Developer Day 7/21/2012 Will Chan Director of Engineering

Agenda
Welcome and Introduction
What is CloudStack?
CloudStack Basics Cloudstack Deployment Architecture Networking Deep Dive Software Architecture Current Architecture Future Architecture Q&A

Lunch

Agenda (cont.)
CloudStack Integration
UI Customization API Deep Dive Future UI Plugin Framework

Q&A/Break

Apache Community
Why Apache and the Apache Server Foundation (ASF)? How to contribute to CloudStack

Closing Remarks

Welcome and Introduction

Welcome and Introduction

Will Chan
Founding Engineer/Director of Engineering @ Cloud.com since 2008 Director of Engineering @ Citrix Systems since 2011 PPMC member @ ASF CloudStack since 2012 Committer @ ASF CloudStack since 2012

Sheng Liang
Cloud Visionary and Founder of Cloud.com CTO, CloudPlatforms Group at Citrix Systems

What is CloudStack?

Apache CloudStack
Secure, multi-tenant cloud orchestration platform
Turnkey platform for delivering IaaS clouds Over 100 commercial deployments: private and public Full featured GUI, end-user API and admin API

Build your cloud the way the worlds most successful clouds are built

Apache CloudStack
Open Source
Apache License Incubating in the Apache Software Foundation since April 2012 Open Source since May 2010
Build your cloud the way the worlds most successful clouds are built

In production since 2009

Apache CloudStack
Flexibility and scale
Hypervisor agnostic Flexible network topologies

Multiple storage options

Build your cloud the way the worlds most successful clouds are built

Proven to scale to tens of thousands of hypervisors

CloudStack is Full-Service Orchestration Platform

API (EC2 & CS) Self-service Portal Metering

Image Mgmt.

Dashboard

Identity Mgmt.

Load Balancers

FWs & VPNs

Storage

Compute

Network

146 Companies

238 Developers

Global User Groups

Service Providers

100s of Production Clouds

32,000 Community Members

Enterprises Universities

Server Virtualization++

Cloud

Built for traditional enterprise apps & client-server compute

Enterprise arch for 100s of hosts Scale-up (server clusters) Apps assume reliability VLAN (or no) isolation Bonding, multi-link, multi-path, redundant networks, STP Proprietary vendor stack

Designed around big data, massive scale & next-gen apps

Cloud architecture for 1000s of hosts Scale-out (multi-site server farms) Apps assume failure L3 isolation or overlays Generally do not support multicast or broadcast Open, value-added stack

Think: vCloud Director

Think: AWS, RAX, zCloud, eBay, etc.

CloudStack Supports Multiple Cloud Strategies

Private Clouds
On-premise Enterprise Cloud Hosted Enterprise Cloud

Public Clouds
Multi-tenant Public Cloud

Dedicated resources Security & total control Internal network Managed by Enterprise or 3rd party

Dedicated resources Security SLA bound 3rd party owned and operated

Mix of shared and dedicated resources Elastic scaling Pay as you go Public internet, VPN access

Designing a zone for a traditional workload

Traditional-Style Availability Zone
vCenter/XenCenter Hypervisor

vSphere or XenServer Enterprise

Storage
SAN

Enterprise Networking (e.g., VLAN)

Networking Hyperviso r Cluster Hyperviso r Cluster Hyperviso r Cluster

L2 VLANs

Network Services Enterprise Storage (e.g., SAN)

Load Balancing VPN

Multi-tier Apps
Multi-tier VLANs OVF

Designing a zone for an Amazon-style workload

Amazon-Style Availability Zone
Software Defined Networks (e.g., Security Groups, EIP, ELB,...) Server Racks Server Racks Server Racks Server Racks Server Racks Server Racks Server Racks Server Racks
Hypervisor XenServer Advanced Storage Local EBS Object store

Networking L3 SDN based L2 Elastic IP

Server Racks

Server Racks

Server Racks

Server Racks

Network Services Security Groups

ELB GSLB

Elastic Block Storage

Multi-tier Apps 3rd Party Tools (e.g., RightScale, enStratus)

CloudFormation

Deployment Cloud Architecture

Deployment Architecture
Zone 1
Load Balancer Firewall

Host is the basic unit of scale. Runs a hypervisor or is bare metal Cluster consists of one ore more hosts of same hypervisor All hosts in cluster have access to shared (primary) storage
Pod N
Secondary Storage

L3 switch

Pod 1

L2 switch

.
Cluster N

Pod is one or more clusters, usually with a L2 switch. Represents a rack Availability Zone has one or more pods, has access to secondary storage. Firewall and Load balancers separate public and private networks

.
Cluster 1

Host 1
Host 2
Primary Storage

One or more zones represent cloud

Deployment Architecture (Storage)

Primary Storage

Configured at Cluster-level. Close to hosts for better performance

Stores all disk volumes for VMs in a cluster Cluster can have one or more primary storages Local disk, iSCSI, FC or NFS Pod 1 Cluster 1 Host 1 L3 switch

L2 switch
Secondary Storage

Secondary Storage

Host 2

Primary Storage

Configured at Zone-level
Stores all Templates, ISOs and Snapshots Zone can have one or more secondary storages

NFS, OpenStack Swift

Deployment Architecture

Data Center 1 Data Center 3

Zone1 Zone 4

CloudStack Clouds can have one or more Availability Zones.

Data Center 2

Zone 2

Zone 3

Management Server Managing Multiple Zones

Cloud
Data Center 1
Management Server

Data Center 2 Data Center 2 Data Center 3

Single Management Server can manage multiple zones

Zones can be geographically distributed but low latency links are expected for better performance Single MS node can manage up to 10K hosts. Multiple MS nodes can be deployed as cluster for scale or redundancy

Zone 2 Zone 2 Zone 3 Zone Zone 4 3

Zone1

Data Center 2 Data Center 2 Data Center 2

Zone 2 Zone 2 Zone 2 Zone 3 Zone 3 Zone 3

Management Server Deployment Architecture

Single-node Deployment Multi-node Deployment

User API
Management Server
MySQL DB

User API
Load Balancer

Management Server

Admin API

Admin API

Management Server

MySQL DB
Back Up DB Replication

MS is stateless. MS can be deployed as physical server or VM

Infrastructure Resources

Single MS node can manage up to 5K hosts. Multiple nodes can be deployed for scale or redundancy
Commercial: RHEL 5.4+; FOSS: Ubuntu 10.0.4, Fedora 16

Infrastructure Resources

Citrix Confidential - Do Not Distribute

Management Server Interaction with Hypervisors

Management Server

XAPI

HTTP

vCenter
XenServer ESX
XS 5.6, 5.6FP1, 5.6 SP2, 6.0 Incremental Snapshots VHD NFS, iSCSI, FC & Local disk Storage over-provisioning: NFS ESX 4.1, 5.0 (coming) Full Snapshots VMDK NFS, iSCSI, FC & Local disk Storage over-provisioning: NFS, iSCSI

Agent

Agent

KVM
RHEL 6.0, 6.1, 6.2 (coming) Full Snapshots (not live) QCOW2 NFS, iSCSI & FC Storage over-provisioning: NFS OVM 2.2

OVM

No Snapshots RAW NFS & iSCSi No storage over-provisioning

Networking Deep Dive

Network Flexibility
Network Services
L2 connectivity IPAM

Service Providers Network Isolation

Virtual appliances Hardware firewalls LB appliances SDN controllers IDS /IPS appliances VRF Hypervisor No isolation

DNS
Routing

VLAN isolation
Overlays L3 isolation

ACL
Firewall

NAT
VPN LB IDS IPS

Layer-3 Guest Network

Network Services Managed Externally
Public Network 65.11.0.0/16

Network Services Managed by CS

Security Group 1
65.11.1.2 Guest VM 1

Security Group 1 Public Network/Internet 65.11.1.2

Guest VM 1

65.11.1.3

Guest VM 2

NetScaler Load Blancer

65.11.1.3

Guest VM 2

EIP, ELB
65.11.1.4 Guest VM 3 65.11.1.5 65.11.1.5 65.11.1.4 Guest VM 3

Guest VM 4
CS Virtual Router

Guest VM 4
CS Virtual Router

DHCP, DNS

Security Group 2

DHCP, DNS

Security Group 2

Layer-2 Guest Virtual Network

CS Virtual Router provides Network Services External Devices provide Network Services

Guest Virtual Network 10.0.0.0/8 VLAN 100 Public Network/Internet 10.1.1.1 Public IP 65.37.141.11
CS Virtual Router

Guest Virtual Network 10.0.0.0/8 VLAN 100 Public Network/Internet

Guest VM 1

Gateway address 10.1.1.1 10.1.1.3 Guest VM 2

Public IP 65.37.141.11 1

Juniper SRX Firewall

Private IP 10.1.1.111

10.1.1.1

Guest VM 1

10.1.1.3 Public IP 65.37.141.11 2

NetScaler Load Blancer

Guest VM 2

DHCP, DNS NAT Load Balancing VPN

Private IP 10.1.1.112 10.1.1.4 Guest VM 3

10.1.1.4

Guest VM 3

10.1.1.5

Guest VM 4
CS Virtual Router

10.1.1.5

Guest VM 4

DHCP, DNS

Network Offerings
Same concept with disk and service offerings
What can you control?
Name Enable Redundant Router Control Network Rate Specify Network Services (Firewall, Loadbalancer, etc) Specify Network Provider (VR, SRX, Netscaler, F5, etc) Specify access (All, Domain, Account)

Allow upgrade and downgrade across offerings.

Multi-tier virtual networking

Guest Virtual Network 10.1.1.0/24 VLAN 100 Public Network/Internet Gateway address 10.1.1.1
CS Virtual Router

Guest Virtual Network 10.1.2.0/24 VLAN 101

Guest Virtual Network 10.1.3.0/24 VLAN 102

10.1.1.2

Web VM 1 Gateway address 10.1.2.1

10.1.2.2

App VM 1

10.1.3.2 Gateway address 10.1.3.1

DB VM 1

Public IP 65.37.141.11

DHCP, DNS NAT Load Balancing VPN

10.1.1.3

Web VM 3

10.1.2.3

App VM 2

10.1.3.3

DB VM 2

10.1.1.4

Web VM 4

10.1.2.4

App VM 3

Current Software Architecture

UI

Cloud Portal

CLI

Other Clients

Management Server
REST API
OAM&P API
Console Proxy Management

End User API

EC2 API

Other APIs

Pluggable Service API Engine Security Adapters

ACL & Authentication Accounts, Domains, and Projects ACL, limits checking Services API Plugin API

Account Management Connectors

Deployment Planning Network Gurus Network Elements

Template Access

DB

Services API

HA
Usage Calculations Additional Services

Orchestration Engine
Drives long running VM operations Syncs between resources managed and DB Generates events

Hypervisor Gurus Cluster Management Resource Management Job Management

Alert & Event Management

Database Access

Event Bus Message Bus

Usage Server
Image Resources Snapshot Resources

Resource API
Hypervisor Resources Network Resources Storage Resources

Orchestration Engine
Understands how to orchestrate long running processes (i.e. VM starts, Snapshot copies, Template propagation) Well defined process steps Calls Plugin API to execute functionalities that it needs

Plugins
Various ways to add more capability to CloudStack
Implements clearly defined interfaces All calls are at transaction boundaries Compiles only against the Plugin API module

Anatomy of a Plugin
Can be two jars: server component to be deployed on management server and an optional ServerResource component to be deployed co-located with the resource Server component can implement multiple Plugin APIs to add its feature Can expose its own API through Pluggable Service so administrators can configure the plugin As an example, OVS plugin actually implements both NetworkGuru and NetworkElement

Rest API
Optional. Required only if needs to expose configuration API to admin.

Plugin API

Implementation
Data Access Layer

ServerResource
Optional. Required if Plugin needs to be co-located with the resource Implements translation layer to talk to resource Communicates with server component via JSON

Plugin Interfaces Available

NetworkGuru Implements various network isolation and ip address technologies NetworkElement Facilitate network services on network elements to support a VM (i.e. DNS, DHCP, LB, VPN, Port Forwarding, etc) DeploymentPlanner Different algorithms to place a VM and volumes. Investigator Ways to find out if a host is down or VM is down. Fencer Ways to fence off a VM if the state is unknown UserAuthenticator Methods of authenticating a user SecurityChecker ACL access HostAllocator Provides different ways to allocate host StoragePoolAllocator Provides different ways to allocate volumes

Future CloudStack Architecture (by Sheng)

CloudStack Integration

What you will learn

How to customize the CloudStack 3.0.x user interface
Showcase changes specific in the CSS to alter the look and feel of CloudStack Showcase an example of how to add your own side navigation Dealing with Cross Site Request Forgery (CSRF) Simple Single Signon Localization

What you will learn

Working with the API
Session Based Auth vs API Key Auth How to sign a request with apiKey/secretKey Asynchronous commands Response Format Pagination

Demo

Customizing User Interface

CloudStack UI
Reference implementation of the CloudStack API
Built on HTML 4.0, CSS, and jQuery Uses Java Server Pages for localization only Three types of customizations
Minor customizations logo changes, minor CSS changes Major customizations Changing tabs, adding additional links Complete rewrite user UI is completely offloaded to a portal

Editing the Logo, Navigation, and Title Background

#header div.logo { background: url("../images/logo.png") no-repeat scroll 0 center transparent; float: left; height: 47px; #navigation ul li { margin: 4px 0 0 19px; background: url("../images/bg-navposition: relative; item.png") width: 170px; repeat-x scroll 0 0 } transparent; cursor: pointer; height: 50px; text-shadow: 0 1px 1px #FFFFFF; }

.dashboard.admin .dashboard-container .top { background: url("../images/ bg-breadcrumb.png") repeat-x scroll 0 -1px transparent; border-radius: 7px 7px 0 0; color: #FFFFFF; float: left; margin: 0 0 9px; padding: 4px 4px 8px; width: 100%; }

Adding navigation buttons

1. Go to /ui/scripts/cloudStack.js
2. Add a new section to the array: sections: { dashboard: {}, instances: {}, storage: {}, network: {}, templates: {}, events: {}, accounts: {}, domains: {}, system: {}, projects: {}, 'global-settings': {}, configuration: {}, // New section testSection: {}

Adding navigation buttons (cont.)

3. Open /ui/index.jsp. Create HTML somewhere in the 'template' div to contain your HTML content, which will be drawn in the browser pane: <!-- Templates --> <div id="template"> <div class="testSection-tmpl"> <h1>Test section</h1> </div> </div> 4. Enclose a function in 'testSection', which returns a jQuery object containing your template code, and whatever other content you wish to be shown:
sections: { dashboard: {}, instances: {}, storage: {}, network: {}, templates: {}, events: {}, accounts: {}, domains: {}, system: {}, projects: {}, 'global-settings': {}, configuration: {}, // New section testSection: { title: 'Title for section', show: function(args) { return $('#template .testSectiontmpl').clone(); } } }

Adding navigation buttons (cont.)

5. Add the section to the pre-filter, so that it isn't filtered out for the admin account: --

sectionPreFilter: function(args) { if(isAdmin()) { return ["dashboard", "instances", "storage", "network", "templates", "accounts", "domains", "events", "system", "global-settings", "configuration", "projects"]; },
sectionPreFilter: function(args) { if(isAdmin()) { return ["dashboard", "instances", "storage", "network", "templates", "accounts", "domains", "events", "system", "global-settings", "configuration", "projects", // New section "testSection"]; }, ...

Adding navigation buttons (cont.)

7. (optional) Add an icon for your new section in the CSS, either at the bottom of /ui/css/cloudstack3.css or in your own CSS file under /ui/css folder. Make sure the size of the icon is ~32x32 pixels:

#navigation ul li.testSection span.icon { background: url('../images/testSection-icon.png') no-repeat 0px 0px; }

Cross Site Request Forgery (CSRF)

Type of malicious exploit of a website whereby unauthorized commands are transmitted from a user that the website trusts. Unlike cross-site scripting (XSS), which exploits the trust a user has for a particular site, CSRF exploits the trust that a site has in a user's browse What does CS do to prevent this?
After execution of the login command you will get two session variables JSESSIONID default cookie SESSIONKEY random token that is passed along every API request
http://<API URL>?sessionkey=<SESSIONKEY>&

Simple Single Signon

http://<api_url>?command=login&username=XXX&domainid =NNN&timestamp=YYY&signature=<secure-hash> You do not need to pass in the API Key The four parameters that must be passed in for the login command are domainId, username, timestamp, and signature
security.singlesignon.key

security.singlesignon.tolerance.millis SAML?

Localization
Support for Japanese and Simplified Chinese Takes advantage of the Java ResourceBundle to do localization Simply create a /WEB-INF/classes/resources/messages_<language code>.properties Server side vs Client side processing

Working with the API

Session-based Auth vs API Key Auth

CloudStack supports two ways of authenticating via the API.
Session-based Auth
Uses default Java Servlet cookie based sessions Use the login API to get a JSESSIONID cookie and a SESSIONKEY token All API commands require both cookie and token to authenticate Has a timeout as configured within Tomcat

API Key Auth

Works similarly to AWS API Requires a bit more coding to generate the signature All API commands require a signature hash

SIGNING REQUEST WITH API KEY / SECRET KEY

Step 1: commandString = command name + parameters + api key

URL encode each field-value pair within the commandstring

Step 2: Lower case the entire commandString and sort it alphabetically via the field for each field-value pair. sortedCommandString : apiKey=vmwijj&command=createvolume&diskofferingid=1&name=smallvolume=zoneid=1 Step 3: Take the sortedCommandString and run it through the HMAC SHA-1 hashing algorithm (most programming languages offer a utility method to do this) with the users Secret Key. Base64 encode the resulting byte array in UTF-8 so that it can be safely transmitted via HTTP. The final string produced after Base64 encoding should be SyjAz5bggPk08I1DE34lnH9x%2f4%3D

Asynchronous Commands
Starting with 3.0, in your standard CRUD (Create, Read, Update, Delete) of any first class objects in CloudStack, CUD are automatically asynchronous. R is synchronous. Rather than returning a response object, it will return a job ID. If it is a Create command, it will also return the object ID. With the job ID, you can query the async job status via the queryAsyncJobResult command. The queryAsyncJobResult response will return the following possible job status code: 0 - Job is still in progress. Continue to periodically poll for any status changes. 1 - Job has successfully completed. The job will return any successful response values associated with
command that was originally executed. 2 - Job has failed to complete. Please check the <jobresultcode> tag for failure reason code and <jobresult> for the failure reason.

Response Formats
CloudStack supports two formats as the response to an API call. The default response is XML. If you would like the response to be in JSON, add &response=json to the Command String.

Response Formats (cont.)

Sample XML Response:
<listipaddressesresponse> <allocatedipaddress> <ipaddress>192.168.10.141</ipaddress> <allocated>2009-09-18T13:16:10-0700</allocated> <zoneid>4</zoneid> <zonename>WC</zonename> <issourcenat>true</issourcenat> </allocatedipaddress> </listipaddressesresponse>

Sample JSON Response:

{ "listipaddressesresponse" : { "allocatedipaddress" : [ { "ipaddress" : "192.168.10.141", "allocated" : "2009-09-18T13:16:10-0700", "zoneid" : "4", "zonename" : "WC", "issourcenat" : "true" } ]

Pagination
Using the page and pagesize parameter

page defines the current cursor to the list pagesize defines the number of items per request Pagesize is limited by the administrator Sample: listVirtualMachines&page=1&pagesize=500 listVirtualMachines&page=2&pagesize=500

UI Plugin Framework
Problems today?
Any major customizations require modification of CloudStack UI code. Modifications require deep knowledge of CloudStack UI code. Versioning becomes difficult.

Future Plugin Framework

Creating UI widgets that are re-usable A JS configuration file that will allow partners/developers to specify how to include their UI into the CloudStack UI without having to modify core CloudStack UI code. Example could be left navigation link or possibly new actions. These are TBD.

Apache Community

Why Apache License?

Ecosystem above

Vendors within User adoption

Why Apache Software Foundation?

Best governance
15+ years, 100+ projects 2500+ Developers

The Road to an Apache Top Level Project

April: convert source code to Apache License
April: announce intent to donate

April: proposal for donation; get accepted to Incubator May: donation, mailing lists, enter Incubation
Sept : Apache CloudStack 4.0 release 2012: work in the Apache Way

Graduate to Top Level Project, contingent on: Community involvement Follow legal requirements and Apache standards

Implications for Partners and Customers

CloudStack awareness increased
CloudStack on path to be #1 orchestration software

Apache license provides more options for enhancements More direct influence possible
Better visibility into CloudStack development

Citrix CloudPlatform
Citrix released CloudPlatform 3.0.3 mid June.
Citrix plans to contribute 100% of development back into CloudStack

Monetization remains the same before and after Apache. We expect Apache CloudStack to be 3 months ahead of CloudPlatform
Citrix CloudPlatform will have a release schedule separate from CloudStack and will be determined by business needs.

How to Contribute

Apache Roles
User
A user is someone that uses our software. They contribute to the Apache projects by providing feedback to developers in the form of bug reports and feature suggestions. Users participate in the Apache community by helping other users on mailing lists and user support forums.

Developer
A developer is a user who contributes to a project in the form of code or documentation. They take extra steps to participate in a project, are active on the developer mailing list, participate in discussions, provide patches, documentation, suggestions, and criticism. Developers are also known ascontributors .

Apache Roles (cont.)

Committer
A committer is a developer that was given write access to the code repository and has a signed Contributor License Agreement (CLA) on file. They have an apache.org mail address. Not needing to depend on other people for the patches, they are actually making short-term decisions for the projectDeveloper

PMC Member
A PMC member is a developer or a committer that was elected due to merit for the evolution of the project and demonstration of commitment. They have write access to the code repository, an apache.org mail address, the right to vote for the community-related decisions and the right to propose an active user for committership. The PMC as a whole is the entity that controls the project, nobody else.

Development Environment
Development Machine
Apache Tomcat, version 6.0.33. Set environment variable CATALINA_HOME to point to your apache install directory. Mysql, version 5.1.58 Git, the latest version Java, the latest version Ant, the latest version

Development Environment (cont.)

To setup a Windows environment:
http://wiki.cloudstack.org/display/dev/Setting+up+Cloudstack+dev+environment +on+Windows

To setup a Mac OS environment:

http://wiki.cloudstack.org/display/dev/Setting+up+a+CloudStack+development+ environment+on+Mac+OSX

Development Environment (cont.)

To get the CloudStack source code
git clone https://git-wip-us.apache.org/repos/asf/incubator-cloudstack.git git checkout master

To build CloudStack
ant clean-all build-all deploy-server deploydb

To start the Management Server

ant debug

Demo

CloudStack Developer Mailing List

This is where all CloudStack development discussion are mostly held. All new features should be discussed on this mailing list. If you want to contribute to CloudStack, you are highly encouraged to subscribe to the cloudstack-dev list if you havent done so.
To subscribe, email to cloudstack-dev-subscribe@incubator.apache.org You can also subscribe to the users list (cloudstack-userssubscribe@incubator.apache.org) And to the commit list (cloudstack-commits-subscribe@incubator.apache.org)

How to Contribute
Clone ASF cloudstack repo:
git clone https://git-wip-us.apache.org/repos/asf/incubator-cloudstack.git

Checkout master branch:

git checkout master

Write code, make sure it's properly unit-tested. Unit-tests have to be submitted as a part of the patch

Create the patch for review:

git format-patch -o <dir of patch> --signoff master^

How to Contribute (cont.)

Create Jira ticket (or use existing ticket) and attach the patch:
http://bugs.cloudstack.org/secure/Dashboard.jspa

Submit the patch for review on Reviewboard for repository "cloudstack-git":

https://reviews.apache.org/r/new/

How to Contribute (cont.)

Post on developer mailing list for review. Either the patch will be directly merged into the master branch or a topic branch will be created if its a large feature. If you contribute a lot of good patches to CloudStack, a PMC member may decide to initiate a vote on your behalf to become a full-time committer.

Resources
CloudStack docs and knowledge base:
http://docs.cloudstack.org/ http://wiki.cloudstack.org/

CloudStack architecture review:

http://wiki.cloudstack.org/display/dev/CloudStack+Presentations

CloudStack packages and dependencies:

http://wiki.cloudstack.org/display/dev/CloudStack+Packages+and+Dependencie s

Resources (Cont.)
Exceptions handling in CloudStack:
http://wiki.cloudstack.org/display/dev/Cloudstack+Error+Codes+and+Exception +handling

DB upgrade development for CloudStack:

http://wiki.cloudstack.org/display/dev/DB+upgrade+in+CloudStack

Git workflow and coding standards in CloudStack:

http://wiki.cloudstack.org/display/dev/Git+workflow+in+the+brave+new+world#G itworkflowinthebravenewworld-Creatingpatches

devCloud
What is devCloud?
DevCloud is a VirtualBox image, on which CloudStack management server + Xen hypervisor are installed. CloudStack management server is running on Ubuntu 12.04 dom0, can also add dom0 itself as a Xen hypervisor host and create Linux virtual machines on it. As a developer, you can push your modified CloudStack code into DevCloud, then deploy and run the CloudStack management server in DevCloud. As an user, you can access CloudStack management server running inside DevCloud through web UI, large part of functionality of CloudStack are supported in DevCloud, such as creating VM, taking snapshot, creating template, console proxy, etc. http://wiki.cloudstack.org/display/COMM/DevCloud