Key Enhancements

Release 23.08 is a major version that include new features, scalability, security and usability improvements, and bug fixes.

The following section will breakdown the additions and updates to the Zadara Compute Cloud platform (zCompute).

Packaged zCompute EKS-D image

EKS-D is Amazon’s open-source implementation of its Elastic Kubernetes Service (EKS).

zCompute 23.08 provides customers with the ability to deploy and use the prepackaged Kubernetes solution in zCompute clusters.

The zCompute EKS-D image is downloadable in the zCompute UI at Machine Images > Marketplace.

The zCompute 23.08 EKS-D solution is verified, and certified by Kasten (acquired by Veeam). Thus, zCompute 23.08 can also provide a backup, recovery and migration solution for Kubernetes over zCompute.

For more information and examples, see the EKS-D README in Zadara’s examples repository in GitHub.

Distributed Virtual Switch (DVS)

Distributed Virtual Switch (DVS), is a zCompute networking model which provides layer 2, VLAN-based networking functionality for VMs running on zCompute.

The idea behind DVS is to provide customers who are more familiar with legacy virtualization platforms (for example, VMware, Hyper-V, Nutanix, etc.) with a networking environment similar to the simplified networking model found in such legacy environments.

DVS provides simple OSI layer 2 VLAN-based switched networking functionality for VMs. DVS networks can be used to interconnect VMs attached to them, as well as for connecting these VMs with other network entities that reside in the hosting data center (servers, routers, storage devices, etc.).

The DVS model provides physical switching L2, VLAN-based connectivity, whereas VPC provides a rich IP networking platform (route-tables, subnets, security groups, Internet gateways, DNS, Elastic IPs, etc.) alongside other cloud-native services that are independent of physical switching configuration, such as auto-scaling groups, load-balancers, etc.

Zadara zCompute supports both VPC and DVS networking modes in coexistence: A single zCompute account (tenant), can have multiple VPC-based projects alongside DVS-based projects.

DVS was introduced in zCompute 22.09. In version 23.08, the DVS infrastructure was enhanced with improved management of VLANs for the purpose of creating guest networks. Cloud admins allocate VLANS to an account’s VLAN pool. Tenant admins can allocate VLANs from the account’s VLAN pool to a DVS project pool. Member-role users can now create VLAN-type guest networks by allocating VLANs from a DVS project’s VLAN pool.

For more information about DVS, see Distributed Virtual Switch (DVS) in the Networking Guide.

Migrating to a DVS project

VMware VMs that are migrated to zCompute using the V2Z migration process result in VMs in a rich VPC networking type project, rather than in the simpler DVS networking alternative.

Tenants who prefer the simpler DVS networking model can further migrate their newly migrated zCompute VPC VMs to a DVS project.

To migrate VMs to a DVS project, see Migrating a VM to a DVS project in the Compute Guide.

Volume types

From version 23.08, zCompute simplifies storage management with volume types that provide users with a range of options to meet their storage requirements, balancing factors such as performance, cost, and specific workload demands.

By abstracting the underlying storage infrastructure, volume types simplify storage management and allow users to focus on selecting the appropriate type for their zCompute needs.

Different volume types offer varying levels of input/output operations per second (IOPS) and throughput, which determine the storage performance.

Volume types also offer additional features such as encryption, snapshot capabilities, or integration with other services, enhancing data security, backup, and data management workflows in zCompute.

Auto-scaling group tags propagation to VMs

For easier classification of VMs, tags can be created and applied to auto-scaling groups. Based on the auto-scaling group configuration, tags can be automatically propagated to VM instances during their launch.

Note

In zCompute 23.08, tag propagation is available using Symp APIs and AWS APIs. In later versions, the UI will support tag propagation.

For more information, see Auto-Scaling Groups in the Compute Guide.

VM Instance Types

VM instance types are templates defining the resources used by a VM instance. A VM’s instance type is determined by selecting one of the permitted types, during the creation flow of the VM instance.

zCompute 23.08 has been enhanced with support for a large number of new Zadara instance types.

Note

• New custom instance types can only be created after receiving Zadara approval, and after getting pricing.

• Amazon instance types are available as aliases, mapped to the closest zCompute instance type. VMs created with Amazon instance types display their Instance Type as the zCompute Instance Type, and the Amazon instance type as the VM’s Instance Type Alias.

For more information, see Instance Types in the Compute Guide.

VM network interface, Route Table, and Network Reset

zCompute 23.08 introduces soft and hard reset support for VM network interfaces, route-tables and networks.

• A soft reset rebinds all ports, and is available to admins, tenant admins and members.

• A hard reset resets the service, and is limited to admins and tenant admins.

In the Networking Guide, see:

• Subnet Operations

• Route Table Operations

• Network Interfaces

VPC DNS status reporting improvements

In zCompute 23.08, the UI is enhanced with detailed VPC DNS status information, with key benefits such as:

• Reducing time to resolve VPC DNS issues

• Logging events of CoreDNS VM status and DNS health status changes

When DNS is enabled for a VPC, its DNS VM status and DNS health status are checked once per minute and reported for the VPC.

See VPC DNS status in the Networking Guide.

Instance Profile

An instance profile is a container for an AWS IAM role. It can be used to pass role information to an EC2 instance when the instance starts. When an AWS IAM role, embedded in an instance profile, is attached to an instance, its credentials become permanent.

In zCompute 23.08, the UI has been enhanced with support for Instance Profile management (IAM Guide), and implementing instance profiles in the Config tab of Creating VM Instances (Compute Guide).

API Audit Trail for Admin/Tenant-Admin

zCompute 23.08 has been enhanced by a security auditing feature, and provides API capability for integration with 3rd-party solutions. Admins and tenant admins can query API calls logging POST, PUT, PATCH and DELETE calls for a 60-day retention period.

See api-trail in the Symp CLI reference.

Note

Sensitive information, such as passwords, tokens, secret access keys, IODC client secrets, metadata and user data in VM metadata are excluded from the logging and audit.

VPC Endpoint

From zCompute 23.08, a VPC endpoint allows a VM to access the system APIs using an internal VPC IP address.

The API is available on the internal IP addresses 169.254.64.2 and 169.254.64.3, assuming that the cluster has more than 2 nodes. The system also provides a DNS record resolvable to these IPs when the VPC DNS service (coredns) is up, and a valid certificate is installed.

The DNS name:

• When a valid certificate with a wildcard CN is used, the DNS name is: cloud.<parent-domain>.

  For example, the DNS name for CN *.example.com is cloud.example.com.

• When a valid certificate with a regular CN is used, the DNS name is the same as the CN.

  For example, the DNS name for CN test.example.com is also test.example.com.

The cluster’s DNS name is returned in the cluster_url property of the VM’s metadata response. For example, for a cluster with a certificate with the CN *.example.com:

curl -s http://169.254.169.254/openstack/latest/meta_data.json | jq -c .cluster_url

"https://cloud.example.com"

Note

• For new VPCs, the update of the DNS records is immediate.

• For existing VPCs, the update of the DNS records can take up to 24 hours.

GRE traffic over EIPs

From zCompute 23.08, Generic Routing Encapsulation (GRE) traffic over Elastic IP addresses (EIPs) is supported.

GRE Tunneling is a tunneling protocol that encapsulates network layer protocols inside virtual point-to-point links over an Internet Protocol network. The tunnel source and tunnel destination addresses on each side identify the two endpoints. GRE packets travel directly between the two endpoints through a virtual tunnel.

GRE via NAT gateways - known limitation

GRE via Network Address Translation (NAT) gateways is not supported.

VM BIOS auto-reboot

Until zCompute 23.08, there was an issue of Windows VMs getting stuck after BSOD and reboot, due to no boot device available at the time of the restart.

zCompute 23.08 delivers an enhanced configuration for the VM’s BIOS to keep auto-rebooting the VM if no boot device is found after 10 seconds.

Note

After auto-reboot is applied on a cluster, a maintenance window must be planned and scheduled for stopping and restarting the VMs, for the auto-reboot to take effect.

New OS types and versions

zCompute 23.08 has been extended to support the following OS types and versions for VM images:

Type	Distribution	Version
Linux	Alma	9
Linux	Alma	Other
Linux	Rocky	9
Linux	Rocky	Other
Linux	Debian	11
Linux	Fedora	34
Linux	Fedora	35
Linux	Fedora	36
Linux	Fedora	37
Linux	RHEL	9
Linux	Ubuntu	22.04
Windows	Windows Server	2022
Windows	Windows Workstation	11

V2Z utility improvements

The V2Z utility supports easy migration from supported virtualization platforms to zCompute projects.

In zCompute 23.08, the V2Z utility has been extended to support VM Instance Types and Volume types instead of storage pools.

V2Z custom instance types - known limitation

In the V2Z utility, custom instance types are not allowed for most users.

Security

In zCompute 23.08, an updated zCompute Toolbox Fedora image (version 2.3.1) has been released with enhanced security hardening. The Toolbox image is downloadable in the zCompute UI at Machine Images > Marketplace.