Main Features of Zetacloud's Cloud OS
Zetacloud's Cloud OS (ZCOS) is an enterprise-grade operating system that has been built on the backs of giants! Being based on Solaris, it's obviously production-ready. It comes pre-loaded with many amazing enterprise-class features that have been tested in production environments for decades. This is a short list of these features, with greater details provided in the tabs above highlighting those features that deserve a section of their own.
- Management UI/API
- The Cloud Management Web UI API, which fully supports resource management via scriptable CLI APIs, gives users complete access to the operations of their ZCOS private cloud. The management console is powerful enough to run a complete multi-location private cloud via a UI as well as REST APIs. System administrators can access almost all of the features and functionality of ZCOS, from simple to complex, from a dingle dashboard.
Administrators can provision and manage virtual machines, resource tagging, templates, boot ISOs, backups, DNS, routing, virtual networks, nodes at their and remote locations, virtual servers, systems logs, ACLs for users, groups, roles and resources, and much mode.
This is a very large topic and comprehensive documentation is available in our DC Management section.
- We've simplified licensing and IP issues as much as possible so clients do not have to be concerned about issues of licensing, intellectual property or being billed for any hidden fees or charges. Almost all of the ZCOS stack is composed of, or built on open source components or other products that are distributed by the original authors without any monetary licensing requirements. Our Management UI/API is open-source, but it is not free or freely distributable. We've kept it as open source to allow any company to do a complete audit of our software if they so wish.
Clients get a perpetual license to everything that is installed by us on their private cloud server, subject to the terms and conditions of the agreement. Clients will be required to pay a fee to Zetacloud for upgrades, tech support or for the right to alter our source code, but there's no lock-in.
- CAPEX ► OPEX
- Moving from your own IT infrastructure with self-owned hardware to a completely public cloud infrastructure (like Amazon Web Services) allows businesses to move from a CAPEX-heavy, OPEX-light cost structure to a completely OPEX-heavy cost structure. But these public cloud providers are expensive and it's difficult to justify the much higher costs over the long term.
In reality, it's unrealistic to expect clients to be able to move to a purely public cloud setup, because most have resources on the ground, including IT staff, who they cannot simply terminate.
Zetacloud's managed private cloud allows our clients to save significant costs. Our clients now move to a cost structure that is CAPEX-light and OPEX-light. This allows clients to monetise much of their unused hardware, and continue to utilise their people for provisioning value-added services on top of our private cloud infrastructure.
- ZCOS uses ZFS for its filesystem. ZFS is a production-grade storage technology that's being used by many clients for the last 20 years. ZFS is a raid manager, volume manager and filesystem in one. ZFS was designed for long-term storage of data, and indefinitely scaled datastore sizes with zero data loss and high configurability. It provides native disk encryption, compression, deduplication, fined graind ACL, rights delegation, and a slew of other features. More details of the most important capabilities ZFS provides to clients are on the next tab (above).
- The ZCOS networking stack is one of the most flexible, reliable and probably one of the best when it comes to the balance of speed, reliability, virtualization and administration. It's built on top of crossbow and provides all of the features of Solaris network virtualization and resource control stack. This gives our clients unprescedented control over their network, where each VM can have any number of virtual network adapters and be attached to any of the 1000's of virtual networks that can be managed across multi-location cloud set-ups.
- Secure Computing
- Zetacloud's ZCOS enables many different layers of security to ensure that the default set-up is a restrictive, secure computing environment for clients. This may cause some problems with regard to some of the services they run, but it ensures that there's no gaps in their systems security. See the Security tab for more details.
- OS & Virtualization
- ZCOS, being based on the same tech stack as Oracle Solaris OS, that's extremely stable, has been used in production for decades, runs some of the biggest data centres and can guarantee 99.9% uptime if configured right.
ZCOS supports three primary types of virtualization, and these use four different technologies.
- Solaris-native zones and containers
These VMs deliver bare-metal performance because there's no overheads for running a guest OS. For the virtual machine, they get the advantage of flexible resource allocation (RAM, CPU, etc.) while being securely virtualized.
- LX Zones for Linux Containers
These are mainly for running different linux distributions at close to bare-metal performance. Ubuntu, Red Hat, Fedora, etc. all run without issues.
- KVM Hardware Virtualization Zones & Bhyve
These types of zones create virtual machines with complete hardware virtualization and therefore impose an overhead penalty on on the performance of the VM. The two technologies are similar, Bhyve is relatively new and gives much better performance.
Either of these technologies is fully capable of running almost any operating system, including Windows Server, Windows Desktop, any of the Linux distributions, and any of the BSD variants.
- Solaris-native zones and containers
- Disaster Mgmt
- Disaster Management can be split into two primary sections - (a) disaster mitigation and preparation, and (b) disaster recovery. Zetacloud provides numerous options automatically for clients, but the actual mechanisms and strategy to be used will be determined by the clients' disaster recovery protocol. More details are in the Disaster Mgmt tab.
- For monitoring and alerting purposes, Zetacloud uses the Zabbix monitoring system, which has been integrated into ZCOS as a VM. Zabbix is "an open-source monitoring software tool for diverse IT components, including networks, servers, virtual machines and cloud services". Zabbix provides monitoring metrics, among others network utilization, CPU load and disk space.
The Zetacloud environment differentiates between two types of monitoring servers:
- The Central Monitoring Server - This manages all the actual hardware nodes, which are the only items requiring hardware monitoring.
- Virtual cloud monitoring - These manage the user agents and vitual servers.
- Systems Audit
- Zetacloud currently supports complete and thorough logging of all user activity and system performance. Zetacloud already has a system and resource monitoring built into our ZCOS framework, as mentioned above. We also provide a firewall, VPN and intrusion detection and prevention tool that monitors all external access to the system. Clients may also choose to have complete access logs off-loaded to a remote location of their choice so these records are immutable and can always be reviewed by their internal auditors or 3rd party reviewers.
Storage: The ZFS Filesystem
ZFS is a production-grade storage technology, previously native to Solaris, but now ubiquitous across almost all operating systems. ZFS has features and options that are just not currently available on any other production-grade filesystems. Only some of ZFS's unique strengths are listed below, for more thorough coverage of this filesystem, I'd recommend getting a book.
- Endless scalability
- Well, it’s not technically endless, but it’s a 128-bit file system that’s capable of managing zettabytes (one billion terabytes!) of data. No matter how much hard drive space you have, ZFS will be suitable for managing it.
- Data integrity
- You get guaranteed data integrity with ZFS. Everything you do inside of ZFS uses a checksum to ensure file integrity. You can rest assured that your files and their redundant copies will not encounter silent data corruption. Also, while ZFS is busy quietly checking your data for integrity, it will do automatic repairs anytime it can.
- Drive Pooling
- The creators of ZFS want you to think of it as being similar to the way your computer uses RAM. When you need more memory in your computer, you put in another stick and you’re done. Similarly with ZFS, when you need more hard drive space, you put in another hard drive and you’re done. No need to spend time partitioning, formatting, initializing, or doing anything else to your disks – when you need a bigger storage “pool,” just add disks, and ZFS simply uses the whole disk!
- Software RAID
- ZFS' software raid is not only better than the hardware-based aid solutions provided by most vendors, but it's capable of many different RAID levels, all while delivering performance that’s comparable to that of hardware RAID controllers, but with greater flexibility in setup. This allows you to save money, make setup easier, and have access to superior RAID levels that ZFS has improved upon.
- Data redundancy
- When needed, you tell ZFS to keep multiple copies of your data and it just does so. This ensures that you have an added level of data redundancy and security available at all times.
- Hybrid storage
- ZFS is capable of transparently using SSDs, NvRAM and traditional hard disks seamlessly with a little planning.
- High Performance
- Multiple caching mechanisms available in the filesystem provides increased performance. ARC is an advanced memory-based read-cache. A second level of disk-based read cache can be added with L2ARC, and disk-based synchronous write cache is available with ZIL.
- Efficient Administration
- Using ZFS commands, one can administer a system with short, simple, efficient commands. For example, a five-disk RAIDZ array with a hot spare requires a single command to set up:
zpool create poolname raidz disk1 disk2 disk3 disk4 spare disk5With storage administration simple and intuitive, it's easier for administratiors to make changes and focus on storage strategy rather than how to get something done.
- Data Deduplication
- ZFS supports native, efficient block-level data deduplication, though it does require a lot of resources. But where it's needed, it's great to have it.
- Native Compression
- ZFS supports on-disk native data compression using a number of different compression algorithms. Not only does compression save a lot of disk space, but it also speeds up data access by up to 400% becasue each read will read a lot more data per disk access.
- ZFS uses a "copy-on-write" (CoW) mechanism for writing data to disk, meaning it doesn't overwrite exisiting data but makes a new copy. This allows ZFS to make extremely efficient incremental snapshots fo the file system. ZFS is one of the fastest filesystems for taking almost instantaneous snapshots of your data. Also, these incremental snapshots can then be written into storage or remote back-up stores.
- With CoW, and snapshots, cloning a filesystem is dead simple with ZFS, so much so that it's difficult to believe how simple it is. It takes just 2 commands to replicate a complete file system, no matter how large, in less than a few seconds. And a clone takes up almost no additional disk space. It'll only take up additional space once files are changed or new files are created. Imagine being able to replicate a database from a few seconds before a failure and having it up and running again in almost no time!
- Enabling the encryption feature allows for the creation of encrypted filesystems and volumes. ZFS will encrypt file and zvol data, file attributes, ACLs, permission bits, directory listings, FUID mappings, and userused / groupused data. ZFS will not encrypt metadata related to the pool structure, including dataset and snapshot names, dataset hierarchy, properties, file size, file holes, and deduplication tables (though the deduplicated data itself is encrypted).
- Delegate Permissions
- Delegated administration to allow non-privileged users to perform ZFS administration tasks. ZFS delegated administration provides similar features to the RBAC security. Each fileseyetem can have their own multiple delegated permissions, assigned to users, groups or via delegation sets (unique to ZFS).
- Many Other...
- I'd suggest that if you're interested in this topic, please search on the web, since there's plethora of information on ZFS available. Some of the better articles I found are -
Crossbow: Zetacloud's Network-in-a-Box
Network virtualisation is the process of combining hardware and software network resources and network functionality into a single, software-based administrative entity, a virtual network. It's categorized as either external virtualization, combining many networks or parts of networks into a virtual unit, or internal virtualization, providing network-like functionality to software containers on a single network server. ZCOS provides numerous network virtualization tools.
- Complete virtual network set-up can be accomplished using just a few commands. There's a lot of options, dependent on what one want to accomplish, but for a network administrator, having only a few commands to contend with makes the learning process easier.
- Private/Public Networks
- ZCOS automatically supports multiple private and public networks in a single server. Attaching VMs to networks running within a server on private virtual networs ensures that data that's private to a server cannot be accesses from outside. ZCOS uses NIC tags to manage private networks.
storageNIC tags are preconfigured in ZCOS install script. However, it is up to the data center administrator to properly configure these additional NIC tags on all compute nodes.
- IPv4 & IPv6
- Our system provides complete support for both IPv4 as well as IPv6 stacks. In fact, set-up of the IPv6 stack is simpler, though IP filtering and firewalls for IPv6 are more complicated because IPv6 does not need NAT.
- Virtual NICs
- A VNIC is a pseudo network interface that is configured on top of a system's physical network adapter, also called a network interface (NIC). A physical interface can have more than one VNIC. Each VNIC operates like and appears to the system as a physical NIC. The individual VNIC is assigned a media access control address (MAC address), which can be configured to a value other than the default MAC address assigned to the physical NIC. You can use the resource control features of Crossbow to allocate separate bandwidths to the individual VNICs.
- Virtual Switches
- When the first VNIC is created on a system, a virtual switch is also created above the physical interface. Though not directly accessible to the user, the virtual switch provides connectivity between all VNICs configured on the same physical interface, enabling the virtual network in a box scenario. The virtual switch forwards packets between the system's VNICs. Thus, packets from an internal VNIC source never have to pass to the external network to reach an internal network destination.
- IP Zones
- An exclusive IP zone is a separate instance of a full TCP/IP stack, which functions as a non-global zone. Each exclusive IP zone is built upon a physical network interface and has its own IP-related state. IP instances support DHCPv4 and IPv6 address autoconfiguration.
- Flow Control
- The network stack provides bandwidth management and flow control on a per VNIC basis. A system administrator can configure different bandwidth allocations to the various VNICs on a host through the new network-management commands. Traffic through each VNIC can be classified and separated into individual flows, based on port number, destination IP address, and other parameters. These features can be used to improve system efficiency and enable differentiated services for separate VNICs.
- Network overlays allow administrators to stitch together geographically diverse networks, to encapsulating network traffic between virtual machines using the VXLAN technology. ZCOS extends this concept by adding IPSec VPN mesh to secure the (by default unencrypted) VXLAN packets. This allows to securely extend virtual networks over the internet without the need of dedicated interconnects between multiple physical data centers. One direct advantage of this approach is the possibility of creating remote compute nodes that are managed by the same ZCOS Web UI management interface regardless of their location on the internet.
Secure Data at Rest, on the Wire, and Access Management
Zetacloud OS provides multiple ways to strengthen data access management, internal data security and data being transmitted, i.e., on the wire. At Zetacloud, we assure clients of their data being secure. Therefore we consider all the different attack vectors.
- Disk Encryption
- Filesystem-native disk encryption ensures that confidential data on the disk isn't accessible even if someone gets accesses the physical disks. The encryption algorithms used are AES-compliant.
- File Permissions
- ZFS fully supports ther newer NFSv4 file/directory ACL models. With the introduction of NFSv4, a new ACL model fully supports the interoperability that NFSv4 offers between UNIX and non-UNIX clients. The new ACL implementation, as defined in the NFSv4 specification, provides much richer semantics that are based on NT-style ACLs.
These file permissions also ensure that access is granted to users and groups only on the basis of need or role.
- IPsec, IP Overlays
- There's multiple mechanisms available on ZCOS for creating encrypted links between diverse systems which will ensure all traffic across the wire is always sercure and encrypted. These allow diverse systems to be stithed together into a cohesive virtual network.
- IP Filters, IP NAT
- A complete system-level firewall is available at both the VM level as well as at the cloud host leve. The're also a firewall and NAT address translation table available for inter- and intra-VM data flows.
- OpenVPN Access
- Access to any physical or virtual network managed by ZCOS can be limited to only via the Web UI or via tunnel forwarding traffic via a VPN tunnel. This assures that system access is not only restricted by passwords, but also that access is only provided at or during a predefined time(s).
Systems Backup, Failover, Disaster Recovery & Scaling Up
Zetacloud provides complete backup services for clients. We can maintain complete, encrypted replicas of all incremental data changes on clients' cloud as well as virtual application servers and databases. These backups are usually sufficient to create clones of their servers.
- Data Backup
- Zetacloud can do incremental backup of all of a client's virtual application servers and cloud host servers per intervals of as little as five minutes, with each file system having a differently designated backup schedule. These backups are encrypted on the client server using a private key before being transmitted to a backup site. The backup site may be a client site and/or one or more cloud server(s) chosen by the client.
- Data Recovery
- All backups are marked by time, date and source of the backup. In the case of a local data loss, the system can create a clone of a local snapshot from the target time perod and this can be used to restore the target files.
In case a more complete restore is needed, then the remote encrypted backup would be downloaded to the target server (cloud or virtual) and the directory contents can then be restored.
- System Clone
- Complete daily system clones are stored either locally or at the remote location. Restoring these means recreating the VM (or complete server) at the target location. If this operation is to restore a server, not much else needs to be done. In case the client wishes to create a copy of a server, then certain changes will need to be made to the server (e.g., hostname, IP address, host keys, etc.) before the server can be restarted.
- Disaster Recovery
- Assume a case of the complete loss of a cloud server and it being replaced by another server, the client could then replicate the server(s) on the new servers by restoring clones of their VMs on the new server.
- Scaling Up
- In case a client wishes to scale up, or scale out a server or service by replicating it on multiple systems, this would require intervention from Zetacloud. We would ensure the data is copied correctly on all the target machines and then start these services up.