The recently announced beta release of OpenNebula 3.0 includes a new OpenNebula Zones component that brings support for building multi-tier cloud architectures consisting of multiple OpenNebula instances (zones) and for defining Virtual Data Centers (VDCs) within each zone. In this article we elaborate on the VDC functionality that is helping many IT organizations make the transition toward the next generation of cloud infrastructures running multiple fully-isolated Virtual Data Centers. This article presents an overview of the VDC model, the VDC support available in OpenNebula 3.0, and some examples of deployment scenarios.

What Is a VDC?

A Virtual Data Center is a fully-isolated virtual infrastructure environment where a group of users, under the control of the VDC administrator, can create and manage compute, storage and networking capacity. VDCs are a powerful instrument to compartmentalize a cloud infrastructure and to support organizational isolation with advanced multi-tenancy. The cloud administrator creates a VDC by assigning a group of users to a group of physical resources and by granting at least one of the users, the VDC administrator, with privileges to manage all virtual resources in the VDC. The users in the VDC, including the VDC administrator, only see the virtual resources and not the underlying physical infrastructure. The physical resources allocated by the cloud administrator to the VDC can be shared among other VDCs or completely dedicated to the VDC, providing isolation at the physical level too.

A powerful ACL system behind OpenNebula’s VDCs allows different authorization scenarios. The privileges of the VDC users and the administrator regarding the operations over the virtual resources created by the rest of users can be configured. In a typical scenario the VDC administrator can create virtual networks, upload and create images and templates, and monitor other users virtual resources, while the users can only instantiate virtual machines and virtual networks to create their services. The administrators of the VDC have full control over resources and can also create new users in the VDC.

Users can then access their VDCs through any of the existing OpenNebula interfaces, such as the CLI, SunStone, OCA, or the OCCI and AWS APIs. VDC administrators can manage their VDCs through the CLI or new tabs in SunStone. Cloud Administrators can manage the VDCs through a new CLI or the new SunStone Zones.

VDCs have three categories of users:

  • Cloud administrator/s with full control over the cloud deployment including the creation and management of VDCs
  • VDC administrator/s with full control over the virtual resources within their VDCs including the creation of users in their VDCs
  • Regular users that can access their VDCs to manage their virtual resources

Examples of Enterprise Use Cases of VDCs

VDCs, and the underlying ACL system, can support many common enterprise use cases in large cloud computing deployments, for example:

  • On-premise Private Clouds Serving Multiple Projects, Departments, Units or Organizations. On-premise private clouds in large organizations require powerful and flexible mechanisms to manage the access privileges to the virtual and physical infrastructure and to dynamically allocate the available resources. In these scenarios, the cloud administrator would create a VDC for each Department, dynamically allocation physical hosts according to their needs, and delegating the internal administration of the VDC to the Department IT administrator.
  • Cloud Providers Offering Virtual Private Cloud Computing. There is a growing number of cloud providers, especially Telecom Operators, that are offering Virtual Private Cloud environments to extend the Private Clouds of their customers over virtual private networks, thus offering a more reliable and secure alternative to traditional Public Cloud providers. In this new cloud offering scenario, the cloud provider provides customers with a fully-configurable and isolated VDC where they have full control and capacity to administer its users and resources. This combines a public cloud with the protection and control usually seen in a personal private cloud system. Users can themselves create and configure servers via the SunStone portal or any of the supported cloud APIs. The total amount of physical resources allocated to the virtual private cloud can also be adjusted.

Are You Ready to Try the New OpenNebula Zones?

OpenNebula 3.0 is a fully open-source technology. You have the software, the guides and our support to deploy your cloud infrastructure with multiple VDC environments.

OpenNebula, the open-source cloud project  managed by C12G Labs, is pleased to announce the availability of the first beta release of OpenNebula 3.0. This beta release is targeted at testers and users that would like to check the exciting new features that have been developed to meet the needs of our most demanding users. The third major release of OpenNebula brings the following unique key features in cloud computing management:

  • Multi-tenancy. New advanced group and user account management tools to create isolated compartments within the same cloud and a new powerful Access Control List authorization system to implement multiple sharing scenarios with role management and fine grain permission control.
  • Networking. A new easily adaptable and customizable networking system that supports Open vSwitch and VLAN tagging (IEEE 802.1Q) and enables the configuration of firewalls for VMs.
  • VM Management. A new component for the management of VM Templates that can now be stored, shared and instantiated multiple times without the need for storing the VM template files.
  • Accounting and Monitoring. A new component to generate accounting reports and to simplify the integration with billing tools.
  • VM Image Management. The VM Image Repository is now handled with its own manager component and a scriptable set of drivers to easily tune its operations.
  • SunStone Web Portal. An enhanced SunStone portal that now provides usage graphics and statistics with cloudwatch-like functionality, VNC support, and different system views for different roles. Moreover a new plugin support to easily extend SunStone with additional tabs to better integrate Cloud and VM management with each site’s own operations and tools.
  • Massively Scalable Multi-tier Architectures. The new OpenNebula Zones component (oZones) allows for the centralized management of multiple instances of OpenNebula (zones) that could be hosted in different geographical locations. Several of our users are running tens of thousands of VMs per zone.
  • Virtual Datacenters. Each OpenNebula Zone can be effectively shared through the Virtual Data Center (VDC) abstraction. A VDC is a set of virtual resources (images, VM templates, virtual networks and virtual machines) and users that use and control those virtual resources.

OpenNebula 3.0 uses a new database schema with a new tool to upgrade from previous OpenNebula versions. The new internal database schema greatly improves the flexibility of the code with no performance cost. There are lots of other minor features, like improvements in the libvirt driver to include additional parameters, or the ability to edit resource templates (hosts, images or VM templates). The final version of OpenNebula 3.0 will also bring new external authentication drivers (SSH, LDAP, and X509), an accounting CLI, and quota management.

We have incorporated these features based upon the great feedback we received from our ever-growing community. With this new release, OpenNebula continues to fulfill the promise of building a state-of-the-art open source toolkit that also addresses the scalability, flexibility and security requirements of large-scale production deployments. The OpenNebula project would like to thank the community for their effort and valuable contributions that made possible this release. OpenNebula is fully open-source technology  released under the Apache 2.0 license.

Relevant Links

Here is our newsletter for July 2011, summarizing news from the previous month that you may have missed on our blog and Twitter feed.


We released OpenNebula 2.2.1, a maintenance release intended to fix a security issue found in the cloud servers (OCCI and econe).


Rodrigue Chakode contributed a new ecosystem component, SVMSched, a tool designed to enable on-demand SaaS clouds on virtual infrastructures managed with OpenNebula.

The OpenNebula project joined the Open Virtualization Alliance, a consortium committed to fostering the adoption of open virtualization technologies including Kernel-based Virtual Machine (KVM).

The openSUSE wiki includes a detailed guide on how to create a private cloud with openSUSE and OpenNebula

The StratusLab project released StratusLab 1.0, which included OpenNebula 2.2


At the workshop Towards a Cloud Computing Strategy for Europe: Matching Supply and Demand (part of the 1st Digital Agenda Assembly), Ignacio M. Llorente gave a presentation highlighting OpenNebula as a European success story in cloud computing research and innovation.

We held our second OpenNebula IRC session. The log is available here.

Finally, don’t forget member of the OpenNebula team will be participating in a variety of upcoming events.

About July 2011

The OpenNebula team continues to work hard on releasing a first beta of the new OpenNebula 3.0. Stay tuned!