Whitepaper / Glossary

VM Instance
A VM instance is a virtual machine instance running on a host. A VM instance has its own IP
address to access public network and run application services.

Image
An image is an image template used by a VM instance or volume. Image templates include
system volume images and data volume images.

Volume
A volume can either be a data volume or a root volume. A volume provides storage to a VM
instance. A shared volume can be attached to one or more VM instances.

Instance Offering
An instance offering is a specification of the VM instance CPU and memory, and defines the host
allocator strategy, disk bandwidth, and network bandwidth.

Disk Offering
A disk offering is a specification of a volume, which defines the size of a volume and how the
volume will be created.

L2 Network
An L2 network is a layer 2 broadcast domain used for layer 2 isolation. Generally, L2 networks are
identified by names of devices on the physical network.

L3 Network
An L3 network is a collection of network configurations for VM instances, including the IP range,
gateway, and DNS.

Public Network
A public network is generally allocated with a public IP address by Network Information Center
(NIC) and can be connected to IP addresses on the Internet.

Private Network
A private network is the internal network that can be connected and accessed by VM instances.

Issue: V3.8.0 55
 Technical Whitepaper / Glossary

L2NoVlanNetwork
L2NoVlanNetwork is a network type for creating an L2 network. If L2NoVlanNetwork is selected,
VLAN settings are not used for host connection.

L2VlanNetwork
L2VlanNetwork is a network type for creating an L2 network. If L2VlanNetwork is selected, VLAN
settings are used for host connection and need to be configured on the corresponding switches in
advance.

VXLAN Pool
A VXLAN pool is an underlay network in VXLAN. You can create multiple VXLAN overlay
networks (VXLAN) in a VXLAN pool. The overlay networks can operate on the same underlay
network device.

VXLAN
A VXLAN network is a L2 network encapsulated by using the VXLAN protocol. A VXLAN network
belongs to a VXLAN pool. Different VXLAN networks are isolated from each other on the L2
network.

vRouter
A vRouter is a custom Linux VM instance that provides various network services.

Security Group
A security group provides L3 network firewall control over the VM instances. It can be used to set
different security rules to filter IP addresses, network packet types, and the traffic flow of network
packets.

EIP
An elastic IP address (EIP) is a method to access a private network through a public network.

Snapshot
A snapshot is a point-in-time capture of data status in a disk. A snapshot can be either an
automatic snapshot or a manual snapshot.

56 Issue: V3.8.0