Network Services
Network services that you expect in multi region Openstack Cloud
In the CloudFerro Platform networking is fully virtualized and is fully configurable. A User can use public shared networks or can create Virtual Networks for their VMs. He can also create Virtual Routers to route traffic between Virtual Networks or from/to the Internet. In addition, CloudFerro Platform provides several network extensions like VPNaaS, LBaaS and FWaaS.
Internet Access
Outside internet can be accessed from VMS by means of: NAT on Virtual Routers (this is one directional access with no initialization of connection from outside), Floating-IPs and NAT on Virtual Routers (this allows for one-to-one mapping of internal private IP numbers to the public Floating-IP numbers) and direct connection of VMs to the public Internet networks.
Billing
In all above cases the internet traffic is billed per data transferred in GByte according to the Price List. The Internet traffic is billed per single Project (or Virtual Environment).
Virtual Network
A User can use Virtual Networks to interconnect VMs and can create many IP subnets in it. An IP subnet can have a DHCP server enabled to automatically assign IP addresses and provide DNS and default gateway addresses to VMs. Each VM can
be connected to one or more Virtual Networks.
Provisioning
A User can see current network topology in a legible form on a diagram and can manage them via API or the Cloud Dashboard.
Billing
Virtual Networks within a single Project are free and data transferred via such Networks is also free. Virtual Networks connecting different Projects are also free but data transferred via such Networks is billed according to the Price List.
Access Grups
Description
Security Group is a set of IP traffic filtering rules which forms a firewall installed just before VM on its all interfaces. User can specify rules, their order and can assign a Security Group to a VM. Single rule specifies protocol, source and destination addresses, ports and an action (allow/drop). Security Groups are a security mechanism attributed directly to VMs.
Provisioning
Security Groups can be managed via API or the Cloud Dashboard.
Billing
Security Groups are free within predefined limits.
Firewall as a Service (FWaaS)
Description
The FWaaS extension provides Users with the ability to deploy virtual firewalls to protect their whole private network globally at the network edge. The FWaaS extension enables you to apply firewall rules on traffic entering and leaving Tenant networks from/to Internet (north-south traffic). In the current version there is no support for traffic filtering between private networks (east-west traffic).
Provisioning
The firewall is fully configurable using API and the Cloud Dashboard.
Billing
The FWaaS is billed in monthly quanta according to the Price List.
Image Software upgrades
All the operating system image templates will be updated/patched on regular base (at least once per week) with security/bugfix patches and similar hot-fixes of the system and preinstalled software. Copies of all intermediate versions will be maintained. All the virtual machines will be configured with automatic updates feature enabled. The platform will include an internal proxy server, devoted for updates for machines intentionally disconnected from Internet, but the same proxy server will serve also other machines as an update performance booster. By principle, we will not perform any operations inside the Tenant’s Virtual Machines after their provisioning.
Therefore, users will be responsible for maintaining and patching the guest system and applications after provisioning of the machine. On request we will provide technical assistance for users willing to perform major upgrades of their systems, migrate their machines to different operation system, or request similar assistance
Provisioning
Upgraded operating software images will be available in the platform image service (Glance)
Billing
Image software security upgrades are free of charge.