Overview

Product Overview

ZStack is the next-generation, open-source IaaS software designed mainly for future-oriented, smart data centers. Also, it manipulates multiple data center resources of compute, storage, and network by providing flexible and comprehensive APIs. You can quickly create your own smart cloud data center by using ZStack, and set up flexible cloud usage scenarios, such as VDI, PaaS, and SaaS, on the stable ZStack.
Figure 1. ZStack Framework


Product Features

As a productionized private cloud, ZStack allows you to manage and schedule the compute, storage, network, and other resources in your data center. By using ZStack, you can quickly configure your private cloud environment, create VM instances, allocate volumes, and automatically configure the networks of the VM instances.

The following table lists the features of ZStack Enterprise.
Type Feature ZStack Enterprise
Zone Multi-zone management
  • Supports multi-zone creation and manipulation. We recommend that you use a zone to manipulate a physical data center.
  • Supports zone isolation. You can create an independent cluster, primary storage, network, and other resources in a zone.
vCenter vCenter management Takes over multiple VMware vCenters via public APIs provided by VMware. In addition, highly compatible with and manipulates a portion of features of VMware vCenter Server to achieve unified managements of multiple virtualization platforms.
  • Allows you to manipulate vSphere servers, VM instances, volumes, and image resources managed by VMware vCenter Server, and to perform common operations on the manipulated resources in your virtual data center.
  • Allows you to check VM instances, volumes, images, and other resources by vCenter.
  • Allows you to manually synchronize all or some vCenter data, ensuring information consistencies.
  • Allows you to configure vCenter to automatically synchronize data on the global settings. After the setting, the cloud automatically synchronizes all vCenter data periodically.
vCenter multiple-tenant management Tenants (normal accounts or project members) can manipulate the resources of the vCenter that you took over.
  • Tenants can perform common operations on VM instances and volume resources in the vCenter that you took over.
  • Tenants can use vCenter networks and image resources shared by administrators.
  • The home page of the tenant view can display KVM VM utilizations and vCenter VM utilizations, respectively.
  • The tenant view can display KVM billing information and vCenter billing information, respectively.
  • Project members can apply for vCenter VM instances via ticket managements.
vCenter resource pool
  • Synchronizes the resource pool information and the related VM information from the vCenter that you took over and displays the information in tier.
  • Displays the CPU capacity limitations, memory capacity limitations, and other resource quotas.
ESX VM instance
  • Allows you to manage the lifecycle of ESX VM instances, including creating, starting, stopping, rebooting, pausing, resuming, powering off, and deleting an ESX VM instance.
  • Allows you to perform operations on an ESX VM instance, such as migrating or cloning an ESX VM instance, changing the instance offering for an ESX VM instance, setting the high availability level, opening consoles, and setting a console password.
Network
  • Allows you to create networks according to vSwitches or dvSwitches.
  • Allows you to create public networks and private networks. Specifically, a private network includes two types of network: flat network and vRouter network.
  • A vRouter supports all network services, including VIP, EIP, port forwarding, load balancing, and IPsec tunnel.
Storage Differentiates primary storages from backup storages according to datastore.
Image Allows you to manage the lifecycle of images, such as adding, deleting, enabling, and disabling an image.
Host Allows you to manage the lifecycle of hosts, such as placing a host in maintenance mode.
Volume Allows you to manage the lifecycle of volumes, such as creating, deleting, attaching, and detaching a volume.
Real-time performance monitoring Collects data of the ESX VM CPU, memory, storage, and network, and provides a visual, real-time display of these data in the UI.
Cluster Storage infrastructure Uses homogeneous storage services within clusters, allows you to attach storage services to the clusters, and provides high availability features for VM instances.
Host Supports host managements within a cluster. For a host, provides real-time display of all CPU utilizations, all memory utilization percentages, all inbound and outbound speeds of NICs, and all write or read IOPS.
VM instance Supports VM managements within a cluster. For a VM instance, provides real-time display of all CPU utilizations, all memory utilization percentages, all inbound and outbound speeds of NICs, and all write or read IOPS.
Cluster functionality
  • Provides the high availability feature, and defines cluster attributes based on the CPU architecture of a host.
  • Allows you to appropriately optimize configuration parameters based on your cluster deployment size such as small, medium, and large.
Network service
  • Allows you to attach a VLAN network and a VXLAN network to the same cluster for a unified management, and provides self-service networks (IP pool management and elastic network).
  • Allows you to specify a migration network for a cluster.
Distributed resource scheduler (DRS) Monitors and manages CPUs or memory workloads of hosts by cluster, and offers scheduling suggestions according to the configured scheduling strategies. You can manually migrate VM instances according to the scheduling suggestions to effectively improve your cloud stability while balancing cluster workloads.
Advanced settings Configures parameters for cluster resources by cluster:
  • Configures parameters for cluster resources, such as memory overcommitment ratios, reserved memories of hosts, CPU overcommitment ratios, and hyper-V switches of VM instances within a cluster.
  • Provides no corresponding global settings, but allows you to enable the huge page switch, DRS switch, zero copy switch, and other switches for clusters.
Host Virtualization Supports KVM and VMware virtualization technologies.
Custom ISO ZStack Custom ISO has two versions: c76 ISO and c74 ISO.
  • c76 ISO is a type of ZStack custom ISO based on an in-depth customization of CentOS 7.6. If you install ISO for the first time, we recommend that you use c76 ISO.
  • c74 ISO is a type of ZStack custom ISO based on an in-depth customization of CentOS 7.4. If you deployed ZStack by using c74 ISO, use this version to upgrade your cloud.
Resource overcommitment settings Allows you to set overcommitment ratios for CPUs, memories, and primary storages to meet different resource usage requirements in cloud environments.
Nested virtualization Supports KVM or ESXi nested virtualizations. You can enable CPU hardware virtualization within VM instances.
Real-time monitoring Collects data of the host CPU, memory, disk I/O, disk capacity, and associated network, and provides a visual, real-time display of these data in the UI.
Disable and enable
  • Allows you to set host properties for better management.
  • After a host is disabled, you cannot create resources on this host. Note that the existing resources on this host are not affected.
Maintenance mode
  • Places a host in maintenance mode, which applies to scenarios such as scheduled O&M operations for hosts.
  • After a host enters maintenance mode, VM instances that are running on the host will be automatically migrated (shared storage).
Physical GPU passthrough Entirely passes through all peripheral devices (GPU graphics cards, GPU sound cards, and other small devices on other GPUs) on physical GPU devices as a group to effectively improve high-performance compute and graphics processing capabilities.
vGPU
  • Allows you to generate vGPUs for both NVIDIA graphics cards and AMD graphics cards at the same time.
  • Allows you to attach vGPUs to VM instances by either specifying specifications or devices.
SR-IOV Generates multiple VF NICs from a physical NIC based on the SR-IOV specification, and allocates these VF NICs to VM instances. This helps to use resources more flexibly, improve resource utilization, and save costs.
PCI whitelist Passes through any VT-D device, such as Ali-NPU card, IB card (PCI mode), and FPGA card, to VM instances according to a whitelist.
USB passthrough
  • Directly passes through USB devices to VM instances to cater to application scenarios of multiple USB types.
  • Supports direct passthrough and transmission passthrough.
Intel EPT hardware support Allows you to disable the Intel EPT hardware support to effectively address the problem of VM creation failure due to the CPU models are too old.
Encrypted password storing Allows you to store encrypted passwords for hosts.
Operation logs Displays audit information associated with event login operations when you manage and operate hosts.
CSV file exporting Allows you to export host lists in CSV format to facilitate the statistics analysis of your hosts.
VM instance Batch operation Manages VM instances in bulk.
VM instance creation
  • Provides multiple strategies to create VM instances to effectively utilize resources.
  • Allows you to create VM instances through system disk images generated from special data volumes.
VM lifecycle Allows you to manage the lifecycle of VM instances, such as creating, stopping, booting, rebooting, powering off, deleting, pausing, and recovering VM instances.
Online resizing for root volume Allows you to resize the capacity for a VM root volume online to change VM configurations.
Online resizing for data volume Allows you to resize the capacity for a VM data volume online, which will take effect immediately after the resizing.
VM console
  • Allows you to access VM instances through terminals without using remote tools.
  • Supports three types of console mode: SPICE, VNC, and SPICE+VNC. Specifically, an SSL encryption tunnel is added to the SPICE protocol to further protect your desktop securities.
  • Allows you to set console passwords and configure the password strategy such as the password complexity and password length. Also, allows you to determine whether to set a password for the VNC console by force.
VM snapshot
  • Allows you to reserve temporarily the state of root volumes or data volumes at a specific time point before you perform important operations. In this regard, you can quickly perform rollback on failures.
  • Includes two types of snapshot: single snapshot and batch snapshot. Specifically, a batch snapshot can be recovered in bulk as a group.
  • Takes snapshots for VM instances that are in the running state (ImageStore and Ceph backup storages are supported).
  • Takes snapshots for VM instances that are in the stopped state (ImageStore, SFTP, and Ceph backup storages are supported).
  • Automatically boots VM instances after restoring from snapshots.
  • Allows you to delete VM snapshots in bulk.
CPU binding Binds a logical CPU of a VM instance to a physical CPU of a compute node.
Online password changing Allows you to change passwords online for Windows or Linux VM instances.
Online image creation Allows you to create images online for running VM instances.
QGA switch Flexibly controls and manages the state of the QEMU guest agent.
RDP mode switch For a VDI UI, opens consoles in RDP mode by default after the RDP switch is enabled.
Graphics card changing Provides multiple VM graphics card types, including QXL, Cirrus, and VGA.
Graphics card passthrough Passes through a NVIDIA GPU device or an AMD GPU device directly to a VM instance.
User data importing Allows you to import user data when you create a VM instance.
VM cloning without data volume
  • Quickly creates multiple VM instances by cloning a VM instance.
  • Clones a VM instance that is in the running state (ImageStore and Ceph backup storages are supported).
  • Clones a VM instance that is in the stopped state (ImageStore and Ceph backup storages are supported).
VM cloning with data volume
  • Clones both root volumes and data volumes of VM instances. If a VM instance has shared volumes attached, the data volumes of the VM instance cannot be cloned with the VM instance.
  • Supports only ImageStore backup storages.
  • For LocalStorage, NFS, SMP, Ceph, and Shared Block primary storages, allows you to clone VM instances that are running, paused, or stopped.
Operating system changing Allows you to change the operating system for a VM instance that is in the stopped state.
VM resetting Resets VM instances to their initial image state, and overwrites all data in root volumes.
Root volume resizing Allows you to resize a root volume of a VM instance that is running or stopped to change VM configurations.
ISO-based deployment
  • Deploys VM instances based on ISO system disk to instruct you to install the operating system.
  • Allows you attach multiple ISO images to the same VM instance to improve business deployment efficiencies.
Template-based deployment Creates VM instances based on system templates.
BIOS mode
  • Inherits the chosen BIOS mode when you create a VM instance. The BIOS mode includes Legacy and UEFI.
  • Inherits the BIOS mode of the original image when you create a VM image or clone a VM instance.
  • Allows you to dynamically change the BIOS mode on the VM details page.
VM image creation Makes a template image based on the current VM instance so that you can create VM instances in bulk in a custom manner.
  • Allows you to create an image for a VM instance that is in the running state (ImageStore and Ceph backup storages are supported).
  • Allows you to create an image for a VM instance that is in the stopped state (ImageStore, SFTP, and Ceph backup storages are supported).
Custom MAC
  • Allows you to specify an MAC address when you create a VM instance.
  • Allows you to change the MAC address for existing VM instances.
VM boot order Adjusts VM boot orders to change the ISO boot mode. Currently, the following boot devices are supported: CD-ROM, hard disk, and network.
Dynamically attaching or detaching volume Allows you to dynamically attach a volume to or detach a volume from a VM instance, to optimize drive models, and to identify a volume by its SCSI WWN.
Dynamically attaching or detaching NIC Allows you to dynamically attach a NIC to or detach a NIC from a VM instance, and to set the default NIC.
Dynamically attaching or detaching virtual drive Allows you to dynamically attach a virtual drive to or detach a virtual drive from a VM instance, and attach ISOs to or detach ISOs from each virtual drive. This will meet your needs, enhance the flexibilities, and improve the user experience.
Attaching GPU card Allows you to attach a GPU device when you create a VM instance.
Shared volume For Ceph and Shared Block primary storages, multiple VM instances can share the same data volume.
Real-time performance monitoring Displays VM workloads in real time for popular systems, such as Linux, Windows, and Chinese domestic operating systems.
  • External monitoring: Collects VM data, such as the VM CPU, memory, disk I/O, and network by using libvirt, and provides a visual display of these data in the UI.
  • Internal monitoring: Collects VM data, such as the VM CPU, memory, and disk capacity by using an agent, and provide a visual display of these data in the UI. Note that you can manually install the agent by using a performance optimization tool (guest tool).
High availability(HA) Automatically reboots a VM instance if its host encounters failures, and displays the rebooting process in the UI.
Online changing for VM CPU or memory Changes CPU or memory configurations online without rebooting a VM instance.
Real-time update of volume QoS and network QoS Allows you to set QoS for the root volume and NIC of a VM instance, avoiding that a single VM instance occupies too many resources.
SSH key injection
  • Allows you to perform SSH key injection for VM instances in both Linux and BSD operating systems.
  • Allows you to create or delete a key for a VM instance.
  • Disables VyOS SSH login authentication by default to improve the cloud security.
Custom instance offering Allows you to customize an instance offering to meet the resource consumption requirements.
Custom tag Allows you to customize tags to meet the querying and compiling scheduler tasks.
Custom VM list Allows you to either customize display items of a VM list or to export the VM list in CSV format.
Resource deleting protection Moves deleted VM instances to a recycle bin, allowing you to recover or completely delete the VM instances as needed.
Cold migration
  • Allows you to migrate a VM instance that is attached to a local storage when the VM instance is in the stopped state.
  • Allows you migrate a VM instance or volume according to the workload of the destination compute node.
Online migration
  • Allows you to migrate online VM instances that are attached to a primary storage.
  • Allows you to migrate a VM instance or volume according to the workload of the destination compute node.
  • Provides specific support for Windows failover clusters. Hot migration of VM instances will not have any adverse effects.
Storage migration
  • Supports cold migration of VM instances across primary storages of the same type in the Cloud.
    • You can cold migrate a VM instance across multiple NFS primary storages without migrating the attached volumes.
    • You can cold migrate a VM instance across multiple Ceph primary storages without migrating the attached volumes.
    • You can cold migrate a VM instance as well as its attached volumes (except for shared volumes) across multiple Shared Block primary storages.
  • Supports hot migration (without snapshots) of VM instances across multiple primary storages of different types. For example, migration between Ceph primary storage and Shared Block primary storage, between LocalStorage primary storage and Shared Block primary storage, and between LocalStorage primary storage and Ceph primary storage.
  • Displays the original data reserved during storage migrations in the UI, and allows you to clean up the data. You can manually clean up the data to release storage space after verifying that the data is complete and intact.
Cross-cluster HA policy Allows you to configure a cross-cluster HA policy for a VM instance or VPC vRouter. Then, the VM instance or VPC vRouter will be stuck to the cluster to which the VM instance or VPC vRouter belongs when the policy takes effect.
Operation logs Displays audit information that is associated to an operation process event and a login operation of a VM instance.
Guest tools
  • Provides guest tools for Windows and Windows Virtio operating systems, and supports one-click installation of Virtio drive, agent, and QGA.
  • Provides guest tools for Linux operating systems, and allows you to install agents. After you install the agents successfully, you can obtain internal monitoring data from VM instances.
USB redirection Redirects a USB device on a VDI client to a VM instance.
CSV file exporting Allows you to export a VM list in CSV format, which facilitates statistics analysis.
Anti-spoofing
  • Allows you to set the anti-spoofing switch for a VM instance on the global settings to improve the cloud security.
  • Allows you to set the anti-spoofing switch for a single VM instance to increase flexibilities.
VM priority
  • Provides two types of VM priority: normal and high. When resources contend with each other, VM instances with the High resource priority will be prioritized than those with the Normal resource priority.
  • Improves the resource priority of a VPC vRouter by default to ensure that resources of the VPC vRouter will be higher than those of a VM instance.
VM multi-gateway Allows you to enable multi-gateway by running zstack-cli. After enabled, each NIC has an independent gateway.
NIC multiqueue Allows you to set the number of queues when Virtio NIC traffics are allocated to multiple CPUs. This helps to improve the NIC performance.
Setting VM NIC model Allows you to set the NIC model for Linux and Paravirtualization VM instances. Supported NIC models include Virtio, E1000, and RTL8139.
Setting hostname or password
  • Allows you to log in to the Cloud via SSH. When you create a VM instance, you can set a hostname or password on the UI through simple operations, thereby improving user experiences.
  • Allows you to configure the password strategy such as the password complexity and password length. Also, allows you to determine whether to set the root password for a VM instance by force.
Advanced settings Allows you to configure parameters for VM resources by VM instance.
  • Configures VM parameters independently, such as the NUMA and hyper-V switches of VM instances.
  • Provides no corresponding global settings, but allows you to configure VM parameters, such as the NIC multiqueue number, by VM instance.
Auto scaling group Lifecycle management Allows you to manipulate the lifecycle of auto scaling groups, including creating, enabling, disabling, and deleting an auto scaling group.
Health check Allows you to customize the health check method, health check time, and health check grace period.
Auto scaling policy
  • Supports scale-out policy by which you can customize a trigger metric, trigger condition, duration, cooldown time, and the number of VM instances to be added each time.
  • Supports scale-in policy by which you can customize a trigger metric, trigger condition, duration, cooldown time, removal policy, and the number of VM instances to be removed each time.
  • After a scaling policy is triggered, automatically adds or removes a specified number of VM instances according to the scaling policy.
  • Determines the monitoring conditions based on the VM CPU usage and memory usage, and then triggers auto scaling (scaling in or scaling out) accordingly. Note that you can choose external or internal (recommended) monitoring data.
Notification
  • Allows you to view scaling records.
  • Allows you to select whether to receive notifications of scaling activities.
  • Sends notifications of scaling activities via ZWatch and cloud messages.
Volume Batch operation Manipulates volumes in bulk.
Volume management
  • Allows you to manipulate the lifecycle of volumes, including creating, enabling, disabling, attaching, detaching, and deleting a volume.
  • Allows you to perform common operations on a volume, including migrating the volume, creating a snapshot, creating a volume image, resizing the volume, changing the volume owner, and migrating the volume storage.
  • Allows you to create shared volumes based on Ceph storages or Shared Block primary storages. Multiple VM instances can share and use the same data volume.
  • Allows you to create shared volumes by using disk offerings or volume images.
Volume snapshot
  • Allows you to create a snapshot for a volume when the volume is in use.
  • Allows you to delete volume snapshots in bulk.
Snapshot Unified snapshot management Uniformly manages VM snapshots and volume snapshots. All VM instances or volumes that have snapshots will be displayed on the snapshot management page. In addition, the VM instances or volumes can be sorted by the number of the snapshots or total capacities to improve O&M efficiencies. Doing so can help you to quickly identify snapshots that need to be cleared.
Batch snapshot
  • Allows you to create batch snapshots for VM instances and the attached volumes. You can restore a VM instance and its attached snapshots by recovering the batch snapshot of the VM instance.
  • Allows you to unbind a batch snapshot and recover the batch snapshot to a single snapshot.
Disk offering Disk offering management
  • Allows you to create, enable, disable, delete a disk offering, share a disk offering globally, recall a disk offering globally, and set QoS for a disk offering.
  • Allows you to classify different types of data volumes via advanced parameters for independent billing or display. The supported types of primary storages include Ceph, LocalStorage, NFS, and SharedBlock.
QoS setting Allows you to set QoS for a volume by configuring the total bandwidth or read/write bandwidth when you create a disk offering.
Instance offering Instance offering management
  • Allows you to create, enable, disable, delete an instance offering, share an instance offering globally, recall an instance offering globally, and set the disk QoS and network QoS for an instance offering.
  • Allows you to select the host allocation strategy, including host with minimum number of running VMs, host with minimum CPU utilization, host with minimum memory utilization, host with maximum number of running VMs, host where the VM is located last time, and random host allocation to create VM instances.
  • When the host allocation strategy is the host with minimum CPU utilization or host with minimum memory utilization, you can select the mandatory strategy mode or non-mandatory strategy mode.
  • Allows you to classify different types of root volumes via advanced parameters for independent billing or display. The supported types of primary storages include Ceph, LocalStorage, NFS, and SharedBlock.
GPU specification GPU specification
  • Automatically detects available physical GPU specifications and vGPU specifications on the Cloud and then manages both specifications in a unified way. When you create a VM instance, you can add a GPU device for the VM instance by specifying a GPU specification.
  • If you attached a GPU device to a VM instance by using a GPU specification, you can configure the advanced setting to uninstall the GPU device automatically after the VM instance is stopped.
Image management System template Supports system templates, including qcow2 and raw formats, and automatically matches image types.
ISO image Guides a VM instance to install an operating system via an ISO image.
BIOS mode
  • Provides two types of BIOS mode, including Legacy and UEFI, to add an image.
  • Inherits the BIOS mode of the original image when you create a VM instance, a VM image, or clone a VM instance.
System image uploading Allows you to upload a system image by using a URL or a local browser.
Volume image uploading Allows you to upload a volume image by using a URL or a local browser.
Image migration Allows you to migrate images on a Ceph primary storage across multiple storage devices.
ImageStore Image storing Stores image data, including ISO and system template.
Exporting image
  • Exports an image URL.
  • Provides MD5 checksum for exported images. You can check the MD5 checksum on the details page of an exported image to verify the integrity of the downloaded image.
Obtaining existing image When you add an ImageStore backup storage, you can obtain the existing image file under the URL of the backup storage.
Image synchronization
  • Supports image transmissions among ImageStores. Note that the image transmissions can be completed across multiple zones.
  • Supports image synchronization among different ImageStores in the same management node.
ImageStore cleaning Visually cleans up the expunged invalid data in a backup storage to release storage spaces.
Standard system image Supports Windows, Red Hat, Ubuntu, and other open source Linux operating systems.
Running image preset Supports the following software operating environments:
  • Windows IIS and Dot Net Framework operating environments
  • Linux Tomcat, JAVA, Apache Web, Jboss, PHP, Node JS, Golang, Python, and other languages or operating environments
  • Oracle, MySQL, Postgres, Mongodb, Influxdb, Cassandra, Redis, and other database services
  • A wide range of application middlewares
Application image preconfiguration Supports the following application systems:
  • Commonly used application systems, such as BBS, SNS, blog, and the twitter-like Weibo
  • Multiple O&M management applications, such as phpmyadmin
  • Multiple application images provided by vendors
Custom image Allows administrators to store image files with the incremental method and realize the duplication feature intelligently by customizing images that are suitable for the operating environments of self business systems according to the standard system image and the preconfigured running image.
Primary storage support Seamlessly supports primary storages of the LocalStorage, NFS, SMP, Ceph, Shared Block types.
Storage management LocalStorage primary storage
  • Allows you to store your volumes to local hosts.
  • Provides real-time display of used capacity percentages of the LocalStorage primary storage.
  • Allows you to set the volume allocation policy, including thick provisioning and thin provisioning.
NFS primary storage
  • Allows you to store your volumes to NFS protocol storage through which hosts can intercommunicate.
  • Allows you to specify a storage network, and supports network isolation between the storage network and the management network to improve high availability of VM instances.
  • Provides real-time display of used capacity percentages of the NFS primary storage.
Shared Mount Point primary storage
  • Allows you to store your volumes to shared storages that are compatible with POSIX, and supports iSCSI and FC storage.
  • Allows you to specify a storage network, and supports network isolation between the storage network and the management network to improve high availability of VM instances.
  • Provides real-time display of used capacity percentages of the Shared Mount Point primary storage.
Shared Block primary storage
  • Allows you to add an iSCSI or FC protocol storage through which hosts can intercommunicate.
  • Allows you to add an iSCSI storage, to automatically scan and discover disks online, and to automatically configure iSCSI.
  • Supports shared volumes.
  • Allows you to add multiple LUN devices.
  • Displays a candidate list of LUN devices when you add Shared Block primary storage.
  • Allows you to set the provisioning method, including thin provisioning and thick provisioning, when you create VM instances or volumes by using Shared Block primary storage.
  • Supports FC SAN passthrough, provides direct display of passthrough FC storages, and allows you to attach the passthrough LUN devices to VM instances.
  • Supports iSCSI passthrough. The passthrough LUN devices can be directly attached to VM instances.
  • Allows you to clean up VG data when you add Shared Block primary storage.
  • Allows you to specify a storage network, and supports network isolation between the storage network and the management network to improve high availability of VM instances.
  • Provides real-time display of used capacity percentages of the Shared Block primary storage.
Ceph primary storage
  • Supports shared volumes.
  • Allows you to specify disk volumes with different performances when you create volumes.
  • Allows you to store your volumes to Ceph distributed storages.
  • Supports cold migration for data.
  • Allows you to specify a storage network, and supports network isolation between the storage network and the management network to improve high availability of VM instances.
  • Allows you to create a Ceph pool, to calculate capacities via the pool, and to set the display name.
  • Supports LUN device clearing. You can force to clear file systems, RAID, or signatures of partition tables.
  • Resizes a Ceph primary storage by adding a pool, and allows you to specify a pool when you create a VM instance or volume.
  • Provides real-time display of used capacity percentages of the Ceph primary storage.
  • Provides expiration notifications of storage license services and collaborates with Ceph ZStack Enterprise.
Multiple primary storage support
  • The same cluster can attach multiple LocalStorage primary storages.
  • The same cluster can attach multiple NFS primary storages.
  • The same cluster can attach multiple Shared Block primary storages.
  • The same cluster can attach one LocalStorage primary storage and one NFS, SMP, or Shared Block primary storage.
  • The same cluster can attach one Ceph primary storage and multiple Shared Block primary storages.
Network management VLAN L2 isolation Uses VLAN 802.1q for network isolation.
VXLAN network
  • Supports VXLAN networks to effectively address the shortage of logical network segments in the cloud data center and MAC flooding of a upper layer switch.
  • Allows you to change a VNI name. Specifically, you can either customize the VNI name that you created before or enter a VNI name when you create a VNI range.
Hardware VXLAN network Takes over SDN networks of hardware switches to the Cloud by adding SDN controller. This helps to lower network latencies and improve VXLAN network performances.
Distributed flat network
  • Provides three types of IP address: IPv4, IPv6, and double stack (IPv4+IPv6), three of which can be selected for a flat network as required.
  • Allows a VM instance to use an actual network IP address.
  • Provides multiple network services: security group, VIP in private flat networks, EIP, and intranet load balancing.
Distributed elastic network Allows a VM instance to use a virtual network address which can map a real network.
Distributed DHCP service
  • Allows a VM instance to automatically obtain the allocated IP address.
  • Allows you to specify an IP address for the DHCP service to avoid IP conflicts during your network planning when you create an L3 network.
Network address space reservation Reserves network address spaces to couple with physical networks.
Dynamic and static IP allocation Not only allows you to dynamically allocate an IP address, but also allows you to specify an IP address.
Multi-level network management A VM instance can connect to multiple networks to build businesses of complex scenarios.
VIP QoS setting Limits QoS for a VIP to achieve effective allocation managements of network services.
MTU Customizes the limit of network packets.
Custom gateway
  • Allows you to specify a gateway when you add a network range by using an IP range.
  • Allows you to specify a gateway when you add a network range by using a CIDR, and uses the first or the last address of the CIDR as the gateway.
VPC vRouter
  • Allows you to manipulate the lifecycle of VPC vRouters, such as creating, deleting, starting, stopping, and rebooting a VPC vRouter.
  • Allows you to perform common operations on a VPC vRouter, including migrating a VPC vRouter, attaching or detaching a VPC network, and setting east-west traffics.
  • Supports all network services.
  • Allows you to uniformly set DNS on a VPC vRouter.
  • Allows you to enable or disable the SNAT network service in a custom manner.
  • Supports the OSPF dynamic routing protocol.
  • Supports the multicast feature. You can forward multicast messages sent by a multicast source to a VM instance.
  • Supports the advanced feature of a distributed routing to optimize east-west traffics.
  • Specifies a default IP address when you create a single VPC vRouter.
  • By default, the resource priority of a VPC vRouter is higher than that of a normal VM instance. When resources contend with each other on hosts, a VPC vRouter has higher resource grabbing capability.
  • Allows you to attach multiple public networks to a VPC vRouter, to specify a default route, and to configure the source-in and source-out policy.
  • Allows you to set QoS for the public network interface and VPC network interface for a VPC vRouter to achieve more granular network traffic controls.
Firewall
  • Allows you to configure a firewall for a VPC vRouter. Specifically, after you create a VPC firewall, the system will automatically configure an inbound rule set for the VPC vRouter. In addition, you can flexibly configure an outbound rule set for the VPC vRouter.
  • Each interface direction of a VPC vRouter is allowed to use a rule set. In addition, the south-north traffics of the interface will be filtered to effectively protect the communication security of the entire VPC and the security of the VPC vRouter.
  • By default, the inbound direction of a VPC vRouter NIC will bind one rule set.
  • Allows you to add a firewall rule via an IP address, IP range, and CIDR. In addition, multiple IP formats are supported to simplify the rule configurations, thus improving the feature usability.
  • Allows you to select whether to take effect a firewall rule immediately.
VPC vRouter HA group
  • Supports the high availability feature of a VPC vRouter. Specifically, a pair of VPC vRouters with the active-backup mode are deployed within a VPC vRouter HA group.
  • When the active VPC vRouter is abnormal, the high availability will be triggered in seconds to ensure your business continuity, and the active VPC vRouter will be automatically switched to the backup VPC vRouter.
  • Allows you to specify a VIP when you create a VPC vRouter HA group.
VPC network
  • Supports three types of IP address: IPv4, IPv6, and double stack (IPv4+IPv6), three of which can be selected for a VPC network as required.
  • Allows you to create or delete a VPC network, add a network range, and attach or detach a VPC vRouter.
  • A VPC network supports multiple network services, including security group, VIP, EIP, port forwarding, and load balancing.
  • Load balancing supports TCP, HTTP, HTTPS, or UDP protocol.
  • TUI supports real-time traffic monitoring of a load balancer.
Public network
  • Supports three types of IP address: IPv4, IPv6, and double stack (IPv4+IPv6), three of which can be selected for a public network as required.
  • Allows you to create a VM instance.
  • Provides VIPs for network services.
  • Provides two types of IP address type: IPv4 and IPv6.
  • Supports IP address pools. An IPv4 public network lets you add an IP address pool based on the common IP range. The IP address pool can be used to create VIPs and provide various network services based on a VPC network.
System network Acts as a management network, storage network, and migration network.
vRouter network
  • A vRouter supports multiple network services, including security group, VIP, EIP, port forwarding, and load balancing.
  • Load balancing supports TCP, HTTP, HTTPS, or UDP protocol.
  • TUI supports real-time traffic monitoring of a load balancer.
  • Supports the IPsec tunnel service based on a vRouter.
  • Allows you to associate multiple EIPs to one VM NIC.
  • Allows one vRouter to connect to multiple public networks.
  • Allows you to configure a static routing table.
  • Supports distributed DHCP to improve service performances.
Network diagram
  • Displays the global network diagram of your cloud, and supports highlighting display of a resource.
  • Allows you to select the resources that you need to display their network diagram in a custom manner.
Load balancing
  • Supports the following load balancing network services:
    • Internet load balancing: Uses a public network as the frontend network to provide Internet-facing load balancing services through routers (VPC vRouters or vRouters).
    • Intranet load balancing (VPC private network): Uses a VPC network as the frontend network to provide intranet load balancing services through VPC vRouters.
    • Intranet load balancing (flat network): Uses a flat network as the frontend network to provide intranet load balancing services through vRouters.
  • The load balancing service supports four types of protocols: TCP, HTTP, HTTPS, and UDP. The health check protocol can be TCP, UDP, or HTTP.
  • Supported load balancing algorithms: round robin, least number of connections, source hashing scheduling, weighted round robin.
  • You can use zstack-cli commands to configure blacklist and whitelist for listeners to control IP access, prevent malicious attacks, and improve system security.
Netflow
  • A VPC vRouter has a new added network service, namely Netflow. You can analyze and monitor inbound and outbound traffics of a VPC vRouter NIC by using Netflow.
  • Supports two types of data flow output format, including Netflow V5 and Netflow V9.
IP statistics
  • Allows you to check the IP utilization of an L3 network (private network, public network, and VPC network) in the UI.
  • On the IP statistics details page of an L3 network, you can quickly check used IP addresses, associated resources, and unused IP addresses.
Port mirroring
  • Analyzes the obtained business messages via port mirroring to facilitate your monitoring and management of internal enterprise network data and to quickly locate network failures.
  • Allows you to configure independent traffic networks which can be used by port mirroring to transfer data.
Scheduled job Scheduled subject Provides scheduling operations on VM instances and volumes.
Scheduling operations
  • Allows you to create scheduled jobs to stop or reboot a VM instance, and to create volume snapshots.
  • When you create a scheduled job for VM instances or volume snapshots, allows you to set the number of snapshots to be reserved if all VM instances or volumes that you selected use a Ceph primary storage.
CloudFormation Resource stack
  • Allows you to create a resource stack online or by using a template.
  • Allows you to preview or check resource contents, and to inject user data into a VM instance.
  • Allows you to delete resource stacks and cascade the delete operation on all resources in a resource stack.
Custom template Allows you to create a resource stack template by using a designer or by uploading a local file, and to create, check, change, delete, and preview a stack template.
Sample template The resource stack template sample that is provided by the Cloud by default can be used as a reference template.
Visual resource scheduling
  • Allows you to create a resource stack template by dragging and dropping resources.
  • Allows you to review templates, generate resource stacks, and save as resources templates.
  • Allows you to undo, redo, delete, and clear canvas.
Security management L3 security policy Supports security policies based on TCP or UDP port.
Unified management of security group
  • Allows a security group to uniformly manage VM security policies to achieve intercommunication within the security group. Specifically, a security policy can be applied to all resources within the same security group.
  • Allows you to enable and disable a security group.
Performance TOP5 and performance analysis Performance TOP5
  • Sorts multiple resources, including host, VM instance, vRouter, VIP, and L3 network in sequence, and allows you to customize data source display at different periods.
  • Allows you to switch data sources, including external monitoring and internal monitoring. For internal monitoring, you need to install an agent.
VM performance analysis
  • Allows you to customize data source display at different periods, to specify a resource range, and to specify an owner range. By using the filter, analyzes and sorts VM CPU utilization, memory utilization, disk read speed, disk write speed, NIC in speed, NIC out speed, NIC in packets, NIC out packets, NIC in errors, and NIC out errors.
  • Allows you to switch data sources, including external monitoring and internal monitoring. For internal monitoring, you need to install an agent.
Router performance analysis
  • Allows you to customize data source display at different periods, to specify a resource range, and to specify an owner range. By using the filter, analyzes and sorts router CPU utilization, memory utilization, disk read speed, disk write speed, NIC in speed, NIC out speed, NIC in packets, NIC out packets, NIC in errors, and NIC out errors.
  • Allows you to switch data sources, including external monitoring and internal monitoring. For internal monitoring, you need to install an agent.
Host performance analysis Allows you to customize data source display at different periods, and to specify a resource range. By using the filter, analyzes and sorts host CPU utilization, memory utilization, disk read speed, disk write speed, disk used capacity, disk read IOPS, disk write IOPS, disk used capacity in percent, NIC in speed, NIC out speed, NIC in packets, NIC out packets, NIC in errors, and NIC out errors.
L3 network performance analysis Allows you to customize data source display at different periods, and to specify a resource range. By using the filter, analyzes and sorts used IP count, used IP in percent, available IP count, and available IP in percent.
VIP performance analysis Allows you to customize data source display at different periods, to specify resource range, and to specify owner range. By using the filter, analyzes and sorts VIP inbound traffic in bytes, inbound traffic in packages, outbound traffic in bytes, and outbound traffic in packages.
Backup storage performance analysis Allows you to customize data source display at different periods, and to specify a resource range. By using the filter, analyzes and sorts available backup storage capacity in percent.
Capacity management Capacity management Intuitively displays the capacity information about core resources in the Cloud.
  • Displays detailed capacity information of various core resources in the form of cards.
  • Displays Top10 resources according to their resource capacity so that you can better control the resource usage in the Cloud and improve the management and maintenance efficiency.
ZWatch Host monitoring Provides real-time monitoring of running hosts, and displays sequential diagram for monitoring CPU, memory, disk, and network.
VM monitoring Provides real-time monitoring of running VM instances, and displays a sequential diagram for monitoring CPU, memory, disk, and network.
Monitoring
  • Monitors the system metric data, such as the VM memory utilization and host CPU utilization.
  • Monitors system events, such as the VM state event and host disconnection event.
  • Allows you to check the visual diagram of host workloads according to different periods of time on the main page.
Alarm
  • Provides resourceful metric items so that you can monitor and create alarms for the following resources and events:
    • Resources: VM instance, Bare Metal instance, router, image, backup storage, system data directory, host, L3 network, volume, VIP, primary storage, load balancer listener, and project resource.
    • Events: VM instance, router, backup storage, management node, host, primary storage, vCenter, backup task, and project resource.
  • Sets alarms for time-series data and events, and receives alarm messages via SNS notification, such as email, DingTalk, HTTP application, Aliyun short message, and Microsoft Teams.
  • Provides commonly used, default alarms to monitor states of basic resources in real time.
  • Selects the monitoring range as needed, and allows you to monitor a single resource or all resources of a monitoring object.
  • Converges ZWatch alarm messages, and adjusts the event alarm message policy to notify you once. Adds the Once option to the alarm period type for resource alarms. Specifically, you can flexibly configure an alarm policy as needed.
  • Displays the read status of ZWatch alarm messages. You can quickly locate problems to improve O&M efficiencies via the notifications.
  • Sends notifications after ZWatch alarm recovers.
  • Allows you to view alarm messages in Chinese or English as needed. This improves the readability and understandability and helps quickly locate problems.
  • Allows you to select an emergency level for resource alarms and event alarms. Different emergency levels of alarms will send out the corresponding emergency levels of alarm messages. In this regard, you can classify and check alarms as needed to improve O&M efficiencies.
Multiple endpoints
  • Supports multiple endpoints, including email, DingTalk, HTTP application, Aliyun short message, and Microsoft Teams.
  • Allows you to add multiple endpoint addresses to email endpoints and Aliyun short message endpoints.
SNS text template Endpoints such as email, DingTalk, Aliyun short message, and Microsoft Teams let you customize the SNS text template to facilitate your configurations as required and improve the readability of alarm messages.
3rd-party alarm message integration
  • Allows you to connect with 3rd-party message sources, take over 3rd-party alarm messages, and uniformly push these messages, whereby achieving unified managements and enhancing operation and maintenance efficiencies for alarm messages.
  • Allows you to create 3rd-party alarms and push 3rd-party alarm messages via various endpoints.
Audit Resource audit
  • Supports audit queries for all resources. You can audit all operation behaviors of a resource to effectively protect your core data security in the Cloud.
  • Allows you to check call API name, time consumed, task result, operator, creation time, completion time, and message details of API actions. In addition, allows you to export the preceding information with the CSV format.
Operation log Operation log
  • Displays the operation description, task result, operator, login IP, creation time, completion date, and message details of operations responses. In this regard, you can achieve fine-grained managements for resources and can export the operation information with the CSV format.
  • Allows you to configure log reservation time as needed.
  • Displays event audits and login audits of performed operations.
  • Global settings allows you to set log reservation time of a management node and reservation capacities as needed.
Account management Account and user management The account management feature includes account and user. Specifically, an account is a resource billing group, while a user can define operation permissions.
AD/LDAP account
  • Allows you to add an AD or LDAP account, and to bind regular accounts.
  • Allows you to clean binding filters in a custom manner.
Account resource quota Allows you to allocate the largest amount of available resources to an account in a custom manner, including the number of running VM instances, CPU, memory, volume count, total capacity of a volume, image count, total capacity of an image, and EIP count.
Permission allocation of user group Supports permission allocation of a user group to uniformly manipulate user permissions.
Permission allocation of user Allows you to allocate permissions for users.
Changing VM owner Allows you to change a VM owner and specify an account where the VM instance belongs.
Changing volume owner Allows you to change volume owner, and to specify the account where the volume belongs.
Specified allocation of instance offering Allows you to share an instance offering to others. Specifically, you can specify whether an account can use the instance offering.
Specified allocation of image resource Allows you to share an image resource. Specifically, you can specify whether an account can use the image resource.
Specified allocation of disk offering Allows you to share a disk offering. Specifically, you can specify whether an account can use the disk offering.
Specified allocation of network resource Allows you to share an L2 network resource and an L3 network resource. Specifically, you can specify whether an account can use the L2 network resource and the L3 network resource.
Global settings Allows you to directly perform global settings on various properties in the UI.
  • Each global setting has one default value. You can restore a default settings with one click.
  • If you want to update global settings, do not need to restart your management node.
  • Supports templates, and provides one-click template settings in the global settings according to your real production scenarios. This will quickly set the Cloud to meet your requirements, which can improve O&M inefficiencies.
Changing password for admin account If you forget the login password of an administrator, run zstack-ctl reset_password to restore the default setting.
Billing Custom pricing list
  • Each resource pricing unit will be integrated as one pricing list to provide the billing experience of a quasi public cloud. The supported billing resource type includes CPU, memory, root volume, data volume, GPU device, public IP (flat network), and public IP (VIP).
  • A pricing unit includes second, minute, hour, day, week, and month (30 days).
  • The pricing unit that can be dynamically adjusted can meet the need of periodical promotions.
Billing method
  • Provides quasi-public cloud billings, and covers a diversity of typical usage scenarios such as multi-unit, disk-based, and public IP billings.
  • Supports project-based or account-based billings for each resource. Different pricing lists can be used to customize different pricing strategies for different projects and accounts.
  • Allows you to enable or disable the billing feature as required.
Disk performance-based pricing Allows you to set different pricing units independently for different types of disks.
Billing currency symbol Allows you to set a billing currency symbol on the global settings. Supported currencies: CNY (¥), USD ($), EUR (€), GBP (£ ), AUD (A$), HKD (HK$), JPY ( ¥ ), CHF (CHF), and CAD (C$).
Bills Calculates and displays resource expense information of an administrator and all tenants by billing price and time of usage.
  • Provides real-time display of bills.
  • Supports project bills, department bills (bills of departments that have projects attached), and account bills.
  • By default, billing details are generated once at 00:00 each day. You can change the time for generating billing details in global settings.
Access TUI Supports common O&M operations and custom OS UI.
GUI Allows you to access a graphical user interface (GUI) via HTTP or HTTPS to manage the Cloud.
UI language
  • Ensures that the default UI language is consistent with that of your current browser.
  • Allows you to customize the UI language and records your operation. This can improve user experiences.
Login security
  • Allows you to authenticate with dynamic authentication codes. Specifically, if the login fails for 6 consecutive times, an authentication would be required to avoid malicious logins.
  • Supports two-factor authentication, adding extra security codes for authenticating your identity to further increase your account security.
  • Supports complexity settings for login password. You can set the password length in a custom manner, and use the password strategy with a combination of numeric, case-sensitive, and special characters.
  • Supports password expiration settings. You can set the password update cycle in a custom manner. We recommend that you change the cloud login password regularly to ensure the login security.
  • Allows you to set the history password check. You can set unrepeated times of failed logins in a custom manner.
  • Allows you to set the password lock mechanism. You can set the maximum number of failed logins and the maximum login number of locking a user for a period of time. When your continuous failed logins exceed the value that you set, your user account will be locked for a period of time to ensure the login security.
  • Supports the IP blacklist or whitelist. You can set IP blacklist or whitelist as needed to detect and filter visitor identities and to improve the cloud access control security.
  • Supports multiple session logins for the same user, and allows you to disable multiple session logins.
Command line Allows you to access the Cloud via command line. The command line supports full feature accesses. In addition, an account and a user can be logged in via command lines.
API Provides comprehensive APIs where APIs support Java SDK (compatibility version: Java 8), Python SDK (compatibility version: Python 2.7), and standard RESTful interface accesses.
Operation assistant Intelligent notification Provides intelligent environment checks and operation guides for key cloud operations.
Affinity group Anti-affinity group Provides two types of affinity group strategy: anti-affinity (soft) and anti-affinity (hard) to reasonably schedule cloud resources.
UI augmentation Custom product information Allows you to customize the product logo, product name, and other information via custom UI.
Large-screen home page
  • Provides multiple magnificent themes of a large screen to display your cloud resource information.
  • Allows you to switch virtualizations to display KVM or vCenter large screen respectively.
  • Allows you switch zones to display the large screen of all zones or a zone.
  • Allows you switch data sources, including external monitoring and internal monitoring. For internal monitoring, you need to install an agent.
Encryption access Allows you to securely log in to the Cloud via HTTPS.
In-process display Adds progress bars of multiple scenarios.
VDI Solution
  • Supports SPICE, RDP, and VNC, and has optimized them via custom client side.
  • Allows you to specify a VDI network.
  • Supports USB redirection, which means multiple USB devices are compatible.
  • Allows you to set an independent VDI network.
  • Supports multi-screen display.
  • Supports microphones.
  • Supports SPICE to optimize traffics.
UI navigation Quick entrance Adds a quick entrance to the product and service, and highlights important resources.
UI information exporting List information exporting with CSV format Exports VM and host main list information, making it more convenient to manage and edit parameters in list offline.
Tag Resource tag
  • Allows you to create tags with different names or colors, and binds them to resources (such as VM instances, volumes, hosts, and Bare Metal instance) to conveniently manage and search these resources.
  • Allows you to sort resource tags according to the bound time or names.
Application center Application center Allows you to add application plugins, such as storage, database, security, IaaS, PaaS, and SaaS.
AccessKey AccessKey management Allows you to generate an AccessKey that other clouds can call APIs. This AccessKey has the same permission as the creator who generated the AccessKey.
License Cloud license (Basic License)
  • Includes enterprise edition and hybrid edition.
  • Allows you to upload Basic License via a local browser.
  • Supports expiration notifications of Basic License.
  • Supports all features for Enterprise, standalone version with unlimited trials.
  • Supports two types of authorization method: CPU and host.
Module license (Plus License)
  • Provides additional functionality.
  • Depends on Basic License.
  • Currently includes Enterprise Management module, VMware Management module, BareMetal Management module, Backup Service module, Migration Service module, ARM64 Management module, and After-Sales Service (5x8 and 7x24).
  • Allows you to upload Plus License via a local browser.
  • Supports expiration notifications of the Plus License.
CPU infrastructure license
  • Supports x86 server infrastructure license. KVM and vCenter can be used separately to provide independent CPU permissions for a compute node.
  • Supports ARM64 server management license. In addition, allows you to add an ARM64 server to the Cloud via a license. You can specify CPU counts or host counts for the ARM64 server.
License uploading
  • Allows you to package licenses as needed.
  • For dual management nodes, allows you to download request code and upload license in any management node.
Management node Multi-host management node HA
  • Supports multi-host management node (MN) HA. You can use the active-backup mode. Specifically, after a management node fails, another management node will be used to ensure your business continuity.
  • Allows you to add licenses for the active management node and the backup management node respectively via VIP login.
  • A multi-MN HA environment allows you to monitor the management node HA and check the health status. In addition, by default, a resource alarm will be triggered if the monitor IP cannot be reached, or if dual MN database cannot synchronize.
Management node
  • A management node supports coexistence of different versions of source files.
  • A management node database lets you configure access restrictions. Also, the account of this database can be included in a whitelist to ensure security of this database.
Compute node Batch host addition
  • Allows you to add hosts in bulk according to the network range that you entered.
  • Allows you to add hosts in bulk with a template.
Log server Log server Allows you to collect logs of a management node. You can easily collect logs of a management node to quickly locate issues and to improve O&M efficiencies of the Cloud.
Installation One-click installation
  • Allows you to run just one command to complete installing and deploying the Cloud from scratch within just 30 minutes.
  • Supports three installation modes: ZStack Enterprise Management Node, ZStack Community Management Node, ZStack Compute Node, and ZStack Expert Mode.
Upgrade Seamless upgrade Allows you to seamlessly upgrade your cloud from an earlier version to a later version.
Incremental upgrade Supports incremental upgrade to improve the upgrade speed greatly.
Environment upgrade Allows you to customize installation and upgrade via ZStack Expert Mode.
The following table lists the features of ZStack Enterprise Management module.
Type Feature Enterprise Management Module
Organization User
  • A user is the most basic unit in Enterprise Management.
  • An administrator or platform user can create users, and builds the corresponding organization structure based on users.
  • You can add users, delete users, change user names, change passwords, change personal information, add users to departments, remove users from departments, add users to projects, and remove users from projects.
  • Personal information of a user includes name, mobile phone number, email address, and identifier.
  • You can create users manually or by importing a template. Specifically, if you import a template, organization relationship among users and the information of projects where the users belong can be synchronously imported.
Organization
  • An organization is the basic unit in Enterprise Management. An administrator or platform user can see all organization structure trees of the Cloud, while a regular platform user or project member can only see the structure tree of the organization where regular users or project members belong.
  • An organization can be displayed by an organization structure tree, and includes a top-level department and subsidiary departments. The top-level department is the first level department where you can add multiple subsidiary departments. You can create multiple top-level departments.
  • The binding relationship between a department head and a department is weakened to allow the department to not set the head of department.
  • You can add an organization, delete an organization, change a parent department, create a subsidiary department, delete a subsidiary department, add a user, and remove a user.
Role
  • A role is a group of permissions and can endow users with permissions used for calling related APIs to manipulate resources.
  • Tenants and roles are separated in Enterprise Management. Roles can be bound to tenants or removed from tenants in Enterprise Management. A role includes system role and custom role.
  • The GUI provides API-level permission control for tenants to flexibly meet permission configurations of various scenarios.
  • A super administrator (admin), platform admin, or regular platform user can have permission controls on a project member (project admin, project operator, or regular project member).
  • A platform admin can serve as a user. If you bind a platform admin role to a user, this user can be endowed with the corresponding role and the corresponding permissions.
  • Provides platform admin role, project admin role, project operator role, and dashboard role. Specifically, a user with the dashboard role can only have the permission to check the dashboard. If you log in to the Cloud via this user, you will jump to the dashboard page.
3rd party authentication
  • Allows you to add an AD or LDAP server. After you add an AD or LDAP server successfully, you can automatically import 3rd party users or organizations (only for AD server) to the Cloud.
  • Allows you to set a user mapping and organization mapping (only for AD server). You can synchronize 3rd party users or organizations (only for AD server) according to the mapping rule that you set.
  • Allows you to customize filter rules to filter out users that you do not need to synchronize.
Project management Project
  • Specifies related people to accomplish specific target tasks at a specific time, and with a specific resource and budget.
  • Enterprise Management is project-driven to schedule resources. You can build an independent resource pool for a specific project.
  • Allows you to create a project, delete a project, enable a project, disable a project, change a project admin, generate a project template, add a member, remove a member, stop project resources, recover the expired project, attach an organization, and detach an organization.
  • The binding relationship between a project admin and a project is weakened to allow the project to not set the project admin.
  • Allows you to recover a project via job scheduling recovery or billing recovery.
  • Allows you to create projects in bulk by using official scripts.
project template
  • Identifies the template of each resource quota.
  • Allows you to directly use the quota defined by the template to quickly create a project.
  • Allows you to create a project template and delete a project template.
project member
  • A project member is the basic member of a project. Generally, an admin, platform user, project admin, or project operator can be added to a project.
  • Permissions of a project member can be controlled correspondingly by an admin, platform user, project admin, or project operator.
Member group
  • An admin, platform user, project admin, or project operator can create multiple member groups in a project and manages users by groups.
  • You can endow a member group as a unit with a role on which you can have permission controls.
QoS setting
  • An admin or platform user can set QoS for a VM, volume, and NIC.
  • You can set the total bandwidth or read and write bandwidth for a disk QoS.
  • You can control QoS setting range. QoS limit of a regular account or project member must not exceed the values that are set by an admin or platform admin.
Ticket management Ticket applying
  • A project member (project admin, project operator, or regular project member) can apply for tickets for cloud resources.
  • A project member can create, reject, reopen, and delete a ticket.
Ticket approval
  • An admin or project admin can approve, deploy, and reject tickets.
  • Supports the default process approval and custom process approval.
  • Default process approval: A project member submits a ticket application. Then, an admin can perform a one-click approval. After the ticket process is approved, resources will be automatically deployed successfully and distributed to the corresponding project.
  • Custom process approval: A project member submits a ticket application. Then, approvers of each approval flow will perform approvals according to the custom process approval. Finally, an admin or project admin will perform one-click approvals. After all ticket processes are approved, resources will be automatically deployed successfully and distributed to your project.
Custom process management
  • An admin can set different types of custom ticket process for different projects.
  • Supports multiple ticket types, for example, apply for a VM instance, delete a VM instance, change a project cycle, change VM configurations, and modify a project quota.
  • The custom ticket process allows you to add project members to each approval flow.
  • Allows you to enable, disable, change, and delete custom ticket process.
Independent zone management Platform admin
  • A platform admin is mainly an administrator who can add or remove zones.
  • An admin can allocate different zones to different platform admins. In this regard, these platform admins can manipulate data centers of different zones.
  • Allows you to create or delete a platform admin, change passwords, add a zone, and remove a zone.
Resource isolation
  • Allows you to specify the corresponding zone admins for each zone based on the fact that resources are isolated on zones. Doing so will achieve independent managements for each machine room.
  • Meanwhile, an admin can check and manage all zones.
The following table lists the features of ZStack BareMetal Management module.
Type Feature BareMetal Management Module
BareMetal management Bare Metal cluster
  • Manages Bare Metal hosts by creating a Bare Metal cluster.
  • Allows you to attach a Bare Metal cluster to an L2 network.
Deployment server
  • Automatically installs and deploys the system for newly-created Bare Metal chassis via a deployment server.
  • Allows you to deploy a deployment (PXE) server independently.
Bare Metal chassis
  • Deploys Bare Metal chassis in bulk via an IPMI network.
  • Allows you to manage powers of Bare Metal chassis remotely.
  • Adds Bare Metal chassis in bulk according to the network range that you entered.
  • Allows you to add Bare Metal chassis in bulk via template importing.
  • Allows you to open the IPMI management page (login page) of Bare Metal chassis via a console. You can log in to the Bare Metal chassis by entering the configured IPMI user name and the IPMI password.
Bare Metal instance
  • Allows you to install Linux operating system for Bare Metal chassis with an ISO image.
  • Allows you to install Ubuntu, CentOS, and SUSE in an unattended manner.
  • Allows you to add network configurations for a Bare Metal instance.
  • Provides real-time monitoring of internal workloads. For Bare Metal instance monitoring, you need to install an agent. You can check CPU, memory, disk, NIC, and other performance inductors of a Bare Metal instance.
  • Provides associated monitoring items of a Bare Metal instance, including CPU, memory, disk, and NIC.
  • Allows you to create tags (for admin tags only) for Bare Metal instances and quickly search target Bare Metal instances via these tags.
The following table lists the features of ZStack Backup Service module.
Type Feature Backup Service Module
Backup service Backup
  • Allows you to create a backup job for a VM instance, volume, and management node database. Specifically, supports backups of entire VM instances.
  • Displays the current backup jobs in a unified manner so that you can quickly control the overall status of current backup jobs and improve the O&M efficiency.
  • Greatly improves the backup performance of large files by optimizing the backup mechanism of large files, and supports physical tape library (PTL) and virtual tape library (VTL).
  • Allows you to set the backup strategy for a backup job according to week, day, or hour. The backup job that you created allows you to update the backup strategy.
  • Saves backup file data according to count or time.
  • Allows you to perform backups immediately and fully back up your data on schedule after you create a backup job.
  • Allows you to back up your data on the local backup storage and synchronize the data to the remote backup storage.
  • Allows you to check the local backup data or remote backup data of a VM instance, volume, and database.
  • Allows you to delete a local backup data or remote backup data.
  • Allows you to either use the ImageStore backup storage that you have deployed on the local data center as a local backup storage or to deploy a new local backup storage directly.
  • Supports active backup seamless switch when you specify multiple local backup storages for a backup job.
  • Only allows you to add a remote backup storage, including remote backup and Aliyun backup.
  • Allows you to synchronize backup data only from a local backup storage to a remote backup storage.
  • Cleans up the invalid backup data that were completely deleted and the temporary data that were expired on a local backup storage or remote backup storage to release more storage spaces.
  • Allows you to set disk QoS and network QoS for a backup job.
  • Allows you to check the backup progress of a backup job.
  • Allows you to automatically obtain backup data when you add the existing backup storages.
  • Allows you to create event alarms for backup jobs. When a backup job fails, you can receive alarm details about the backup job at an endpoint.
Recovery
  • Allows you to create new resources or overwrite original resources when you recover resources from local backup data or remote backup data of a local VM instance or volume.
  • Allows you to recover an entire VM instance.
  • The remote backup data of a local VM instance or volume must be synchronized to a local backup storage in advance before you recover the remote backup data to the local backup storage. The remote backup data of database can be recovered directly to the local backup storage.
  • Allows you to perform one-click recovery for the data center via the local or remote backup storage of a database. This is applied to the scenario that the local backup storage attaches a zone and has data.
  • Allows you to recover the data center by means of the Wizard guidance page via the local backup data of the database or remote backup data of the database. This is applied to the scenario that the local backup storage has no any zone and any data.
  • Allows you to export and then manually recover the local backup data or remote backup data of a database.
The following table lists the features of ZStack Migration Service module.
Type Feature Migration Service Module
Migration service V2V conversion host
  • Decouples from the state of the corresponding host. When a V2V conversion host is enabled but the corresponding host is disabled, the V2V conversion host will be dedicated to V2V migration scenarios, and other appliance VM instances will not be dispatched to the V2V conversion host. This effectively improves the migration efficiency.
  • Allows you to set a separate migration network to convert data from the source primary storage to the V2V conversion host.
  • Supports real-time capacity monitoring. You can select different time spans to monitor the percentage of used capacity of a V2V conversion host.
  • Displays the total capacity and available capacity of a V2V conversion host.
V2V migration for VMware
  • Migrates vCenter VM instances that you took over to the current Cloud.
  • Allows you to perform one-click V2V bulk migrations for VM instances. After the migrations were completed successfully, the provisioning method keeps unchanged.
  • Allows you to customize configurations for target VM instances when you create a V2V migration job.
  • Allows you to set a migration network and QoS.
  • Allows you to cancel and restart a V2V migration job.
  • Provides safe, resource-efficient migration services. Files that are migrated will be compressed and saved on the source primary storage.
  • Supports multiple versions of source vCenter platform, including 5.0, 5.1, 5.5, 6.0, 6.5, and 6.7.
  • Allows you to perform V2V migrations for VM instances with multiple types of operating system. The supported types of operating system for V2V migrations include RHEL/CentOS 5.x/6.x/7.x, SLES 11/12/15, Ubuntu 12/14/16/18, and Windows 7/2003/2008/2012/2016.
  • Provides unlimited types of source primary storage. Currently, the target primary storage supports Ceph, Shared Block, NFS, and LocalStorage.
V2V migration for KVM
  • Does not need you to take over KVMs. You can migrate VM instances online from a KVM cloud to the current Cloud.
  • Allows you to perform V2V migrations (KVM) for VM instances that are in the running state and the stopped state.
  • Supports unlimited types of primary storage.
  • Migrates data volumes synchronously that you attached when you perform V2V migrations for KVMs, and allows you to modify CPUs and memories.
  • Does not migrate VM snapshots synchronously when you perform V2V migrations for KVMs.
  • Provides unlimited types of primary storage. Currently, the target primary storage supports Ceph, SharedBlock, NFS, and LocalStorage.
The following table lists the features of ZStack Rights Separation module.
Type Feature Rights Separation
Rights Separation Rights management Permissions of a super admin (admin) are separated into three roles: system administrator (sysadmin), security administrator (secadmin), and security auditor (secauditor). These three roles are mutually independent and mutually balanced to further enhance the cloud security. Doing so will effectively lower the security risk that permissions of a super administrator are too large.
System admin The sysadmin manages resources on the Cloud and manipulates the lifecycle of resources on the cloud excluding managements of associated permissions.
Security admin The secadmin manages cloud permissions, and allocates permissions to users or roles.
Security auditor The secauditor manages cloud auditing, and has permission controls to check and export logs that are used to audit operations of other users.
Download

Already filled the basic info? Click here.

Enter at least 2 characters.
Invalid mobile number.
Enter at least 4 characters.
Invalid email address.
Wrong code. Try again. Send Code Resend Code (60s)

An email with a verification code will be sent to you. Make sure the address you provided is valid and correct.

Download

Not filled the basic info yet? Click here.

Invalid email address or mobile number.

Email Us

contact@zstack.io
ZStack certification training consulting
Enter at least 2 characters.
Invalid mobile number.
Enter at least 4 characters.
Invalid email address.
Wrong code. Try again. Send Code Resend Code (60s)

Email Us

contact@zstack.io

The download link is sent to your email address.

If you don't see it, check your spam folder, subscription folder, or AD folder. After receiving the email, click the URL to download the documentation.

The download link is sent to your email address.

If you don't see it, check your spam folder, subscription folder, or AD folder.
Or click on the URL below. (For Internet Explorer, right-click the URL and save it.)

Thank you for using ZStack products and services.

Submit successfully.

We'll connect soon.

Thank you for choosing ZStack products and services.

Back to Top