DocsAPI Explorer
ZHEN
DocumentationZCFZStack CloudFeature OverviewZCF

ZStack Cloud 4.7.21

Highlights

  • Optimizations of Storage Overcommit: Adds a storage usage prediction chart, supports specifying usage alert threshold, and enhances primary storage-related alarms.
  • A New Feature: SNMP Management: Allows a 3rd-party platform to monitor Cloud resources and receive alarms pushed from the Cloud.
  • Security Group Enhancement: Supports blocklist and priority mechanism; Optimizes the process of setting security rules and attaching security groups to NICs.

Overview

VM Instance
  1. SSH key enhancement.
    1. Supports local creation and management of SSH key.
    2. Allows you to attach SSH keys to running VM instances.
  2. VM memory allocation optimization.
    1. Memory shared across multiple VM instances.
    2. On-demand reclaim of free memory of VM instances
    3. Specify VM memory reserve.
  3. Supports manual allocation when change host and primary storage.
Cloud Network
  1. Security group enhancement.
    1. Supports blocklist and priority mechanism of security rules.
    2. Optimizes security rule settings.
    3. Supports security rule import and export.
    4. Optimizes the process of attaching security groups to NICs.
  2. Flow redirection from HTTP listener to HTTPS listener.
  3. Smart NIC compatible with H79C OS.
  4. Allows duplicated MAC addresses.
Cloud Storage
  1. Supports releasing unused space when migrating between primary storage.
    1. Migrates valid data when migrating between primary storage.
    2. Auto-matches the provisioning type of target primary storage.
  2. Optimizations of storage overcommit.
    1. Supports predicting physical storage usage.
    2. Supports specifying usage alert threshold to timely get risk alert.
    3. Enhancements of primary storage-related alarms.
Platform O&M
  1. Visualized time management.
  2. Auto detects and pushes new version info.
  3. Visualized certificate management.
Monitoring and Alarm
  1. A new feature: SNMP Management.
    1. Allows a visual configuration of SNMP parameters.
    2. Allows a 3rd-party platform to monitor resources on the Cloud.
    3. Allows the Cloud to push alarms to a 3rd-party platform.
  2. Optimization of disk and NIC monitoring charts.
  3. A stronger risk prompt when dual management node database needs synchronization.
Elastic Baremetal Management
  1. Allows elastic baremetal instance to use block storage volume.
    1. Adds block storage volume that provides distributed storage space for elastic baremetal instances.
    2. Management of block storage volume lifecycle and snapshot.
  2. Supports visual bond configuration for provision NIC of elastic baremetal instance.
Tenant Management
  1. Feature module rename: from Enterprise Management to Tenant Management.
  2. Optimizations of 3rd-party authentication.
User Experience Optimization
  1. Experience improvement program.

VM Instance

SSH Key Enhancement

In previous versions, it has been allowed to inject an SSH key (generate outside the Cloud) into a VM instance for a password-free login. The injections rely on Cloud-Init to take effect. ZStack Cloud 4.7.21 further enhances this feature, allowing you to generate SSH key pairs on the Cloud directly, which can be attached to running VM instances and work properly without Cloud-Init.

Supports Local Creation and Management of SSH Key

Starting from ZStack Cloud 4.7.21, you can create and manage SSH keys on the Cloud. On the main menu of ZStack Cloud, choose Resource Center > Resource Pool > Security > SSH Key. Then, the SSH key management page is displayed.

On this page, you can click Create SSH Key to generate a new SSH key pair directly or import an SSH public key to the Cloud.

These SSH keys enjoy lifecycle management and O&M actions provided byZStack Cloud, including creation, edition, deletion, attachment/detachment to/from VM instances, and attachment/detachment to/from tags.

Note: ZStack Cloud stores and manages your SSH public keys only, and private key needs to be kept by yourself.
Figure 1. Create SSH Key


Figure 2. Manage SSH Key


Allows You to Attach SSH key to Running VM Instance

Starting from ZStack Cloud 4.7.21, you can attach/detach SSH keys to/from running VM instances. The attached keys work directly without rebooting the VM. This mechanism rely on running QGA installed on VM instances. You can install the QGA by installing VM GuestTools or through other methods. If through other methods, make sure that the QGA you use is of 2.5 or a latter version.

Note: If you attach an SSH key to a VM instance during the VM creation, a Cloud-Init is still necessary for the key to work properly after the creation. In this scenario, make sure that the VM image you use has Cloud-Init installed.

VM Memory Allocation Optimization

Starting from ZStack Cloud 4.7.21, memory sharing, memory reclaim, and memory reserve mechanisms are provisioned for VM instances. These three mechanisms can work together to ensure business stability and efficient use of host and VM memory resources.

Memory Shared Across Multiple VM Instances

The memory sharing mechanism periodically scans VM memory. If identical memory pages are identified, these pages are merged. This way, multiple VM instances may share a same host memory page, thus avoiding memory resource wastes.

Figure 1. Memory Shared Across Multiple VM Instances


On-demand Reclaim of Free Memory of VM Instances

Memory reclaim mechanism: Monitors in real time the memory usage of VM instances and the host. Its dynamic reclaim and allocation mechanism makes sure the efficient use of host memory.
  • If the workloads running on a VM instance decrease, the host reclaims unused memory of the VM instance.
  • If the workloads running on a VM instance increase, the host allocates necessary memory space to the VM instance.

Memory reclaim is triggered only after the host memory usage exceeds 80%.

Figure 2. Memory Reclaim


Specify VM Memory Reserve

If you enable VM reclaim for a VM instance, you can enable memory reserve for this instance and specify the reserve size based on your business needs. This ensures the stability of the VM system during memory reclaiming.

Figure 3. Memory Reserve


Before you enable VM reclaim for a VM instance, make sure:
  • If the VM instance is running an important application such as a database, we recommend that you do not enable memory reclaim.
  • Before you enable VM reclaim, you need to install GuestTools on the VM instance and disable vNUMA for the instance. You also need to disable Hugepages for the cluster where the instance resides.

Supports Manual Allocation When Change Host and Primary Storage

In earlier versions, when migrate a VM instance (Change Host and Primary Storage), the Cloud only supports system allocation for destination host. Starting from ZStack Cloud 4.7.21, when you hot migrate a VM instance by Change Host and Primary Storage, you can select Manual Allocation to specify a destination host. The Cloud will filter available hosts for you based on the selected destination primary storage.

Figure 1. Support Manual Allocation When Change Host and Primary Storage


Cloud Network

Security Group Enhancement

ZStack Cloud 4.7.21 enhances the security group feature from the flowing aspects.

Supports Blocklist and Priority Mechanism of Security Rules

In previous versions, security rules support only allowlist mechanism. This means that all rules use the Allow policy which could specify which flows are allowed but could not directly define which flows are denied.

Starting from ZStack Cloud 4.7.21, security rules support a blocklist mechanism and can use a Reject policy to deny specified ingress/egress rules. This policy mainly applies to scenarios where most flows need to be allowed and only a small portion need to be denied. The blocklist mechanism further increases the flexibility of security groups.

As a security group can have both Allow and Reject rules, to avoid a conflict brought by two rules on a same object (flow source or destination), you can set rule priorities. On the same object, only the rule with the highest priority take effect. You can manually select a priority for each rule, or directly drag and drop rules to adjust their priorities. Just choose one method suitable for you.

Figure 1. Blocklist and Priority Mechanism of Security Rule


Optimizes Security Rule Settings

ZStack Cloud optimizes the setting methods of the following security rule parameters:
  • Supports various formats of addresses as authorization object (flow source or destination).

    ZStack Cloud 4.7.21 supports two object types: IP address/CIDR and security group. You can choose only one type for one rule.

    When you choose the IP address/CIDR type, various address formats are supported, including IP address, IP range (Start IP-End IP), and CIDR. You can add one or more (up to 10) addresses in various formats for one rule, which effectively improve the configuration flexibility.

  • Supports one or more ports/port ranges for a rule.

    For security rules whose protocol is TCP or UDP, you need to set the authorization port (s) . ZStack Cloud 4.7.21 allows you to add one or more (up to 10) ports and port ranges for a rule.

    Figure 2. Optimizes Setting Method of Authorization Object and Port


Supports Security Rule Import and Export

Starting from ZStack Cloud 4.7.21, you can export security rules from a security group and import them to another security group, thus finishing rule configurations in an efficient way.

Figure 3. Import and Export Security Rule


Optimizes Process of Attaching Security Group to NIC

ZStack Cloud 4.7.21 optimizes the process of attaching security groups to NICs from the following aspects:
  • Changes L3 network from a required parameter to an optional parameter.

    In previous versions, you have to attach a security group to an L3 network first, and then attach it to NICs on this L3 network, which means that the L3 network is a required parameter during you attaching a security group to a NIC. This prerequisite is removed in ZStack Cloud 4.7.21 and you can attach the security group to any NIC directly. However, you can still use L3 network as an optional parameter that help you filter NICs quickly.

  • Allows you to set priorities for multiple security groups on a same NIC.

    In previous versions, it has been allowed to attach more than one security group to a NIC. ZStack Cloud 4.7.21 allows you to set priorities for these security groups to avoid conflicts brought by multiple rules in multiple groups. The NIC matches the rules in the group with the highest priority first.

  • Allows you to set a policy to control flows that are not stipulated by security groups.

    Starting from ZStack Cloud 4.7.21, after joining in a security group , except for flows stipulated by the security group rules, the NIC rejects all other ingress flows and allows all other egress flows by default. You can modify this default policy to flexibly control the flows that are not denied by security groups.

Flow Redirection from HTTP Listener to HTTPS Listener

Starting from ZStack Cloud 4.7.21, a load balancer can redirect all flows accessing an HTTP listener to an HTTPS listener to process. With this feature aligning with the trend of increasing HTTPS websites that help ensure the business security, users can conveniently access an HTTPS website without having to remember its HTTPS URL clearly.

Figure 1. Enable HTTP Redirect for an HTTP Listener


Smart NIC Compatible with H79C OS

In earlier versions, smart NIC has been made compatible with the H76C system. Starting from ZStack Cloud 4.7.21, smart NIC becomes compatible with the H79C system. You can now use smart NICs on a H76C-based as well as a H79C-based platform to improve network performance.

Allows Duplicated MAC Address

Starting from ZStack Cloud 4.7.21, a MAC address can be used by more than one NIC on the same L2 network.

Note that you can set an occupied MAC address for a disabled NIC, and this NIC cannot be enabled because of this duplicated MAC address.

Cloud Storage

Supports Releasing Unused Space when Migrating Between Primary Storage

Migrates Valid Data when Migrating Between Primary Storage

Starting from ZStack Cloud 4.7.21, When you migrate a VM instance or volume by Change Primary Storage and Change Host and Primary Storage, the Cloud supports for releasing unused space through provisioning method to achieve a storage migration that only migrates the actual data, saving user's space.

Auto-Matches the Provisioning Type of Target Primary Storage

Starting from ZStack Cloud 4.7.21, when conducting a storage migration on VM instance or volume, the migrated resource follows the provisioning type of the target primary storage.

Note:
  • If you migrate a VM instance or volume to Ceph primary storage, the provisioning type only supports thick provisioning.

Optimizations of Storage Overcommit

Supports Predicting Physical Storage Usage

ZStack Cloud 4.7.21 adds a Storage Usage Prediction chart to predict the physical storage usage trends for the next 180 days based on the primary storage capacity utilization. You can view the physical capacity total, physical capacity used, physical capacity usage prediction, and usage alert threshold on the chart.

Figure 1. View Storage Usage Prediction


Supports Specifying Usage Alert Threshold to Timely Get Risk Alert

ZStack Cloud 4.7.21 provides a new global setting: Alarm Threshold of Primary Storage Physical Capacity Utilization. You can set this parameter to avoid excessive usage of the physical capacity of the primary storage. When the system predicts that the physical usage of the primary storage exceeds the threshold, an alarm is displayed.

You can specify this threshold by navigating to Settings > Global Setting > Basic > Hardware > Primary Storage. You can also specify this threshold on the upper-right corner of the Storage Usage Prediction chart. If you specifically set the usage alert threshold for primary storage, this global setting does not take effect on this primary storage.

Figure 2. Alarm Threshold of Primary Storage Physical Capacity Utilization


Enhancements of Primary Storage-Related Alarms

ZStack Cloud 4.7.21 provides two new resource alarms for physical storage usage prediction: Predicted Physical Capacity Utilization Exceeds Threshold and Ceph Pool Predicted Physical Capacity Utilization Exceeds Threshold. These two alarms are used to monitor the predicted physical storage usage of multiple primary storage. An alarm can be triggered when alarm rules are met.

In addition, ZStack Cloud 4.7.21 adds three primary storage-related alarms to the important resource alarm reminder, including: Primary Storage Available Physical Capacity, Primary Storage Physical Capacity Available Percent, and Ceph Pool Physical Capacity Available Percent. In this way, you can get a more conspicuous and accurate alarm information and timely deal with storage resource overload.

Figure 3. Enhancements of Primary Storage-Related Alarms


Platform O&M

Visualized Time Management

Starting from ZStack Cloud 4.7.21, you can configure NTP time servers for the Cloud to sync the clock of the time servers with all nodes of the Cloud. This allows you to manage your platform time efficiently and ensures the stability and reliability of time sync.

The Cloud supports the following three time protocol modes:
  • Internal: Uses a management mode or host as an NTP time server of the Cloud system time so the other nodes of the Cloud may sync time with the time server.
  • Internal and External: Uses a node that does not belong to the Cloud as an NTP time server and uses a management mode or host as an NTP time server of the Cloud system time. The external time server syncs time with the internal time server first and then the internal time server syncs time with the other nodes of the Cloud.
  • External: Uses a node that does not belong to the Cloud as an NTP time server, which syncs time with all nodes of the Cloud.

You can add up to 2 internal time servers and 2 external time servers for the Cloud.

The latest system time is displayed on the Cloud. If you configure time servers, this time is auto synced with the time servers. If the system time has large difference with the time servers, you can manually sync time by force to save your time.

Figure 1. Internal and External NTP Time Server Mode


Auto Detect and Push New Version Info

Starting from ZStack Cloud 4.7.21, version detection is available. This feature periodically detects the latest version and provides information about the version number and the highlights if the latest version is available. You can upgrade to the latest version based on your needs.

If you enable version detection, you can configure the version pull strategy. You can pull production environment recommended versions or technical preview versions and specify the auto detection duration by day, week, month, or year. By default, the auto detection is implemented once every month.

Before you configure the strategy, make sure the management node is connected with the Version Maintenance Center. After the configuration, the version info detection and push is implemented based on the strategy. You can also implement manual detection and modify or disable the strategy on demand.

Figure 1. Enable Version Detection


Figure 2. Version Detection Enabled


Visualized Certificate Management

Starting from ZStack Cloud 4.7.21, you can generate a system self-signed certificate or import a 3rd-party SSL certificate to the Cloud. After you successfully configured the SSL certificate, you can log in to the Cloud UI via HTTPS protocol, which ensures that the data transmission is effectively encrypted for the Cloud.

Figure 1. SSL Certificate Information


Monitoring and Alarm

A New Feature: SNMP Management

SNMP is the simple network management protocol used to manage devices in the network. ZStack Cloud 4.7.21 uses this protocol to realize a connection between the Cloud and a 3rd-party platform, thus allowing the 3rd-party platform to proactively get resource monitoring data from the Cloud or passively receive alarms pushed from the Cloud.

Currently, protocols of the v2c and v3 types are supported.

On the main menu of ZStack Cloud, choose Setting > System Setting > SNMP Management. Then, the SNMP Management is displayed.

Supports Visual Configuration of SNMP Parameters

ZStack Cloud 4.7.21 allows you to configure SNMP parameters in a visual method on the UI page, including the SNMP agent port, protocol type, user name, user authentication, and data encryption. These parameters is used for the quick establishment of a connection between the 3rd-party platform and the Cloud.

Figure 1. Visual Configuration of SNMP Parameters


Allows 3rd-Party Platform to Monitor Resources on Cloud

After being integrated with ZStack Cloud through SNMP, a 3rd-party platform can proactively get resource monitoring data with OID instructions from the Cloud. ZStack Cloud provides a specific MIB file containing OIDs for you to download.

Currently, you can get the monitoring data of each host on ZStack Cloud through the 3rd-party platform.

Figure 2. Specific MIB File


Figure 3. Monitoring Data Got by 3rd-Part Platform


Allows Cloud to Push Alarms to 3rd-Party Platform

Starting from ZStack Cloud 4.7.21, you can add a 3rd-party platform as an SNMP Trap receiver. This receiver can be used as an endpoint and attached to specified alarms. Then, the Cloud can proactively push messages to the 3rd-party platform when the alarms are triggered. The 3rd-party platform can parse alarms received according to the MIB file.

Figure 4. Add SNMP Trap Receiver


Figure 5. Add SNMP Trap Receiver as Endpoint


Figure 6. Alarms Received by 3rd-Party Platform


Optimization of Disk and NIC Monitoring Charts

ZStack Cloud 4.7.21 splits the disk and NIC monitoring charts on the resource details page, enabling you to view multiple disk/NIC monitoring data on the same page. This optimization covers the monitoring chart on details page of the following resources: VM instance (external monitoring), VPC vRouter (external monitoring), host, and backup storage.
  • Splits Disk Monitoring Chart

    ZStack Cloud splits the disk monitoring chart into two charts: Disk Speed chart and Disk IOPS chart. Both charts can display two metrics (read and write) at the same time. Therefore, you can conveniently master more disk monitoring data through the same page.

    Figure 1. Disk Monitoring | Previous Versions


    Figure 2. Disk Speed & Disk IOPS IOPS Monitoring | 4.7.21 Version


  • Splits NIC Monitoring Chart

    ZStack Cloud splits the NIC monitoring chart into three charts: NIC Data Transfer Rate, NIC Packet Rate, and NIC Packet Discard Rate chart. Each chart can display two metrics (out and in) at the same time. Therefore, you can conveniently master more NIC monitoring data through the same page.

    Figure 3. NIC Monitoring | Previous Version


    Figure 4. NIC Data Transfer Rate & NIC Packet Rate & NIC Packet Discard Rate | 4.7.21 Version


A Stronger Risk Prompt when Dual Management node Database Needs Synchronization

Starting from ZStack Cloud 4.7.21, when an asynchronization is detected between the dual management node database, the Database Status on the Management Node Monitoring page is displayed as error and marked in red. Meanwhile, a global risk banner appears to remind you to sync the database as soon as possible to avoid data loss.

Elastic Baremetal Management

Allows Elastic Baremetal Instance to Use Block Storage Volume

Starting from ZStack Cloud 4.7.21, elastic baremetal instances can integrate with iSCSI storage to get distributes storage space provided by block storage volumes. You can configure multipath for elastic baremetal instances to access iSCSI storage, effectively improving the storage performance and reducing the access latency. This avoids single-point failure of the gateway node in principle and ensures a high availability of data.

Block Storage Volume that Provides Distributed Storage Space for Elastic Baremetal Instances

In previous version, you need to deploy a distributed storage and add it to ZStack Cloud before you can allocate the distributed storage space to elastic baremetal instances through gateway nodes.

Starting from 4.7.21, you can create and manage block storage volume on ZStack Cloud directly with a distributed storage access token. The block storage volume can be allocated to elastic baremetal instance as needed. In addition, you can configure multi-path access for these block storage volume to achieve high availability of I/O access paths and ensure business continuity. One elastic baremetal instance can be attached with 1-255 block storage volumes, and a block storage volume can be attached to 1-16 elastic baremetal instances.

Management of Block Storage Volume Lifecycle and Snapshot

ZStack Cloud provides basic lifecycle management for block storage volumes, including creation, edition, deletion, maximum/burst IOPS setting, maximum/burst bandwidth setting, expansion, and attachment/detachment to/from elastic baremetal instances. Meanwhile, ZStack Cloud allows you to create snapshots based on block storage volumes to ensure the data security.

Supports Visual Bond Configuration for Provision NIC of Elastic Baremetal Instance

In previous versions, ZStack Cloud has supported visual bond configurations for business NICs of elastic baremetal instances, including adding and removing bonds. ZStack Cloud 4.7.21 allows you to configure bonds (add or remove) for provision NICs of elastic baremetal instances, thus further improving your network deployment efficient. Before the configuration, make sure that the elastic baremetal instance uses a local disk as the system disk and has the agent installed.

Tenant Management

Feature Module Rename: from Enterprise Management to Tenant Management

Starting from ZStack Cloud 4.7.21, the Enterprise management module is renamed as Tenant Management. Tenant Management provides all functionalities that were provided by Enterprise Management in previous versions.

In addition, the Project Login entry on the login page is renamed as Tenant Login, all users in Tenant Management, including the platform users and project members, need to log in to ZStack Cloud from this entry.

Figure 1. Enterprise Management | Previous Versions


Figure 2. Tenant Management | 4.7.21 Version


Figure 3. Project Login | Previous Versions


Figure 4. Tenant Login | 4.7.21Version


Optimizations of 3rd-Party Authentication

Starting from ZStack Cloud 4.7.21, OIDC and OAuth2 3rd-party authentication servers add support for four new parameters, including Redirect URL, Redirect Template, Userinfo Request URL, and Logout URL. You can these four parameters on demand.
  • Redirect URL and Redirect Template apply to the Cloud that is configured with reverse proxy or HTTPS. You can achieve a password-free login by modifying these two parameters to the IP address and port of the reverse proxy or the HTTPS-related address and port.
  • Userinfo Request URL is used to obtain the user information from the authentication server. The Cloud can normally map user attributes through this parameter when the user information is not returned in the Token Request URL.
  • Logout URL is used to log off sessions in the authentication system after logging out of the Cloud. The next time you log in to the Cloud, you need to log in to the authentication server again.
Figure 1. 3rd-Party Authentication Configurations


User Experience Optimization

Experience Improvement Program

ZStack Cloud 4.7.21 launched Experience Improvement Program, which will collect and analyze users' platform usage data to guide product optimization and improvement in the future.

The data collection will not begin until you agree to all relevant terms and conditions and confirm to join this program. The following are data collection scopes:
  • Product Configuration Data: gathers your product information, browser information, and access terminal information.
    • Product Information: product name, type, and version number.
    • Browser Information: browser name, version, language, and encoding.
    • Access Terminal Information: access terminal OS, OS version, and screen resolution.
  • Feature Usage Data: gathers your feature usage habits and page activities on the Cloud, including your username, user UUID, and user type; the current page URL, previous page URL, visit duration, dwell duration, and button click records.
  • Product Performance Data: gathers the Cloud performance and page response indicators, including the page loading duration.

The data mentioned above does not contain any sensitive resource or personal information. And you can opt out from the program whenever you want to stop the data collection.

Figure 1. Experience Improvement Program


PreviousZStack Cloud 4.8.0NextZStack Cloud 4.7.11