fujitsu cloud iaas trusted public s5 service catalog · fujitsu cloud iaas trusted public s5...

v2.9 All Rights Reserved, Copyright FUJITSU LIMITED 2015

FUJITSU Cloud IaaS Trusted Public S5

Service Catalog

November, 2015

FUJITSU LIMITEDNOTE: This presentation is only a summary and does not constitute a legal contract.

Please see the terms and conditions of your services contracts for the controlling language.

2 v2.9 All Rights Reserved, Copyright FUJITSU LIMITED 2015

Service Outline


Service Outline

Create virtual systems of variable scale depending on user’s requirements. Load balancer and firewall are available for the virtual system. Users can login as the administrator of the virtual machine OS and have no restriction to

install any type of software or develop applications.

FUJITSU Cloud IaaS Trusted Public S5 (here after called "S5”)

creates and provides a private virtual system environment for users

within the large scale resources of Fujitsu data center (DC) by

using

virtualization technology.

Resource pool

Virtual system

Private virtual system is allocated from resource pool.

FUJITSU DC

Users


5 Features

Speedy

Just select the system configuration that best meets

your purpose of use from the System Template Library.

Provides an environment that is already protected against

threats coming from the Internet. (DMZ, Firewall)

Self-service

Easily create and customize

servers/storages from the Service Portal.

It is also possible to monitor operation status, start/stop virtual

machines (VMs) and back-up/restore, all from the Service Portal.

Scalable

Create, delete, increase or decrease servers/storages

on the spot, whenever needed.

Hourly-based charge system for efficient usage.

Data protection by redundancy, performance assurance

of VM resources (CPU/Memory), and VPN connection.Secure

StandardizationJoined the leadership board of the DMTF Open Cloud

Standards Incubator, and endeavors for Cloud

standardization.


Speedy

Simplify infrastructure creation by using system templates.

Provides a variety of templates which can set VMs separated on

multiple segments.

Easy to add extra VMs to the template.

Additional resources

1. Select

3. Deploy

Windows

ServerCentOS

Server

Virtual System

2. Customize

System Template Library

System templates

WEB

Server

WEB

Server

DB

Server

CentOS

Server

DM

Z

Secur

e

VMs

User Private Environment


Scalable

It is possible to increase/decrease

the number of load-balanced VMs,

corresponding to online-business

peak hours. Can be used as temporary

development/test environment.

Start with small scale. Add more disks to meet data

volume, whenever necessary. Easily increase or decrease disk

capacity.

Start with minimal initial investment. Scale up VM performance,

corresponding to business growth.

* Additional costs for OS and Software

licensing, typically per month billing

Start using VMs within one hour after system deployment.

Pay as you go. (*)

Flexibly scale out/up at any time.

User Business

peak hourNormal hour

Increase Decrease

Business scale

expansion

Initial Operation Performance reinforcement

Initial Operation Data reinforcement

Normal hour

Setting

Setting

User

User

SettingIncrease Increase


DesignStudio

Self-service

Select and customize system templates. Resource setup:

Deploy or delete VMs

Add/remove or attach/detach additional

disks

Systems operations can be executed from a web browser.

Select a template and easily deploy a system with

"DesignStudio".

Operate or check the system status with "System Manager".

System Manager

Operate VMs (start/stop/restart/backup/restore). Specify Firewall/Load Balancer. Update firmware. Verify VM status (“Running”, “Stopped”,

“Deploying”…) Notice about trouble occurrence (information about

fail-over, etc.). Create VM images and system templates. Performance monitor (CPU, disk, network, etc.).


Complete redundancy of components, equipment and networks.

Server

Redundant

underfloor LAN

wiring-network

Stocks of spare

components for

maintenance

Storage

Secure

High-availability by system redundancy and fail-over feature.

Performance assurance of VM resources (CPU/Memory).

Secure connection with VMs by SSL-VPN connection.

Secure access to VMs by

SSL-VPN connection

Automatic fail-over in

case of hardware

malfunction

SSL-VPN

Redundant network

devices (switch,

router)

Redundant disk

Mirroring between

cabinets

Redundant storage

VMRedundant power

supply

SSL-VPN

VM

VM


Approach in DMTF

Standardization

Joined leadership board of the DMTF Open Cloud Standards

and is engaged with Cloud standardization

Fujitsu Submit Cloud API specification to DMTF

Fujitsu Cloud API

DMTF (Distributed Management Task Force):

International standardization group about operation management and virtualization

technology

Fujitsu have been elected as a promotional leader.

DMTF Star Award

Jacques Durand, who works for Fujitsu America Inc., was recognized for his continuous contributions to Cloud standardization and was awarded the “DMTF Star Award”.

We provide the Fujitsu Cloud API for programmatically controlling virtual systems.

Users can operate virtual machines automatically (start, stop, backup, etc.).

S5

user SoftwareAPI calls can be scripted to

automate regular tasks such

as:

EX) - Stop virtual machines

- Backup data

- Reboot virtual machines

Cloud API

WEB

Server

WEB

Server

DB

Server

CentOS

Server

DM

Z

Se

cu

r

e

Virtual System


Service Usage Flow1. Select a template at the Service Portal.

2. Deploy the selected template as a virtual system.

3. Connect via SSL-VPN, log-in to VMs and build applications.

4. Set the firewall, then make services available via Internet/private

network.

Virtual system

user

System Template Library

Deployed system can obtain the Internet connection,

VPN, and the Intranet connection easily.

Firewall/NAT (Network Address

Translation)

1. Select template

2. Deployment

3. Connect via

SSL-VPN, log-in to

VM.

4. Set the firewall,

then connect to the

Internet or Intranet

Access via the

Internet

Patches of System template

are

updated regularly.

Single

Web

Server

Web Server x3

+ AP/DB Server

x1

+ Interior FW/LB

+ Additional disk

Web Server x3

+ AP Server x2

+ DB Server x1

+ etc..

Internet/Intranet

Service

Portal


Service Details


Service Menu Outline

Category Menu Description

Network

Virtual Subnet Provides private IP address.

This enables communication between VMs inside the system template.

Firewall Provides Firewall for controlling the communication with the Internet

and between virtual subnets.

Features such as session log display, rules import/export, setup for

DNAT/SNAPT and Static NAT are also provided.

Load Balancer Network traffic to a private IP address are dispersed among multiple

registered VMs.

It also provides a packet capture log feature.

NAT (Network Address

Translation)

Provides NAT function for global IP address communication.

Update Servers Provides access to WSUS server for Windows update, yum repository

server for CentOS update, and RHUI server for RHEL update. (*1)

Monitor

Hardware monitoring Monitors hardware looking for malfunctions.

If a malfunction is detected, it automatically restarts VMs at a different

server and notifies users by e-mail.

VM Health Checking Monitors the running status of the VM.

Service

Portal

Design Studio Select the system template, deploy and change the settings.

System Manager Operate and confirm the status of the system.

Server Console Verify and solve troubles, such as OS startup latency due to fsck,

using a web-based console.*1 : In order to use the update server, it is necessary for the virtual system to have access to the internet.


Network Layer Types

Subnet Firewall-controllable traffic Conceptual diagram

1 Tier • Internet <----> DMZ

2 Tier• Internet <---> DMZ

• DMZ <---> Secure 1

3 Tier

• Internet<--->DMZ

• DMZ<--->Secure 1

• DMZ<--->Secure 2

• Secure 1<--->Secure 2

Firewall is provided by default.

One firewall can control the traffic between the Internet and also between Intranets.

DM

Z

DMZ

Secure 1

Secure 2

DMZ

Secure 1


Monitoring

Types Description

Hardware Monitoring

Virtual Machine

Monitoring

Virtual Machines are automatically rebooted when transferred.

Notification e-mails are sent to users when the transfer starts and when it finishes.

Transfer the VMs to an operational physical server

Monitor the physical servers for malfunctions.

If a physical server goes down because of a

failure, the VMs running on that server are

transferred to another operational server.

Transfer the VMs to an operational physical server

If any trouble occurs on the Virtual Machine

due to an abnormality on the hypervisor or the

physical server, VMs running on that

hypervisor or physical server are transferred

to a normally operating physical server.

VM

Hypervisor

VM VM

OS OS OS

Physical

Server

VM

Hypervisor

VM VM

OS OS OS

Physical

Server

Failure

Abnormality


VM Type (1)

TypeCPU Performance index

*1Number of virtual CPU *2 Memory (GB)

Mini 0.5 1 1.7

Economy 1 1 1.7

Standard 2 1 3.4

Standard 7 2 1 7.5

Standard 15 2 1 15

Standard 30 2 1 30

Advanced 3 4 1 3.4

Advanced 4 1 7.5

Advanced 15 4 1 15

Advanced 30 4 1 30

High-performance 3 8 2 3.4

High-performance 7 8 2 7.5

High-performance 8 2 15

Double High 7 16 4 7.5

Double High 15 16 4 15

Double High (*3) 16 4 30

Quad High15 (*3) (*4) 32 8 15

Quad High30 (*3) (*4) 32 8 30

Quad High (*3) (*4) 32 8 60

*1: Appropriately Xeon 1.0GHz (in 2007) per CPU Performance index 1.

*2: Number of virtual CPUs could be varied in future requirements. Since CPU resource is statically assigned to

each VM, VM usage does not affect other VM’s performance.

*3: This VM type cannot be applied with “Red Hat Enterprise Linux 5.x(32bit)”, “Red Hat Enterprise Linux

6.x(32bit)”, “CentOS 5.x(32bit)” and “CentOS 6.x(32bit)” due to non-assurance of sufficient memory.

*4: This VM type is available for Japan(East/West), Europe-Germany and Europe-UK(London East/North).


VM Type (2)

DiskCapacity of

CentOS / Ubuntu

Capacity of

Windows Server 2003 / RHEL

Capacity of

Windows Server 2008 /

2012

System Disk 10 GB 40 GB 180 GB

OS is installed in the system disk. The space requirement varies by OS. (The capacity above is the total, including the

OS.)

System disk will be deleted when VM is deleted.

For saving data, use the additional disk service provided.


VM Type (2)

Installed OS Version

WindowsWindows Server

(*1)

Windows Server 2008 R2 SP1 SE 64bit English Processor

License

Windows Server 2008 R2 SP1 EE 64bit English Processor

License

Windows Server 2012 SE 64bit English Processor License

Windows Server 2012 R2 SE 64bit English Processor

License

Linux

Red Hat Enterprise

Linux

Red Hat Enterprise Linux 5.7 32/64bit (English)





CentOS

CentOS 5.6 32/64bit (English)






Ubuntu Ubuntu Server 14 LTS 64bit (English)

OS is provided as pre-installed in the VM.

(*1) Microsoft software is provided with SPLA license. Note that there may be usage


System Template Service

Service Menu Description

System Template

Service

• Provides templates to create multi-layer subnet systems with only a few

clicks.

• OS and middleware are included and basic network settings are configured

by default.

• Access to the system from the Internet requires firewall settings.

• Communication between VMs of different layers also goes through the

firewall.

Example of a 3 Tier system template.• Users can deploy a 3 Tier system as the diagram below.

• Users can select from a wide variety of system templates.

Templates OS/software

Web/DB CentOS [5.4/32bit/2-tier] CentOS5.6 32bit

Web/DB Windows [2003 SE/SP2/2-

tier]

Windows2003 R2 SE 32bit

SQL Server 2008 SE

Web/DB Windows [2008 R2 SE/2-tier]

Windows Server 2008 R2 SE

64bit

SQL Server 2008 SE

Examples of templates

WE

B

WE

B

WE

B

AP AP

DB

DMZ

Secure 1

Secure 2


Middleware Service


Middleware Service

Microsoft SQL Server 2008 R2 SE

Microsoft SQL Server 2012 SE

Microsoft SQL Server 2014 SE

Provides system templates with middleware included.

VMs are also provided with pre-installed middleware.


Network Service (1)


Internet Connection

Feature

Provides Internet connection environment for VMs.

Also provides the environment for SSL-VPN connection via Internet to the S5’s

virtual system.(*1)

IPsec VPN Service

All virtual Systems on S5 can easily establish IPsec VPN connection with other

environments via virtual VPN gateway.

Mobile internet VPN and Hub & Spoke functionalities are also provided.

IPsec VPN Service

All virtual systems on S5 contract can establish IPsec VPN connection with

other environments via virtual VPN gateway.

VPN environment can be easily set up.

DC Internal Connection

Service

Provides Fujitsu DC internal connection for users, connecting systems that are

operating inside the DC with S5 systems.

Global IP Address

ServiceProvides up to 10 global IP addresses to access from the Internet.

Multiple NIC ServiceAllows the allocation of up to 7 additional NICs per virtual machine (including

the default NIC, a maximum of 8 NICs can be installed)

*1 : Internet / Intranet connection settings can be changed after deployment.


Network Service (2)


Firewall Service

Controls the network traffic between virtual systems, or between the external

network and the virtual system.

The firewall can be cloned for redundancy.

Throughput performance is as follows. (*1)

Normal 8 to 183 Mbps

Turbo 75 to 350 Mbps

Load-balancing Service

Provides internal/external load-balancing system.

Features for maintaining a session (including SSL), and for displaying an "Error

page" are also available.

The load-balancer can be cloned for redundancy.

Efficiency of SSL is as follows. (*1)

Normal Max. 30TPS [1024bit key length] Max. 10TPS [2048bit

key length]

Turbo Max. 2000TPS [1024bit key length] Max. 700TPS [2048bit

key length]

*1 : These values were measured using the Fujitsu evaluation environment and will vary based on user

architecture and workload. Actual speed cannot therefore be guaranteed.


Internet Connection Feature

No need for users to prepare their own internet connection line. Translate global IP address into private IP address via firewall configuration.

Provides the environment for connecting VMs to the Internet.

Connect to the internet by simply configuring the firewall.

Provides SSL-VPN connection to VMs.

User

(operator)

Global

IP addressAddress

Translation

Feature overview

Virtual system

Configure firewall

using Service Portal.

Quickly set up an

Internet connection

Service Portal

G1

G2

G3

Private

IP address

P1

P2

P3


Virtual Platform Environment Virtual Platform Environment

Virtual Platform Environment

IPsec VPN Service(1)

IPsec VPN connections between S5 virtual systems and other

environments are established through an IPsec VPN gateway

server.

Easily set up a VPN environment.

IPsec connection between on-premise environment and S5

IPsec connection between S5 regions

S5

S5

VPN

Gateway

S5

VPN

Gateway

Note: On the user’s on-premise environment side, the user needs to set up a VPN gateway.

Region-A Region-B

IPsec VPN

IPsec VPN

On-premise environment

VPN

Gateway

VPN

Gateway

Note: In this case, user does not need to set up a VPN gateway.


IPsecVPN Gateway SettingsSetting Item Value Complement

ID IPsecVPN gateway unique ID Up to 10 opposite gateways can be set

Destination Gateway Global IP

Address

Global IP address of the opposite

IPsecVPN gateway

Authentication Key (PSK) Any alphanumeric charactersShould be the same as the opposite IPsecVPN gateway and client

device

Ping Monitoring DestinationPrivate IP address of the opposite

IPsecVPN gateway

After established the IPsecVPN tunnel, it monitors the opposite

IPsecVPN gateway by Ping.

Encryption Suite Cipher Suite A／Cipher Suite B

・Should be the same as the opposite IPsecVPN gateway

・Do not set when using Mobile Internet VPN

<Reference for setting>

Encryption strength: Cipher Suite A < Cipher Suite B

Encryption process efficiency: Cipher Suite A ＞ Cipher Suite B

Hub & Spoke On / Off

Mobile Internet VPN

(L2TP/IPsecVPN)On / Off

When “On”, user needs to set the following items:

-User ID

-Password

-Target virtual system for VPN access

-Timeout

The transmission speed was measured between Japan East and West regions using a 64KB packet.

・Result: 35.5Mbps - 291.0Mbps *Depends on the network (Internet) conditions.

IPsecVPN Gateway Performance




Specification

IPsec VPN connection is possible only with the global IP addresses that were set at the VPN gateway.

Usage fee of Internet and IP address are not charged for IPsec VPN.

The below listed VPN gateway devices have been confirmed to be operable.

•Cisco 892J(IOS:12.4 or later)•Cisco 1812J(IOS:12.4 or later)•Cisco ISR 2811(IOS:12.4 or later)•Cisco ISR 3811(IOS:12.4 or later)•IPCOM EX2300 IN(E20L21 or later)•Si-R220C(V35 or later)•Si-R G200(V1 or later)•Si-R220C(up to V34) *1•Si-R220B *1•Si-R80Brin *1

*1: Note that for these devices, when a NAT device is configured between VPN

gateways, IPsec VPN connection will NOT work.

Each virtual IPsec VPN gateway can connect simultaneously to a maximum of 10 opposite gateways or 2,000 client terminals.


IPsec VPN Service(4) – Mobile Internet VPN

Client devicesTarget VSYS can

be specified

User’s Contract Organization

S5

IP Address: 64.1.1.10



⇒ Private IP address for L2TP

192.168.1.1


192.168.2.1


192.168.3.1

User ID

Password

PSK

Settings Example (iPhone)・No application is needed.

Easily connect by using the device’s

default VPN settings.

・In order to use L2TP,

each device gets a private IP address

from S5.

・Authentication method can be selected

from the client side（MS-CHAP-V2, CHAP, PAP）

IPsecVPN connection is possible with Windows, iOS, Mac OS and Android

devices No need to install applications on the client device. Just setup the default VPN

settings of the OS (User information, destination address, etc.)

Usage image for Mobile Internet VPN

IPsecVPN GW

Virtual System A

Virtual System B

Virtual System C


Client OS Version Support

Windows

Vista(32bit/64bit)Yes

(SP1, SP2)

7(32bit/64bit)Yes

(Up to SP1)

8(32bit/64bit) Yes

8.1 Yes

iOS 5.x/6.x/7.x Yes

Android 2.x/3.x/4.x Yes

Mac OS X 10.7/10.8/10.9 Yes

Supported OS for Client Device

(*1) Windows Server and Linux are not supported

(*2) Using EAP (extendible authentication protocol) certificate for user authentication is not supported.

(*3) Using certificates for connection authentication is not supported.

(*4) The user ID and password of the client device must be set at the S5 IPsecVPN gateway beforehand.

Use Case Examples・Connecting to S5 systems securely from the user’s office without a VPN gateway.

・Connecting to S5 systems securely with mobile devices outside of the office.

・Service provider can offer mobile solution services on S5

IPsec VPN Service(5) – Mobile Internet VPN


Client Terminal

Virtual System A

L2TP/IPsecVPN192.168.3.0/24

192.168.4.0/24

192.168.5.0/24

User’s Contract Organization

Virtual System B

Virtual System C

S5IP Address: 64.1.3.11

⇒Private IP address for L2TP connection

192.168.3.1

Network Address:

64.1.1.0/24

IPsecVPN GW

Network Address:

64.1.3.0/24

IPsecVPN GW

VPN connection between

on-premise terminals

are possible via S5

IPsec VPN Service(6) – Hub & Spoke

・Easily creating a network between user’s branch offices via the Internet.

・Connecting to user’s office securely from mobile devices.

・Easily configuring a hybrid cloud environment between the user’s S5 system and on-premise environments.

Through the IPsecVPN gateway, it is possible to connect a client terminal with

another terminal or mobile device by VPN

Use Case Examples

Hub & Spoke Usage Image

IPsecVPN GW


DC Internal Connection Service

Hybrid infrastructures can be created by establishing connection

between S5 virtual systems and users’ systems that are hosted

inside Fujitsu DC.

Image of DC internal connection service

User system inside Fujitsu DC

Virtual System

Fujitsu DC internal network


Firewall Service

(*1) These values were measured using the Fujitsu evaluation environment and will vary based on user architecture and workload. Actual speed

cannot therefore be guaranteed.

Item Firewall (Primary) Firewall (Secondary) Notes

Throughput

Performance (*1)

Normal 8～183Mbps

Turbo 75～350Mbps

Start/Stop Operation ON/OFF ON/OFFIndependent start/stop

possible

Fe

atu

re

NAT Settings DNAT / SNAPT, Static NAT

Settings unnecessary

(Automatically Updated)

Firewall Settings Rules Settings

DNS Settings

One of following :

• Do not use

• Standard DNS

• Custom DNS Settings

Log DisplayLatest 1000 items can be

viewed/ exported

Latest 1000 items can be

viewed/ exported

Primary/Secondary log can

be viewed/exported

separately

Configuration ManagementFirewall Settings’ Backup/

Restore Settings unnecessary

(Automatically Updated)VPN Environment Settings Static Route Settings

IDS / IPS Settings

Action settings

to detect intrusion

• Detect(IDS) mode

• Protect(IPS) mode

Settings unnecessary


Manage communications between virtual systems or between the virtual system and the

outside network

DNAT/SNAPT/Static NAT setup available

Import/Export many firewall rules at the same time

Up to 800 firewall rules can be set


Firewall Redundancy Service

【Important Notice】

1. Firewall redundancy cannot be set up

when creating a new system. After

deploying a firewall, change the setup to

make it redundant. Additionally, the

firewall (primary) must be active when

doing so.

2. Equally, the primary firewall must be

running in order to end redundancy.

3. The firewall needs to be restarted in order

to start/end redundancy.

Automated switchover to secondary firewall within 10-20 second following

failure of primary.

Updating or changing type (e.g. normal to turbo) only takes a few seconds

offline.

Switching between primary and secondary can also controlled via the API.

Primary firewall settings such as global IP address and private IP address can

be automatically shared with the secondary firewall.

Firewall Redundancy Service Features

(1) Auto-switch on incidents

(2) Manual switch available

Primary Secondar

y

Primary

ON/OFF

Secondar

y

ON/OFF

WEB WEB

AP

BP

DMZ

SECURE

1

WEB

SECUR

E 2


Continuous Service

Maintain Session

Monitoring and Automatic re-routing Following Failure

Load Balance Service (1)

Rule Based Load Balancing

Provides load-balancing across VMs.

Features: maintain session, monitor for failure, continuous service.

New “High-performance Turbo Load Balancer” which is more efficient than the

previous load balancer.

Monitor

server’s health.

Disconnect from

load balancer

when a

malfunction Is

detected.

Disconnect

from load

balancer

manually for

maintenance.

Reconnect to

load Balancer

after finishing

maintenance.

Disperse

requests

according to

balancing rulesWithout

session

preservation

With

session

preservation

error Maintenance Online

Requests may be

dispersed to different

servers, causing the

replies to be inconsistent.

Requests from the same

user will be sent to the

same server so that

inconsistency does not

occur.


Load Balance Service (2)

(*1) These values were measured using the Fujitsu evaluation environment and will vary based on user architecture and

workload. Actual speed cannot therefore be guaranteed.

ItemLoad Balancer

(Primary)

Load Balancer

(Secondary)Notes

SSL TPS

performance (*1)

NormalMax 30TPS [1024bit key length]

Max 10TPS [2048bit key length]

TurboMax 2000TPS [1024bit key length]

Max 700TPS [2048bit key length]

Start/Stop Operation ON/OFF ON/OFFIndependent start/stop

is possible

Fe

atu

re

SLB Settings

Web accelerator settings, add group,

Sorry page settings, certificate

registration

Settings Unavailable


Load Balance

Situation

Display/Clear statistics , transfer to

maintenance modeInspection Available

Error Situation Display/Clear statistics

Certificate

Management

Server certificate/Intermediary

certificate registration/delete



Configuration.

ManagementSettings backup/restore



Packet Capture LogLog output

Output download/delete




Load Balancer Redundancy Service

【Important Notice】

1. Load balancer redundancy cannot be set up when

creating a new system. After deploying a load

balancer, change it's setup to make it redundant.

Additionally, the load balancer (primary) must be

active when doing so.

2. Equally, the primary load balancer must be running

in order to end redundancy.

3. The load balancer needs to be restarted in order to

start/end redundancy.

4. VMs and load balancers are included in the system

deployment limit of 20 machines.

Automated switchover to secondary load balancer within 10-20 second following failure

of primary.

Updating only takes a few seconds offline

Switching between primary and secondary can be controlled via the API or My Portal.

Primary load balancer settings such as global IP address and private IP address can be

automatically shared with the secondary load balancer.

Load Balancer Redundancy Service Features

(1) Auto-switch on incidents

(2) Manual switch available

WEB WEB WEB

Secondary

Before Incident：

After Incident：

Primary

ON/OFF

Secondary

ON/OFF

Primary

WEBWEB WEB

AP DB

DMZ

DMZ

SECURE1


Multiple NICs Service (1)

* NIC (Network Interface Card) is an extension card to connect to the LAN (Local Area Network)

Allows the allocation of up to 7 additional NICs per virtual machine

(Including the default NIC, a maximum of 8 NICs can be installed)

VMs can be connected to different network segments by adding NICs.

Flexible and efficient network topologies can be implemented utilizing

multiple NICs.

Example of Multiple NICs Service Usage

Business Purpose Transmission :

Monitoring Purpose Transmission :

WEB1 WEB2

DB

Monitoring Server

DMZ

SECURE

1

SECURE

2


Multiple NICs Service (2)

Multiple NICs can only be added when creating a new virtual machine. It is not possible to add NICs to a virtual machine

that is already deployed. When connecting a Secure segment and a DMZ segment, please ensure that appropriate firewall rules are implemented,

ideally with “point to point” specific rules.

[Security Guidance]

Always configure the firewall to permit authorized, ideally point-to-point traffic flow between segments and VM’s.

This is especially important when configuring external connectivity to/from the internet.

1. It is not recommended to set NAT to the Virtual Machine and enable connection from the Internet.

2. It is not recommended to set routing configuration on the Virtual machine between DMZ and Secure segment.

Important Notice

Security Notification of Multiple NICs

Precaution 1:

Precaution 2:

WEB

DB

DMZ

SECURE1

Routing

NAT


Storage Service (1)


Additional Disk Service

10GB to 10TB capacity per additional disk

(data is encrypted when written on a physical disk).

It is possible to add more disks or switch connection to different VM’s

when needed.

Scale out / Switch connection to another VM.

Although disk size can be increased up to a maximum of 10TB per additional disk, please note the following

restrictions:• Red Hat Enterprise Linux 5.x 32bit/64bit: support up to 8TB • Red Hat Enterprise Linux 6.x 32bit/64bit: support up to 10TB

Attach/detach

Re-attach to

another VM

Add a disk when

needed

Additional Disk

Service

. . .

Example:

Re-attach the disk to a higher performance server

to easily transfer data.

Disk stand-by areaReserved area for disconnected disks.

DMZ

SECURE

1

SECURE

2

Restrictions


Storage Service (2)


System Backup

Storage Service Provides a disk for system or data backup. (*1)

Backup VM system or additional disk by copying the entire disk. (*2)

This service is available when you execute the backup operation from the Service

Portal. It is possible to generate multiple generation backup files. (*3)Data Backup

Storage Service

System Snapshot

Storage Service Provides a disk for system or additional disk snapshot.

Take snapshot without stopping the VM.

Restoring time is reduced compared to Backup Service.(*4)Data Snapshot

Storage Service

*1 : : To use this service, the VM needs to be shut down. However, it is possible to restart it 1 or 2 minutes later.

*2 : Backup files can only be restored to original volume.

Backup files are deleted automatically when original volume is deleted.

*3 : A new backup disk is created for each backup operation. Backup managing (e.g. deleting) should be done by the user.

*4 : To restore a snapshot, the VM needs to be stopped.

When the restore operation is completed, the snapshot data is deleted.


Storage Service (3)


Virtual Machine Image Storage Service

Provides storage disk for saving user-created VM images and system templates.

It is possible to extract a deployed VM or system image and create an user customized template. *1

Service charging starts from the time that the user executes "create image" at the Service Portal.

Images and templates can be used for scaling-out or for cloning a virtual system.

Create Template *2It is possible to create a system image from a deployed virtual system and use it to clone that virtual system.

Create Image *2It is possible to create a VM master image from a deployed virtual machine and use it to clone that VM.

*1: The master image remains even if the VM is deleted.

*2: To use this service, the VM needs to be shut down. However, it is possible to restart it 1 or 2 minutes later.

Virtual Machine Image Storage

Create

System

Template

Create new

virtual

system

Create

VM

master

image

Scale out


Software Support Change (1)

No. Change patternApplied charge for the month

Restriction after changing

1 Support not included to Support included

The higher support charge is

applied(*2)

User cannot change the software

support to “Support not included”

for 180 days.

2

Support included

(Weekday 8:30-

19:30)

toSupport included

(24 hours 365 days) None

3Support included

(24 hours 365 days)to

Support included

(Weekday 8:30-19:30)None

4 Support included to Support not included None

*1:

- This function is only available for virtual machines that have multiple software support options. Please refer to the “OS

Environment Usage Charges” section of the “Service Charges” menu available on the Portal.

*2:

- If the VM is never started after user changed to higher support level until the end of that billing month, the cheaper support

charge is applied. If it is stopped during the whole billing month, there is no charge for the OS and middleware software,

including the support.

It is possible to disable or enable the Software Support without

rebuilding the virtual machine(*1) .

When the software support is changed, the more expensive plan will

be charged for that month’s billing.


Software Support Change (2)

When creating a new VM with “Support included” or when changing from “Support not

included” to “Support included”, it is not possible to change to “Support not included” for

180 days, including the day of application.

After creating a new VM with support or adding support to an existing VM, a maximum of

5 business days are required before support is available.

Restrictions and Important Notes

Time

Support

level

Support

not included

24 hours 365 days

support

Weekday

8:00-19:00

Support

not included

Weekday

8:00-19:00

“Support not included” is

unavailable for 180 days

Change

Change

Change Change

[Possible to change]

Support included (24 hours 365 days) to

Weekday 8:00-19:00 support

[Possible to change]

From “Support not included”

to “Support included”


User Community Outline

https://cloudcommunity.global.fujitsu.com/en/

Open to the public and accessible via the internet

Provides development tools for S5 API

FAQ, documentation and forums enable users to resolve many issues and

queries – and to share their own tips and workarounds

https://cloudcommunity.global.fujitsu.com/en/


Service Portal


Service Portal Outline

Service Portal Top Page

Menu List

Login

New Account

Notices /

Maintenance Info

Cloud Resource Management

Secure, authenticated client access

Available functionality (after login):• Easy system design via Design Studio

• Service Dashboard to monitor system status

• Administrative functions (ID/certificate management)


After Login (My Portal)

Screen after login

Menu List

Minimized

Windows

Start-up

Window

Notice

Window

Easy to use, intuitive User Interface


Design Studio

System template selection.

VM addition, removal, spec change.

Addition, removal and reconfiguration of firewalls, etc.

Addition, configuration and removal of optional services.

VM addition, removal and spec change.

Addition, removal and reconfiguration of firewalls, etc.

Addition, configuration and removal of optional services.

System Initial Deployment Configuration of Running Systems

Create, amend and delete Virtual System, Virtual Machine, Firewall

configurations

Easy to use graphical UI

Cumulative Monthly Cost is calculated as resources are added or

removed

• Useful as a “sandbox” for developing architectures and assessing

associated costs – before committing to deployment


Building a New System - Flow

Deployment process Confirm and start system deployment.

Step1

• Search for & Select the Virtual system template

– 1, 2 or 3-Tier

Step2

• Name the virtual system template

• Select connection type (Internet/private network)

Step3

• Create/delete/modify VMs

• Add/remove/modify optional services

Step4

• Confirm estimation

• Save the estimation

Step5

• Gain approval for deployment

• Accept the service agreement


Building a New System (Step 1 & 2)

Virtual system Template Search & Selection

Refine by keyword and approximate cost

Network Connectivity Selection

Step 2: Specify network environment

Step 1: Virtual System Template Selection

Template Search

Template List

Template Details

System Name Input

Network Type Selection


Building a New System (Step 3 & 4)

Drag & drop inside the system outline

diagram to add a new appliance.

Change the VM spec or copy/delete a VM

deletion are possible.

System Build/Customize

Estimate Confirmation

The estimate generated is based on a

maximum monthly uptime of 744 hours. The

estimate can be saved for approvals and, once

approved, used to reconfigure or deploy the

system.

Step 3: Architect the virtual system design

System Outline Diagram

Virtual System Details

Available Appliance List (VM, storage, etc.)

Step 4: Confirm estimate

Estimation Results


Building a New System (Step 5 - Start Deployment)

Customer acceptance of service contract terms and conditions

Step 5: Agree to service usage contract

Service Usage Contract

Ready to start deployment.


System Manager

Check the VM status (Running / Stopped / Deploying, etc.)

Verify the malfunction occurrence state (information about Fail-over).

Confirm the resource usage state (CPU performance index, disk space).

Operate VMs (Start / Stop / Reboot / Backup / Restore).

Configure Firewalls and Load Balancers, update the firmware.

Create VM Images and System Templates.

Running Status Display Resource Operations

Service Dashboard for checking the system status.

Administrative functionalities for management of virtual

systems and VMs


System Manager – Virtual System

Overview

System Summary (Composition View)

System Details

Log-in to OS,

Change system

composition, Return

machine

System Summary

Operation Buttons

List of VMs on the Selected System


System Manager - Virtual Machines

VM Summary Page

Displays VM information:

- VM status

- VM name

- IP address

- Backup/restore status

- Number of backups

etc.

Backup Screen

Summary of stored backup data

Start backup

Start restore

Delete backup data

Operation Buttons

VM Summary List

Backup Data List

Backup History

Operation Buttons

VM start/shutdown


System Replica Distribution

[Restriction]

- FW/SLB settings cannot be copied in this function.

- Private IP address and Global IP address will change.

- Cannot use this function between different regions.

- Please do not infringe or violate the intellectual property right of others.

With the System Replica Distribution function, users may copy configured virtual systems,

virtual machines and attached additional disks, and then deploy those copied resources

to another contract ID’s system

It is also possible to copy user data from one additional disk to another one in the same

contract ID system

Use Case

With old contract ID's system(*1), the user cannot use high

performance type of VM. However, by copying the current system to a

new contract ID's system(*2), the user can user high performance type

of VM.

*1: Contract ID applied on before July 11, 2012

*2: Contract ID applied on after July 12, 2012

User can

migrate

whole

system easily.

Service Provider Capabilities

business

system

business

system

B

C

Contract ID: A

DMZ

Secure

DMZ

Secure

Old contract ID's

system

Unable to use high

performance VM

DMZ

SECURE1

New contract

ID‘s system

Able to use high

performance VM

DMZ

SECURE1

business

systemA

Contract ID: B

DMZ

Secure

business

systemX

Contract ID: C

DMZ

Secure

business

systemY

Contract ID: D

DMZ

Secure

Copy

whole

virtual

system

Copy VMs

only

Copy only

user data

in additional

disk

business

systemA

DMZ

Secure


Multiple private IP addresses

Private IP address (DHCP)Private IP address

(Manual setting)Multiple NIC Service

Segment Same as VM Same as VM Can connect to other segments

NIC Only 1 (default) Only 1 (default) Up to 7 additional NICs

Private IP address range

setting between each

segment

• Users set the range of private IP address manually on the service portal.

[Addressing private IP address range]

Class A：10.0.0.0～10.255.255.255

Class B：172.16.0.0～172.21.255.255

Class C：192.168.0.0～192.168.255.255

*In the above address range, the range “10.128.0.0/16” is not available.

Private IP address

configuration

to a VM

Private IP address (DHCP) is

allocated automatically from the

network address range (24bit

mask) allocated to each segment.

In the network address range

from “xxx.xxx.xxx.151/24” to

“xxx.xxx.xxx.200/24”, user can

set static IP address manually.

Private IP address (DHCP) is

allocated automatically from

the network address range

(24bit mask) allocated to each

segment.

Firew

all

Rule setting Available Available Available

NAT setting Available Available Available

SLB load balancing

settingsAvailable Unavailable Available

Private IP address display

on the service portalAvailable Unavailable Available

Assign multiple IP addresses to a VM.

Static IP addresses can be added in addition to the

automatically allocated private IP address.

Enables multi-Domain configuration of VM.


VPN Connection Environment Setting

Setting Internet VPN environment using static route function (Example) :

It is possible to connect Secure1 and Secure 2 network with servers on the user’s LAN by VPN connection.

Static routes can be configured within the virtual system’s Firewall settings

Users can construct the Internet VPN environment on the S5 using VPN

software (e.g. OpenVPN) and the static route setting at Firewall.

Enables easy configuration of Internet VPN connectivity

S5

VM VM

VM2VM1 VM3

VM5VM4 VM6

User on-premises environment

User LAN “A”

User LAN “B”

Installed OpenVPN

VPN

VPN

VPN

VPN

Installed OpenVPN Clients

DMZ

Secure1

Secure2

VM0


Server Console

Service Specification

• Usage fee: Free

• Supported OS: Windows7(32/64bit), Windows8(32/64bit), Windows8.1(32/64bit)

• Supported Browser: Internet Explorer 10 / 11, Firefox ESR24

• 1VM connection per one contract user

• Session time limit: 30 min

• Supported keyboard: en-us type

(1) Select target VM

(2) Click ‘Console’ button

(3) ‘Server Console’ screen will appear

Provides Command Line administration functionality

Enables administration when VM connectivity has been lost; e.g. no SSH or

RDP


VM Import Service (1)

*For the detailed procedure from(1)to (7), refer to the next slide.

The VM Import service allows the VMware format VM image created in the vSphere and

Resource Orchestrator (ROR) environments to be imported directly from the Service

Portal.

Provides:• VM import functionality from legacy or 3rd party environments

• Ease of migration for ad-hoc or multiple moves as part of User transition

• Enhances Business Continuity options by enabling the creation of “standby” VM images

Flow of VM Import Service

(1) Prepare VM image

(2) Prepare

additional disk

(3) Transfer VM image

to additional disk

User

S5

SSL-VPN

Client machine

(4) Start “VM Import”

(5) Importing

(6) Import Completed

(7) Create VM from

private image



No. Implementation items Contents Charge

(1) Prepare VM imagePrepare a VM image of vmdk format on user

environment.-

(2) Prepare additional diskCreate VM on the Service Portal of S5

and mount an additional disk.-

(3)Transfer VM image

to additional diskTransfer the image file (vmdk) to additional disk. -

(4) Start “VM Import”Unmont the additional disk, click on “VM Import”, insert the

necessary information about the image and start importing.-

(5) Importing Import progress can be checked at “Image Manager”. -

(6) Import Completed

When the import is successfully completed, the completion

date is shown at “Image Manager” and a message is

displayed on the Event Log.

“Image Storage Service” is charged

accordingly to the image size.

(7)Create VM from private image Create VM from the registered VM image

(private image) and start using.

The usual service charges are applied.

Also, other related services (such as OS

License, OS Support) used with the

imported VM image shall also be charged

accordingly.

VM Import Workflow Details



OS Category Importable OS License Certification Image type

Windows

Windows Server 2003 R2 SE 32bit SP2

Obtain license recertification through the

T5 KMS service.

vmdk

Windows Server 2003 R2 EE 32bit SP2

Windows Server 2008 SE 32bit SP2

Windows Server 2008 R2 SE SP1 64bit

Windows Server 2008 R2 EE SP1 64bit

Windows Server 2012 SE 64bit

Windows Server 2012 R2 SE 64bit

CentOS

(*)

CentOS 5.x 32bit

No need of recertification.

CentOS 5.x 64bit

CentOS 6.x 32bit

CentOS 6.x 64bit

UbuntuUbuntu Server 14LTS(64bit)

Ubuntu Server 12LTS(64bit)

The following table identifies which OS can be imported and how to certificate each of them. After importing

the OS, the usual S5 OS charges are applied.

No additional charges are applied for VM import. However, the imported VM image is stored by the

“Image Storage Service”, which is charged accordingly to the size of the image. Also, when a VM is

created from the imported image, charges for the VM, OS and other related services will be charged

accordingly. Inconsistencies between VM specification on the application form and the actual VM may impact the

import and operation of the VM.

Importable OS

Notice

(*) CentOS 6.0 and 6.1 are not importable.



Item VM Image Requirements CentOS / Ubuntu

Hypervisor VMware

Image file type .vmdk

Mandatory driver and tool Before extracting VMware image, install the following files to the target VM image.

VM transfer agent / PV driver / Support tool

VMware tools If there are VMware tools installed, they must be deleted.

Network setting (local area connection) IPv4 DHCP

Number of Network adaptor 1 adaptor

Firewall setting , security software setting Must turn off

Sysprep In case the copy source VM and destination VM needs to be started at the same time, execute Sysprep

before extracting the VM image. Otherwise, Sysprep operation is not needed.

MD5 Check Obtain the image MD5 checksum value and indicate it in the application form.

Hypervisor software for extracting vmdk file ROR V3.1.2 Cloud Edition

ESX/ESXi 5.1 and 5.0

ESX 4.1 and 4.0

ServerView Resource Orchestrator V3.1.2 Cloud

Edition

ESXi 5.0.0

Client 5.0.0

VM disk size User can specify the range between 10GB and 300GB (per 10GB unit).

*Allowed number of hard disk is one.

*Delete floppy drive and CDROM/DVD drive.

VM with snapshot After exporting by using “Export by OVF format” provided by vSphere client,

the integrated vmdk file can be used.

BIOS/UEFI Only BIOS is supported.

Windows OS – Import Requirements and Restrictions


VM Export Service (1)

No. Implementation items Contents Charge

(1)Select VM image

and execute Export

After user selects the VM image that has been

imported or created, set the VM information and

execute Export.

-

(2)

Generate an additional

disk and VM image is put

into the disk

An additional disk is generated automatically on

the target virtual system for the export. And then

the exported image is stored.-

(3)Notification completion When export is complete, the notification is

reported on event log.

In the timing of creating an additional

disk, the charge of the additional disk

environment service is needed.

If the image is not needed, please

delete the additional disk.

(4)

Mount the additional disk

and take the image out

from the disk

Attach the additional disk to the virtual machine

that has been formatted by ext3 like

CentOS/Redhat for taking the exported image out

from the disk.

(5)

Transfer the exported

image and deploy virtual

machines

Customers transfer and import the exported

image into their own VMware environment, and

the virtual machine can be created by the image.

VM Export Workflow Details

The image that has been imported for development and system verification

can be exported and used for the developed virtual machine

without re-constructing the system in on-premise. It is easy to move users own system between S5 regions. The VM images can be

transferred from one region to another using the import/export service.

VM Export Workflow Details



OS Category Exportable OS Image type

Windows

Windows Server 2003 R2 SE 32bit SP2

vmdk

Windows Server 2003 R2 EE 32bit SP2

Windows Server 2008 SE 32bit SP2

Windows Server 2008 R2 SE SP1 64bit

Windows Server 2008 R2 EE SP1 64bit

Windows Server 2012 SE 64bit

Windows Server 2012 R2 SE 64bit

CentOS

(*)

CentOS 5.x 32bit

CentOS 5.x 64bit

CentOS 6.x 32bit

CentOS 6.x 64bit

UbuntuUbuntu Server 14LTS(64bit)

Ubuntu Server 12LTS(64bit)

The following table identifies which OS can be exported and how to certificate each of them. After exporting the OS, the usual

S5 OS charges are applied.

An image of the virtual machine that is offered as a s5 OS service does not work properly in on-premise

environment. So do not export and use it in on-premise and other cloud services. The images can be

exported only to other S5 regions following the region’s export/import legal matter.

The image that has originally been imported from outside of S5 to S5 can be exported to anywhere, and

no restriction.

Exportable OS

Notice(*) CentOS 6.0 and 6.1 are not importable.



Item Description

Export target hyper visor VMware

Exported image file format .vmdk

Configuration Information

Definition File

OVF file is exported with vmdk file.

Required driver and tools

(For Windows OS only)

Uninstalling PV driver is not required, before exporting.

When user use the following OS, Transport Agent is required:

・ Windows2012

After export and import the image into VMware environment, please uninstall the Transport Agent.

・ Export Windows to “Fujitsu Server View Resource Orchestrator(RoR)V3.2.0 Cloud Edition”

Please refer to “VM Import/Export Function - Transport Agent Guide” for Agent installation.

VMware tools Please install if it is required.

Sysprep

(Only for Windows OS)

Please do not run Sysprep on any image before exporting since the image cannot be exported correctly.

Sysprep is not necessary if no virtual machines run simultaneously:

An example of virtual machines not running simultaneously:

・ System Migration (Source VM is either Stopped or Deleted)

・ Disaster Recovery (Source VM is Stopped or Virtual Import

Environment is Stopped and in Hot Standby Mode)

vmdk Hypervisor software

support for the exported

images

・ Fujitsu Server View Resource Orchestrator(RoR)V3.2.0 Cloud Edition

・ VMWare ESX/ESXi 5.5, 5.1 and 5.0

VMWare ESX 4.1 and 4.0

Additional disk Additional disk cannot be exported.

License certification Windows license should be re-certificated on the user own environment. Please re-certificate the license

according to your contract.

OS support Please inquiry using the support of your own contract. Support of the FUJITSU Cloud IaaS S5 is not

available.

Windows OS – Export Requirements

The user VM which need to be exported to S5 environment needs to meet below requirements.


Cloud API


Cloud API

• Automation/systematization of operations is possible.

• Users and Service Providers can build original services.

DesignStudio and System Manager functionality are provided by

API.

By using the API, the same functions as the GUI can be

integrated into custom applications or scripts.

Secure access by client authentication.

API

Developers and

System

Administrators

Development of original

apps that use the API

Examples:

VM deploy, delete, startup, shutdown, backup, etc.

Management/operation

automation apps

API

Virtual system

System


API Usage Scenario

Management and Operation

Automation / Systematization

Building of a Branded Service by

a Third-Party.

Automation/Systematization of administrative operations

• Automatically scale up/down or backup (etc.) based on schedule or load.

• Develop original portals implementing only the necessary functions.

• Develop portals for mobile devices.

Selling via Original Brand

• High-Level (PaaS/SaaS) service

System Administrator

Use only the

necessary

functions

Operator

Use Service

(API)

Tool

developmentUse Mobile

Service provider’s clients

Use Service Provide Service

Use Service

(API)

Provide Service

Original portal Portal for mobile Automation tools

S5

Service Provider Service (Third party)

S5


Cloud API – Open Cloud Alignment

Fujitsu, today, has joined the leadership board of the Open Cloud Standards Incubator in the DMTF (Distributed Management Task Force).

The Open Cloud Standards Incubator was formed as part of the DMTF Standards Incubation process, which enables like-minded DMTF members to work together and produce informational specifications that can later be fast-tracked through the standards development process. It now consists of 37 major IT companies such as IBM, Microsoft, VMware etc. By joining the leadership board, Fujitsu applies know-how of the 'Trusted-Service Platform' the Cloud Service Infrastructure provided by Fujitsu, and is promoting Could Computing standardization, promoted by the 'Open Cloud Standards Incubator'.

Fujitsu and Fujitsu Laboratories Ltd. has submitted a proposal Cloud API specification (Interface for deployment of ICT resource in the cloud, configuration, deletion) to the DMTF. We will contribute to standardization of the API.

The standardization of Cloud APIs enables users to select from a broad range of

cloud computing service vendors thereby avoiding potential vendor lock-in.

http://pr.fujitsu.com/jp/news/2009/11/19.html

Cloud Computing has 2 types:

• Public/private cloud - User uses the ICT system resources as a service by a provider.

• Enterprise Cloud - User owns the ICT system and builds/installs/configures it.

Many service providers offer these 2 types of cloud system. While Cloud Computing propagate throughout the world, it is possible to lose the ease of use for users because multiple cloud APIs exist.

Therefore, to increase ease of taking advantage of cloud computing, The “Open Cloud Standards Incubator" has been established to promote Cloud API standardization associated with the world's leading IT vendors.


Cloud API – Examples (1)

Name of API Description

DestroyVSYS Delete the virtual system. All

resources in the virtual system are

discarded and becomes invalid.

GetVSYSStatus Obtain a status information of the

virtual system.

GetVSYSConfiguration

Obtain a configuration information

of the virtual system.

GetVSYSAttributes Obtain an attribute information of

the virtual system.

UpdateVSYSAttribute Update an attribute information of

the virtual system.

CreateVServer Create a VM in the virtual system.

Specifying the ID of the disk

image, which is used for initial

contents of the boot disk, is

required. Request message is

encoded in UTF-8.


ListVServer Obtain a list of all VM IDs in the

virtual system.

CreateVDisk Create additional disks in the

virtual data center. Users can

attach these additional disks to

VMs.

ListVDisk Obtain a list of all additional disk

IDs in the virtual data center. The

list indicates whether additional

disks are attached to the VM or

not.

Operations of Virtual

System


Cloud API –Examples (2)


DestroyVServer Delete a VM.

StartVServer Start OS of the VM.

StopVServer Stop OS of the VM.

GetVServerStatus Obtain a status information of the

VM.

GetVServerAttributes Obtain an attribute information of

the VM.

UpdateVServerAttribute

Update an attribute information of

the VM.

GetVServerInitialPassword

Obtain an administrator’s initial

password of the OS in the VM.

AttachVDisk Attach an additional disk to the

VM.

DestroyVDisk Delete an additional disk as well

as the saved data in the disk.


DetachVDisk Detach an additional disk from

the VM.

BackupVDisk Start a backup of additional disk.

The created backup is copied to

the newly-created backup disk.

RestoreVDisk Copy the contents of additional

disk’s backup to the another

additional disk.

ListVDiskBackup Obtain a list of the additional

disk’s backups.

GetVDiskStatus Obtain a status information of the

additional disk.

GetVDiskAttributes Obtain an attribute information of

the additional disk.

UpdateVDiskAttribute Update an attribute information of

the additional disk.

Operations of Virtual Machine Operations of Additional Disk


Cloud API –Examples (3)


UnregisterVSYSDescriptor

Cancel a registration of the

template.

GetVSYSDescriptorConfiguration

Obtain a configuration information

of the template.

GetVSYSDescriptorAttributes

Obtain an attribute information of

the template.


CreateEFM Create a built-in server.

ListEFM Obtain a list of the built-in server.

DestroyEFM Delete a built-in server.

StartEFM Start a built-in server.

StopEFM Stop a built-in server.

GetEFMStatus Obtain a status information of the

built-in server.

GetEFMAttributes Obtain an attribute information of

the built-in server.

GetEFMConfiguration Obtain a configuration

information of the built-in server.

UpdateEFMAttribute Update an attribute information of

the built-in server. API of this

version can update the built-in

server name only.

UpdateEFMConfiguration

Update a configuration

information of the built-in server.

Operations of Template Operations of Built-in Server


UnregisterDiskImage Cancel a registration of the disk

image from the virtual disk center.

GetDiskImageAttributes

Obtain an attribute information of

the disk image.

Operations of Disk Image


Cloud API – Examples (4)


ListVSYSDescriptor Obtain a list of the template in the

virtual data center.

CreateVSYS Create a virtual system based on

the template.

ListVSYS Obtain a list of the virtual system

in the virtual data center.

AllocatePublicIP Allocate the global IP address.

ListPublicIP Obtain a list of all global IP

addresses in the virtual data

center.

ListDiskImage Obtain a Disk Image ID in the

virtual data center.


FreePublicIP Release a global IP address.

AttachPublicIP Attach a global IP address to the

virtual system.

DetachPublicIP Detach a global IP address from

the virtual system.

GetPublicIPStatus Obtain a status information of the

global IP address.

GetPublicIPAttributes Obtain an attribute information of

the global IP address.

Operations of Virtual DC (*) Operations of Global IP Address


StandByConsole Prepare a connection with the

console.

Other

Operations

(*) A hypothetical data center on the cloud where users can create and use virtual systems.


Charging System


Pay-as-you-go for the resources and functions.

• Refer to the separate document for each service’s unit price.

• Operating time is rounded up to the next hour.

ex. Operating time : 1h 45min 2h

• Network traffic is rounded down to the previous GB.

ex. Network traffic : 31.5GB 31GB

Charging begins when resource/function starts to be used.

• The same for when the resource type is changed.

The charging system varies depending on the service used.

(Refer to the next pages for details.)

When several systems exist within one contract, the charge

is calculated separately for each service and then included in

a single bill.

Charging and Payment Considerations


Charging System Types

Type Charging System Description Service Example

TYPE- I Rate-based (1-hour units) Charge corresponding usage time.

For VMs, the unit price varies with

type.

- VMs

- Global IP address Service

- Load Balancing Service

TYPE- II Rate-based (Monthly) Charging is performed even for a

single usage.

(Independent of number of VM CPU)

- VM OS Environment

[Microsoft Windows Server]

TYPE- III Rate-based (Monthly and

Number of CPUs)

Charging is performed even for a

single usage.

(Dependent on number of VM CPU)

- VM Middleware Environment

[Microsoft SQL Server]

TYPE- IV Rate-based (Time and

Capacity)

Perform charging according to

[Usage period x Guaranteed

capacity].

(Capacity is the guaranteed capacity)

- System Disk Offer Service

- Additional Disk Service

- Template Storage Service

- Disk Service for System Backup

- Disk Service for Additional Disk

Backup

TYPE- V Usage amount Charging performed on the basis of

usage.

-Internet connection

(Not charged after SR13)

TYPE- VI Usage counts Charging performed by each single

use of the service.

Unit price varies by template type

(network class).

- System Template Service

(Charged when new system is

created)


Usage Period Considerations [1-Hour Unit]

Round up• Usage Period : 25min + 50min + 30min = 105min (1h45min) 2 HoursRound up

15:10 15:35 16:20 17:10 20:00 20:30

15:00 16:00 17:00 18:00 19:00 20:00 21:00

25min

50min

30min

Example

Usage time is calculated by summing minutes of resource

uptime.

The totals is rounded up to the next hour (adding 1 to 59min).


Other Terms


Service Level

Coverage of redundancy

S5 target availability SLA is 99.95%

Object Description

VM

Provides automatic failover.

In the case of a physical server disorder, the VM is automatically

assigned to a new physical server and rebooted. Data being processed

at the time of disorder is not guaranteed.

Virtual Storage

(System, Data)

Copies of data are kept on 4 different physical disks.

Even in the case of 3 simultaneous physical disk failures, data is not lost.

All data is stored in the same DC.

Internet connectionFully redundant.

The switchover time for equipment failure is within one minute.


On-Site operations

• Users cannot perform installations or setups in the DC. All operations are

executed remotely.

Maintenance

• The security supervision of virtual machines is user responsibility.

Data deletion (when deleting the VM)

• Data in the system disk will be erased when deleting the VM.

• Data in an additional disk will be erased when deleting the additional disk.

• Backup disks will be deleted when its system disk or additional disk is deleted.

• 'Zero writing' method is used to delete data.

Requirements (Service Portal)

• Resolution : 1280 x 1024 or better (recommended), 1024 x 768 (minimum)

• OS : Windows XP SP3 (32bit), Windows Vista SP2 (32bit), Windows7

(32bit/64bit), Windows8 (32bit/64bit), Windows8.1 (32bit/64bit)

• Browser : Internet Explorer 7/8/9/10/11, Mozilla Firefox ESR24

• Flash Player : Adobe Flash Player 10

• Java Runtime Environment : JRE 6.0 update24 or later

Other Notes


Security Notes

Data center

• All VMs run inside Fujitsu’s safe data centers.

• No data is ever stored outside Fujitsu's data centers.

Administrator authority

• Fujitsu does not have administrator authority on VMs created by users.

Security updates

• Security updates of VMs OS and middleware must be applied by the user.

• Security updates of hypervisors, S5 management system, network and storage equipment are applied by Fujitsu.


Resource Limits

VM ServiceNo. Items Limitation value

1 Max. number of Resource Controllers per contract

No explicit limit

2 Max. number of Custom Authorization Patterns per

system (Central Management Privilege pattern)

No explicit limit

3 Max. number of Custom Authorization Patterns per

contract (Virtual System Management Privilege

pattern)

No explicit limit

4 Max. number of systems per contract 140

5 Max. number of VMs, including SLB built-in servers, per segment (Except Firewall)

20

6 Max. number of VMs and SLB built-in servers per system (Except for Firewall)

20

7 Max. number of additional disks per system No explicit limit

8 Max. capacity of an additional disk 10TB ( ＝10000GB)

9 Max. number of attachable additional disks per

VM

14

10 Max. number of global IP address per system 10

11 Max. number of backups per system disk No explicit limit

12 Max. number of backups per additional disk No explicit limit

13 Max. number of saved system structure (on creation)

No explicit limit

14 Max. number of saved system structure (on edit)

1

15 Max. number of simultaneous VPN connections

per segment

20

No. Items Limitation value

16 Max. number of firewall rules (all directions) 800

17 Max. number of load balance groups per SLB built-in server

32

18 Max. number of VMs for load balancing per load balance group

Depends on the max. number of

VMs in a segment

19 Max. key length of the server certificate registered at SLB built-in server.

2,048bit

20 Max. file size of Error page registered at SLB built-in server.

32,767byte

21 Max. number of configuration backups per built-in server

No explicit limit

22 Max. number of user created images No explicit limit

23 Max. number of user created templates No explicit limit

24 The maximum number of possible private IP addresses

139

fujitsu cloud iaas trusted public s5 service catalog · fujitsu cloud iaas trusted public s5...

Documents