Apache CloudStack
Apache CloudStack is an open-source software platform for deploying and managing infrastructure-as-a-service (IaaS) clouds, offering a turnkey, highly available, and scalable solution for public and private cloud environments.[1] As a top-level project under the Apache Software Foundation, it is written in Java and consists of a central management server along with agents that integrate with various hypervisors, including KVM, VMware ESXi, XenServer/XCP-ng, and Hyper-V.[2] Key features include a web-based user interface for administration, a native API for programmatic control, optional compatibility with Amazon S3 and EC2 APIs, multi-tenancy support for secure resource isolation, and management of storage, networking services from Layer 2 to Layer 7, and resource usage accounting.[2][3] Originally developed to orchestrate large-scale virtual machine networks, Apache CloudStack has been adopted by organizations such as AT&T for telecommunications infrastructure, IKOULA for hosting services, and LifeInCloud for virtual desktop solutions, demonstrating its robustness in production environments.[2][4]Overview
Definition and Purpose
Apache CloudStack is an open-source software platform designed as a turnkey, highly available, and scalable infrastructure-as-a-service (IaaS) solution for building and managing public, private, and hybrid cloud environments.[1] It enables organizations to deploy large-scale networks of virtual machines (VMs) and bare-metal servers while providing essential cloud computing capabilities in a unified system.[1] At its core, CloudStack orchestrates the provisioning and management of VMs, storage, and networks across distributed data centers. This is achieved through a central management server that handles all orchestration tasks—such as VM instance provisioning, network configuration, and storage allocation—and communicates with lightweight agents installed on individual host machines to execute these operations efficiently.[5] By abstracting the underlying infrastructure, it supports hypervisor-agnostic environments, including KVM, VMware ESXi, XenServer/XCP-ng, and Hyper-V, allowing seamless integration with diverse hardware setups.[1] Key benefits include its ease of deployment, which can be managed by small teams without extensive expertise, and robust multi-tenancy features that isolate resources for multiple users while optimizing costs and efficiency.[1] End-users benefit from intuitive self-service portals accessible via a web interface, command-line tools, and a RESTful API, enabling straightforward resource requests and management.[1] Additionally, its full native API and compatibility with AWS EC2 and S3 standards support API-driven automation and hybrid cloud integrations, scaling to handle tens of thousands of physical servers across global deployments.[1] In the broader cloud ecosystem, CloudStack serves as an accessible alternative to proprietary platforms like VMware, offering open-source flexibility and cost savings without vendor lock-in, and to complex open-source rivals like OpenStack, emphasizing simplicity in setup and operation for faster time-to-value.[6][7]Licensing and Governance
Apache CloudStack is distributed under the Apache License 2.0, a permissive free software license that permits users to freely use, modify, and distribute the software for any purpose, including commercial applications, while requiring attribution and protection against patent litigation through explicit patent grants from contributors.[8] This licensing model ensures broad accessibility and encourages widespread adoption by minimizing legal barriers associated with intellectual property.[1] The project's licensing evolved from its proprietary origins under Cloud.com, which was acquired by Citrix in 2011, to full open-source status in April 2012, when Citrix re-licensed CloudStack 3.0 under the Apache License 2.0 and donated it to the Apache Software Foundation, promoting vendor-neutral development and community-driven innovation.[9] Following its entry into the Apache Incubator, CloudStack graduated to become a top-level Apache project in March 2013.[10] Governance of Apache CloudStack is handled by the Apache Software Foundation as a top-level project, with a Project Management Committee (PMC) responsible for overseeing the codebase, release processes, code reviews, resource allocation, and adherence to community guidelines.[11] The PMC operates under the Apache Way, emphasizing principles of transparency, consensus-building, respect, meritocracy, and non-affiliation with any single vendor.[11] Contributions to the project are facilitated through the Apache CloudStack GitHub repository, where developers submit patches, issues, and pull requests for review and integration.[12] All committers are required to sign an Individual Contributor License Agreement (ICLA) to clear intellectual property rights and ensure the project's copyright is held by the Apache Software Foundation.[11] The community upholds a code of conduct aligned with the Apache Way's focus on respectful collaboration, while promotion to committer status is merit-based, granted via PMC invitation and lazy consensus approval for individuals demonstrating sustained, valuable contributions.[11]History
Origins and Early Development
Apache CloudStack originated in 2008 as a project of VMOps, a startup founded to develop cloud management software aimed at simplifying the orchestration of virtualized infrastructure.[9] The company focused on creating a scalable platform for deploying and managing private and public clouds, drawing from the growing demand for Infrastructure as a Service (IaaS) solutions during the early cloud computing era.[13] In 2009, VMOps rebranded to Cloud.com to better reflect its cloud-centric mission, and by May 2010, it released the initial version of CloudStack as open-source software under the GNU General Public License version 3 (GPLv3).[9] This release included the core orchestration engine, which automated resource provisioning, scaling, and management across distributed environments, marking a significant step toward community-driven development.[13] By this time, CloudStack had evolved to support multiple hypervisors, including XenServer, KVM, and VMware vSphere, enabling heterogeneous deployments in enterprise settings.[14] Cloud.com's growth attracted attention, leading to its acquisition by Citrix Systems in July 2011 for approximately $200 million.[15] The deal integrated CloudStack into Citrix's virtualization portfolio, enhancing its XenServer offerings and positioning the platform as a key component for hybrid cloud strategies.[16] Following the acquisition, Citrix released additional CloudStack source code in August 2011 under GPLv3, further expanding its open-source footprint. A primary motivation for Citrix's open-sourcing efforts was to build a robust community around a production-ready platform, directly competing with emerging alternatives like OpenStack by leveraging CloudStack's maturity and multi-hypervisor compatibility.[17] In April 2012, Citrix re-licensed the project to the Apache License v2.0 and donated it to the Apache Software Foundation to accelerate its evolution under neutral governance.[9]Major Releases and Milestones
Apache CloudStack entered the Apache Incubator on April 16, 2012, marking the beginning of its open-source evolution under Apache governance.[9] The project's first incubating release, version 4.0.0-incubating, arrived on November 6, 2012, incorporating foundational improvements in orchestration and management capabilities developed over the prior months.[18] On March 20, 2013, CloudStack graduated from the Incubator to become a top-level Apache project, signifying community maturity and stability.[9] This milestone coincided with the release of the first stable version, 4.0.2, on April 24, 2013, which addressed initial bugs and enhanced reliability for production deployments.[19] The project has since adopted a release cadence featuring biannual regular releases alongside long-term support (LTS) versions, with LTS branches receiving bug and security fixes for 18 months.[20] For instance, the regular release 4.21.0.0 was issued on August 28, 2025, introducing advancements in orchestration and hardware support, while the LTS 4.20 series culminated in 4.20.2.0 on October 24, 2025.[21][22] Key milestones underscore the platform's growth in scalability and integration. Early versions, starting with 4.0, included KVM hypervisor support, enabling efficient virtualization on Linux hosts and addressing performance gaps in diverse environments. The 4.6 release on December 2, 2015, introduced multi-site federation capabilities, allowing seamless management across geographically distributed zones to improve disaster recovery and load balancing.[23] Version 4.19, released February 6, 2024, added ARM64 architecture support, broadening compatibility with energy-efficient hardware and tackling scalability for edge computing.[24] The most recent LTS release, 4.22.0.0 on November 11, 2025, enhanced Kubernetes integration via the CloudStack Kubernetes Service, facilitating dynamic provisioning and container-native workflows to bridge traditional IaaS with modern orchestration needs.[25][26] These releases have progressively resolved scalability challenges through optimized resource allocation, bolstered security with vulnerability patches, and closed integration gaps for hybrid environments; for example, the 4.20.2.0 update incorporated over 150 fixes, including VNC console performance enhancements and multi-architecture refinements.[22]Core Features
Resource Management and Orchestration
Apache CloudStack's orchestration engine is primarily handled by the management server, which coordinates the full lifecycle of virtual machines (VMs), including creation, starting, stopping, and migration. During VM creation, the management server uses thedeployVirtualMachine API or the user interface (UI) to allocate resources such as compute offerings, networks, and storage volumes based on user specifications and available capacity across zones, pods, clusters, or specific hosts.[27] For starting and stopping, it invokes APIs like startVirtualMachine and stopVirtualMachine, sending ACPI signals for graceful operations and managing state transitions to ensure resource deallocation or reconfiguration without disruption.[27] Migration is supported through the migrateVirtualMachine API or UI for live or cold transfers to compatible hosts, preserving VM uptime where possible and integrating with hypervisors for seamless execution. As of Apache CloudStack 4.22.0.0, direct volume migrations bypass secondary storage for improved efficiency.[27][28] This orchestration layer enables administrators and users to automate and monitor VM operations via a feature-rich UI built on the underlying APIs.[3]
Resource pooling in CloudStack organizes infrastructure hierarchically to facilitate logical grouping, efficient allocation, and high availability. A zone represents the largest unit, typically a data center or geographic region, aggregating resources for fault isolation and scalability.[29] Within a zone, pods subdivide resources into rack-level groupings, enabling localized management and failover.[29] Clusters further organize hosts with shared storage and compatible hypervisors within a pod, supporting features like live migration for high availability.[29] Individual hosts, as physical servers, provide the compute foundation, with the management server distributing VMs across these layers to balance load and ensure redundancy.[29] This structure allows for elastic resource provisioning while minimizing single points of failure.
Automation in CloudStack streamlines VM deployment and scaling through templates, ISOs, auto-scaling groups, and usage metering. Templates are pre-configured virtual disk images containing operating systems and applications, uploaded via HTTP or created from snapshots, enabling rapid, consistent VM instantiation across public or private scopes.[30] ISOs serve as bootable or non-bootable installation media, attachable to VMs for software setup without hypervisor specificity.[30] Auto-scaling groups automatically adjust VM counts based on policies monitoring metrics like CPU utilization or load balancer traffic, using the virtual router for integration; users define minimum and maximum instances, quiet periods, and conditions (e.g., greater than 70% CPU for scale-up) to optimize performance and costs.[31] Usage metering generates records via an optional server for billing, capturing data on VM runtime, network usage, IP allocations, and storage in formats like hours or bytes, aggregated daily and accessible through the listUsageRecords API.[32]
Multi-tenancy is enforced through role-based access control (RBAC) and project isolation to support service providers and shared environments. RBAC assigns predefined or custom roles (e.g., domain admin, user) with granular permissions on APIs and resources, evaluated via allow/deny rules for secure operations within accounts or domains.[33] Accounts group users and resources, isolating them from other accounts while allowing intra-account sharing, with domains providing hierarchical organization for enterprises.[33] Projects enable temporary, isolated resource pools within domains, dedicating zones or hosts explicitly or implicitly to prevent cross-tenant interference and ensure compliance.[33]
The API ecosystem features RESTful endpoints for programmatic orchestration, supporting integrations like Terraform for infrastructure as code. Users can script VM lifecycle operations, such as deploying instances or managing auto-scaling, using the official CloudStack Terraform provider, which maps resources like cloudstack_instance to declarative configurations for automated provisioning.[34][35] This enables seamless chaining with tools for hybrid cloud workflows, with comprehensive API documentation covering root admin, domain admin, and user scopes.[34]
As of version 4.22.0.0, enhancements include persistent domains for unmanaged KVM instances and default enabling of KVM volume and VM snapshots, improving orchestration flexibility. Enhanced backup and disaster recovery features, along with snapshot/backup schedule listing and support for user data on system VMs, further streamline management.[28]
Networking and Storage Capabilities
Apache CloudStack provides robust networking capabilities through its support for both isolated and shared virtual networks, enabling flexible isolation and multi-tenancy in cloud environments. Isolated networks are accessible only by instances within a single account, utilizing dynamic VLAN allocation for traffic separation and allowing one network offering per network, which can be upgraded or downgraded as needed.[36] In contrast, shared networks permit access by multiple accounts and employ security groups for isolation, particularly in basic or advanced zones with security groups enabled, with VLANs explicitly specified by root administrators.[36] These models support advanced zone configurations where guest traffic can be routed through virtual appliances or external providers. Virtual routers in CloudStack serve as key components for network services, handling Network Address Translation (NAT), firewall rules, and traffic management on isolated networks. They enable features such as source NAT, static NAT, port forwarding, and remote access VPN connectivity, allowing secure external access to internal resources.[36] For load balancing, virtual routers or integrated appliances like Citrix NetScaler can distribute traffic across instances, with options for shared or dedicated isolation to optimize performance and scalability. As of 4.22.0.0, SSL offloading for load balancers is supported to enhance security and performance.[36][28] Port forwarding rules further enhance accessibility by mapping external ports to internal virtual machine services, processed through the virtual router.[36] CloudStack integrates with Software-Defined Networking (SDN) solutions, including its native Open vSwitch (OVS) plugin, which implements isolated guest networks using GRE tunneling for efficient overlay networking.[37] This allows CloudStack to configure OVS bridges and tunnels dynamically as virtual machines are deployed. Virtual Private Clouds (VPCs) extend these capabilities by providing private, isolated network segments with tiered structures, including private gateways and dedicated virtual routers.[36] Security is reinforced through Network Access Control Lists (ACLs) on isolated networks and VPCs, where rules are evaluated in priority order to permit or deny traffic, and security groups on shared networks, which define ingress and egress policies at the instance level.[36] As of 4.22.0.0, support for shared filesystem on networks with config drive improves integration.[28] On the storage front, CloudStack distinguishes between primary and secondary storage to manage virtual machine data effectively. Primary storage hosts the root and data disks for running virtual machines and can be configured as local (direct-attached) for high-performance access or shared across hosts via protocols like NFS, iSCSI, or Fiber Channel, supporting multiple pools per cluster for redundancy and scalability.[38] Allocation can be static (preallocated space) or dynamic (managed by plugins), with hypervisor-specific support such as Ceph RBD for KVM or VMFS for VMware. Secondary storage, typically mounted via NFS, stores virtual machine templates, ISO images, and snapshots, enabling easy migration between stores and read-only operations for consistency.[38] Tiered storage policies in CloudStack allow administrators to apply storage tags—such as "SSD" for fast tiers or "slow" for archival—to match disk offerings with appropriate hardware, optimizing cost and performance without manual intervention.[38] Integrations extend through plugins for distributed storage systems like Ceph (via RBD for KVM), alongside standard NFS and iSCSI for broad compatibility, and PowerFlex/ScaleIO for advanced block storage. Object storage is supported via S3-compatible APIs, facilitating scalable, unstructured data management integrated with secondary storage functions.[38] Security features include encryption at rest, implemented through solutions like LINSTOR for KVM environments, ensuring data protection on primary and secondary stores.[38] As of version 4.22.0.0, the CloudStack CSI (Container Storage Interface) driver supports integration with Kubernetes (CKS), stronger SHA-512 checksum algorithms for data integrity, and XZ compression format for template registration with KVM, enhancing storage capabilities.[28]Architecture
Key Components
Apache CloudStack's architecture is built around several core components that enable the orchestration and management of cloud resources. These include the management server, agents running on hosts, a persistent database, and various user interfaces, which collectively handle everything from API processing to resource execution and monitoring. The system is designed for scalability and reliability, with components interacting through defined protocols to ensure seamless operation across distributed environments.[39] The management server serves as the central orchestrator in CloudStack, implemented as a Java-based application requiring Java 17 JRE. It processes API requests from users and administrators, interacts with the underlying database to retrieve and update cloud state, and communicates with agents on physical hosts to execute operations such as virtual machine provisioning or resource allocation. For high availability, multiple management servers can be clustered behind a load balancer, allowing failover and distributed processing to handle large-scale deployments without single points of failure.[40][40] Agents are lightweight software processes deployed on compute hosts, particularly for hypervisors like KVM, where they monitor host status, execute commands from the management server, and report back on resource utilization and events. For other hypervisors such as VMware or Xen, CloudStack leverages native APIs rather than dedicated agents, but the principle remains the same: facilitating direct interaction between the management layer and physical infrastructure. Additionally, the usage server acts as a specialized component for metering, collecting data from the events log to generate summary records of resource consumption, which supports billing and reporting without requiring separate probes on every host.[5][41] The database provides the foundational persistence layer for CloudStack, utilizing MySQL 8.0 as its backend to store configurations, user accounts, resource states, and operational metadata. This ensures consistent state management across the system, with tunable parameters like connection limits and lock timeouts optimized for multi-server environments. To enhance redundancy, MySQL can be configured with binary logging and replication, allowing data synchronization across multiple nodes to prevent loss during failures.[42] User interfaces in CloudStack offer accessible entry points for interaction, centered on a web-based UI that provides role-based dashboards for administrators to manage infrastructure and for end-users to provision resources like virtual machines and storage volumes. The UI is built with AJAX for responsiveness, supports branding customization via HTML, CSS, and jQuery, and includes secure console access through noVNC for browser-based VM interaction. Complementing this are command-line tools and a comprehensive RESTful API for automation and integration, though official mobile applications are not provided.[3] Component interactions follow a orchestrated flow, exemplified by virtual machine deployment: a user submits a request via the API or web UI, which the management server validates against policies and availability before querying the database for suitable resources; it then instructs the appropriate host agent (or hypervisor API) to provision the VM on primary storage and attach it to the network, updating the database with the new state upon completion. This sequence ensures atomic operations and real-time synchronization, with clustering enabling horizontal scaling of management servers for larger deployments.[39][5]Deployment Models
Apache CloudStack supports various deployment models tailored to the scale, redundancy needs, and operational requirements of the infrastructure. The choice of model depends on factors such as the number of hosts, expected workload, and availability demands, with options ranging from simple setups for testing to highly resilient configurations for enterprise environments. Apache CloudStack 4.22.0.0, released on November 11, 2025, is the latest version as of November 2025.[25] In a small-scale deployment, a single management server directly connects to hosts via the management network, making it ideal for testing, proof-of-concept, or small production environments with fewer than 10 hosts. This setup typically includes a layer-2 switch connecting the management server, hosts, and a single NFS server that serves both primary and secondary storage. External access is provided through a firewall in NAT mode, which forwards HTTP and API requests to the management server while isolating the internal network. Such configurations minimize hardware and complexity but lack built-in redundancy, so they are not recommended for mission-critical applications. For large-scale redundant deployments, multiple management servers are clustered behind load balancers to ensure high availability, supporting hundreds or thousands of hosts across multiple pods and zones. The database uses MySQL replication for failover, with a primary instance and synchronous or asynchronous replicas, often incorporating geo-redundancy by placing replicas in separate data centers. Networking employs layer-3 switches with VRRP for gateway redundancy, while each pod features redundant layer-2 access switches and hosts with multiple NICs for management, guest, and optional storage traffic. Secondary storage is mounted on the management network, and best practices recommend separating storage traffic on dedicated 10 Gbps networks with NIC bonding to handle high I/O demands. This model provides fault tolerance against single points of failure, such as management server outages or database issues. Advanced multi-site federation extends the large-scale model by linking multiple zones across geographic regions, enabling global cloud operations and disaster recovery. A primary management server in one data center manages the zones, with database replication to a secondary site for failover; in the event of a primary site failure, the secondary can assume control. Zones can operate independently or in federation, allowing workload migration and data replication for business continuity. This topology supports shared storage via NFS or iSCSI with bonded NICs and is particularly useful for service providers offering multi-region services, though it requires careful configuration of network latency and security between sites. The installation process begins with preparing the environment on supported operating systems such as RHEL 8+ or Ubuntu 22.04+, using RPM or DEB packages downloaded from the official Apache repository. Prerequisites include a MySQL-compatible database (version 8.0 or equivalent compatible DBMS), Java 17 JRE for the management server, and sufficient hardware. The management server is installed first, followed by database setup and configuration of zones, pods, clusters, hosts, and storage through the UI or API. The CloudStack Kubernetes Service (CKS) plugin, available since version 4.14 with enhancements in later versions, enables deployment and management of Kubernetes clusters directly within CloudStack environments, supporting Kubernetes versions 1.33 and later (as of 4.22) with automated provisioning of control planes and worker nodes.[43] Post-installation, the system is tested by deploying sample instances to verify functionality.[44][45] Best practices for deployment emphasize hardware sizing, with the management server requiring at least 4 GB RAM (8 GB recommended for production to handle API loads) and 250 GB disk space, while hosts need 64-bit CPUs with virtualization support and at least 4 GB RAM. Security hardening involves configuring firewalls to restrict access (e.g., management traffic only from known IPs), enabling TLS for API endpoints, using strong database credentials, and regularly applying patches to hypervisors and the OS. For upgrades, CloudStack supports paths from previous LTS versions like 4.20 or 4.21 by backing up the database, updating packages via yum/apt, running the upgrade script, and re-registering system VM templates if needed; major version jumps (e.g., 4.18 to 4.22) require intermediate steps to avoid compatibility issues. Monitoring tools should track resource utilization, with primary storage limited to 6 TB per pool to maintain performance.[44][46]Supported Technologies
Hypervisors
Apache CloudStack supports multiple hypervisors to enable flexible virtualization for guest virtual machines (VMs), allowing administrators to choose based on performance, cost, and ecosystem needs. The platform integrates with these hypervisors through its agent architecture, which handles provisioning, monitoring, and management tasks. Primary supported hypervisors include KVM, VMware vSphere, and XenServer/XCP-ng, with limited support for Microsoft Hyper-V. Additionally, LXC is supported, and Proxmox VE is available via a built-in extension since version 4.21.[47][48] KVM, an open-source type-1 hypervisor integrated into the Linux kernel, serves as the default choice for many CloudStack deployments due to its cost-effectiveness and robust feature set. It provides full support for live migration of running VMs between hosts within a cluster, minimizing downtime during maintenance or load balancing. Additionally, KVM enables GPU passthrough via libvirt's PCI passthrough mechanism, allowing direct assignment of physical GPUs to VMs for compute-intensive workloads, as well as support for vGPU profiles depending on the hardware vendor. For CloudStack 4.22, KVM requires host operating systems such as Ubuntu 22.04 LTS or 24.04 LTS, Oracle Linux 8 or later, Rocky Linux 8 or later, or equivalent distributions with QEMU/KVM versions aligned to kernel 5.15 or higher for optimal compatibility.[27][47] VMware vSphere integration occurs through vCenter Server managing ESXi hosts, offering enterprise-grade virtualization with seamless compatibility up to ESXi 8.0. CloudStack leverages vSphere's vMotion for live VM migrations across hosts or even clusters, supporting both shared and local storage scenarios to maintain service continuity. This setup is ideal for environments requiring advanced clustering and high availability features. Supported versions include vSphere 7.0 (with updates up to 7.0.3) and 8.0 (including updates up to U3), with guest OS identification defaulting to generic 64-bit profiles for unlisted variants. Performance considerations include ensuring vCenter clusters are properly licensed, as CloudStack relies on vSphere APIs for operations like VM powering and snapshotting.[38][27][47] XenServer (now Citrix Hypervisor) and its open-source fork XCP-ng provide type-1 hypervisor capabilities with XAPI for management, emphasizing efficiency in large-scale deployments. CloudStack supports storage XenMotion for live migrations of VM disks between hosts, enabling zero-downtime moves in shared storage environments. These hypervisors require high availability (HA) enabled on the pool master for failover recovery. Compatible versions for CloudStack 4.22 include XCP-ng 8.2.0 and 8.3.0, as well as Citrix Hypervisor 8.2 and 8.4, though custom storage adapters may be needed for older or specific setups.[38][47] Microsoft Hyper-V offers limited integration for Windows-centric environments, focusing on basic VM provisioning and management without recent extensive testing. It supports Windows Server 2012 R2 with the Hyper-V role, using SMB/CIFS for storage access. Features like live migration are available but constrained compared to other hypervisors, and CloudStack treats Hyper-V hosts as a distinct cluster type. Administrators should verify compatibility through official installation guides, as support is not as mature and may require additional configuration for networking.[49][47][48] CloudStack enables multi-hypervisor environments by allowing zones to contain multiple clusters, each dedicated to a single hypervisor type for homogeneity, thus supporting mixed setups like KVM alongside VMware within the same cloud. This facilitates gradual migrations or hybrid deployments without full infrastructure overhauls. Compatibility notes emphasize version alignment; for instance, CloudStack 4.22 requires KVM on kernel 5.15+ and deprecates older hypervisor versions like vSphere 6.7 or XenServer 8.1 to ensure security and performance. Switching hypervisors mid-deployment typically involves creating new clusters, as existing ones are hypervisor-specific, potentially incurring downtime for VM relocations. Performance varies by hypervisor—KVM often excels in open-source cost models, while VMware provides superior tooling integration—but all benefit from shared storage for migrations.[50][51][47]Bare Metal Provisioning
Apache CloudStack supports bare metal provisioning to enable the management and deployment of operating systems directly on physical servers without a virtualization layer, treating them as a specialized hypervisor type via IPMI integration. This capability allows administrators to add bare metal hosts to clusters in basic zones, where the platform handles power control, booting, and OS installation through PXE-based mechanisms.[48] The bare metal agent, such as thecloudstack-baremetal-agent package, is a specialized component installed on the physical host post-provisioning to enable advanced features like security group enforcement and communication with the CloudStack management server. This agent facilitates ongoing management tasks, including status reporting and network rule application, ensuring the bare metal instance integrates seamlessly with CloudStack's orchestration layer.[52]
The provisioning workflow involves adding a bare metal host to CloudStack using its MAC address, IP details, and IPMI credentials for out-of-band management. CloudStack can configure PXE and DHCP services to boot from selected templates. Upon request, the system uses IPMI to power on the host and initiate OS installation. Hardware profiling through host tags matches resource capabilities like CPU and memory, defined in service offerings adapted for physical hardware. Custom OS images are supported via templates for compatible Linux distributions.[48][53]
As of version 4.22 (released November 10, 2025), bare metal provisioning includes native integration with Canonical Metal-as-a-Service (MaaS), enhancing provisioning and management of physical servers.[54]
Common use cases for bare metal provisioning include high-performance computing workloads like Hadoop or Spark clusters that require direct hardware access, edge deployments where low-latency processing is critical, and hybrid environments combining bare metal for database tiers with virtual machines for scalable application layers. These scenarios leverage the ability to provision physical servers as straightforwardly as VMs, supporting multi-tenant isolation in mixed setups.[55]
Limitations include the absence of high availability features, live migration, multi-NIC support, and integration with advanced storage abstractions on bare metal hosts, as well as restrictions to basic zones without full zone-level redundancy. Extensions address hardware vendor compatibility through plugins, such as those for switches to automate VLAN programming. Bare metal provisioning has been available since early versions, with significant enhancements in 4.20 and further improvements including MaaS in 4.22.[48]
For security, CloudStack enforces role-based access control (RBAC) to isolate bare metal resources, preventing tenant interference by assigning specific roles that limit access to power operations, provisioning, and network configurations on physical hosts. This ensures multi-tenancy without compromising the isolation provided by VLAN-based networking.[55]