Overview of Apache CloudStack Architecture, Advanced Networking, and Comparison with OpenStack and ZStack

In 2011 the rise of OpenStack spurred Citrix to acquire CloudStack and donate it to the Apache Foundation, later re‑joining the OpenStack Foundation in 2015 and selling the CloudStack business in 2016; the article now focuses on the technical aspects of CloudStack.

What is CloudStack? CloudStack is an open‑source cloud computing platform offering high availability and scalability. It supports major hypervisors such as KVM, XenServer, VMware, Oracle VM and Xen, and enables rapid deployment of public or private IaaS clouds using existing infrastructure.

CloudStack Conceptual Architecture consists of Zones (data centers), Pods (racks), Clusters (groups of hosts), and Hosts (physical machines). Primary storage is attached to clusters, while secondary storage is attached to zones. Templates, ISO images, and volume snapshots provide the necessary VM images and data protection.

Primary storage: Provides disk volumes for VMs within a cluster.

Secondary storage: Stores templates, ISO images and snapshots at the zone level.

Template: OS image plus pre‑installed applications.

ISO image: Bootable OS or installation media.

Volume snapshot: Stored copy of VM data for recovery or new template creation.

Software Architecture is illustrated by the following diagram (image retained).

Integration with Hypervisors – CloudStack can be deployed with KVM (each KVM host runs an agent) or with vSphere (requiring a vCenter Server). Corresponding deployment diagrams are shown below.

Supported Storage Types vary by hypervisor and include NFS, iSCSI, Fibre Channel and local disks, as depicted in the accompanying diagram.

CloudStack API offers web services based on REST, supporting POST/GET requests and returning XML or JSON. It distinguishes between root admin, domain admin and regular users.

Comparison with OpenStack is illustrated in the following figure.

Advanced Network Architecture – CloudStack offers Basic and Advanced zones. Basic uses Security Groups (L3 isolation), while Advanced uses VLANs (L2 isolation) and defines four traffic types: Public, Guest, Management, and Storage networks.

The Virtual Router in an Advanced zone provides NAT, static NAT, DHCP, DNS, load balancing, port forwarding and firewall services, acting as the gateway between tenant private networks and the Internet.

When a zone is created, a Virtual Router and a Guest network (e.g., CIDR 10.1.1.0/24) are provisioned automatically; each tenant can create additional private networks, each with its own Virtual Router.

Virtual Router functions include NAT for outbound traffic, static NAT for inbound access, load balancing across multiple VMs, port forwarding, and firewall rules that block inbound traffic by default.

Static NAT: Binds a public IP to a single VM.

Load Balancing: Distributes traffic to a pool of VMs.

Port Forwarding: Maps a public IP/port to a specific VM/port.

Firewalls: Controls inbound/outbound traffic per protocol and port.

ZStack Introduction – ZStack is a 2015‑released open‑source IaaS solution, originally developed by former CloudStack core contributors. It features an asynchronous micro‑service architecture, consistent hashing, high‑concurrency API handling, and simplified deployment.

ZStack 0.8.0 currently supports KVM only. Storage mirrors CloudStack with Primary (NFS, iSCSI, future Ceph RBD) and Backup (SFTP) storage. It uses Btrfs to expose raw block devices via iSCSI, enabling fast snapshots and clones.

Network-wise, ZStack supports EC2‑style elastic networks, flat networks, multi‑tier networks and security groups, with plans for VPC. It implements both non‑isolated and VLAN‑isolated models, with future support for VXLAN.

Overall, the article serves as a detailed technical guide to CloudStack’s architecture, networking, API, and its relationship to other IaaS platforms such as OpenStack and ZStack.