source/locale/pot/networking_and_traffic.pot

# SOME DESCRIPTIVE TITLE.
# Copyright (C) 2016, Apache Software Foundation
# This file is distributed under the same license as the Apache CloudStack Administration Documentation package.
# FIRST AUTHOR <EMAIL@ADDRESS>, YEAR.
#
#, fuzzy
msgid ""
msgstr ""
"Project-Id-Version: Apache CloudStack Administration Documentation 4.8\n"
"Report-Msgid-Bugs-To: \n"
"POT-Creation-Date: 2016-08-22 13:55+0200\n"
"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
"Language-Team: LANGUAGE <LL@li.org>\n"
"MIME-Version: 1.0\n"
"Content-Type: text/plain; charset=UTF-8\n"
"Content-Transfer-Encoding: 8bit\n"

#: ../../networking_and_traffic.rst:18
msgid "Managing Networks and Traffic"
msgstr ""

#: ../../networking_and_traffic.rst:20
msgid "In a CloudStack, guest VMs can communicate with each other using shared infrastructure with the security and user perception that the guests have a private LAN. The CloudStack virtual router is the main component providing networking features for guest traffic."
msgstr ""

#: ../../networking/guest_traffic.rst:18
msgid "Guest Traffic"
msgstr ""

#: ../../networking/guest_traffic.rst:20
msgid "A network can carry guest traffic only between VMs within one zone. Virtual machines in different zones cannot communicate with each other using their IP addresses; they must communicate with each other by routing through a public IP address."
msgstr ""

#: ../../networking/guest_traffic.rst:25
msgid "See a typical guest traffic setup given below:"
msgstr ""

#: ../../networking/guest_traffic.rst:27
msgid "|guest-traffic-setup.png|"
msgstr ""

#: ../../networking/guest_traffic.rst:29
msgid "Typically, the Management Server automatically creates a virtual router for each network. A virtual router is a special virtual machine that runs on the hosts. Each virtual router in an isolated network has three network interfaces. If multiple public VLAN is used, the router will have multiple public interfaces. Its eth0 interface serves as the gateway for the guest traffic and has the IP address of 10.1.1.1. Its eth1 interface is used by the system to configure the virtual router. Its eth2 interface is assigned a public IP address for public traffic. If multiple public VLAN is used, the router will have multiple public interfaces."
msgstr ""

#: ../../networking/guest_traffic.rst:40
msgid "The virtual router provides DHCP and will automatically assign an IP address for each guest VM within the IP range assigned for the network. The user can manually reconfigure guest VMs to assume different IP addresses."
msgstr ""

#: ../../networking/guest_traffic.rst:45
msgid "Source NAT is automatically configured in the virtual router to forward outbound traffic for all guest VMs"
msgstr ""

#: ../../networking/networking_in_pod.rst:18
msgid "Networking in a Pod"
msgstr ""

#: ../../networking/networking_in_pod.rst:20
msgid "The figure below illustrates network setup within a single pod. The hosts are connected to a pod-level switch. At a minimum, the hosts should have one physical uplink to each switch. Bonded NICs are supported as well. The pod-level switch is a pair of redundant gigabit switches with 10 G uplinks."
msgstr ""

#: ../../networking/networking_in_pod.rst:26
msgid "|networksinglepod.png|"
msgstr ""

#: ../../networking/networking_in_pod.rst:28
msgid "Servers are connected as follows:"
msgstr ""

#: ../../networking/networking_in_pod.rst:30
msgid "Storage devices are connected to only the network that carries management traffic."
msgstr ""

#: ../../networking/networking_in_pod.rst:33
msgid "Hosts are connected to networks for both management traffic and public traffic."
msgstr ""

#: ../../networking/networking_in_pod.rst:36
msgid "Hosts are also connected to one or more networks carrying guest traffic."
msgstr ""

#: ../../networking/networking_in_pod.rst:39
msgid "We recommend the use of multiple physical Ethernet cards to implement each network interface as well as redundant switch fabric in order to maximize throughput and improve reliability."
msgstr ""

#: ../../networking/networking_in_zone.rst:18
msgid "Networking in a Zone"
msgstr ""

#: ../../networking/networking_in_zone.rst:20
msgid "The following figure illustrates the network setup within a single zone."
msgstr ""

#: ../../networking/networking_in_zone.rst:22
msgid "|networksetupzone.png|"
msgstr ""

#: ../../networking/networking_in_zone.rst:24
msgid "A firewall for management traffic operates in the NAT mode. The network typically is assigned IP addresses in the 192.168.0.0/16 Class B private address space. Each pod is assigned IP addresses in the 192.168.\\*.0/24 Class C private address space."
msgstr ""

#: ../../networking/networking_in_zone.rst:29
msgid "Each zone has its own set of public IP addresses. Public IP addresses from different zones do not overlap."
msgstr ""

#: ../../networking/basic_zone_config.rst:19
msgid "Basic Zone Physical Network Configuration"
msgstr ""

#: ../../networking/basic_zone_config.rst:21
msgid "In a basic network, configuring the physical network is fairly straightforward. You only need to configure one guest network to carry traffic that is generated by guest VMs. When you first add a zone to CloudStack, you set up the guest network through the Add Zone screens."
msgstr ""

#: ../../networking/advanced_zone_config.rst:19
msgid "Advanced Zone Physical Network Configuration"
msgstr ""

#: ../../networking/advanced_zone_config.rst:21
msgid "Within a zone that uses advanced networking, you need to tell the Management Server how the physical network is set up to carry different kinds of traffic in isolation."
msgstr ""

#: ../../networking/advanced_zone_config.rst:27
msgid "Configure Guest Traffic in an Advanced Zone"
msgstr ""

#: ../../networking/advanced_zone_config.rst:29
msgid "These steps assume you have already logged in to the CloudStack UI. To configure the base guest network:"
msgstr ""

#: ../../networking/advanced_zone_config.rst:32
msgid "In the left navigation, choose Infrastructure. On Zones, click View More, then click the zone to which you want to add a network."
msgstr ""

#: ../../networking/advanced_zone_config.rst:35
#: ../../networking/advanced_zone_config.rst:87
#: ../../networking/isolation_in_advanced_zone_with_vlan.rst:145
msgid "Click the Network tab."
msgstr ""

#: ../../networking/advanced_zone_config.rst:37
#: ../../networking/advanced_zone_config.rst:89
#: ../../networking/isolation_in_advanced_zone_with_vlan.rst:147
msgid "Click Add guest network."
msgstr ""

#: ../../networking/advanced_zone_config.rst:39
msgid "The Add guest network window is displayed:"
msgstr ""

#: ../../networking/advanced_zone_config.rst:41
msgid "|addguestnetwork.png|"
msgstr ""

#: ../../networking/advanced_zone_config.rst:43
#: ../../networking/site_to_site_vpn.rst:66
#: ../../networking/virtual_private_cloud_config.rst:189
msgid "Provide the following information:"
msgstr ""

#: ../../networking/advanced_zone_config.rst:45
msgid "**Name**: The name of the network. This will be user-visible"
msgstr ""

#: ../../networking/advanced_zone_config.rst:47
msgid "**Display Text**: The description of the network. This will be user-visible"
msgstr ""

#: ../../networking/advanced_zone_config.rst:50
msgid "**Zone**: The zone in which you are configuring the guest network."
msgstr ""

#: ../../networking/advanced_zone_config.rst:52
msgid "**Network offering**: If the administrator has configured multiple network offerings, select the one you want to use for this network"
msgstr ""

#: ../../networking/advanced_zone_config.rst:55
msgid "**Guest Gateway**: The gateway that the guests should use"
msgstr ""

#: ../../networking/advanced_zone_config.rst:57
msgid "**Guest Netmask**: The netmask in use on the subnet the guests will use"
msgstr ""

#: ../../networking/advanced_zone_config.rst:60
#: ../../networking/public_ips_and_vlans_for_accounts.rst:115
#: ../../networking/portable_ips.rst:84
#: ../../networking/multiple_subnets_in_shared_network.rst:95
#: ../../networking/security_groups.rst:72
#: ../../networking/global_server_load_balancing.rst:371
#: ../../networking/ip_forwarding_and_firewalling.rst:215
#: ../../networking/site_to_site_vpn.rst:157
#: ../../networking/site_to_site_vpn.rst:180
#: ../../networking/virtual_private_cloud_config.rst:211
#: ../../networking/virtual_private_cloud_config.rst:281
#: ../../networking/virtual_private_cloud_config.rst:457
#: ../../networking/virtual_private_cloud_config.rst:481
#: ../../networking/persistent_networks.rst:94
msgid "Click OK."
msgstr ""

#: ../../networking/advanced_zone_config.rst:64
msgid "Configure Public Traffic in an Advanced Zone"
msgstr ""

#: ../../networking/advanced_zone_config.rst:66
msgid "In a zone that uses advanced networking, you need to configure at least one range of IP addresses for Internet traffic."
msgstr ""

#: ../../networking/advanced_zone_config.rst:71
msgid "Configuring a Shared Guest Network"
msgstr ""

#: ../../networking/advanced_zone_config.rst:73
#: ../../networking/public_ips_and_vlans_for_accounts.rst:54
#: ../../networking/isolation_in_advanced_zone_with_vlan.rst:131
msgid "Log in to the CloudStack UI as administrator."
msgstr ""

#: ../../networking/advanced_zone_config.rst:75
#: ../../networking/multiple_subnets_in_shared_network.rst:54
#: ../../networking/isolation_in_advanced_zone_with_vlan.rst:133
msgid "In the left navigation, choose Infrastructure."
msgstr ""

#: ../../networking/advanced_zone_config.rst:77
#: ../../networking/isolation_in_advanced_zone_with_vlan.rst:135
msgid "On Zones, click View More."
msgstr ""

#: ../../networking/advanced_zone_config.rst:79
#: ../../networking/isolation_in_advanced_zone_with_vlan.rst:137
msgid "Click the zone to which you want to add a guest network."
msgstr ""

#: ../../networking/advanced_zone_config.rst:81
#: ../../networking/public_ips_and_vlans_for_accounts.rst:62
#: ../../networking/public_ips_and_vlans_for_accounts.rst:132
#: ../../networking/isolation_in_advanced_zone_with_vlan.rst:139
msgid "Click the Physical Network tab."
msgstr ""

#: ../../networking/advanced_zone_config.rst:83
#: ../../networking/isolation_in_advanced_zone_with_vlan.rst:141
msgid "Click the physical network you want to work with."
msgstr ""

#: ../../networking/advanced_zone_config.rst:85
#: ../../networking/isolation_in_advanced_zone_with_vlan.rst:143
msgid "On the Guest node of the diagram, click Configure."
msgstr ""

#: ../../networking/advanced_zone_config.rst:91
#: ../../networking/isolation_in_advanced_zone_with_vlan.rst:149
msgid "The Add guest network window is displayed."
msgstr ""

#: ../../networking/advanced_zone_config.rst:93
#: ../../networking/public_ips_and_vlans_for_accounts.rst:79
#: ../../networking/public_ips_and_vlans_for_accounts.rst:89
#: ../../networking/public_ips_and_vlans_for_accounts.rst:107
#: ../../networking/public_ips_and_vlans_for_accounts.rst:142
#: ../../networking/portable_ips.rst:70
#: ../../networking/multiple_subnets_in_shared_network.rst:75
#: ../../networking/isolation_in_advanced_zone_with_vlan.rst:151
#: ../../networking/external_firewalls_and_load_balancers.rst:482
#: ../../networking/global_server_load_balancing.rst:393
#: ../../networking/virtual_private_cloud_config.rst:248
#: ../../networking/virtual_private_cloud_config.rst:541
#: ../../networking/virtual_private_cloud_config.rst:1064
#: ../../networking/virtual_private_cloud_config.rst:1332
msgid "Specify the following:"
msgstr ""

#: ../../networking/advanced_zone_config.rst:95
#: ../../networking/isolation_in_advanced_zone_with_vlan.rst:153
msgid "**Name**: The name of the network. This will be visible to the user."
msgstr ""

#: ../../networking/advanced_zone_config.rst:97
#: ../../networking/isolation_in_advanced_zone_with_vlan.rst:156
msgid "**Description**: The short description of the network that can be displayed to users."
msgstr ""

#: ../../networking/advanced_zone_config.rst:100
#: ../../networking/isolation_in_advanced_zone_with_vlan.rst:159
msgid "**VLAN ID**: The unique ID of the VLAN."
msgstr ""

#: ../../networking/advanced_zone_config.rst:102
msgid "**Isolated VLAN ID**: The unique ID of the Secondary Isolated VLAN."
msgstr ""

#: ../../networking/advanced_zone_config.rst:105
#: ../../networking/isolation_in_advanced_zone_with_vlan.rst:167
msgid "**Scope**: The available scopes are Domain, Account, Project, and All."
msgstr ""

#: ../../networking/advanced_zone_config.rst:108
#: ../../networking/isolation_in_advanced_zone_with_vlan.rst:170
msgid "**Domain**: Selecting Domain limits the scope of this guest network to the domain you specify. The network will not be available for other domains. If you select Subdomain Access, the guest network is available to all the sub domains within the selected domain."
msgstr ""

#: ../../networking/advanced_zone_config.rst:114
#: ../../networking/isolation_in_advanced_zone_with_vlan.rst:176
msgid "**Account**: The account for which the guest network is being created for. You must specify the domain the account belongs to."
msgstr ""

#: ../../networking/advanced_zone_config.rst:118
#: ../../networking/isolation_in_advanced_zone_with_vlan.rst:180
msgid "**Project**: The project for which the guest network is being created for. You must specify the domain the project belongs to."
msgstr ""

#: ../../networking/advanced_zone_config.rst:122
#: ../../networking/isolation_in_advanced_zone_with_vlan.rst:184
msgid "**All**: The guest network is available for all the domains, account, projects within the selected zone."
msgstr ""

#: ../../networking/advanced_zone_config.rst:125
#: ../../networking/isolation_in_advanced_zone_with_vlan.rst:187
msgid "**Network Offering**: If the administrator has configured multiple network offerings, select the one you want to use for this network."
msgstr ""

#: ../../networking/advanced_zone_config.rst:129
#: ../../networking/isolation_in_advanced_zone_with_vlan.rst:191
msgid "**Gateway**: The gateway that the guests should use."
msgstr ""

#: ../../networking/advanced_zone_config.rst:131
#: ../../networking/isolation_in_advanced_zone_with_vlan.rst:193
msgid "**Netmask**: The netmask in use on the subnet the guests will use."
msgstr ""

#: ../../networking/advanced_zone_config.rst:133
#: ../../networking/isolation_in_advanced_zone_with_vlan.rst:195
msgid "**IP Range**: A range of IP addresses that are accessible from the Internet and are assigned to the guest VMs."
msgstr ""

#: ../../networking/advanced_zone_config.rst:136
msgid "If one NIC is used, these IPs should be in the same CIDR in the case of IPv6."
msgstr ""

#: ../../networking/advanced_zone_config.rst:139
msgid "**IPv6 CIDR**: The network prefix that defines the guest network subnet. This is the CIDR that describes the IPv6 addresses in use in the guest networks in this zone. To allot IP addresses from within a particular address block, enter a CIDR."
msgstr ""

#: ../../networking/advanced_zone_config.rst:144
#: ../../networking/isolation_in_advanced_zone_with_vlan.rst:198
msgid "**Network Domain**: A custom DNS suffix at the level of a network. If you want to assign a special domain name to the guest VM network, specify a DNS suffix."
msgstr ""

#: ../../networking/advanced_zone_config.rst:148
#: ../../networking/isolation_in_advanced_zone_with_vlan.rst:202
#: ../../networking/global_server_load_balancing.rst:415
#: ../../networking/global_server_load_balancing.rst:439
#: ../../networking/site_to_site_vpn.rst:310
msgid "Click OK to confirm."
msgstr ""

#: ../../networking/multiple_guest_networks.rst:18
msgid "Using Multiple Guest Networks"
msgstr ""

#: ../../networking/multiple_guest_networks.rst:20
msgid "In zones that use advanced networking, additional networks for guest traffic may be added at any time after the initial installation. You can also customize the domain name associated with the network by specifying a DNS suffix for each network."
msgstr ""

#: ../../networking/multiple_guest_networks.rst:25
msgid "A VM's networks are defined at VM creation time. A VM cannot add or remove networks after it has been created, although the user can go into the guest and remove the IP address from the NIC on a particular network."
msgstr ""

#: ../../networking/multiple_guest_networks.rst:30
msgid "Each VM has just one default network. The virtual router's DHCP reply will set the guest's default gateway as that for the default network. Multiple non-default networks may be added to a guest in addition to the single, required default network. The administrator can control which networks are available as the default network."
msgstr ""

#: ../../networking/multiple_guest_networks.rst:36
msgid "Additional networks can either be available to all accounts or be assigned to a specific account. Networks that are available to all accounts are zone-wide. Any user with access to the zone can create a VM with access to that network. These zone-wide networks provide little or no isolation between guests.Networks that are assigned to a specific account provide strong isolation."
msgstr ""

#: ../../networking/multiple_guest_networks.rst:45
msgid "Adding an Additional Guest Network"
msgstr ""

#: ../../networking/multiple_guest_networks.rst:47
#: ../../networking/multiple_guest_networks.rst:97
#: ../../networking/multiple_guest_networks.rst:135
#: ../../networking/multiple_guest_networks.rst:153
#: ../../networking/multiple_guest_networks.rst:173
#: ../../networking/ip_reservation_in_guest_networks.rst:108
#: ../../networking/portable_ips.rst:58
#: ../../networking/portable_ips.rst:90
#: ../../networking/multiple_subnets_in_shared_network.rst:52
#: ../../networking/security_groups.rst:62
#: ../../networking/security_groups.rst:124
#: ../../networking/external_firewalls_and_load_balancers.rst:255
#: ../../networking/acquiring_an_ip_address.rst:20
#: ../../networking/releasing_an_ip_address.rst:24
#: ../../networking/static_nat.rst:36
#: ../../networking/ip_forwarding_and_firewalling.rst:59
#: ../../networking/ip_forwarding_and_firewalling.rst:132
#: ../../networking/ip_forwarding_and_firewalling.rst:245
#: ../../networking/remote_access_vpn.rst:61
#: ../../networking/site_to_site_vpn.rst:56
#: ../../networking/site_to_site_vpn.rst:166
#: ../../networking/site_to_site_vpn.rst:186
#: ../../networking/site_to_site_vpn.rst:248
#: ../../networking/site_to_site_vpn.rst:379
#: ../../networking/virtual_private_cloud_config.rst:179
#: ../../networking/virtual_private_cloud_config.rst:223
#: ../../networking/virtual_private_cloud_config.rst:333
#: ../../networking/virtual_private_cloud_config.rst:382
#: ../../networking/virtual_private_cloud_config.rst:494
#: ../../networking/virtual_private_cloud_config.rst:664
#: ../../networking/virtual_private_cloud_config.rst:731
#: ../../networking/virtual_private_cloud_config.rst:790
#: ../../networking/virtual_private_cloud_config.rst:850
#: ../../networking/virtual_private_cloud_config.rst:1016
#: ../../networking/virtual_private_cloud_config.rst:1229
#: ../../networking/virtual_private_cloud_config.rst:1284
#: ../../networking/virtual_private_cloud_config.rst:1362
#: ../../networking/virtual_private_cloud_config.rst:1390
msgid "Log in to the CloudStack UI as an administrator or end user."
msgstr ""

#: ../../networking/multiple_guest_networks.rst:49
#: ../../networking/multiple_guest_networks.rst:179
#: ../../networking/ip_reservation_in_guest_networks.rst:110
#: ../../networking/portable_ips.rst:92
#: ../../networking/security_groups.rst:64
#: ../../networking/external_firewalls_and_load_balancers.rst:257
#: ../../networking/acquiring_an_ip_address.rst:22
#: ../../networking/releasing_an_ip_address.rst:26
#: ../../networking/static_nat.rst:38
#: ../../networking/ip_forwarding_and_firewalling.rst:61
#: ../../networking/ip_forwarding_and_firewalling.rst:134
#: ../../networking/site_to_site_vpn.rst:58
#: ../../networking/site_to_site_vpn.rst:168
#: ../../networking/site_to_site_vpn.rst:188
#: ../../networking/site_to_site_vpn.rst:250
#: ../../networking/site_to_site_vpn.rst:381
#: ../../networking/virtual_private_cloud_config.rst:181
#: ../../networking/virtual_private_cloud_config.rst:225
#: ../../networking/virtual_private_cloud_config.rst:335
#: ../../networking/virtual_private_cloud_config.rst:384
#: ../../networking/virtual_private_cloud_config.rst:496
#: ../../networking/virtual_private_cloud_config.rst:666
#: ../../networking/virtual_private_cloud_config.rst:733
#: ../../networking/virtual_private_cloud_config.rst:792
#: ../../networking/virtual_private_cloud_config.rst:852
#: ../../networking/virtual_private_cloud_config.rst:1018
#: ../../networking/virtual_private_cloud_config.rst:1231
#: ../../networking/virtual_private_cloud_config.rst:1286
#: ../../networking/virtual_private_cloud_config.rst:1364
#: ../../networking/virtual_private_cloud_config.rst:1392
msgid "In the left navigation, choose Network."
msgstr ""

#: ../../networking/multiple_guest_networks.rst:51
msgid "Click Add guest network. Provide the following information:"
msgstr ""

#: ../../networking/multiple_guest_networks.rst:53
msgid "**Name**: The name of the network. This will be user-visible."
msgstr ""

#: ../../networking/multiple_guest_networks.rst:55
msgid "**Display Text**: The description of the network. This will be user-visible."
msgstr ""

#: ../../networking/multiple_guest_networks.rst:58
msgid "**Zone**. The name of the zone this network applies to. Each zone is a broadcast domain, and therefore each zone has a different IP range for the guest network. The administrator must configure the IP range for each zone."
msgstr ""

#: ../../networking/multiple_guest_networks.rst:63
msgid "**Network offering**: If the administrator has configured multiple network offerings, select the one you want to use for this network."
msgstr ""

#: ../../networking/multiple_guest_networks.rst:67
msgid "**Guest Gateway**: The gateway that the guests should use."
msgstr ""

#: ../../networking/multiple_guest_networks.rst:69
msgid "**Guest Netmask**: The netmask in use on the subnet the guests will use."
msgstr ""

#: ../../networking/multiple_guest_networks.rst:72
msgid "Click Create."
msgstr ""

#: ../../networking/multiple_guest_networks.rst:76
msgid "Reconfiguring Networks in VMs"
msgstr ""

#: ../../networking/multiple_guest_networks.rst:78
msgid "CloudStack provides you the ability to move VMs between networks and reconfigure a VM's network. You can remove a VM from a network and add to a new network. You can also change the default network of a virtual machine. With this functionality, hybrid or traditional server loads can be accommodated with ease."
msgstr ""

#: ../../networking/multiple_guest_networks.rst:84
msgid "This feature is supported on XenServer, VMware, and KVM hypervisors."
msgstr ""

#: ../../networking/multiple_guest_networks.rst:88
#: ../../networking/isolation_in_advanced_zone_with_vlan.rst:97
#: ../../networking/external_firewalls_and_load_balancers.rst:428
msgid "Prerequisites"
msgstr ""

#: ../../networking/multiple_guest_networks.rst:90
msgid "Ensure that vm-tools are running on guest VMs for adding or removing networks to work on VMware hypervisor."
msgstr ""

#: ../../networking/multiple_guest_networks.rst:95
msgid "Adding a Network"
msgstr ""

#: ../../networking/multiple_guest_networks.rst:99
#: ../../networking/multiple_guest_networks.rst:137
#: ../../networking/multiple_guest_networks.rst:155
msgid "In the left navigation, click Instances."
msgstr ""

#: ../../networking/multiple_guest_networks.rst:101
#: ../../networking/multiple_guest_networks.rst:139
#: ../../networking/multiple_guest_networks.rst:157
msgid "Choose the VM that you want to work with."
msgstr ""

#: ../../networking/multiple_guest_networks.rst:103
#: ../../networking/multiple_guest_networks.rst:141
#: ../../networking/multiple_guest_networks.rst:159
msgid "Click the NICs tab."
msgstr ""

#: ../../networking/multiple_guest_networks.rst:105
msgid "Click Add network to VM."
msgstr ""

#: ../../networking/multiple_guest_networks.rst:107
msgid "The Add network to VM dialog is displayed."
msgstr ""

#: ../../networking/multiple_guest_networks.rst:109
msgid "In the drop-down list, select the network that you would like to add this VM to."
msgstr ""

#: ../../networking/multiple_guest_networks.rst:112
msgid "A new NIC is added for this network. You can view the following details in the NICs page:"
msgstr ""

#: ../../networking/multiple_guest_networks.rst:115
msgid "ID"
msgstr ""

#: ../../networking/multiple_guest_networks.rst:117
msgid "Network Name"
msgstr ""

#: ../../networking/multiple_guest_networks.rst:119
msgid "Type"
msgstr ""

#: ../../networking/multiple_guest_networks.rst:121
#: ../../networking/site_to_site_vpn.rst:236
#: ../../networking/site_to_site_vpn.rst:316
msgid "IP Address"
msgstr ""

#: ../../networking/multiple_guest_networks.rst:123
#: ../../networking/site_to_site_vpn.rst:318
msgid "Gateway"
msgstr ""

#: ../../networking/multiple_guest_networks.rst:125
msgid "Netmask"
msgstr ""

#: ../../networking/multiple_guest_networks.rst:127
msgid "Is default"
msgstr ""

#: ../../networking/multiple_guest_networks.rst:129
msgid "CIDR (for IPv6)"
msgstr ""

#: ../../networking/multiple_guest_networks.rst:133
msgid "Removing a Network"
msgstr ""

#: ../../networking/multiple_guest_networks.rst:143
msgid "Locate the NIC you want to remove."
msgstr ""

#: ../../networking/multiple_guest_networks.rst:145
msgid "Click Remove NIC button. |remove-nic.png|"
msgstr ""

#: ../../networking/multiple_guest_networks.rst:147
#: ../../networking/multiple_guest_networks.rst:165
msgid "Click Yes to confirm."
msgstr ""

#: ../../networking/multiple_guest_networks.rst:151
msgid "Selecting the Default Network"
msgstr ""

#: ../../networking/multiple_guest_networks.rst:161
msgid "Locate the NIC you want to work with."
msgstr ""

#: ../../networking/multiple_guest_networks.rst:163
msgid "Click the Set default NIC button. |set-default-nic.png|."
msgstr ""

#: ../../networking/multiple_guest_networks.rst:168
msgid "Changing the Network Offering on a Guest Network"
msgstr ""

#: ../../networking/multiple_guest_networks.rst:170
msgid "A user or administrator can change the network offering that is associated with an existing guest network."
msgstr ""

#: ../../networking/multiple_guest_networks.rst:175
msgid "If you are changing from a network offering that uses the CloudStack virtual router to one that uses external devices as network service providers, you must first stop all the VMs on the network."
msgstr ""

#: ../../networking/multiple_guest_networks.rst:181
#: ../../networking/ip_reservation_in_guest_networks.rst:112
msgid "Click the name of the network you want to modify."
msgstr ""

#: ../../networking/multiple_guest_networks.rst:183
msgid "In the Details tab, click Edit. |edit-icon.png|"
msgstr ""

#: ../../networking/multiple_guest_networks.rst:185
msgid "In Network Offering, choose the new network offering, then click Apply."
msgstr ""

#: ../../networking/multiple_guest_networks.rst:188
msgid "A prompt is displayed asking whether you want to keep the existing CIDR. This is to let you know that if you change the network offering, the CIDR will be affected."
msgstr ""

#: ../../networking/multiple_guest_networks.rst:192
msgid "If you upgrade between virtual router as a provider and an external network device as provider, acknowledge the change of CIDR to continue, so choose Yes."
msgstr ""

#: ../../networking/multiple_guest_networks.rst:196
msgid "Wait for the update to complete. Don't try to restart VMs until the network change is complete."
msgstr ""

#: ../../networking/multiple_guest_networks.rst:199
msgid "If you stopped any VMs, restart them."
msgstr ""

#: ../../networking/ip_reservation_in_guest_networks.rst:18
msgid "IP Reservation in Isolated Guest Networks"
msgstr ""

#: ../../networking/ip_reservation_in_guest_networks.rst:20
msgid "In isolated guest networks, a part of the guest IP address space can be reserved for non-CloudStack VMs or physical servers. To do so, you configure a range of Reserved IP addresses by specifying the CIDR when a guest network is in Implemented state. If your customers wish to have non-CloudStack controlled VMs or physical servers on the same network, they can share a part of the IP address space that is primarily provided to the guest network."
msgstr ""

#: ../../networking/ip_reservation_in_guest_networks.rst:28
msgid "In an Advanced zone, an IP address range or a CIDR is assigned to a network when the network is defined. The CloudStack virtual router acts as the DHCP server and uses CIDR for assigning IP addresses to the guest VMs. If you decide to reserve CIDR for non-CloudStack purposes, you can specify a part of the IP address range or the CIDR that should only be allocated by the DHCP service of the virtual router to the guest VMs created in CloudStack. The remaining IPs in that network are called Reserved IP Range. When IP reservation is configured, the administrator can add additional VMs or physical servers that are not part of CloudStack to the same network and assign them the Reserved IP addresses. CloudStack guest VMs cannot acquire IPs from the Reserved IP Range."
msgstr ""

#: ../../networking/ip_reservation_in_guest_networks.rst:43
msgid "IP Reservation Considerations"
msgstr ""

#: ../../networking/ip_reservation_in_guest_networks.rst:45
msgid "Consider the following before you reserve an IP range for non-CloudStack machines:"
msgstr ""

#: ../../networking/ip_reservation_in_guest_networks.rst:48
msgid "IP Reservation is supported only in Isolated networks."
msgstr ""

#: ../../networking/ip_reservation_in_guest_networks.rst:50
msgid "IP Reservation can be applied only when the network is in Implemented state."
msgstr ""

#: ../../networking/ip_reservation_in_guest_networks.rst:53
msgid "No IP Reservation is done by default."
msgstr ""

#: ../../networking/ip_reservation_in_guest_networks.rst:55
msgid "Guest VM CIDR you specify must be a subset of the network CIDR."
msgstr ""

#: ../../networking/ip_reservation_in_guest_networks.rst:57
msgid "Specify a valid Guest VM CIDR. IP Reservation is applied only if no active IPs exist outside the Guest VM CIDR."
msgstr ""

#: ../../networking/ip_reservation_in_guest_networks.rst:60
msgid "You cannot apply IP Reservation if any VM is alloted with an IP address that is outside the Guest VM CIDR."
msgstr ""

#: ../../networking/ip_reservation_in_guest_networks.rst:63
msgid "To reset an existing IP Reservation, apply IP reservation by specifying the value of network CIDR in the CIDR field."
msgstr ""

#: ../../networking/ip_reservation_in_guest_networks.rst:66
msgid "For example, the following table describes three scenarios of guest network creation:"
msgstr ""

#: ../../networking/ip_reservation_in_guest_networks.rst:72
msgid "Case"
msgstr ""

#: ../../networking/ip_reservation_in_guest_networks.rst:72
#: ../../networking/remote_access_vpn.rst:124
#: ../../networking/site_to_site_vpn.rst:211
#: ../../networking/site_to_site_vpn.rst:274
#: ../../networking/site_to_site_vpn.rst:406
#: ../../networking/virtual_private_cloud_config.rst:323
#: ../../networking/virtual_private_cloud_config.rst:354
#: ../../networking/virtual_private_cloud_config.rst:521
#: ../../networking/virtual_private_cloud_config.rst:756
#: ../../networking/virtual_private_cloud_config.rst:814
#: ../../networking/virtual_private_cloud_config.rst:875
#: ../../networking/virtual_private_cloud_config.rst:1041
#: ../../networking/virtual_private_cloud_config.rst:1309
msgid "CIDR"
msgstr ""

#: ../../networking/ip_reservation_in_guest_networks.rst:72
msgid "Network CIDR"
msgstr ""

#: ../../networking/ip_reservation_in_guest_networks.rst:72
msgid "Reserved IP Range for Non-CloudStack VMs"
msgstr ""

#: ../../networking/ip_reservation_in_guest_networks.rst:72
msgid "Description"
msgstr ""

#: ../../networking/ip_reservation_in_guest_networks.rst:74
#: ../../networking/virtual_private_cloud_config.rst:325
msgid "1"
msgstr ""

#: ../../networking/ip_reservation_in_guest_networks.rst:74
#: ../../networking/ip_reservation_in_guest_networks.rst:75
#: ../../networking/ip_reservation_in_guest_networks.rst:78
msgid "10.1.1.0/24"
msgstr ""

#: ../../networking/ip_reservation_in_guest_networks.rst:74
#: ../../networking/ip_reservation_in_guest_networks.rst:74
#: ../../networking/ip_reservation_in_guest_networks.rst:78
#: ../../networking/ip_reservation_in_guest_networks.rst:78
msgid "None"
msgstr ""

#: ../../networking/ip_reservation_in_guest_networks.rst:74
msgid "No IP Reservation."
msgstr ""

#: ../../networking/ip_reservation_in_guest_networks.rst:75
#: ../../networking/virtual_private_cloud_config.rst:326
msgid "2"
msgstr ""

#: ../../networking/ip_reservation_in_guest_networks.rst:75
msgid "10.1.1.0/26"
msgstr ""

#: ../../networking/ip_reservation_in_guest_networks.rst:75
msgid "10.1.1.64 to 10.1.1.254"
msgstr ""

#: ../../networking/ip_reservation_in_guest_networks.rst:75
msgid "IP Reservation configured by the UpdateNetwork API with guestvmcidr=10.1.1.0/26 or enter 10.1.1.0/26 in the CIDR field in the UI."
msgstr ""

#: ../../networking/ip_reservation_in_guest_networks.rst:78
msgid "3"
msgstr ""

#: ../../networking/ip_reservation_in_guest_networks.rst:78
msgid "Removing IP Reservation by the UpdateNetwork API with guestvmcidr=10.1.1.0/24 or enter 10.1.1.0/24 in the CIDR field in the UI."
msgstr ""

#: ../../networking/ip_reservation_in_guest_networks.rst:85
#: ../../networking/security_groups.rst:91
#: ../../networking/palo_alto_config.rst:467
msgid "Limitations"
msgstr ""

#: ../../networking/ip_reservation_in_guest_networks.rst:87
msgid "The IP Reservation is not supported if active IPs that are found outside the Guest VM CIDR."
msgstr ""

#: ../../networking/ip_reservation_in_guest_networks.rst:90
msgid "Upgrading network offering which causes a change in CIDR (such as upgrading an offering with no external devices to one with external devices) IP Reservation becomes void if any. Reconfigure IP Reservation in the new re-implemeted network."
msgstr ""

#: ../../networking/ip_reservation_in_guest_networks.rst:97
msgid "Best Practices"
msgstr ""

#: ../../networking/ip_reservation_in_guest_networks.rst:99
msgid "Apply IP Reservation to the guest network as soon as the network state changes to Implemented. If you apply reservation soon after the first guest VM is deployed, lesser conflicts occurs while applying reservation."
msgstr ""

#: ../../networking/ip_reservation_in_guest_networks.rst:106
msgid "Reserving an IP Range"
msgstr ""

#: ../../networking/ip_reservation_in_guest_networks.rst:114
msgid "In the Details tab, click Edit. |ip-edit-icon.png|"
msgstr ""

#: ../../networking/ip_reservation_in_guest_networks.rst:116
msgid "The CIDR field changes to editable one."
msgstr ""

#: ../../networking/ip_reservation_in_guest_networks.rst:118
msgid "In CIDR, specify the Guest VM CIDR."
msgstr ""

#: ../../networking/ip_reservation_in_guest_networks.rst:120
msgid "Click Apply."
msgstr ""

#: ../../networking/ip_reservation_in_guest_networks.rst:122
msgid "Wait for the update to complete. The Network CIDR and the Reserved IP Range are displayed on the Details page."
msgstr ""

#: ../../networking/public_ips_and_vlans_for_accounts.rst:18
msgid "Reserving Public IP Addresses and VLANs for Accounts"
msgstr ""

#: ../../networking/public_ips_and_vlans_for_accounts.rst:20
msgid "CloudStack provides you the ability to reserve a set of public IP addresses and VLANs exclusively for an account. During zone creation, you can continue defining a set of VLANs and multiple public IP ranges. This feature extends the functionality to enable you to dedicate a fixed set of VLANs and guest IP addresses for a tenant."
msgstr ""

#: ../../networking/public_ips_and_vlans_for_accounts.rst:26
msgid "Note that if an account has consumed all the VLANs and IPs dedicated to it, the account can acquire two more resources from the system. CloudStack provides the root admin with two configuration parameter to modify this default behavior: use.system.public.ips and use.system.guest.vlans. These global parameters enable the root admin to disallow an account from acquiring public IPs and guest VLANs from the system, if the account has dedicated resources and these dedicated resources have all been consumed. Both these configurations are configurable at the account level."
msgstr ""

#: ../../networking/public_ips_and_vlans_for_accounts.rst:36
msgid "This feature provides you the following capabilities:"
msgstr ""

#: ../../networking/public_ips_and_vlans_for_accounts.rst:38
msgid "Reserve a VLAN range and public IP address range from an Advanced zone and assign it to an account"
msgstr ""

#: ../../networking/public_ips_and_vlans_for_accounts.rst:41
msgid "Disassociate a VLAN and public IP address range from an account"
msgstr ""

#: ../../networking/public_ips_and_vlans_for_accounts.rst:43
msgid "View the number of public IP addresses allocated to an account"
msgstr ""

#: ../../networking/public_ips_and_vlans_for_accounts.rst:45
msgid "Check whether the required range is available and is conforms to account limits."
msgstr ""

#: ../../networking/public_ips_and_vlans_for_accounts.rst:48
msgid "The maximum IPs per account limit cannot be superseded."
msgstr ""

#: ../../networking/public_ips_and_vlans_for_accounts.rst:52
msgid "Dedicating IP Address Ranges to an Account"
msgstr ""

#: ../../networking/public_ips_and_vlans_for_accounts.rst:56
#: ../../networking/public_ips_and_vlans_for_accounts.rst:126
#: ../../networking/global_server_load_balancing.rst:317
msgid "In the left navigation bar, click Infrastructure."
msgstr ""

#: ../../networking/public_ips_and_vlans_for_accounts.rst:58
#: ../../networking/public_ips_and_vlans_for_accounts.rst:128
msgid "In Zones, click View All."
msgstr ""

#: ../../networking/public_ips_and_vlans_for_accounts.rst:60
#: ../../networking/public_ips_and_vlans_for_accounts.rst:130
#: ../../networking/global_server_load_balancing.rst:321
msgid "Choose the zone you want to work with."
msgstr ""

#: ../../networking/public_ips_and_vlans_for_accounts.rst:64
msgid "In the Public node of the diagram, click Configure."
msgstr ""

#: ../../networking/public_ips_and_vlans_for_accounts.rst:66
msgid "Click the IP Ranges tab."
msgstr ""

#: ../../networking/public_ips_and_vlans_for_accounts.rst:68
msgid "You can either assign an existing IP range to an account, or create a new IP range and assign to an account."
msgstr ""

#: ../../networking/public_ips_and_vlans_for_accounts.rst:71
msgid "To assign an existing IP range to an account, perform the following:"
msgstr ""

#: ../../networking/public_ips_and_vlans_for_accounts.rst:73
msgid "Locate the IP range you want to work with."
msgstr ""

#: ../../networking/public_ips_and_vlans_for_accounts.rst:75
msgid "Click Add Account |addAccount-icon.png| button."
msgstr ""

#: ../../networking/public_ips_and_vlans_for_accounts.rst:77
msgid "The Add Account dialog is displayed."
msgstr ""

#: ../../networking/public_ips_and_vlans_for_accounts.rst:81
msgid "**Account**: The account to which you want to assign the IP address range."
msgstr ""

#: ../../networking/public_ips_and_vlans_for_accounts.rst:84
#: ../../networking/public_ips_and_vlans_for_accounts.rst:112
#: ../../networking/public_ips_and_vlans_for_accounts.rst:150
msgid "**Domain**: The domain associated with the account."
msgstr ""

#: ../../networking/public_ips_and_vlans_for_accounts.rst:86
msgid "To create a new IP range and assign an account, perform the following:"
msgstr ""

#: ../../networking/public_ips_and_vlans_for_accounts.rst:91
msgid "**Gateway**"
msgstr ""

#: ../../networking/public_ips_and_vlans_for_accounts.rst:93
msgid "**Netmask**"
msgstr ""

#: ../../networking/public_ips_and_vlans_for_accounts.rst:95
msgid "**VLAN**"
msgstr ""

#: ../../networking/public_ips_and_vlans_for_accounts.rst:97
msgid "**Start IP**"
msgstr ""

#: ../../networking/public_ips_and_vlans_for_accounts.rst:99
msgid "**End IP**"
msgstr ""

#: ../../networking/public_ips_and_vlans_for_accounts.rst:101
msgid "**Account**: Perform the following:"
msgstr ""

#: ../../networking/public_ips_and_vlans_for_accounts.rst:103
msgid "Click Account."
msgstr ""

#: ../../networking/public_ips_and_vlans_for_accounts.rst:105
msgid "The Add Account page is displayed."
msgstr ""

#: ../../networking/public_ips_and_vlans_for_accounts.rst:109
msgid "**Account**: The account to which you want to assign an IP address range."
msgstr ""

#: ../../networking/public_ips_and_vlans_for_accounts.rst:117
#: ../../networking/security_groups.rst:210
#: ../../networking/ip_forwarding_and_firewalling.rst:88
#: ../../networking/ip_forwarding_and_firewalling.rst:163
#: ../../networking/ip_forwarding_and_firewalling.rst:276
#: ../../networking/remote_access_vpn.rst:155
#: ../../networking/virtual_private_cloud_config.rst:644
msgid "Click Add."
msgstr ""

#: ../../networking/public_ips_and_vlans_for_accounts.rst:121
msgid "Dedicating VLAN Ranges to an Account"
msgstr ""

#: ../../networking/public_ips_and_vlans_for_accounts.rst:123
msgid "After the CloudStack Management Server is installed, log in to the CloudStack UI as administrator."
msgstr ""

#: ../../networking/public_ips_and_vlans_for_accounts.rst:134
#: ../../networking/multiple_subnets_in_shared_network.rst:61
msgid "In the Guest node of the diagram, click Configure."
msgstr ""

#: ../../networking/public_ips_and_vlans_for_accounts.rst:136
msgid "Select the Dedicated VLAN Ranges tab."
msgstr ""

#: ../../networking/public_ips_and_vlans_for_accounts.rst:138
msgid "Click Dedicate VLAN Range."
msgstr ""

#: ../../networking/public_ips_and_vlans_for_accounts.rst:140
msgid "The Dedicate VLAN Range dialog is displayed."
msgstr ""

#: ../../networking/public_ips_and_vlans_for_accounts.rst:144
msgid "**VLAN Range**: The VLAN range that you want to assign to an account."
msgstr ""

#: ../../networking/public_ips_and_vlans_for_accounts.rst:147
msgid "**Account**: The account to which you want to assign the selected VLAN range."
msgstr ""

#: ../../networking/multiple_ips_on_single_nic.rst:18
msgid "Configuring Multiple IP Addresses on a Single NIC"
msgstr ""

#: ../../networking/multiple_ips_on_single_nic.rst:20
msgid "CloudStack provides you the ability to associate multiple private IP addresses per guest VM NIC. In addition to the primary IP, you can assign additional IPs to the guest VM NIC. This feature is supported on all the network configurations: Basic, Advanced, and VPC. Security Groups, Static NAT and Port forwarding services are supported on these additional IPs."
msgstr ""

#: ../../networking/multiple_ips_on_single_nic.rst:27
msgid "As always, you can specify an IP from the guest subnet; if not specified, an IP is automatically picked up from the guest VM subnet. You can view the IPs associated with for each guest VM NICs on the UI. You can apply NAT on these additional guest IPs by using network configuration option in the CloudStack UI. You must specify the NIC to which the IP should be associated."
msgstr ""

#: ../../networking/multiple_ips_on_single_nic.rst:34
msgid "This feature is supported on XenServer, KVM, and VMware hypervisors. Note that Basic zone security groups are not supported on VMware."
msgstr ""

#: ../../networking/multiple_ips_on_single_nic.rst:39
msgid "Use Cases"
msgstr ""

#: ../../networking/multiple_ips_on_single_nic.rst:41
msgid "Some of the use cases are described below:"
msgstr ""

#: ../../networking/multiple_ips_on_single_nic.rst:43
msgid "Network devices, such as firewalls and load balancers, generally work best when they have access to multiple IP addresses on the network interface."
msgstr ""

#: ../../networking/multiple_ips_on_single_nic.rst:47
msgid "Moving private IP addresses between interfaces or instances. Applications that are bound to specific IP addresses can be moved between instances."
msgstr ""

#: ../../networking/multiple_ips_on_single_nic.rst:51
msgid "Hosting multiple SSL Websites on a single instance. You can install multiple SSL certificates on a single instance, each associated with a distinct IP address."
msgstr ""

#: ../../networking/multiple_ips_on_single_nic.rst:57
#: ../../networking/portable_ips.rst:48
#: ../../networking/virtual_private_cloud_config.rst:1127
msgid "Guidelines"
msgstr ""

#: ../../networking/multiple_ips_on_single_nic.rst:59
msgid "To prevent IP conflict, configure different subnets when multiple networks are connected to the same VM."
msgstr ""

#: ../../networking/multiple_ips_on_single_nic.rst:64
msgid "Assigning Additional IPs to a VM"
msgstr ""

#: ../../networking/multiple_ips_on_single_nic.rst:66
msgid "Log in to the CloudStack UI."
msgstr ""

#: ../../networking/multiple_ips_on_single_nic.rst:68
msgid "In the left navigation bar, click Instances."
msgstr ""

#: ../../networking/multiple_ips_on_single_nic.rst:70
msgid "Click the name of the instance you want to work with."
msgstr ""

#: ../../networking/multiple_ips_on_single_nic.rst:72
msgid "In the Details tab, click NICs."
msgstr ""

#: ../../networking/multiple_ips_on_single_nic.rst:74
msgid "Click View Secondary IPs."
msgstr ""

#: ../../networking/multiple_ips_on_single_nic.rst:76
msgid "Click Acquire New Secondary IP, and click Yes in the confirmation dialog."
msgstr ""

#: ../../networking/multiple_ips_on_single_nic.rst:79
msgid "You need to configure the IP on the guest VM NIC manually. CloudStack will not automatically configure the acquired IP address on the VM. Ensure that the IP address configuration persist on VM reboot."
msgstr ""

#: ../../networking/multiple_ips_on_single_nic.rst:83
msgid "Within a few moments, the new IP address should appear with the state Allocated. You can now use the IP address in Port Forwarding or StaticNAT rules."
msgstr ""

#: ../../networking/multiple_ips_on_single_nic.rst:89
msgid "Port Forwarding and StaticNAT Services Changes"
msgstr ""

#: ../../networking/multiple_ips_on_single_nic.rst:91
msgid "Because multiple IPs can be associated per NIC, you are allowed to select a desired IP for the Port Forwarding and StaticNAT services. The default is the primary IP. To enable this functionality, an extra optional parameter 'vmguestip' is added to the Port forwarding and StaticNAT APIs (enableStaticNat, createIpForwardingRule) to indicate on what IP address NAT need to be configured. If vmguestip is passed, NAT is configured on the specified private IP of the VM. if not passed, NAT is configured on the primary IP of the VM."
msgstr ""

#: ../../networking/multiple_ip_ranges.rst:18
msgid "About Multiple IP Ranges"
msgstr ""

#: ../../networking/multiple_ip_ranges.rst:20
msgid "The feature can only be implemented on IPv4 addresses."
msgstr ""

#: ../../networking/multiple_ip_ranges.rst:22
msgid "CloudStack provides you with the flexibility to add guest IP ranges from different subnets in Basic zones and security groups-enabled Advanced zones. For security groups-enabled Advanced zones, it implies multiple subnets can be added to the same VLAN. With the addition of this feature, you will be able to add IP address ranges from the same subnet or from a different one when IP address are exhausted. This would in turn allows you to employ higher number of subnets and thus reduce the address management overhead. To support this feature, the capability of ``createVlanIpRange`` API is extended to add IP ranges also from a different subnet."
msgstr ""

#: ../../networking/multiple_ip_ranges.rst:33
msgid "Ensure that you manually configure the gateway of the new subnet before adding the IP range. Note that CloudStack supports only one gateway for a subnet; overlapping subnets are not currently supported."
msgstr ""

#: ../../networking/multiple_ip_ranges.rst:37
msgid "Use the ``deleteVlanRange`` API to delete IP ranges. This operation fails if an IP from the remove range is in use. If the remove range contains the IP address on which the DHCP server is running, CloudStack acquires a new IP from the same subnet. If no IP is available in the subnet, the remove operation fails."
msgstr ""

#: ../../networking/multiple_ip_ranges.rst:43
msgid "This feature is supported on KVM, xenServer, and VMware hypervisors."
msgstr ""

#: ../../networking/elastic_ips.rst:18
msgid "About Elastic IPs"
msgstr ""

#: ../../networking/elastic_ips.rst:20
msgid "Elastic IP (EIP) addresses are the IP addresses that are associated with an account, and act as static IP addresses. The account owner has the complete control over the Elastic IP addresses that belong to the account. As an account owner, you can allocate an Elastic IP to a VM of your choice from the EIP pool of your account. Later if required you can reassign the IP address to a different VM. This feature is extremely helpful during VM failure. Instead of replacing the VM which is down, the IP address can be reassigned to a new VM in your account."
msgstr ""

#: ../../networking/elastic_ips.rst:29
msgid "Similar to the public IP address, Elastic IP addresses are mapped to their associated private IP addresses by using StaticNAT. The EIP service is equipped with StaticNAT (1:1) service in an EIP-enabled basic zone. The default network offering, DefaultSharedNetscalerEIPandELBNetworkOffering, provides your network with EIP and ELB network services if a NetScaler device is deployed in your zone. Consider the following illustration for more details."
msgstr ""

#: ../../networking/elastic_ips.rst:37
msgid "|eip-ns-basiczone.png|"
msgstr ""

#: ../../networking/elastic_ips.rst:39
msgid "In the illustration, a NetScaler appliance is the default entry or exit point for the CloudStack instances, and firewall is the default entry or exit point for the rest of the data center. Netscaler provides LB services and staticNAT service to the guest networks. The guest traffic in the pods and the Management Server are on different subnets / VLANs. The policy-based routing in the data center core switch sends the public traffic through the NetScaler, whereas the rest of the data center goes through the firewall."
msgstr ""

#: ../../networking/elastic_ips.rst:48
msgid "The EIP work flow is as follows:"
msgstr ""

#: ../../networking/elastic_ips.rst:50
msgid "When a user VM is deployed, a public IP is automatically acquired from the pool of public IPs configured in the zone. This IP is owned by the VM's account."
msgstr ""

#: ../../networking/elastic_ips.rst:54
msgid "Each VM will have its own private IP. When the user VM starts, Static NAT is provisioned on the NetScaler device by using the Inbound Network Address Translation (INAT) and Reverse NAT (RNAT) rules between the public IP and the private IP."
msgstr ""

#: ../../networking/elastic_ips.rst:60
msgid "Inbound NAT (INAT) is a type of NAT supported by NetScaler, in which the destination IP address is replaced in the packets from the public network, such as the Internet, with the private IP address of a VM in the private network. Reverse NAT (RNAT) is a type of NAT supported by NetScaler, in which the source IP address is replaced in the packets generated by a VM in the private network with the public IP address."
msgstr ""

#: ../../networking/elastic_ips.rst:67
msgid "This default public IP will be released in two cases:"
msgstr ""

#: ../../networking/elastic_ips.rst:69
msgid "When the VM is stopped. When the VM starts, it again receives a new public IP, not necessarily the same one allocated initially, from the pool of Public IPs."
msgstr ""

#: ../../networking/elastic_ips.rst:73
msgid "The user acquires a public IP (Elastic IP). This public IP is associated with the account, but will not be mapped to any private IP. However, the user can enable Static NAT to associate this IP to the private IP of a VM in the account. The Static NAT rule for the public IP can be disabled at any time. When Static NAT is disabled, a new public IP is allocated from the pool, which is not necessarily be the same one allocated initially."
msgstr ""

#: ../../networking/elastic_ips.rst:81
msgid "For the deployments where public IPs are limited resources, you have the flexibility to choose not to allocate a public IP by default. You can use the Associate Public IP option to turn on or off the automatic public IP assignment in the EIP-enabled Basic zones. If you turn off the automatic public IP assignment while creating a network offering, only a private IP is assigned to a VM when the VM is deployed with that network offering. Later, the user can acquire an IP for the VM and enable static NAT."
msgstr ""

#: ../../networking/elastic_ips.rst:90
msgid "For more information on the Associate Public IP option, see `\"Creating a New Network Offering\" <networking.html#creating-a-new-network-offering>`_."
msgstr ""

#: ../../networking/elastic_ips.rst:94
msgid "The Associate Public IP feature is designed only for use with user VMs. The System VMs continue to get both public IP and private by default, irrespective of the network offering configuration."
msgstr ""

#: ../../networking/elastic_ips.rst:98
msgid "New deployments which use the default shared network offering with EIP and ELB services to create a shared network in the Basic zone will continue allocating public IPs to each user VM."
msgstr ""

#: ../../networking/portable_ips.rst:18
msgid "Portable IPs"
msgstr ""

#: ../../networking/portable_ips.rst:21
msgid "About Portable IP"
msgstr ""

#: ../../networking/portable_ips.rst:23
msgid "Portable IPs in CloudStack are region-level pool of IPs, which are elastic in nature, that can be transferred across geographically separated zones. As an administrator, you can provision a pool of portable public IPs at region level and are available for user consumption. The users can acquire portable IPs if admin has provisioned portable IPs at the region level they are part of. These IPs can be use for any service within an advanced zone. You can also use portable IPs for EIP services in basic zones."
msgstr ""

#: ../../networking/portable_ips.rst:32
msgid "The salient features of Portable IP are as follows:"
msgstr ""

#: ../../networking/portable_ips.rst:34
msgid "IP is statically allocated"
msgstr ""

#: ../../networking/portable_ips.rst:36
msgid "IP need not be associated with a network"
msgstr ""

#: ../../networking/portable_ips.rst:38
msgid "IP association is transferable across networks"
msgstr ""

#: ../../networking/portable_ips.rst:40
msgid "IP is transferable across both Basic and Advanced zones"
msgstr ""

#: ../../networking/portable_ips.rst:42
msgid "IP is transferable across VPC, non-VPC isolated and shared networks"
msgstr ""

#: ../../networking/portable_ips.rst:44
msgid "Portable IP transfer is available only for static NAT."
msgstr ""

#: ../../networking/portable_ips.rst:50
msgid "Before transferring to another network, ensure that no network rules (Firewall, Static NAT, Port Forwarding, and so on) exist on that portable IP."
msgstr ""

#: ../../networking/portable_ips.rst:56
msgid "Configuring Portable IPs"
msgstr ""

#: ../../networking/portable_ips.rst:60
msgid "In the left navigation, click Regions."
msgstr ""

#: ../../networking/portable_ips.rst:62
msgid "Choose the Regions that you want to work with."
msgstr ""

#: ../../networking/portable_ips.rst:64
msgid "Click View Portable IP."
msgstr ""

#: ../../networking/portable_ips.rst:66
msgid "Click Portable IP Range."
msgstr ""

#: ../../networking/portable_ips.rst:68
msgid "The Add Portable IP Range window is displayed."
msgstr ""

#: ../../networking/portable_ips.rst:72
msgid "**Start IP/ End IP**: A range of IP addresses that are accessible from the Internet and will be allocated to guest VMs. Enter the first and last IP addresses that define a range that CloudStack can assign to guest VMs."
msgstr ""

#: ../../networking/portable_ips.rst:77
msgid "**Gateway**: The gateway in use for the Portable IP addresses you are configuring."
msgstr ""

#: ../../networking/portable_ips.rst:80
msgid "**Netmask**: The netmask associated with the Portable IP range."
msgstr ""

#: ../../networking/portable_ips.rst:82
msgid "**VLAN**: The VLAN that will be used for public traffic."
msgstr ""

#: ../../networking/portable_ips.rst:88
msgid "Acquiring a Portable IP"
msgstr ""

#: ../../networking/portable_ips.rst:94
#: ../../networking/acquiring_an_ip_address.rst:24
#: ../../networking/releasing_an_ip_address.rst:28
#: ../../networking/static_nat.rst:40
#: ../../networking/ip_forwarding_and_firewalling.rst:63
msgid "Click the name of the network where you want to work with."
msgstr ""

#: ../../networking/portable_ips.rst:96
#: ../../networking/external_firewalls_and_load_balancers.rst:262
#: ../../networking/acquiring_an_ip_address.rst:26
#: ../../networking/releasing_an_ip_address.rst:30
#: ../../networking/static_nat.rst:42
#: ../../networking/ip_forwarding_and_firewalling.rst:65
#: ../../networking/remote_access_vpn.rst:84
msgid "Click View IP Addresses."
msgstr ""

#: ../../networking/portable_ips.rst:98
#: ../../networking/acquiring_an_ip_address.rst:28
msgid "Click Acquire New IP."
msgstr ""

#: ../../networking/portable_ips.rst:100
#: ../../networking/acquiring_an_ip_address.rst:30
msgid "The Acquire New IP window is displayed."
msgstr ""

#: ../../networking/portable_ips.rst:102
#: ../../networking/acquiring_an_ip_address.rst:32
msgid "Specify whether you want cross-zone IP or not."
msgstr ""

#: ../../networking/portable_ips.rst:104
msgid "Click Yes in the confirmation dialog."
msgstr ""

#: ../../networking/portable_ips.rst:106
#: ../../networking/acquiring_an_ip_address.rst:40
msgid "Within a few moments, the new IP address should appear with the state Allocated. You can now use the IP address in port forwarding or static NAT rules."
msgstr ""

#: ../../networking/portable_ips.rst:112
msgid "Transferring Portable IP"
msgstr ""

#: ../../networking/portable_ips.rst:114
msgid "An IP can be transferred from one network to another only if Static NAT is enabled. However, when a portable IP is associated with a network, you can use it for any service in the network."
msgstr ""

#: ../../networking/portable_ips.rst:118
msgid "To transfer a portable IP across the networks, execute the following API:"
msgstr ""

#: ../../networking/portable_ips.rst:125
msgid "Replace the UUID with appropriate UUID. For example, if you want to transfer a portable IP to network X and VM Y in a network, execute the following:"
msgstr ""

#: ../../networking/multiple_subnets_in_shared_network.rst:18
msgid "Multiple Subnets in Shared Network"
msgstr ""

#: ../../networking/multiple_subnets_in_shared_network.rst:20
msgid "CloudStack provides you with the flexibility to add guest IP ranges from different subnets in Basic zones and security groups-enabled Advanced zones. For security groups-enabled Advanced zones, it implies multiple subnets can be added to the same VLAN. With the addition of this feature, you will be able to add IP address ranges from the same subnet or from a different one when IP address are exhausted. This would in turn allows you to employ higher number of subnets and thus reduce the address management overhead. You can delete the IP ranges you have added."
msgstr ""

#: ../../networking/multiple_subnets_in_shared_network.rst:32
#: ../../networking/global_server_load_balancing.rst:255
#: ../../networking/ip_forwarding_and_firewalling.rst:107
msgid "Prerequisites and Guidelines"
msgstr ""

#: ../../networking/multiple_subnets_in_shared_network.rst:34
msgid "This feature can only be implemented:"
msgstr ""

#: ../../networking/multiple_subnets_in_shared_network.rst:36
msgid "on IPv4 addresses"
msgstr ""

#: ../../networking/multiple_subnets_in_shared_network.rst:38
msgid "if virtual router is the DHCP provider"
msgstr ""

#: ../../networking/multiple_subnets_in_shared_network.rst:40
msgid "on KVM, xenServer, and VMware hypervisors"
msgstr ""

#: ../../networking/multiple_subnets_in_shared_network.rst:42
msgid "Manually configure the gateway of the new subnet before adding the IP range."
msgstr ""

#: ../../networking/multiple_subnets_in_shared_network.rst:45
msgid "CloudStack supports only one gateway for a subnet; overlapping subnets are not currently supported"
msgstr ""

#: ../../networking/multiple_subnets_in_shared_network.rst:50
msgid "Adding Multiple Subnets to a Shared Network"
msgstr ""

#: ../../networking/multiple_subnets_in_shared_network.rst:56
msgid "On Zones, click View More, then click the zone to which you want to work with.."
msgstr ""

#: ../../networking/multiple_subnets_in_shared_network.rst:59
msgid "Click Physical Network."
msgstr ""

#: ../../networking/multiple_subnets_in_shared_network.rst:63
msgid "Click Networks."
msgstr ""

#: ../../networking/multiple_subnets_in_shared_network.rst:65
msgid "Select the networks you want to work with."
msgstr ""

#: ../../networking/multiple_subnets_in_shared_network.rst:67
msgid "Click View IP Ranges."
msgstr ""

#: ../../networking/multiple_subnets_in_shared_network.rst:69
msgid "Click Add IP Range."
msgstr ""

#: ../../networking/multiple_subnets_in_shared_network.rst:71
msgid "The Add IP Range dialog is displayed, as follows:"
msgstr ""

#: ../../networking/multiple_subnets_in_shared_network.rst:73
msgid "|add-ip-range.png|"
msgstr ""

#: ../../networking/multiple_subnets_in_shared_network.rst:77
#: ../../networking/virtual_private_cloud_config.rst:250
msgid "All the fields are mandatory."
msgstr ""

#: ../../networking/multiple_subnets_in_shared_network.rst:79
#: ../../networking/virtual_private_cloud_config.rst:262
msgid "**Gateway**: The gateway for the tier you create. Ensure that the gateway is within the Super CIDR range that you specified while creating the VPC, and is not overlapped with the CIDR of any existing tier within the VPC."
msgstr ""

#: ../../networking/multiple_subnets_in_shared_network.rst:84
#: ../../networking/virtual_private_cloud_config.rst:275
msgid "**Netmask**: The netmask for the tier you create."
msgstr ""

#: ../../networking/multiple_subnets_in_shared_network.rst:86
#: ../../networking/virtual_private_cloud_config.rst:277
msgid "For example, if the VPC CIDR is 10.0.0.0/16 and the network tier CIDR is 10.0.1.0/24, the gateway of the tier is 10.0.1.1, and the netmask of the tier is 255.255.255.0."
msgstr ""

#: ../../networking/multiple_subnets_in_shared_network.rst:90
msgid "**Start IP/ End IP**: A range of IP addresses that are accessible from the Internet and will be allocated to guest VMs. Enter the first and last IP addresses that define a range that CloudStack can assign to guest VMs ."
msgstr ""

#: ../../networking/isolation_in_advanced_zone_with_vlan.rst:18
msgid "Isolation in Advanced Zone Using Private VLAN"
msgstr ""

#: ../../networking/isolation_in_advanced_zone_with_vlan.rst:20
msgid "Isolation of guest traffic in shared networks can be achieved by using Private VLANs (PVLAN). PVLANs provide Layer 2 isolation between ports within the same VLAN. In a PVLAN-enabled shared network, a user VM cannot reach other user VM though they can reach the DHCP server and gateway, this would in turn allow users to control traffic within a network and help them deploy multiple applications without communication between application as well as prevent communication with other users' VMs."
msgstr ""

#: ../../networking/isolation_in_advanced_zone_with_vlan.rst:29
msgid "Isolate VMs in a shared networks by using Private VLANs."
msgstr ""

#: ../../networking/isolation_in_advanced_zone_with_vlan.rst:31
msgid "Supported on KVM, XenServer, and VMware hypervisors"
msgstr ""

#: ../../networking/isolation_in_advanced_zone_with_vlan.rst:33
msgid "PVLAN-enabled shared network can be a part of multiple networks of a guest VM."
msgstr ""

#: ../../networking/isolation_in_advanced_zone_with_vlan.rst:38
msgid "About Private VLAN"
msgstr ""

#: ../../networking/isolation_in_advanced_zone_with_vlan.rst:40
msgid "In an Ethernet switch, a VLAN is a broadcast domain where hosts can establish direct communication with each another at Layer 2. Private VLAN is designed as an extension of VLAN standard to add further segmentation of the logical broadcast domain. A regular VLAN is a single broadcast domain, whereas a private VLAN partitions a larger VLAN broadcast domain into smaller sub-domains. A sub-domain is represented by a pair of VLANs: a Primary VLAN and a Secondary VLAN. The original VLAN that is being divided into smaller groups is called Primary, which implies that all VLAN pairs in a private VLAN share the same Primary VLAN. All the secondary VLANs exist only inside the Primary. Each Secondary VLAN has a specific VLAN ID associated to it, which differentiates one sub-domain from another."
msgstr ""

#: ../../networking/isolation_in_advanced_zone_with_vlan.rst:53
msgid "Three types of ports exist in a private VLAN domain, which essentially determine the behaviour of the participating hosts. Each ports will have its own unique set of rules, which regulate a connected host's ability to communicate with other connected host within the same private VLAN domain. Configure each host that is part of a PVLAN pair can be by using one of these three port designation:"
msgstr ""

#: ../../networking/isolation_in_advanced_zone_with_vlan.rst:60
msgid "**Promiscuous**: A promiscuous port can communicate with all the interfaces, including the community and isolated host ports that belong to the secondary VLANs. In Promiscuous mode, hosts are connected to promiscuous ports and are able to communicate directly with resources on both primary and secondary VLAN. Routers, DHCP servers, and other trusted devices are typically attached to promiscuous ports."
msgstr ""

#: ../../networking/isolation_in_advanced_zone_with_vlan.rst:68
msgid "**Isolated VLANs**: The ports within an isolated VLAN cannot communicate with each other at the layer-2 level. The hosts that are connected to Isolated ports can directly communicate only with the Promiscuous resources. If your customer device needs to have access only to a gateway router, attach it to an isolated port."
msgstr ""

#: ../../networking/isolation_in_advanced_zone_with_vlan.rst:74
msgid "**Community VLANs**: The ports within a community VLAN can communicate with each other and with the promiscuous ports, but they cannot communicate with the ports in other communities at the layer-2 level. In a Community mode, direct communication is permitted only with the hosts in the same community and those that are connected to the Primary PVLAN in promiscuous mode. If your customer has two devices that need to be isolated from other customers' devices, but to be able to communicate among themselves, deploy them in community ports."
msgstr ""

#: ../../networking/isolation_in_advanced_zone_with_vlan.rst:84
msgid "For further reading:"
msgstr ""

#: ../../networking/isolation_in_advanced_zone_with_vlan.rst:86
msgid "`Understanding Private VLANs <http://www.cisco.com/en/US/docs/switches/lan/catalyst3750/software/release/12.2_25_see/configuration/guide/swpvlan.html#wp1038379>`_"
msgstr ""

#: ../../networking/isolation_in_advanced_zone_with_vlan.rst:89
msgid "`Cisco Systems' Private VLANs: Scalable Security in a Multi-Client Environment <http://tools.ietf.org/html/rfc5517>`_"
msgstr ""

#: ../../networking/isolation_in_advanced_zone_with_vlan.rst:92
msgid "`Private VLAN (PVLAN) on vNetwork Distributed Switch - Concept Overview (1010691) <http://kb.vmware.com>`_"
msgstr ""

#: ../../networking/isolation_in_advanced_zone_with_vlan.rst:99
msgid "Use a PVLAN supported switch."
msgstr ""

#: ../../networking/isolation_in_advanced_zone_with_vlan.rst:101
msgid "See `Private VLAN Catalyst Switch Support Matrix <http://www.cisco.com/en/US/products/hw/switches/ps708/products_tech_note09186a0080094830.shtml>`_ for more information."
msgstr ""

#: ../../networking/isolation_in_advanced_zone_with_vlan.rst:105
msgid "All the layer 2 switches, which are PVLAN-aware, are connected to each other, and one of them is connected to a router. All the ports connected to the host would be configured in trunk mode. Open Management VLAN, Primary VLAN (public) and Secondary Isolated VLAN ports. Configure the switch port connected to the router in PVLAN promiscuous trunk mode, which would translate an isolated VLAN to primary VLAN for the PVLAN-unaware router."
msgstr ""

#: ../../networking/isolation_in_advanced_zone_with_vlan.rst:113
msgid "Note that only Cisco Catalyst 4500 has the PVLAN promiscuous trunk mode to connect both normal VLAN and PVLAN to a PVLAN-unaware switch. For the other Catalyst PVLAN support switch, connect the switch to upper switch by using cables, one each for a PVLAN pair."
msgstr ""

#: ../../networking/isolation_in_advanced_zone_with_vlan.rst:118
msgid "Configure private VLAN on your physical switches out-of-band."
msgstr ""

#: ../../networking/isolation_in_advanced_zone_with_vlan.rst:120
msgid "Before you use PVLAN on XenServer and KVM, enable Open vSwitch (OVS)."
msgstr ""

#: ../../networking/isolation_in_advanced_zone_with_vlan.rst:123
msgid "OVS on XenServer and KVM does not support PVLAN natively. Therefore, CloudStack managed to simulate PVLAN on OVS for XenServer and KVM by modifying the flow table."
msgstr ""

#: ../../networking/isolation_in_advanced_zone_with_vlan.rst:129
msgid "Creating a PVLAN-Enabled Guest Network"
msgstr ""

#: ../../networking/isolation_in_advanced_zone_with_vlan.rst:161
msgid "**Secondary Isolated VLAN ID**: The unique ID of the Secondary Isolated VLAN."
msgstr ""

#: ../../networking/isolation_in_advanced_zone_with_vlan.rst:164
msgid "For the description on Secondary Isolated VLAN, see `About Private VLAN\" <#about-private-vlan>`_."
msgstr ""

#: ../../networking/security_groups.rst:18
msgid "Security Groups"
msgstr ""

#: ../../networking/security_groups.rst:21
msgid "About Security Groups"
msgstr ""

#: ../../networking/security_groups.rst:23
msgid "Security groups provide a way to isolate traffic to VMs. A security group is a group of VMs that filter their incoming and outgoing traffic according to a set of rules, called ingress and egress rules. These rules filter network traffic according to the IP address that is attempting to communicate with the VM. Security groups are particularly useful in zones that use basic networking, because there is a single guest network for all guest VMs. In advanced zones, security groups are supported only on the KVM hypervisor."
msgstr ""

#: ../../networking/security_groups.rst:33
msgid "In a zone that uses advanced networking, you can instead define multiple guest networks to isolate traffic to VMs."
msgstr ""

#: ../../networking/security_groups.rst:36
msgid "Each CloudStack account comes with a default security group that denies all inbound traffic and allows all outbound traffic. The default security group can be modified so that all new VMs inherit some other desired set of rules."
msgstr ""

#: ../../networking/security_groups.rst:41
msgid "Any CloudStack user can set up any number of additional security groups. When a new VM is launched, it is assigned to the default security group unless another user-defined security group is specified. A VM can be a member of any number of security groups. Once a VM is assigned to a security group, it remains in that group for its entire lifetime; you can not move a running VM from one security group to another."
msgstr ""

#: ../../networking/security_groups.rst:48
msgid "You can modify a security group by deleting or adding any number of ingress and egress rules. When you do, the new rules apply to all VMs in the group, whether running or stopped."
msgstr ""

#: ../../networking/security_groups.rst:52
msgid "If no ingress rules are specified, then no traffic will be allowed in, except for responses to any traffic that has been allowed out through an egress rule."
msgstr ""

#: ../../networking/security_groups.rst:58
msgid "Adding a Security Group"
msgstr ""

#: ../../networking/security_groups.rst:60
msgid "A user or administrator can define a new security group."
msgstr ""

#: ../../networking/security_groups.rst:66
msgid "In Select view, choose Security Groups."
msgstr ""

#: ../../networking/security_groups.rst:68
msgid "Click Add Security Group."
msgstr ""

#: ../../networking/security_groups.rst:70
msgid "Provide a name and description."
msgstr ""

#: ../../networking/security_groups.rst:74
msgid "The new security group appears in the Security Groups Details tab."
msgstr ""

#: ../../networking/security_groups.rst:76
msgid "To make the security group useful, continue to Adding Ingress and Egress Rules to a Security Group."
msgstr ""

#: ../../networking/security_groups.rst:81
msgid "Security Groups in Advanced Zones (KVM Only)"
msgstr ""

#: ../../networking/security_groups.rst:83
msgid "CloudStack provides the ability to use security groups to provide isolation between guests on a single shared, zone-wide network in an advanced zone where KVM is the hypervisor. Using security groups in advanced zones rather than multiple VLANs allows a greater range of options for setting up guest isolation in a cloud."
msgstr ""

#: ../../networking/security_groups.rst:93
msgid "The following are not supported for this feature:"
msgstr ""

#: ../../networking/security_groups.rst:95
msgid "Two IP ranges with the same VLAN and different gateway or netmask in security group-enabled shared network."
msgstr ""

#: ../../networking/security_groups.rst:98
msgid "Two IP ranges with the same VLAN and different gateway or netmask in account-specific shared networks."
msgstr ""

#: ../../networking/security_groups.rst:101
msgid "Multiple VLAN ranges in security group-enabled shared network."
msgstr ""

#: ../../networking/security_groups.rst:103
msgid "Multiple VLAN ranges in account-specific shared networks."
msgstr ""

#: ../../networking/security_groups.rst:105
msgid "Security groups must be enabled in the zone in order for this feature to be used."
msgstr ""

#: ../../networking/security_groups.rst:110
msgid "Enabling Security Groups"
msgstr ""

#: ../../networking/security_groups.rst:112
msgid "In order for security groups to function in a zone, the security groups feature must first be enabled for the zone. The administrator can do this when creating a new zone, by selecting a network offering that includes security groups. The procedure is described in Basic Zone Configuration in the Advanced Installation Guide. The administrator can not enable security groups for an existing zone, only when creating a new zone."
msgstr ""

#: ../../networking/security_groups.rst:122
msgid "Adding Ingress and Egress Rules to a Security Group"
msgstr ""

#: ../../networking/security_groups.rst:126
msgid "In the left navigation, choose Network"
msgstr ""

#: ../../networking/security_groups.rst:128
msgid "In Select view, choose Security Groups, then click the security group you want."
msgstr ""

#: ../../networking/security_groups.rst:131
msgid "To add an ingress rule, click the Ingress Rules tab and fill out the following fields to specify what network traffic is allowed into VM instances in this security group. If no ingress rules are specified, then no traffic will be allowed in, except for responses to any traffic that has been allowed out through an egress rule."
msgstr ""

#: ../../networking/security_groups.rst:137
msgid "**Add by CIDR/Account**. Indicate whether the source of the traffic will be defined by IP address (CIDR) or an existing security group in a CloudStack account (Account). Choose Account if you want to allow incoming traffic from all VMs in another security group"
msgstr ""

#: ../../networking/security_groups.rst:143
msgid "**Protocol**. The networking protocol that sources will use to send traffic to the security group. TCP and UDP are typically used for data exchange and end-user communications. ICMP is typically used to send error messages or network monitoring data."
msgstr ""

#: ../../networking/security_groups.rst:148
msgid "**Start Port, End Port**. (TCP, UDP only) A range of listening ports that are the destination for the incoming traffic. If you are opening a single port, use the same number in both fields."
msgstr ""

#: ../../networking/security_groups.rst:152
msgid "**ICMP Type, ICMP Code**. (ICMP only) The type of message and error code that will be accepted."
msgstr ""

#: ../../networking/security_groups.rst:155
msgid "**CIDR**. (Add by CIDR only) To accept only traffic from IP addresses within a particular address block, enter a CIDR or a comma-separated list of CIDRs. The CIDR is the base IP address of the incoming traffic. For example, 192.168.0.0/22. To allow all CIDRs, set to 0.0.0.0/0."
msgstr ""

#: ../../networking/security_groups.rst:161
msgid "**Account, Security Group**. (Add by Account only) To accept only traffic from another security group, enter the CloudStack account and name of a security group that has already been defined in that account. To allow traffic between VMs within the security group you are editing now, enter the same name you used in step 7."
msgstr ""

#: ../../networking/security_groups.rst:167
msgid "The following example allows inbound HTTP access from anywhere:"
msgstr ""

#: ../../networking/security_groups.rst:169
msgid "|httpaccess.png|"
msgstr ""

#: ../../networking/security_groups.rst:171
msgid "To add an egress rule, click the Egress Rules tab and fill out the following fields to specify what type of traffic is allowed to be sent out of VM instances in this security group. If no egress rules are specified, then all traffic will be allowed out. Once egress rules are specified, the following types of traffic are allowed out: traffic specified in egress rules; queries to DNS and DHCP servers; and responses to any traffic that has been allowed in through an ingress rule"
msgstr ""

#: ../../networking/security_groups.rst:180
msgid "**Add by CIDR/Account**. Indicate whether the destination of the traffic will be defined by IP address (CIDR) or an existing security group in a CloudStack account (Account). Choose Account if you want to allow outgoing traffic to all VMs in another security group."
msgstr ""

#: ../../networking/security_groups.rst:186
msgid "**Protocol**. The networking protocol that VMs will use to send outgoing traffic. TCP and UDP are typically used for data exchange and end-user communications. ICMP is typically used to send error messages or network monitoring data."
msgstr ""

#: ../../networking/security_groups.rst:191
msgid "**Start Port, End Port**. (TCP, UDP only) A range of listening ports that are the destination for the outgoing traffic. If you are opening a single port, use the same number in both fields."
msgstr ""

#: ../../networking/security_groups.rst:195
msgid "**ICMP Type, ICMP Code**. (ICMP only) The type of message and error code that will be sent"
msgstr ""

#: ../../networking/security_groups.rst:198
msgid "**CIDR**. (Add by CIDR only) To send traffic only to IP addresses within a particular address block, enter a CIDR or a comma-separated list of CIDRs. The CIDR is the base IP address of the destination. For example, 192.168.0.0/22. To allow all CIDRs, set to 0.0.0.0/0."
msgstr ""

#: ../../networking/security_groups.rst:204
msgid "**Account, Security Group**. (Add by Account only) To allow traffic to be sent to another security group, enter the CloudStack account and name of a security group that has already been defined in that account. To allow traffic between VMs within the security group you are editing now, enter its name."
msgstr ""

#: ../../networking/external_firewalls_and_load_balancers.rst:18
msgid "External Firewalls and Load Balancers"
msgstr ""

#: ../../networking/external_firewalls_and_load_balancers.rst:20
msgid "CloudStack is capable of replacing its Virtual Router with an external Juniper SRX device and an optional external NetScaler or F5 load balancer for gateway and load balancing services. In this case, the VMs use the SRX as their gateway."
msgstr ""

#: ../../networking/external_firewalls_and_load_balancers.rst:27
msgid "About Using a NetScaler Load Balancer"
msgstr ""

#: ../../networking/external_firewalls_and_load_balancers.rst:29
msgid "Citrix NetScaler is supported as an external network element for load balancing in zones that use isolated networking in advanced zones. Set up an external load balancer when you want to provide load balancing through means other than CloudStack's provided virtual router."
msgstr ""

#: ../../networking/external_firewalls_and_load_balancers.rst:35
msgid "In a Basic zone, load balancing service is supported only if Elastic IP or Elastic LB services are enabled."
msgstr ""

#: ../../networking/external_firewalls_and_load_balancers.rst:38
msgid "When NetScaler load balancer is used to provide EIP or ELB services in a Basic zone, ensure that all guest VM traffic must enter and exit through the NetScaler device. When inbound traffic goes through the NetScaler device, traffic is routed by using the NAT protocol depending on the EIP/ELB configured on the public IP to the private IP. The traffic that is originated from the guest VMs usually goes through the layer 3 router. To ensure that outbound traffic goes through NetScaler device providing EIP/ELB, layer 3 router must have a policy-based routing. A policy-based route must be set up so that all traffic originated from the guest VM's are directed to NetScaler device. This is required to ensure that the outbound traffic from the guest VM's is routed to a public IP by using NAT.For more information on Elastic IP, see `\"About Elastic IP\" <#about-elastic-ip>`_."
msgstr ""

#: ../../networking/external_firewalls_and_load_balancers.rst:52
msgid "The NetScaler can be set up in direct (outside the firewall) mode. It must be added before any load balancing rules are deployed on guest VMs in the zone."
msgstr ""

#: ../../networking/external_firewalls_and_load_balancers.rst:56
msgid "The functional behavior of the NetScaler with CloudStack is the same as described in the CloudStack documentation for using an F5 external load balancer. The only exception is that the F5 supports routing domains, and NetScaler does not. NetScaler can not yet be used as a firewall."
msgstr ""

#: ../../networking/external_firewalls_and_load_balancers.rst:61
msgid "To install and enable an external load balancer for CloudStack management, see External Guest Load Balancer Integration in the Installation Guide."
msgstr ""

#: ../../networking/external_firewalls_and_load_balancers.rst:65
msgid "The Citrix NetScaler comes in three varieties. The following summarizes how these variants are treated in CloudStack."
msgstr ""

#: ../../networking/external_firewalls_and_load_balancers.rst:68
msgid "**MPX**"
msgstr ""

#: ../../networking/external_firewalls_and_load_balancers.rst:70
msgid "Physical appliance. Capable of deep packet inspection. Can act as application firewall and load balancer"
msgstr ""

#: ../../networking/external_firewalls_and_load_balancers.rst:73
msgid "In advanced zones, load balancer functionality fully supported without limitation. In basic zones, static NAT, elastic IP (EIP), and elastic load balancing (ELB) are also provided."
msgstr ""

#: ../../networking/external_firewalls_and_load_balancers.rst:77
msgid "**VPX**"
msgstr ""

#: ../../networking/external_firewalls_and_load_balancers.rst:79
msgid "Virtual appliance. Can run as VM on XenServer, ESXi, and Hyper-V hypervisors. Same functionality as MPX"
msgstr ""

#: ../../networking/external_firewalls_and_load_balancers.rst:82
msgid "Supported on ESXi and XenServer. Same functional support as for MPX. CloudStack will treat VPX and MPX as the same device type."
msgstr ""

#: ../../networking/external_firewalls_and_load_balancers.rst:85
msgid "**SDX**"
msgstr ""

#: ../../networking/external_firewalls_and_load_balancers.rst:87
msgid "Physical appliance. Can create multiple fully isolated VPX instances on a single appliance to support multi-tenant usage"
msgstr ""

#: ../../networking/external_firewalls_and_load_balancers.rst:90
msgid "CloudStack will dynamically provision, configure, and manage the life cycle of VPX instances on the SDX. Provisioned instances are added into CloudStack automatically - no manual configuration by the administrator is required. Once a VPX instance is added into CloudStack, it is treated the same as a VPX on an ESXi host."
msgstr ""

#: ../../networking/external_firewalls_and_load_balancers.rst:98
msgid "Configuring SNMP Community String on a RHEL Server"
msgstr ""

#: ../../networking/external_firewalls_and_load_balancers.rst:100
msgid "The SNMP Community string is similar to a user id or password that provides access to a network device, such as router. This string is sent along with all SNMP requests. If the community string is correct, the device responds with the requested information. If the community string is incorrect, the device discards the request and does not respond."
msgstr ""

#: ../../networking/external_firewalls_and_load_balancers.rst:106
msgid "The NetScaler device uses SNMP to communicate with the VMs. You must install SNMP and configure SNMP Community string for a secure communication between the NetScaler device and the RHEL machine."
msgstr ""

#: ../../networking/external_firewalls_and_load_balancers.rst:110
msgid "Ensure that you installed SNMP on RedHat. If not, run the following command:"
msgstr ""

#: ../../networking/external_firewalls_and_load_balancers.rst:117
msgid "Edit the /etc/snmp/snmpd.conf file to allow the SNMP polling from the NetScaler device."
msgstr ""

#: ../../networking/external_firewalls_and_load_balancers.rst:120
msgid "Map the community name into a security name (local and mynetwork, depending on where the request is coming from):"
msgstr ""

#: ../../networking/external_firewalls_and_load_balancers.rst:124
msgid "Use a strong password instead of public when you edit the following table."
msgstr ""

#: ../../networking/external_firewalls_and_load_balancers.rst:133
msgid "Setting to 0.0.0.0 allows all IPs to poll the NetScaler server."
msgstr ""

#: ../../networking/external_firewalls_and_load_balancers.rst:135
msgid "Map the security names into group names:"
msgstr ""

#: ../../networking/external_firewalls_and_load_balancers.rst:145
msgid "Create a view to allow the groups to have the permission to:"
msgstr ""

#: ../../networking/external_firewalls_and_load_balancers.rst:151
msgid "Grant access with different write permissions to the two groups to the view you created."
msgstr ""

#: ../../networking/external_firewalls_and_load_balancers.rst:160
msgid "Unblock SNMP in iptables."
msgstr ""

#: ../../networking/external_firewalls_and_load_balancers.rst:166
msgid "Start the SNMP service:"
msgstr ""

#: ../../networking/external_firewalls_and_load_balancers.rst:172
msgid "Ensure that the SNMP service is started automatically during the system startup:"
msgstr ""

#: ../../networking/external_firewalls_and_load_balancers.rst:181
msgid "Initial Setup of External Firewalls and Load Balancers"
msgstr ""

#: ../../networking/external_firewalls_and_load_balancers.rst:183
msgid "When the first VM is created for a new account, CloudStack programs the external firewall and load balancer to work with the VM. The following objects are created on the firewall:"
msgstr ""

#: ../../networking/external_firewalls_and_load_balancers.rst:187
msgid "A new logical interface to connect to the account's private VLAN. The interface IP is always the first IP of the account's private subnet (e.g. 10.1.1.1)."
msgstr ""

#: ../../networking/external_firewalls_and_load_balancers.rst:191
msgid "A source NAT rule that forwards all outgoing traffic from the account's private VLAN to the public Internet, using the account's public IP address as the source address"
msgstr ""

#: ../../networking/external_firewalls_and_load_balancers.rst:195
msgid "A firewall filter counter that measures the number of bytes of outgoing traffic for the account"
msgstr ""

#: ../../networking/external_firewalls_and_load_balancers.rst:198
msgid "The following objects are created on the load balancer:"
msgstr ""

#: ../../networking/external_firewalls_and_load_balancers.rst:200
msgid "A new VLAN that matches the account's provisioned Zone VLAN"
msgstr ""

#: ../../networking/external_firewalls_and_load_balancers.rst:202
msgid "A self IP for the VLAN. This is always the second IP of the account's private subnet (e.g. 10.1.1.2)."
msgstr ""

#: ../../networking/external_firewalls_and_load_balancers.rst:207
msgid "Ongoing Configuration of External Firewalls and Load Balancers"
msgstr ""

#: ../../networking/external_firewalls_and_load_balancers.rst:209
msgid "Additional user actions (e.g. setting a port forward) will cause further programming of the firewall and load balancer. A user may request additional public IP addresses and forward traffic received at these IPs to specific VMs. This is accomplished by enabling static NAT for a public IP address, assigning the IP to a VM, and specifying a set of protocols and port ranges to open. When a static NAT rule is created, CloudStack programs the zone's external firewall with the following objects:"
msgstr ""

#: ../../networking/external_firewalls_and_load_balancers.rst:218
msgid "A static NAT rule that maps the public IP address to the private IP address of a VM."
msgstr ""

#: ../../networking/external_firewalls_and_load_balancers.rst:221
msgid "A security policy that allows traffic within the set of protocols and port ranges that are specified."
msgstr ""

#: ../../networking/external_firewalls_and_load_balancers.rst:224
msgid "A firewall filter counter that measures the number of bytes of incoming traffic to the public IP."
msgstr ""

#: ../../networking/external_firewalls_and_load_balancers.rst:227
msgid "The number of incoming and outgoing bytes through source NAT, static NAT, and load balancing rules is measured and saved on each external element. This data is collected on a regular basis and stored in the CloudStack database."
msgstr ""

#: ../../networking/external_firewalls_and_load_balancers.rst:234
msgid "Load Balancer Rules"
msgstr ""

#: ../../networking/external_firewalls_and_load_balancers.rst:236
msgid "A CloudStack user or administrator may create load balancing rules that balance traffic received at a public IP to one or more VMs. A user creates a rule, specifies an algorithm, and assigns the rule to a set of VMs."
msgstr ""

#: ../../networking/external_firewalls_and_load_balancers.rst:242
msgid "If you create load balancing rules while using a network service offering that includes an external load balancer device such as NetScaler, and later change the network service offering to one that uses the CloudStack virtual router, you must create a firewall rule on the virtual router for each of your existing load balancing rules so that they continue to function."
msgstr ""

#: ../../networking/external_firewalls_and_load_balancers.rst:253
msgid "Adding a Load Balancer Rule"
msgstr ""

#: ../../networking/external_firewalls_and_load_balancers.rst:259
msgid "Click the name of the network where you want to load balance the traffic."
msgstr ""

#: ../../networking/external_firewalls_and_load_balancers.rst:264
#: ../../networking/virtual_private_cloud_config.rst:1057
#: ../../networking/virtual_private_cloud_config.rst:1325
msgid "Click the IP address for which you want to create the rule, then click the Configuration tab."
msgstr ""

#: ../../networking/external_firewalls_and_load_balancers.rst:267
#: ../../networking/virtual_private_cloud_config.rst:1060
msgid "In the Load Balancing node of the diagram, click View All."
msgstr ""

#: ../../networking/external_firewalls_and_load_balancers.rst:269
msgid "In a Basic zone, you can also create a load balancing rule without acquiring or selecting an IP address. CloudStack internally assign an IP when you create the load balancing rule, which is listed in the IP Addresses page when the rule is created."
msgstr ""

#: ../../networking/external_firewalls_and_load_balancers.rst:274
msgid "To do that, select the name of the network, then click Add Load Balancer tab. Continue with #7."
msgstr ""

#: ../../networking/external_firewalls_and_load_balancers.rst:277
#: ../../networking/ip_forwarding_and_firewalling.rst:265
msgid "Fill in the following:"
msgstr ""

#: ../../networking/external_firewalls_and_load_balancers.rst:279
#: ../../networking/virtual_private_cloud_config.rst:1066
#: ../../networking/virtual_private_cloud_config.rst:1251
msgid "**Name**: A name for the load balancer rule."
msgstr ""

#: ../../networking/external_firewalls_and_load_balancers.rst:281
msgid "**Public Port**: The port receiving incoming traffic to be balanced."
msgstr ""

#: ../../networking/external_firewalls_and_load_balancers.rst:284
#: ../../networking/virtual_private_cloud_config.rst:1071
msgid "**Private Port**: The port that the VMs will use to receive the traffic."
msgstr ""

#: ../../networking/external_firewalls_and_load_balancers.rst:287
msgid "**Algorithm**: Choose the load balancing algorithm you want CloudStack to use. CloudStack supports a variety of well-known algorithms. If you are not familiar with these choices, you will find plenty of information about them on the Internet."
msgstr ""

#: ../../networking/external_firewalls_and_load_balancers.rst:292
msgid "**Stickiness**: (Optional) Click Configure and choose the algorithm for the stickiness policy. See Sticky Session Policies for Load Balancer Rules."
msgstr ""

#: ../../networking/external_firewalls_and_load_balancers.rst:296
msgid "**AutoScale**: Click Configure and complete the AutoScale configuration as explained in :ref:`conf-autoscale`."
msgstr ""

#: ../../networking/external_firewalls_and_load_balancers.rst:299
msgid "**Health Check**: (Optional; NetScaler load balancers only) Click Configure and fill in the characteristics of the health check policy. See :ref:`health-check`."
msgstr ""

#: ../../networking/external_firewalls_and_load_balancers.rst:303
msgid "**Ping path (Optional)**: Sequence of destinations to which to send health check queries. Default: / (all)."
msgstr ""

#: ../../networking/external_firewalls_and_load_balancers.rst:306
msgid "**Response time (Optional)**: How long to wait for a response from the health check (2 - 60 seconds). Default: 5 seconds."
msgstr ""

#: ../../networking/external_firewalls_and_load_balancers.rst:309
msgid "**Interval time (Optional)**: Amount of time between health checks (1 second - 5 minutes). Default value is set in the global configuration parameter lbrule\\_health check\\_time\\_interval."
msgstr ""

#: ../../networking/external_firewalls_and_load_balancers.rst:314
msgid "**Healthy threshold (Optional)**: Number of consecutive health check successes that are required before declaring an instance healthy. Default: 2."
msgstr ""

#: ../../networking/external_firewalls_and_load_balancers.rst:318
msgid "**Unhealthy threshold (Optional)**: Number of consecutive health check failures that are required before declaring an instance unhealthy. Default: 10."
msgstr ""

#: ../../networking/external_firewalls_and_load_balancers.rst:322
msgid "Click Add VMs, then select two or more VMs that will divide the load of incoming traffic, and click Apply."
msgstr ""

#: ../../networking/external_firewalls_and_load_balancers.rst:325
msgid "The new load balancer rule appears in the list. You can repeat these steps to add more load balancer rules for this IP address."
msgstr ""

#: ../../networking/external_firewalls_and_load_balancers.rst:330
msgid "Sticky Session Policies for Load Balancer Rules"
msgstr ""

#: ../../networking/external_firewalls_and_load_balancers.rst:332
msgid "Sticky sessions are used in Web-based applications to ensure continued availability of information across the multiple requests in a user's session. For example, if a shopper is filling a cart, you need to remember what has been purchased so far. The concept of \"stickiness\" is also referred to as persistence or maintaining state."
msgstr ""

#: ../../networking/external_firewalls_and_load_balancers.rst:338
msgid "Any load balancer rule defined in CloudStack can have a stickiness policy. The policy consists of a name, stickiness method, and parameters. The parameters are name-value pairs or flags, which are defined by the load balancer vendor. The stickiness method could be load balancer-generated cookie, application-generated cookie, or source-based. In the source-based method, the source IP address is used to identify the user and locate the user's stored data. In the other methods, cookies are used. The cookie generated by the load balancer or application is included in request and response URLs to create persistence. The cookie name can be specified by the administrator or automatically generated. A variety of options are provided to control the exact behavior of cookies, such as how they are generated and whether they are cached."
msgstr ""

#: ../../networking/external_firewalls_and_load_balancers.rst:352
msgid "For the most up to date list of available stickiness methods, see the CloudStack UI or call listNetworks and check the SupportedStickinessMethods capability."
msgstr ""

#: ../../networking/external_firewalls_and_load_balancers.rst:360
msgid "Health Checks for Load Balancer Rules"
msgstr ""

#: ../../networking/external_firewalls_and_load_balancers.rst:362
msgid "(NetScaler load balancer only; requires NetScaler version 10.0)"
msgstr ""

#: ../../networking/external_firewalls_and_load_balancers.rst:364
msgid "Health checks are used in load-balanced applications to ensure that requests are forwarded only to running, available services. When creating a load balancer rule, you can specify a health check policy. This is in addition to specifying the stickiness policy, algorithm, and other load balancer rule options. You can configure one health check policy per load balancer rule."
msgstr ""

#: ../../networking/external_firewalls_and_load_balancers.rst:371
msgid "Any load balancer rule defined on a NetScaler load balancer in CloudStack can have a health check policy. The policy consists of a ping path, thresholds to define \"healthy\" and \"unhealthy\" states, health check frequency, and timeout wait interval."
msgstr ""

#: ../../networking/external_firewalls_and_load_balancers.rst:376
msgid "When a health check policy is in effect, the load balancer will stop forwarding requests to any resources that are found to be unhealthy. If the resource later becomes available again, the periodic health check will discover it, and the resource will once again be added to the pool of resources that can receive requests from the load balancer. At any given time, the most recent result of the health check is displayed in the UI. For any VM that is attached to a load balancer rule with a health check configured, the state will be shown as UP or DOWN in the UI depending on the result of the most recent health check."
msgstr ""

#: ../../networking/external_firewalls_and_load_balancers.rst:386
msgid "You can delete or modify existing health check policies."
msgstr ""

#: ../../networking/external_firewalls_and_load_balancers.rst:388
msgid "To configure how often the health check is performed by default, use the global configuration setting healthcheck.update.interval (default value is 600 seconds). You can override this value for an individual health check policy."
msgstr ""

#: ../../networking/external_firewalls_and_load_balancers.rst:393
msgid "For details on how to set a health check policy using the UI, see :ref:`adding-lb-rule`."
msgstr ""

#: ../../networking/external_firewalls_and_load_balancers.rst:400
msgid "Configuring AutoScale"
msgstr ""

#: ../../networking/external_firewalls_and_load_balancers.rst:402
msgid "AutoScaling allows you to scale your back-end services or application VMs up or down seamlessly and automatically according to the conditions you define. With AutoScaling enabled, you can ensure that the number of VMs you are using seamlessly scale up when demand increases, and automatically decreases when demand subsides. Thus it helps you save compute costs by terminating underused VMs automatically and launching new VMs when you need them, without the need for manual intervention."
msgstr ""

#: ../../networking/external_firewalls_and_load_balancers.rst:410
msgid "NetScaler AutoScaling is designed to seamlessly launch or terminate VMs based on user-defined conditions. Conditions for triggering a scaleup or scaledown action can vary from a simple use case like monitoring the CPU usage of a server to a complex use case of monitoring a combination of server's responsiveness and its CPU usage. For example, you can configure AutoScaling to launch an additional VM whenever CPU usage exceeds 80 percent for 15 minutes, or to remove a VM whenever CPU usage is less than 20 percent for 30 minutes."
msgstr ""

#: ../../networking/external_firewalls_and_load_balancers.rst:419
msgid "CloudStack uses the NetScaler load balancer to monitor all aspects of a system's health and work in unison with CloudStack to initiate scale-up or scale-down actions."
msgstr ""

#: ../../networking/external_firewalls_and_load_balancers.rst:424
msgid "AutoScale is supported on NetScaler Release 10 Build 74.4006.e and beyond."
msgstr ""

#: ../../networking/external_firewalls_and_load_balancers.rst:430
msgid "Before you configure an AutoScale rule, consider the following:"
msgstr ""

#: ../../networking/external_firewalls_and_load_balancers.rst:432
msgid "Ensure that the necessary template is prepared before configuring AutoScale. When a VM is deployed by using a template and when it comes up, the application should be up and running."
msgstr ""

#: ../../networking/external_firewalls_and_load_balancers.rst:437
msgid "If the application is not running, the NetScaler device considers the VM as ineffective and continues provisioning the VMs unconditionally until the resource limit is exhausted."
msgstr ""

#: ../../networking/external_firewalls_and_load_balancers.rst:441
msgid "Deploy the templates you prepared. Ensure that the applications come up on the first boot and is ready to take the traffic. Observe the time requires to deploy the template. Consider this time when you specify the quiet time while configuring AutoScale."
msgstr ""

#: ../../networking/external_firewalls_and_load_balancers.rst:446
msgid "The AutoScale feature supports the SNMP counters that can be used to define conditions for taking scale up or scale down actions. To monitor the SNMP-based counter, ensure that the SNMP agent is installed in the template used for creating the AutoScale VMs, and the SNMP operations work with the configured SNMP community and port by using standard SNMP managers. For example, see `\"Configuring SNMP Community String on a RHELServer\" <#configuring-snmp-community-string-on-a-rhel-server>`_ to configure SNMP on a RHEL machine."
msgstr ""

#: ../../networking/external_firewalls_and_load_balancers.rst:456
msgid "Ensure that the endpointe.url parameter present in the Global Settings is set to the Management Server API URL. For example, ``http://10.102.102.22:8080/client/api``. In a multi-node Management Server deployment, use the virtual IP address configured in the load balancer for the management server's cluster. Additionally, ensure that the NetScaler device has access to this IP address to provide AutoScale support."
msgstr ""

#: ../../networking/external_firewalls_and_load_balancers.rst:464
msgid "If you update the endpointe.url, disable the AutoScale functionality of the load balancer rules in the system, then enable them back to reflect the changes. For more information see :ref:`update-autoscale`."
msgstr ""

#: ../../networking/external_firewalls_and_load_balancers.rst:468
msgid "If the API Key and Secret Key are regenerated for an AutoScale user, ensure that the AutoScale functionality of the load balancers that the user participates in are disabled and then enabled to reflect the configuration changes in the NetScaler."
msgstr ""

#: ../../networking/external_firewalls_and_load_balancers.rst:473
msgid "In an advanced Zone, ensure that at least one VM should be present before configuring a load balancer rule with AutoScale. Having one VM in the network ensures that the network is in implemented state for configuring AutoScale."
msgstr ""

#: ../../networking/external_firewalls_and_load_balancers.rst:480
msgid "Configuration"
msgstr ""

#: ../../networking/external_firewalls_and_load_balancers.rst:484
msgid "|autoscaleateconfig.png|"
msgstr ""

#: ../../networking/external_firewalls_and_load_balancers.rst:486
msgid "**Template**: A template consists of a base OS image and application. A template is used to provision the new instance of an application on a scaleup action. When a VM is deployed from a template, the VM can start taking the traffic from the load balancer without any admin intervention. For example, if the VM is deployed for a Web service, it should have the Web server running, the database connected, and so on."
msgstr ""

#: ../../networking/external_firewalls_and_load_balancers.rst:494
msgid "**Compute offering**: A predefined set of virtual hardware attributes, including CPU speed, number of CPUs, and RAM size, that the user can select when creating a new virtual machine instance. Choose one of the compute offerings to be used while provisioning a VM instance as part of scaleup action."
msgstr ""

#: ../../networking/external_firewalls_and_load_balancers.rst:500
msgid "**Min Instance**: The minimum number of active VM instances that is assigned to a load balancing rule. The active VM instances are the application instances that are up and serving the traffic, and are being load balanced. This parameter ensures that a load balancing rule has at least the configured number of active VM instances are available to serve the traffic."
msgstr ""

#: ../../networking/external_firewalls_and_load_balancers.rst:508
msgid "If an application, such as SAP, running on a VM instance is down for some reason, the VM is then not counted as part of Min Instance parameter, and the AutoScale feature initiates a scaleup action if the number of active VM instances is below the configured value. Similarly, when an application instance comes up from its earlier down state, this application instance is counted as part of the active instance count and the AutoScale process initiates a scaledown action when the active instance count breaches the Max instance value."
msgstr ""

#: ../../networking/external_firewalls_and_load_balancers.rst:518
msgid "**Max Instance**: Maximum number of active VM instances that **should be assigned to**\\ a load balancing rule. This parameter defines the upper limit of active VM instances that can be assigned to a load balancing rule."
msgstr ""

#: ../../networking/external_firewalls_and_load_balancers.rst:523
msgid "Specifying a large value for the maximum instance parameter might result in provisioning large number of VM instances, which in turn leads to a single load balancing rule exhausting the VM instances limit specified at the account or domain level."
msgstr ""

#: ../../networking/external_firewalls_and_load_balancers.rst:529
msgid "If an application, such as SAP, running on a VM instance is down for some reason, the VM is not counted as part of Max Instance parameter. So there may be scenarios where the number of VMs provisioned for a scaleup action might be more than the configured Max Instance value. Once the application instances in the VMs are up from an earlier down state, the AutoScale feature starts aligning to the configured Max Instance value."
msgstr ""

#: ../../networking/external_firewalls_and_load_balancers.rst:537
msgid "Specify the following scale-up and scale-down policies:"
msgstr ""

#: ../../networking/external_firewalls_and_load_balancers.rst:539
msgid "**Duration**: The duration, in seconds, for which the conditions you specify must be true to trigger a scaleup action. The conditions defined should hold true for the entire duration you specify for an AutoScale action to be invoked."
msgstr ""

#: ../../networking/external_firewalls_and_load_balancers.rst:544
msgid "**Counter**: The performance counters expose the state of the monitored instances. By default, CloudStack offers four performance counters: Three SNMP counters and one NetScaler counter. The SNMP counters are Linux User CPU, Linux System CPU, and Linux CPU Idle. The NetScaler counter is ResponseTime. The root administrator can add additional counters into CloudStack by using the CloudStack API."
msgstr ""

#: ../../networking/external_firewalls_and_load_balancers.rst:551
msgid "**Operator**: The following five relational operators are supported in AutoScale feature: Greater than, Less than, Less than or equal to, Greater than or equal to, and Equal to."
msgstr ""

#: ../../networking/external_firewalls_and_load_balancers.rst:555
msgid "**Threshold**: Threshold value to be used for the counter. Once the counter defined above breaches the threshold value, the AutoScale feature initiates a scaleup or scaledown action."
msgstr ""

#: ../../networking/external_firewalls_and_load_balancers.rst:559
msgid "**Add**: Click Add to add the condition."
msgstr ""

#: ../../networking/external_firewalls_and_load_balancers.rst:561
msgid "Additionally, if you want to configure the advanced settings, click Show advanced settings, and specify the following:"
msgstr ""

#: ../../networking/external_firewalls_and_load_balancers.rst:564
msgid "**Polling interval**: Frequency in which the conditions, combination of counter, operator and threshold, are to be evaluated before taking a scale up or down action. The default polling interval is 30 seconds."
msgstr ""

#: ../../networking/external_firewalls_and_load_balancers.rst:569
msgid "**Quiet Time**: This is the cool down period after an AutoScale action is initiated. The time includes the time taken to complete provisioning a VM instance from its template and the time taken by an application to be ready to serve traffic. This quiet time allows the fleet to come up to a stable state before any action can take place. The default is 300 seconds."
msgstr ""

#: ../../networking/external_firewalls_and_load_balancers.rst:576
msgid "**Destroy VM Grace Period**: The duration in seconds, after a scaledown action is initiated, to wait before the VM is destroyed as part of scaledown action. This is to ensure graceful close of any pending sessions or transactions being served by the VM marked for destroy. The default is 120 seconds."
msgstr ""

#: ../../networking/external_firewalls_and_load_balancers.rst:582
msgid "**Security Groups**: Security groups provide a way to isolate traffic to the VM instances. A security group is a group of VMs that filter their incoming and outgoing traffic according to a set of rules, called ingress and egress rules. These rules filter network traffic according to the IP address that is attempting to communicate with the VM."
msgstr ""

#: ../../networking/external_firewalls_and_load_balancers.rst:589
msgid "**Disk Offerings**: A predefined set of disk size for primary data storage."
msgstr ""

#: ../../networking/external_firewalls_and_load_balancers.rst:592
msgid "**SNMP Community**: The SNMP community string to be used by the NetScaler device to query the configured counter value from the provisioned VM instances. Default is public."
msgstr ""

#: ../../networking/external_firewalls_and_load_balancers.rst:596
msgid "**SNMP Port**: The port number on which the SNMP agent that run on the provisioned VMs is listening. Default port is 161."
msgstr ""

#: ../../networking/external_firewalls_and_load_balancers.rst:599
msgid "**User**: This is the user that the NetScaler device use to invoke scaleup and scaledown API calls to the cloud. If no option is specified, the user who configures AutoScaling is applied. Specify another user name to override."
msgstr ""

#: ../../networking/external_firewalls_and_load_balancers.rst:604
msgid "**Apply**: Click Apply to create the AutoScale configuration."
msgstr ""

#: ../../networking/external_firewalls_and_load_balancers.rst:608
msgid "Disabling and Enabling an AutoScale Configuration"
msgstr ""

#: ../../networking/external_firewalls_and_load_balancers.rst:610
msgid "If you want to perform any maintenance operation on the AutoScale VM instances, disable the AutoScale configuration. When the AutoScale configuration is disabled, no scaleup or scaledown action is performed. You can use this downtime for the maintenance activities. To disable the AutoScale configuration, click the Disable AutoScale |EnableDisable.png| button."
msgstr ""

#: ../../networking/external_firewalls_and_load_balancers.rst:616
msgid "The button toggles between enable and disable, depending on whether AutoScale is currently enabled or not. After the maintenance operations are done, you can enable the AutoScale configuration back. To enable, open the AutoScale configuration page again, then click the Enable AutoScale |EnableDisable.png| button."
msgstr ""

#: ../../networking/external_firewalls_and_load_balancers.rst:626
msgid "Updating an AutoScale Configuration"
msgstr ""

#: ../../networking/external_firewalls_and_load_balancers.rst:628
msgid "You can update the various parameters and add or delete the conditions in a scaleup or scaledown rule. Before you update an AutoScale configuration, ensure that you disable the AutoScale load balancer rule by clicking the Disable AutoScale button."
msgstr ""

#: ../../networking/external_firewalls_and_load_balancers.rst:633
msgid "After you modify the required AutoScale parameters, click Apply. To apply the new AutoScale policies, open the AutoScale configuration page again, then click the Enable AutoScale button."
msgstr ""

#: ../../networking/external_firewalls_and_load_balancers.rst:639
msgid "Runtime Considerations"
msgstr ""

#: ../../networking/external_firewalls_and_load_balancers.rst:641
msgid "An administrator should not assign a VM to a load balancing rule which is configured for AutoScale."
msgstr ""

#: ../../networking/external_firewalls_and_load_balancers.rst:644
msgid "Before a VM provisioning is completed if NetScaler is shutdown or restarted, the provisioned VM cannot be a part of the load balancing rule though the intent was to assign it to a load balancing rule. To workaround, rename the AutoScale provisioned VMs based on the rule name or ID so at any point of time the VMs can be reconciled to its load balancing rule."
msgstr ""

#: ../../networking/external_firewalls_and_load_balancers.rst:651
msgid "Making API calls outside the context of AutoScale, such as destroyVM, on an autoscaled VM leaves the load balancing configuration in an inconsistent state. Though VM is destroyed from the load balancer rule, NetScaler continues to show the VM as a service assigned to a rule."
msgstr ""

#: ../../networking/global_server_load_balancing.rst:18
msgid "Global Server Load Balancing Support"
msgstr ""

#: ../../networking/global_server_load_balancing.rst:20
msgid "CloudStack supports Global Server Load Balancing (GSLB) functionalities to provide business continuity, and enable seamless resource movement within a CloudStack environment. CloudStack achieve this by extending its functionality of integrating with NetScaler Application Delivery Controller (ADC), which also provides various GSLB capabilities, such as disaster recovery and load balancing. The DNS redirection technique is used to achieve GSLB in CloudStack."
msgstr ""

#: ../../networking/global_server_load_balancing.rst:28
msgid "In order to support this functionality, region level services and service provider are introduced. A new service 'GSLB' is introduced as a region level service. The GSLB service provider is introduced that will provider the GSLB service. Currently, NetScaler is the supported GSLB provider in CloudStack. GSLB functionality works in an Active-Active data center environment."
msgstr ""

#: ../../networking/global_server_load_balancing.rst:37
msgid "About Global Server Load Balancing"
msgstr ""

#: ../../networking/global_server_load_balancing.rst:39
msgid "Global Server Load Balancing (GSLB) is an extension of load balancing functionality, which is highly efficient in avoiding downtime. Based on the nature of deployment, GSLB represents a set of technologies that is used for various purposes, such as load sharing, disaster recovery, performance, and legal obligations. With GSLB, workloads can be distributed across multiple data centers situated at geographically separated locations. GSLB can also provide an alternate location for accessing a resource in the event of a failure, or to provide a means of shifting traffic easily to simplify maintenance, or both."
msgstr ""

#: ../../networking/global_server_load_balancing.rst:51
msgid "Components of GSLB"
msgstr ""

#: ../../networking/global_server_load_balancing.rst:53
msgid "A typical GSLB environment is comprised of the following components:"
msgstr ""

#: ../../networking/global_server_load_balancing.rst:55
msgid "**GSLB Site**: In CloudStack terminology, GSLB sites are represented by zones that are mapped to data centers, each of which has various network appliances. Each GSLB site is managed by a NetScaler appliance that is local to that site. Each of these appliances treats its own site as the local site and all other sites, managed by other appliances, as remote sites. It is the central entity in a GSLB deployment, and is represented by a name and an IP address."
msgstr ""

#: ../../networking/global_server_load_balancing.rst:63
msgid "**GSLB Services**: A GSLB service is typically represented by a load balancing or content switching virtual server. In a GSLB environment, you can have a local as well as remote GSLB services. A local GSLB service represents a local load balancing or content switching virtual server. A remote GSLB service is the one configured at one of the other sites in the GSLB setup. At each site in the GSLB setup, you can create one local GSLB service and any number of remote GSLB services."
msgstr ""

#: ../../networking/global_server_load_balancing.rst:72
msgid "**GSLB Virtual Servers**: A GSLB virtual server refers to one or more GSLB services and balances traffic between traffic across the VMs in multiple zones by using the CloudStack functionality. It evaluates the configured GSLB methods or algorithms to select a GSLB service to which to send the client requests. One or more virtual servers from different zones are bound to the GSLB virtual server. GSLB virtual server does not have a public IP associated with it, instead it will have a FQDN DNS name."
msgstr ""

#: ../../networking/global_server_load_balancing.rst:81
msgid "**Load Balancing or Content Switching Virtual Servers**: According to Citrix NetScaler terminology, a load balancing or content switching virtual server represents one or many servers on the local network. Clients send their requests to the load balancing or content switching virtual server's virtual IP (VIP) address, and the virtual server balances the load across the local servers. After a GSLB virtual server selects a GSLB service representing either a local or a remote load balancing or content switching virtual server, the client sends the request to that virtual server's VIP address."
msgstr ""

#: ../../networking/global_server_load_balancing.rst:91
msgid "**DNS VIPs**: DNS virtual IP represents a load balancing DNS virtual server on the GSLB service provider. The DNS requests for domains for which the GSLB service provider is authoritative can be sent to a DNS VIP."
msgstr ""

#: ../../networking/global_server_load_balancing.rst:96
msgid "**Authoritative DNS**: ADNS (Authoritative Domain Name Server) is a service that provides actual answer to DNS queries, such as web site IP address. In a GSLB environment, an ADNS service responds only to DNS requests for domains for which the GSLB service provider is authoritative. When an ADNS service is configured, the service provider owns that IP address and advertises it. When you create an ADNS service, the NetScaler responds to DNS queries on the configured ADNS service IP and port."
msgstr ""

#: ../../networking/global_server_load_balancing.rst:107
msgid "How Does GSLB Works in CloudStack?"
msgstr ""

#: ../../networking/global_server_load_balancing.rst:109
msgid "Global server load balancing is used to manage the traffic flow to a web site hosted on two separate zones that ideally are in different geographic locations. The following is an illustration of how GLSB functionality is provided in CloudStack: An organization, xyztelco, has set up a public cloud that spans two zones, Zone-1 and Zone-2, across geographically separated data centers that are managed by CloudStack. Tenant-A of the cloud launches a highly available solution by using xyztelco cloud. For that purpose, they launch two instances each in both the zones: VM1 and VM2 in Zone-1 and VM5 and VM6 in Zone-2. Tenant-A acquires a public IP, IP-1 in Zone-1, and configures a load balancer rule to load balance the traffic between VM1 and VM2 instances. CloudStack orchestrates setting up a virtual server on the LB service provider in Zone-1. Virtual server 1 that is set up on the LB service provider in Zone-1 represents a publicly accessible virtual server that client reaches at IP-1. The client traffic to virtual server 1 at IP-1 will be load balanced across VM1 and VM2 instances."
msgstr ""

#: ../../networking/global_server_load_balancing.rst:126
msgid "Tenant-A acquires another public IP, IP-2 in Zone-2 and sets up a load balancer rule to load balance the traffic between VM5 and VM6 instances. Similarly in Zone-2, CloudStack orchestrates setting up a virtual server on the LB service provider. Virtual server 2 that is setup on the LB service provider in Zone-2 represents a publicly accessible virtual server that client reaches at IP-2. The client traffic that reaches virtual server 2 at IP-2 is load balanced across VM5 and VM6 instances. At this point Tenant-A has the service enabled in both the zones, but has no means to set up a disaster recovery plan if one of the zone fails. Additionally, there is no way for Tenant-A to load balance the traffic intelligently to one of the zones based on load, proximity and so on. The cloud administrator of xyztelco provisions a GSLB service provider to both the zones. A GSLB provider is typically an ADC that has the ability to act as an ADNS (Authoritative Domain Name Server) and has the mechanism to monitor health of virtual servers both at local and remote sites. The cloud admin enables GSLB as a service to the tenants that use zones 1 and 2."
msgstr ""

#: ../../networking/global_server_load_balancing.rst:144
msgid "|gslb.png|"
msgstr ""

#: ../../networking/global_server_load_balancing.rst:146
msgid "Tenant-A wishes to leverage the GSLB service provided by the xyztelco cloud. Tenant-A configures a GSLB rule to load balance traffic across virtual server 1 at Zone-1 and virtual server 2 at Zone-2. The domain name is provided as A.xyztelco.com. CloudStack orchestrates setting up GSLB virtual server 1 on the GSLB service provider at Zone-1. CloudStack binds virtual server 1 of Zone-1 and virtual server 2 of Zone-2 to GLSB virtual server 1. GSLB virtual server 1 is configured to start monitoring the health of virtual server 1 and 2 in Zone-1. CloudStack will also orchestrate setting up GSLB virtual server 2 on GSLB service provider at Zone-2. CloudStack will bind virtual server 1 of Zone-1 and virtual server 2 of Zone-2 to GLSB virtual server 2. GSLB virtual server 2 is configured to start monitoring the health of virtual server 1 and 2. CloudStack will bind the domain A.xyztelco.com to both the GSLB virtual server 1 and 2. At this point, Tenant-A service will be globally reachable at A.xyztelco.com. The private DNS server for the domain xyztelcom.com is configured by the admin out-of-band to resolve the domain A.xyztelco.com to the GSLB providers at both the zones, which are configured as ADNS for the domain A.xyztelco.com. A client when sends a DNS request to resolve A.xyztelcom.com, will eventually get DNS delegation to the address of GSLB providers at zone 1 and 2. A client DNS request will be received by the GSLB provider. The GSLB provider, depending on the domain for which it needs to resolve, will pick up the GSLB virtual server associated with the domain. Depending on the health of the virtual servers being load balanced, DNS request for the domain will be resolved to the public IP associated with the selected virtual server."
msgstr ""

#: ../../networking/global_server_load_balancing.rst:175
msgid "Configuring GSLB"
msgstr ""

#: ../../networking/global_server_load_balancing.rst:177
msgid "To configure a GSLB deployment, you must first configure a standard load balancing setup for each zone. This enables you to balance load across the different servers in each zone in the region. Then on the NetScaler side, configure both NetScaler appliances that you plan to add to each zone as authoritative DNS (ADNS) servers. Next, create a GSLB site for each zone, configure GSLB virtual servers for each site, create GLSB services, and bind the GSLB services to the GSLB virtual servers. Finally, bind the domain to the GSLB virtual servers. The GSLB configurations on the two appliances at the two different zones are identical, although each sites load-balancing configuration is specific to that site."
msgstr ""

#: ../../networking/global_server_load_balancing.rst:189
msgid "Perform the following as a cloud administrator. As per the example given above, the administrator of xyztelco is the one who sets up GSLB:"
msgstr ""

#: ../../networking/global_server_load_balancing.rst:192
msgid "In the cloud.dns.name global parameter, specify the DNS name of your tenant's cloud that make use of the GSLB service."
msgstr ""

#: ../../networking/global_server_load_balancing.rst:195
msgid "On the NetScaler side, configure GSLB as given in `Configuring Global Server Load Balancing (GSLB) <http://support.citrix.com/proddocs/topic/netscaler-traffic-management-10-map/ns-gslb-config-con.html>`_:"
msgstr ""

#: ../../networking/global_server_load_balancing.rst:199
msgid "Configuring a standard load balancing setup."
msgstr ""

#: ../../networking/global_server_load_balancing.rst:201
msgid "Configure Authoritative DNS, as explained in `Configuring an Authoritative DNS Service <http://support.citrix.com/proddocs/topic/netscaler-traffic-management-10-map/ns-gslb-config-adns-svc-tsk.html>`_."
msgstr ""

#: ../../networking/global_server_load_balancing.rst:205
msgid "Configure a GSLB site with site name formed from the domain name details."
msgstr ""

#: ../../networking/global_server_load_balancing.rst:208
msgid "Configure a GSLB site with the site name formed from the domain name."
msgstr ""

#: ../../networking/global_server_load_balancing.rst:211
msgid "As per the example given above, the site names are A.xyztelco.com and B.xyztelco.com."
msgstr ""

#: ../../networking/global_server_load_balancing.rst:214
msgid "For more information, see `Configuring a Basic GSLB Site <http://support.citrix.com/proddocs/topic/netscaler-traffic-management-10-map/ns-gslb-config-basic-site-tsk.html>`_."
msgstr ""

#: ../../networking/global_server_load_balancing.rst:217
msgid "Configure a GSLB virtual server."
msgstr ""

#: ../../networking/global_server_load_balancing.rst:219
msgid "For more information, see `Configuring a GSLB Virtual Server <http://support.citrix.com/proddocs/topic/netscaler-traffic-management-10-map/ns-gslb-config-vsvr-tsk.html>`_."
msgstr ""

#: ../../networking/global_server_load_balancing.rst:222
msgid "Configure a GSLB service for each virtual server."
msgstr ""

#: ../../networking/global_server_load_balancing.rst:224
msgid "For more information, see `Configuring a GSLB Service <http://support.citrix.com/proddocs/topic/netscaler-traffic-management-10-map/ns-gslb-config-svc-tsk.html>`_."
msgstr ""

#: ../../networking/global_server_load_balancing.rst:227
msgid "Bind the GSLB services to the GSLB virtual server."
msgstr ""

#: ../../networking/global_server_load_balancing.rst:229
msgid "For more information, see `Binding GSLB Services to a GSLB Virtual Server <http://support.citrix.com/proddocs/topic/netscaler-traffic-management-10-map/ns-gslb-bind-svc-vsvr-tsk.html>`_."
msgstr ""

#: ../../networking/global_server_load_balancing.rst:232
msgid "Bind domain name to GSLB virtual server. Domain name is obtained from the domain details."
msgstr ""

#: ../../networking/global_server_load_balancing.rst:235
msgid "For more information, see `Binding a Domain to a GSLB Virtual Server <http://support.citrix.com/proddocs/topic/netscaler-traffic-management-10-map/ns-gslb-bind-dom-vsvr-tsk.html>`_."
msgstr ""

#: ../../networking/global_server_load_balancing.rst:238
msgid "In each zone that are participating in GSLB, add GSLB-enabled NetScaler device."
msgstr ""

#: ../../networking/global_server_load_balancing.rst:241
msgid "For more information, see :ref:`enabling-gslb-in-ns`."
msgstr ""

#: ../../networking/global_server_load_balancing.rst:243
msgid "As a domain administrator/ user perform the following:"
msgstr ""

#: ../../networking/global_server_load_balancing.rst:245
msgid "Add a GSLB rule on both the sites."
msgstr ""

#: ../../networking/global_server_load_balancing.rst:247
msgid "See \":ref:`adding-gslb-rule`\"."
msgstr ""

#: ../../networking/global_server_load_balancing.rst:249
msgid "Assign load balancer rules."
msgstr ""

#: ../../networking/global_server_load_balancing.rst:251
msgid "See \":ref:`assigning-lb-rule-gslb`\"."
msgstr ""

#: ../../networking/global_server_load_balancing.rst:257
msgid "The GSLB functionality is supported both Basic and Advanced zones."
msgstr ""

#: ../../networking/global_server_load_balancing.rst:259
msgid "GSLB is added as a new network service."
msgstr ""

#: ../../networking/global_server_load_balancing.rst:261
msgid "GSLB service provider can be added to a physical network in a zone."
msgstr ""

#: ../../networking/global_server_load_balancing.rst:263
msgid "The admin is allowed to enable or disable GSLB functionality at region level."
msgstr ""

#: ../../networking/global_server_load_balancing.rst:266
msgid "The admin is allowed to configure a zone as GSLB capable or enabled."
msgstr ""

#: ../../networking/global_server_load_balancing.rst:268
msgid "A zone shall be considered as GSLB capable only if a GSLB service provider is provisioned in the zone."
msgstr ""

#: ../../networking/global_server_load_balancing.rst:271
msgid "When users have VMs deployed in multiple availability zones which are GSLB enabled, they can use the GSLB functionality to load balance traffic across the VMs in multiple zones."
msgstr ""

#: ../../networking/global_server_load_balancing.rst:275
msgid "The users can use GSLB to load balance across the VMs across zones in a region only if the admin has enabled GSLB in that region."
msgstr ""

#: ../../networking/global_server_load_balancing.rst:278
msgid "The users can load balance traffic across the availability zones in the same region or different regions."
msgstr ""

#: ../../networking/global_server_load_balancing.rst:281
msgid "The admin can configure DNS name for the entire cloud."
msgstr ""

#: ../../networking/global_server_load_balancing.rst:283
msgid "The users can specify an unique name across the cloud for a globally load balanced service. The provided name is used as the domain name under the DNS name associated with the cloud."
msgstr ""

#: ../../networking/global_server_load_balancing.rst:287
msgid "The user-provided name along with the admin-provided DNS name is used to produce a globally resolvable FQDN for the globally load balanced service of the user. For example, if the admin has configured xyztelco.com as the DNS name for the cloud, and user specifies 'foo' for the GSLB virtual service, then the FQDN name of the GSLB virtual service is foo.xyztelco.com."
msgstr ""

#: ../../networking/global_server_load_balancing.rst:294
msgid "While setting up GSLB, users can select a load balancing method, such as round robin, for using across the zones that are part of GSLB."
msgstr ""

#: ../../networking/global_server_load_balancing.rst:297
msgid "The user shall be able to set weight to zone-level virtual server. Weight shall be considered by the load balancing method for distributing the traffic."
msgstr ""

#: ../../networking/global_server_load_balancing.rst:301
msgid "The GSLB functionality shall support session persistence, where series of client requests for particular domain name is sent to a virtual server on the same zone."
msgstr ""

#: ../../networking/global_server_load_balancing.rst:305
msgid "Statistics is collected from each GSLB virtual server."
msgstr ""

#: ../../networking/global_server_load_balancing.rst:311
msgid "Enabling GSLB in NetScaler"
msgstr ""

#: ../../networking/global_server_load_balancing.rst:313
msgid "In each zone, add GSLB-enabled NetScaler device for load balancing."
msgstr ""

#: ../../networking/global_server_load_balancing.rst:315
msgid "Log in as administrator to the CloudStack UI."
msgstr ""

#: ../../networking/global_server_load_balancing.rst:319
msgid "In Zones, click View More."
msgstr ""

#: ../../networking/global_server_load_balancing.rst:323
msgid "Click the Physical Network tab, then click the name of the physical network."
msgstr ""

#: ../../networking/global_server_load_balancing.rst:326
msgid "In the Network Service Providers node of the diagram, click Configure."
msgstr ""

#: ../../networking/global_server_load_balancing.rst:329
msgid "You might have to scroll down to see this."
msgstr ""

#: ../../networking/global_server_load_balancing.rst:331
msgid "Click NetScaler."
msgstr ""

#: ../../networking/global_server_load_balancing.rst:333
msgid "Click Add NetScaler device and provide the following:"
msgstr ""

#: ../../networking/global_server_load_balancing.rst:335
msgid "For NetScaler:"
msgstr ""

#: ../../networking/global_server_load_balancing.rst:337
msgid "**IP Address**: The IP address of the SDX."
msgstr ""

#: ../../networking/global_server_load_balancing.rst:339
msgid "**Username/Password**: The authentication credentials to access the device. CloudStack uses these credentials to access the device."
msgstr ""

#: ../../networking/global_server_load_balancing.rst:343
msgid "**Type**: The type of device that is being added. It could be F5 Big Ip Load Balancer, NetScaler VPX, NetScaler MPX, or NetScaler SDX. For a comparison of the NetScaler types, see the CloudStack Administration Guide."
msgstr ""

#: ../../networking/global_server_load_balancing.rst:348
msgid "**Public interface**: Interface of device that is configured to be part of the public network."
msgstr ""

#: ../../networking/global_server_load_balancing.rst:351
msgid "**Private interface**: Interface of device that is configured to be part of the private network."
msgstr ""

#: ../../networking/global_server_load_balancing.rst:354
msgid "**GSLB service**: Select this option."
msgstr ""

#: ../../networking/global_server_load_balancing.rst:356
msgid "**GSLB service Public IP**: The public IP address of the NAT translator for a GSLB service that is on a private network."
msgstr ""

#: ../../networking/global_server_load_balancing.rst:359
msgid "**GSLB service Private IP**: The private IP of the GSLB service."
msgstr ""

#: ../../networking/global_server_load_balancing.rst:361
msgid "**Number of Retries**. Number of times to attempt a command on the device before considering the operation failed. Default is 2."
msgstr ""

#: ../../networking/global_server_load_balancing.rst:364
msgid "**Capacity**: The number of networks the device can handle."
msgstr ""

#: ../../networking/global_server_load_balancing.rst:366
msgid "**Dedicated**: When marked as dedicated, this device will be dedicated to a single account. When Dedicated is checked, the value in the Capacity field has no significance implicitly, its value is 1."
msgstr ""

#: ../../networking/global_server_load_balancing.rst:377
msgid "Adding a GSLB Rule"
msgstr ""

#: ../../networking/global_server_load_balancing.rst:379
#: ../../networking/global_server_load_balancing.rst:423
msgid "Log in to the CloudStack UI as a domain administrator or user."
msgstr ""

#: ../../networking/global_server_load_balancing.rst:381
#: ../../networking/global_server_load_balancing.rst:425
msgid "In the left navigation pane, click Region."
msgstr ""

#: ../../networking/global_server_load_balancing.rst:383
#: ../../networking/global_server_load_balancing.rst:427
msgid "Select the region for which you want to create a GSLB rule."
msgstr ""

#: ../../networking/global_server_load_balancing.rst:385
#: ../../networking/global_server_load_balancing.rst:429
msgid "In the Details tab, click View GSLB."
msgstr ""

#: ../../networking/global_server_load_balancing.rst:387
msgid "Click Add GSLB."
msgstr ""

#: ../../networking/global_server_load_balancing.rst:389
msgid "The Add GSLB page is displayed as follows:"
msgstr ""

#: ../../networking/global_server_load_balancing.rst:391
msgid "|gslb-add.png|"
msgstr ""

#: ../../networking/global_server_load_balancing.rst:395
msgid "**Name**: Name for the GSLB rule."
msgstr ""

#: ../../networking/global_server_load_balancing.rst:397
msgid "**Description**: (Optional) A short description of the GSLB rule that can be displayed to users."
msgstr ""

#: ../../networking/global_server_load_balancing.rst:400
msgid "**GSLB Domain Name**: A preferred domain name for the service."
msgstr ""

#: ../../networking/global_server_load_balancing.rst:402
msgid "**Algorithm**: (Optional) The algorithm to use to load balance the traffic across the zones. The options are Round Robin, Least Connection, and Proximity."
msgstr ""

#: ../../networking/global_server_load_balancing.rst:406
msgid "**Service Type**: The transport protocol to use for GSLB. The options are TCP and UDP."
msgstr ""

#: ../../networking/global_server_load_balancing.rst:409
msgid "**Domain**: (Optional) The domain for which you want to create the GSLB rule."
msgstr ""

#: ../../networking/global_server_load_balancing.rst:412
msgid "**Account**: (Optional) The account on which you want to apply the GSLB rule."
msgstr ""

#: ../../networking/global_server_load_balancing.rst:421
msgid "Assigning Load Balancing Rules to GSLB"
msgstr ""

#: ../../networking/global_server_load_balancing.rst:431
msgid "Select the desired GSLB."
msgstr ""

#: ../../networking/global_server_load_balancing.rst:433
msgid "Click view assigned load balancing."
msgstr ""

#: ../../networking/global_server_load_balancing.rst:435
msgid "Click assign more load balancing."
msgstr ""

#: ../../networking/global_server_load_balancing.rst:437
msgid "Select the load balancing rule you have created for the zone."
msgstr ""

#: ../../networking/global_server_load_balancing.rst:443
msgid "Known Limitation"
msgstr ""

#: ../../networking/global_server_load_balancing.rst:445
msgid "Currently, CloudStack does not support orchestration of services across the zones. The notion of services and service providers in region are to be introduced."
msgstr ""

#: ../../networking/guest_ip_ranges.rst:18
msgid "Guest IP Ranges"
msgstr ""

#: ../../networking/guest_ip_ranges.rst:20
msgid "The IP ranges for guest network traffic are set on a per-account basis by the user. This allows the users to configure their network in a fashion that will enable VPN linking between their guest network and their clients."
msgstr ""

#: ../../networking/guest_ip_ranges.rst:25
msgid "In shared networks in Basic zone and Security Group-enabled Advanced networks, you will have the flexibility to add multiple guest IP ranges from different subnets. You can add or remove one IP range at a time. For more information, see `\"About Multiple IP Ranges\" <#about-multiple-ip-ranges>`_."
msgstr ""

#: ../../networking/acquiring_an_ip_address.rst:18
msgid "Acquiring a New IP Address"
msgstr ""

#: ../../networking/acquiring_an_ip_address.rst:34
msgid "If you want Portable IP click Yes in the confirmation dialog. If you want a normal Public IP click No."
msgstr ""

#: ../../networking/acquiring_an_ip_address.rst:37
msgid "For more information on Portable IP, see `\"Portable IPs\" <#portable-ips>`_."
msgstr ""

#: ../../networking/releasing_an_ip_address.rst:18
msgid "Releasing an IP Address"
msgstr ""

#: ../../networking/releasing_an_ip_address.rst:20
msgid "When the last rule for an IP address is removed, you can release that IP address. The IP address still belongs to the VPC; however, it can be picked up for any guest network again."
msgstr ""

#: ../../networking/releasing_an_ip_address.rst:32
msgid "Click the IP address you want to release."
msgstr ""

#: ../../networking/releasing_an_ip_address.rst:34
msgid "Click the Release IP button. |ReleaseIPButton.png|"
msgstr ""

#: ../../networking/static_nat.rst:18
#: ../../networking/remote_access_vpn.rst:120
#: ../../networking/site_to_site_vpn.rst:207
#: ../../networking/site_to_site_vpn.rst:270
#: ../../networking/site_to_site_vpn.rst:402
#: ../../networking/virtual_private_cloud_config.rst:350
#: ../../networking/virtual_private_cloud_config.rst:517
#: ../../networking/virtual_private_cloud_config.rst:752
#: ../../networking/virtual_private_cloud_config.rst:810
#: ../../networking/virtual_private_cloud_config.rst:871
#: ../../networking/virtual_private_cloud_config.rst:1037
#: ../../networking/virtual_private_cloud_config.rst:1305
msgid "Static NAT"
msgstr ""

#: ../../networking/static_nat.rst:20
msgid "A static NAT rule maps a public IP address to the private IP address of a VM in order to allow Internet traffic into the VM. The public IP address always remains the same, which is why it is called static NAT. This section tells how to enable or disable static NAT for a particular IP address."
msgstr ""

#: ../../networking/static_nat.rst:28
msgid "Enabling or Disabling Static NAT"
msgstr ""

#: ../../networking/static_nat.rst:30
#: ../../networking/virtual_private_cloud_config.rst:844
msgid "If port forwarding rules are already in effect for an IP address, you cannot enable static NAT to that IP."
msgstr ""

#: ../../networking/static_nat.rst:33
#: ../../networking/virtual_private_cloud_config.rst:847
msgid "If a guest VM is part of more than one network, static NAT rules will function only if they are defined on the default network."
msgstr ""

#: ../../networking/static_nat.rst:44
#: ../../networking/ip_forwarding_and_firewalling.rst:67
msgid "Click the IP address you want to work with."
msgstr ""

#: ../../networking/static_nat.rst:46
msgid "Click the Static NAT |enabledisablenat.png| button."
msgstr ""

#: ../../networking/static_nat.rst:48
msgid "The button toggles between Enable and Disable, depending on whether static NAT is currently enabled for the IP address."
msgstr ""

#: ../../networking/static_nat.rst:51
msgid "If you are enabling static NAT, a dialog appears where you can choose the destination VM and click Apply."
msgstr ""

#: ../../networking/ip_forwarding_and_firewalling.rst:18
msgid "IP Forwarding and Firewalling"
msgstr ""

#: ../../networking/ip_forwarding_and_firewalling.rst:20
msgid "By default, all incoming traffic to the public IP address is rejected. All outgoing traffic from the guests is also blocked by default."
msgstr ""

#: ../../networking/ip_forwarding_and_firewalling.rst:23
msgid "To allow outgoing traffic, follow the procedure in :ref:`egress-fw-rules`."
msgstr ""

#: ../../networking/ip_forwarding_and_firewalling.rst:25
msgid "To allow incoming traffic, users may set up firewall rules and/or port forwarding rules. For example, you can use a firewall rule to open a range of ports on the public IP address, such as 33 through 44. Then use port forwarding rules to direct traffic from individual ports within that range to specific ports on user VMs. For example, one port forwarding rule could route incoming traffic on the public IP's port 33 to port 100 on one user VM's private IP."
msgstr ""

#: ../../networking/ip_forwarding_and_firewalling.rst:35
msgid "Firewall Rules"
msgstr ""

#: ../../networking/ip_forwarding_and_firewalling.rst:37
msgid "By default, all incoming traffic to the public IP address is rejected by the firewall. To allow external traffic, you can open firewall ports by specifying firewall rules. You can optionally specify one or more CIDRs to filter the source IPs. This is useful when you want to allow only incoming requests from certain IP addresses."
msgstr ""

#: ../../networking/ip_forwarding_and_firewalling.rst:43
msgid "You cannot use firewall rules to open ports for an elastic IP address. When elastic IP is used, outside access is instead controlled through the use of security groups. See `\"Adding a Security Group\" <#adding-a-security-group>`_."
msgstr ""

#: ../../networking/ip_forwarding_and_firewalling.rst:48
msgid "In an advanced zone, you can also create egress firewall rules by using the virtual router. For more information, see \":ref:`egress-fw-rules`\"."
msgstr ""

#: ../../networking/ip_forwarding_and_firewalling.rst:51
msgid "Firewall rules can be created using the Firewall tab in the Management Server UI. This tab is not displayed by default when CloudStack is installed. To display the Firewall tab, the CloudStack administrator must set the global configuration parameter firewall.rule.ui.enabled to \"true.\""
msgstr ""

#: ../../networking/ip_forwarding_and_firewalling.rst:57
msgid "To create a firewall rule:"
msgstr ""

#: ../../networking/ip_forwarding_and_firewalling.rst:69
msgid "Click the Configuration tab and fill in the following values."
msgstr ""

#: ../../networking/ip_forwarding_and_firewalling.rst:71
msgid "**Source CIDR**: (Optional) To accept only traffic from IP addresses within a particular address block, enter a CIDR or a comma-separated list of CIDRs. Example: 192.168.0.0/22. Leave empty to allow all CIDRs."
msgstr ""

#: ../../networking/ip_forwarding_and_firewalling.rst:76
msgid "**Protocol**: The communication protocol in use on the opened port(s)."
msgstr ""

#: ../../networking/ip_forwarding_and_firewalling.rst:79
msgid "**Start Port and End Port**: The port(s) you want to open on the firewall. If you are opening a single port, use the same number in both fields"
msgstr ""

#: ../../networking/ip_forwarding_and_firewalling.rst:83
msgid "**ICMP Type and ICMP Code**: Used only if Protocol is set to ICMP. Provide the type and code required by the ICMP protocol to fill out the ICMP header. Refer to ICMP documentation for more details if you are not sure what to enter"
msgstr ""

#: ../../networking/ip_forwarding_and_firewalling.rst:94
msgid "Egress Firewall Rules in an Advanced Zone"
msgstr ""

#: ../../networking/ip_forwarding_and_firewalling.rst:96
msgid "The egress traffic originates from a private network to a public network, such as the Internet. By default, the egress traffic is blocked in default network offerings, so no outgoing traffic is allowed from a guest network to the Internet. However, you can control the egress traffic in an Advanced zone by creating egress firewall rules. When an egress firewall rule is applied, the traffic specific to the rule is allowed and the remaining traffic is blocked. When all the firewall rules are removed the default policy, Block, is applied."
msgstr ""

#: ../../networking/ip_forwarding_and_firewalling.rst:109
msgid "Consider the following scenarios to apply egress firewall rules:"
msgstr ""

#: ../../networking/ip_forwarding_and_firewalling.rst:111
msgid "Egress firewall rules are supported on Juniper SRX and virtual router."
msgstr ""

#: ../../networking/ip_forwarding_and_firewalling.rst:114
msgid "The egress firewall rules are not supported on shared networks."
msgstr ""

#: ../../networking/ip_forwarding_and_firewalling.rst:116
msgid "Allow the egress traffic from specified source CIDR. The Source CIDR is part of guest network CIDR."
msgstr ""

#: ../../networking/ip_forwarding_and_firewalling.rst:119
msgid "Allow the egress traffic with protocol TCP,UDP,ICMP, or ALL."
msgstr ""

#: ../../networking/ip_forwarding_and_firewalling.rst:121
msgid "Allow the egress traffic with protocol and destination port range. The port range is specified for TCP, UDP or for ICMP type and code."
msgstr ""

#: ../../networking/ip_forwarding_and_firewalling.rst:124
msgid "The default policy is Allow for the new network offerings, whereas on upgrade existing network offerings with firewall service providers will have the default egress policy Deny."
msgstr ""

#: ../../networking/ip_forwarding_and_firewalling.rst:130
msgid "Configuring an Egress Firewall Rule"
msgstr ""

#: ../../networking/ip_forwarding_and_firewalling.rst:136
msgid "In Select view, choose Guest networks, then click the Guest network you want."
msgstr ""

#: ../../networking/ip_forwarding_and_firewalling.rst:139
msgid "To add an egress rule, click the Egress rules tab and fill out the following fields to specify what type of traffic is allowed to be sent out of VM instances in this guest network:"
msgstr ""

#: ../../networking/ip_forwarding_and_firewalling.rst:143
msgid "|egress-firewall-rule.png|"
msgstr ""

#: ../../networking/ip_forwarding_and_firewalling.rst:145
msgid "**CIDR**: (Add by CIDR only) To send traffic only to the IP addresses within a particular address block, enter a CIDR or a comma-separated list of CIDRs. The CIDR is the base IP address of the destination. For example, 192.168.0.0/22. To allow all CIDRs, set to 0.0.0.0/0."
msgstr ""

#: ../../networking/ip_forwarding_and_firewalling.rst:151
msgid "**Protocol**: The networking protocol that VMs uses to send outgoing traffic. The TCP and UDP protocols are typically used for data exchange and end-user communications. The ICMP protocol is typically used to send error messages or network monitoring data."
msgstr ""

#: ../../networking/ip_forwarding_and_firewalling.rst:156
msgid "**Start Port, End Port**: (TCP, UDP only) A range of listening ports that are the destination for the outgoing traffic. If you are opening a single port, use the same number in both fields."
msgstr ""

#: ../../networking/ip_forwarding_and_firewalling.rst:160
msgid "**ICMP Type, ICMP Code**: (ICMP only) The type of message and error code that are sent."
msgstr ""

#: ../../networking/ip_forwarding_and_firewalling.rst:167
msgid "Configuring the Default Egress Policy"
msgstr ""

#: ../../networking/ip_forwarding_and_firewalling.rst:169
msgid "The default egress policy for Isolated guest network is configured by using Network offering. Use the create network offering option to determine whether the default policy should be block or allow all the traffic to the public network from a guest network. Use this network offering to create the network. If no policy is specified, by default all the traffic is allowed from the guest network that you create by using this network offering."
msgstr ""

#: ../../networking/ip_forwarding_and_firewalling.rst:177
msgid "You have two options: Allow and Deny."
msgstr ""

#: ../../networking/ip_forwarding_and_firewalling.rst:180
msgid "Allow"
msgstr ""

#: ../../networking/ip_forwarding_and_firewalling.rst:182
msgid "If you select Allow for a network offering, by default egress traffic is allowed. However, when an egress rule is configured for a guest network, rules are applied to block the specified traffic and rest are allowed. If no egress rules are configured for the network, egress traffic is accepted."
msgstr ""

#: ../../networking/ip_forwarding_and_firewalling.rst:189
#: ../../networking/virtual_private_cloud_config.rst:325
#: ../../networking/virtual_private_cloud_config.rst:326
msgid "Deny"
msgstr ""

#: ../../networking/ip_forwarding_and_firewalling.rst:191
msgid "If you select Deny for a network offering, by default egress traffic for the guest network is blocked. However, when an egress rules is configured for a guest network, rules are applied to allow the specified traffic. While implementing a guest network, CloudStack adds the firewall egress rule specific to the default egress policy for the guest network."
msgstr ""

#: ../../networking/ip_forwarding_and_firewalling.rst:198
msgid "This feature is supported only on virtual router and Juniper SRX."
msgstr ""

#: ../../networking/ip_forwarding_and_firewalling.rst:200
msgid "Create a network offering with your desirable default egress policy:"
msgstr ""

#: ../../networking/ip_forwarding_and_firewalling.rst:202
msgid "Log in with admin privileges to the CloudStack UI."
msgstr ""

#: ../../networking/ip_forwarding_and_firewalling.rst:204
msgid "In the left navigation bar, click Service Offerings."
msgstr ""

#: ../../networking/ip_forwarding_and_firewalling.rst:206
msgid "In Select Offering, choose Network Offering."
msgstr ""

#: ../../networking/ip_forwarding_and_firewalling.rst:208
#: ../../networking/virtual_private_cloud_config.rst:963
#: ../../networking/virtual_private_cloud_config.rst:1169
msgid "Click Add Network Offering."
msgstr ""

#: ../../networking/ip_forwarding_and_firewalling.rst:210
msgid "In the dialog, make necessary choices, including firewall provider."
msgstr ""

#: ../../networking/ip_forwarding_and_firewalling.rst:213
msgid "In the Default egress policy field, specify the behaviour."
msgstr ""

#: ../../networking/ip_forwarding_and_firewalling.rst:217
msgid "Create an isolated network by using this network offering."
msgstr ""

#: ../../networking/ip_forwarding_and_firewalling.rst:219
msgid "Based on your selection, the network will have the egress public traffic blocked or allowed."
msgstr ""

#: ../../networking/ip_forwarding_and_firewalling.rst:224
msgid "Port Forwarding"
msgstr ""

#: ../../networking/ip_forwarding_and_firewalling.rst:226
msgid "A port forward service is a set of port forwarding rules that define a policy. A port forward service is then applied to one or more guest VMs. The guest VM then has its inbound network access managed according to the policy defined by the port forwarding service. You can optionally specify one or more CIDRs to filter the source IPs. This is useful when you want to allow only incoming requests from certain IP addresses to be forwarded."
msgstr ""

#: ../../networking/ip_forwarding_and_firewalling.rst:234
msgid "A guest VM can be in any number of port forward services. Port forward services can be defined but have no members. If a guest VM is part of more than one network, port forwarding rules will function only if they are defined on the default network"
msgstr ""

#: ../../networking/ip_forwarding_and_firewalling.rst:239
msgid "You cannot use port forwarding to open ports for an elastic IP address. When elastic IP is used, outside access is instead controlled through the use of security groups. See Security Groups."
msgstr ""

#: ../../networking/ip_forwarding_and_firewalling.rst:243
msgid "To set up port forwarding:"
msgstr ""

#: ../../networking/ip_forwarding_and_firewalling.rst:247
msgid "If you have not already done so, add a public IP address range to a zone in CloudStack. See Adding a Zone and Pod in the Installation Guide."
msgstr ""

#: ../../networking/ip_forwarding_and_firewalling.rst:251
msgid "Add one or more VM instances to CloudStack."
msgstr ""

#: ../../networking/ip_forwarding_and_firewalling.rst:253
msgid "In the left navigation bar, click Network."
msgstr ""

#: ../../networking/ip_forwarding_and_firewalling.rst:255
msgid "Click the name of the guest network where the VMs are running."
msgstr ""

#: ../../networking/ip_forwarding_and_firewalling.rst:257
msgid "Choose an existing IP address or acquire a new IP address. See `\"Acquiring a New IP Address\" <#acquiring-a-new-ip-address>`_. Click the name of the IP address in the list."
msgstr ""

#: ../../networking/ip_forwarding_and_firewalling.rst:261
msgid "Click the Configuration tab."
msgstr ""

#: ../../networking/ip_forwarding_and_firewalling.rst:263
#: ../../networking/virtual_private_cloud_config.rst:1328
msgid "In the Port Forwarding node of the diagram, click View All."
msgstr ""

#: ../../networking/ip_forwarding_and_firewalling.rst:267
#: ../../networking/virtual_private_cloud_config.rst:1334
msgid "**Public Port**: The port to which public traffic will be addressed on the IP address you acquired in the previous step."
msgstr ""

#: ../../networking/ip_forwarding_and_firewalling.rst:270
#: ../../networking/virtual_private_cloud_config.rst:1337
msgid "**Private Port**: The port on which the instance is listening for forwarded public traffic."
msgstr ""

#: ../../networking/ip_forwarding_and_firewalling.rst:273
msgid "**Protocol**: The communication protocol in use between the two ports"
msgstr ""

#: ../../networking/ip_load_balancing.rst:18
msgid "IP Load Balancing"
msgstr ""

#: ../../networking/ip_load_balancing.rst:20
msgid "The user may choose to associate the same public IP for multiple guests. CloudStack implements a TCP-level load balancer with the following policies."
msgstr ""

#: ../../networking/ip_load_balancing.rst:24
#: ../../networking/virtual_private_cloud_config.rst:1078
#: ../../networking/virtual_private_cloud_config.rst:1274
msgid "Round-robin"
msgstr ""

#: ../../networking/ip_load_balancing.rst:26
msgid "Least connection"
msgstr ""

#: ../../networking/ip_load_balancing.rst:28
msgid "Source IP"
msgstr ""

#: ../../networking/ip_load_balancing.rst:30
msgid "This is similar to port forwarding but the destination may be multiple IP addresses."
msgstr ""

#: ../../networking/dns_and_dhcp.rst:18
msgid "DNS and DHCP"
msgstr ""

#: ../../networking/dns_and_dhcp.rst:20
msgid "The Virtual Router provides DNS and DHCP services to the guests. It proxies DNS requests to the DNS server configured on the Availability Zone."
msgstr ""

#: ../../networking/remote_access_vpn.rst:20
msgid "Remote Access VPN"
msgstr ""

#: ../../networking/remote_access_vpn.rst:22
msgid "CloudStack account owners can create virtual private networks (VPN) to access their virtual machines. If the guest network is instantiated from a network offering that offers the Remote Access VPN service, the virtual router (based on the System VM) is used to provide the service. CloudStack provides a L2TP-over-IPsec-based remote access VPN service to guest virtual networks. Since each network gets its own virtual router, VPNs are not shared across the networks. VPN clients native to `Windows, Mac OS X <networking/using_remote_access.html>`_ and iOS can be used to connect to the guest networks. The account owner can create and manage users for their VPN. CloudStack does not use its account database for this purpose but uses a separate table. The VPN user database is shared across all the VPNs created by the account owner. All VPN users get access to all VPNs created by the account owner."
msgstr ""

#: ../../networking/remote_access_vpn.rst:37
msgid "Make sure that not all traffic goes through the VPN. That is, the route installed by the VPN should be only for the guest network and not for all traffic."
msgstr ""

#: ../../networking/remote_access_vpn.rst:41
msgid "**Road Warrior / Remote Access**. Users want to be able to connect securely from a home or office to a private network in the cloud. Typically, the IP address of the connecting client is dynamic and cannot be preconfigured on the VPN server."
msgstr ""

#: ../../networking/remote_access_vpn.rst:46
msgid "**Site to Site**. In this scenario, two private subnets are connected over the public Internet with a secure VPN tunnel. The cloud user's subnet (for example, an office network) is connected through a gateway to the network in the cloud. The address of the user's gateway must be preconfigured on the VPN server in the cloud. Note that although L2TP-over-IPsec can be used to set up Site-to-Site VPNs, this is not the primary intent of this feature. For more information, see \":ref:`setting-s2s-vpn-conn`\"."
msgstr ""

#: ../../networking/remote_access_vpn.rst:57
msgid "Configuring Remote Access VPN"
msgstr ""

#: ../../networking/remote_access_vpn.rst:59
msgid "To set up VPN for the cloud:"
msgstr ""

#: ../../networking/remote_access_vpn.rst:63
msgid "In the left navigation, click Global Settings."
msgstr ""

#: ../../networking/remote_access_vpn.rst:65
msgid "Set the following global configuration parameters."
msgstr ""

#: ../../networking/remote_access_vpn.rst:67
msgid "remote.access.vpn.client.ip.range - The range of IP addresses to be allocated to remote access VPN clients. The first IP in the range is used by the VPN server."
msgstr ""

#: ../../networking/remote_access_vpn.rst:71
msgid "remote.access.vpn.psk.length - Length of the IPSec key."
msgstr ""

#: ../../networking/remote_access_vpn.rst:73
msgid "remote.access.vpn.user.limit - Maximum number of VPN users per account."
msgstr ""

#: ../../networking/remote_access_vpn.rst:76
msgid "To enable VPN for a particular network:"
msgstr ""

#: ../../networking/remote_access_vpn.rst:78
#: ../../networking/remote_access_vpn.rst:103
msgid "Log in as a user or administrator to the CloudStack UI."
msgstr ""

#: ../../networking/remote_access_vpn.rst:80
#: ../../networking/remote_access_vpn.rst:105
msgid "In the left navigation, click Network."
msgstr ""

#: ../../networking/remote_access_vpn.rst:82
msgid "Click the name of the network you want to work with."
msgstr ""

#: ../../networking/remote_access_vpn.rst:86
msgid "Click one of the displayed IP address names."
msgstr ""

#: ../../networking/remote_access_vpn.rst:88
#: ../../networking/remote_access_vpn.rst:142
msgid "Click the Enable VPN button. |vpn-icon.png|"
msgstr ""

#: ../../networking/remote_access_vpn.rst:90
msgid "The IPsec key is displayed in a popup window."
msgstr ""

#: ../../networking/remote_access_vpn.rst:94
msgid "Configuring Remote Access VPN in VPC"
msgstr ""

#: ../../networking/remote_access_vpn.rst:96
msgid "On enabling Remote Access VPN on a VPC, any VPN client present outside the VPC can access VMs present in the VPC by using the Remote VPN connection. The VPN client can be present anywhere except inside the VPC on which the user enabled the Remote Access VPN service."
msgstr ""

#: ../../networking/remote_access_vpn.rst:101
msgid "To enable VPN for a VPC:"
msgstr ""

#: ../../networking/remote_access_vpn.rst:107
#: ../../networking/site_to_site_vpn.rst:190
#: ../../networking/site_to_site_vpn.rst:252
#: ../../networking/site_to_site_vpn.rst:383
#: ../../networking/virtual_private_cloud_config.rst:183
#: ../../networking/virtual_private_cloud_config.rst:227
#: ../../networking/virtual_private_cloud_config.rst:337
#: ../../networking/virtual_private_cloud_config.rst:386
#: ../../networking/virtual_private_cloud_config.rst:498
#: ../../networking/virtual_private_cloud_config.rst:668
#: ../../networking/virtual_private_cloud_config.rst:735
#: ../../networking/virtual_private_cloud_config.rst:794
#: ../../networking/virtual_private_cloud_config.rst:854
#: ../../networking/virtual_private_cloud_config.rst:1020
#: ../../networking/virtual_private_cloud_config.rst:1233
#: ../../networking/virtual_private_cloud_config.rst:1288
#: ../../networking/virtual_private_cloud_config.rst:1366
#: ../../networking/virtual_private_cloud_config.rst:1394
msgid "In the Select view, select VPC."
msgstr ""

#: ../../networking/remote_access_vpn.rst:109
#: ../../networking/site_to_site_vpn.rst:192
#: ../../networking/site_to_site_vpn.rst:385
#: ../../networking/virtual_private_cloud_config.rst:339
#: ../../networking/virtual_private_cloud_config.rst:388
#: ../../networking/virtual_private_cloud_config.rst:500
#: ../../networking/virtual_private_cloud_config.rst:670
#: ../../networking/virtual_private_cloud_config.rst:737
#: ../../networking/virtual_private_cloud_config.rst:796
#: ../../networking/virtual_private_cloud_config.rst:856
#: ../../networking/virtual_private_cloud_config.rst:1022
#: ../../networking/virtual_private_cloud_config.rst:1235
#: ../../networking/virtual_private_cloud_config.rst:1290
#: ../../networking/virtual_private_cloud_config.rst:1396
msgid "All the VPCs that you have created for the account is listed in the page."
msgstr ""

#: ../../networking/remote_access_vpn.rst:112
#: ../../networking/virtual_private_cloud_config.rst:342
#: ../../networking/virtual_private_cloud_config.rst:391
msgid "Click the Configure button of the VPC."
msgstr ""

#: ../../networking/remote_access_vpn.rst:114
#: ../../networking/site_to_site_vpn.rst:201
#: ../../networking/site_to_site_vpn.rst:264
#: ../../networking/site_to_site_vpn.rst:396
#: ../../networking/virtual_private_cloud_config.rst:344
#: ../../networking/virtual_private_cloud_config.rst:1031
#: ../../networking/virtual_private_cloud_config.rst:1299
msgid "For each tier, the following options are displayed:"
msgstr ""

#: ../../networking/remote_access_vpn.rst:116
#: ../../networking/site_to_site_vpn.rst:203
#: ../../networking/site_to_site_vpn.rst:266
#: ../../networking/site_to_site_vpn.rst:398
#: ../../networking/virtual_private_cloud_config.rst:346
#: ../../networking/virtual_private_cloud_config.rst:513
#: ../../networking/virtual_private_cloud_config.rst:748
#: ../../networking/virtual_private_cloud_config.rst:806
#: ../../networking/virtual_private_cloud_config.rst:867
#: ../../networking/virtual_private_cloud_config.rst:1033
#: ../../networking/virtual_private_cloud_config.rst:1301
msgid "Internal LB"
msgstr ""

#: ../../networking/remote_access_vpn.rst:118
#: ../../networking/site_to_site_vpn.rst:205
#: ../../networking/site_to_site_vpn.rst:268
#: ../../networking/site_to_site_vpn.rst:400
#: ../../networking/virtual_private_cloud_config.rst:348
#: ../../networking/virtual_private_cloud_config.rst:515
#: ../../networking/virtual_private_cloud_config.rst:750
#: ../../networking/virtual_private_cloud_config.rst:808
#: ../../networking/virtual_private_cloud_config.rst:869
#: ../../networking/virtual_private_cloud_config.rst:1035
#: ../../networking/virtual_private_cloud_config.rst:1303
msgid "Public LB IP"
msgstr ""

#: ../../networking/remote_access_vpn.rst:122
#: ../../networking/site_to_site_vpn.rst:209
#: ../../networking/site_to_site_vpn.rst:272
#: ../../networking/site_to_site_vpn.rst:404
#: ../../networking/virtual_private_cloud_config.rst:352
#: ../../networking/virtual_private_cloud_config.rst:519
#: ../../networking/virtual_private_cloud_config.rst:754
#: ../../networking/virtual_private_cloud_config.rst:812
#: ../../networking/virtual_private_cloud_config.rst:873
#: ../../networking/virtual_private_cloud_config.rst:1039
#: ../../networking/virtual_private_cloud_config.rst:1307
msgid "Virtual Machines"
msgstr ""

#: ../../networking/remote_access_vpn.rst:126
#: ../../networking/site_to_site_vpn.rst:213
#: ../../networking/site_to_site_vpn.rst:276
#: ../../networking/site_to_site_vpn.rst:408
#: ../../networking/virtual_private_cloud_config.rst:356
#: ../../networking/virtual_private_cloud_config.rst:523
#: ../../networking/virtual_private_cloud_config.rst:758
#: ../../networking/virtual_private_cloud_config.rst:816
#: ../../networking/virtual_private_cloud_config.rst:877
#: ../../networking/virtual_private_cloud_config.rst:1043
#: ../../networking/virtual_private_cloud_config.rst:1311
msgid "The following router information is displayed:"
msgstr ""

#: ../../networking/remote_access_vpn.rst:128
#: ../../networking/site_to_site_vpn.rst:215
#: ../../networking/site_to_site_vpn.rst:278
#: ../../networking/site_to_site_vpn.rst:410
#: ../../networking/virtual_private_cloud_config.rst:358
#: ../../networking/virtual_private_cloud_config.rst:525
#: ../../networking/virtual_private_cloud_config.rst:760
#: ../../networking/virtual_private_cloud_config.rst:818
#: ../../networking/virtual_private_cloud_config.rst:879
#: ../../networking/virtual_private_cloud_config.rst:1045
#: ../../networking/virtual_private_cloud_config.rst:1313
msgid "Private Gateways"
msgstr ""

#: ../../networking/remote_access_vpn.rst:130
#: ../../networking/site_to_site_vpn.rst:217
#: ../../networking/site_to_site_vpn.rst:280
#: ../../networking/site_to_site_vpn.rst:412
#: ../../networking/virtual_private_cloud_config.rst:360
#: ../../networking/virtual_private_cloud_config.rst:527
#: ../../networking/virtual_private_cloud_config.rst:762
#: ../../networking/virtual_private_cloud_config.rst:820
#: ../../networking/virtual_private_cloud_config.rst:881
#: ../../networking/virtual_private_cloud_config.rst:1047
#: ../../networking/virtual_private_cloud_config.rst:1315
msgid "Public IP Addresses"
msgstr ""

#: ../../networking/remote_access_vpn.rst:132
#: ../../networking/site_to_site_vpn.rst:219
#: ../../networking/site_to_site_vpn.rst:282
#: ../../networking/site_to_site_vpn.rst:414
#: ../../networking/virtual_private_cloud_config.rst:362
#: ../../networking/virtual_private_cloud_config.rst:529
#: ../../networking/virtual_private_cloud_config.rst:764
#: ../../networking/virtual_private_cloud_config.rst:822
#: ../../networking/virtual_private_cloud_config.rst:883
#: ../../networking/virtual_private_cloud_config.rst:1049
#: ../../networking/virtual_private_cloud_config.rst:1317
msgid "Site-to-Site VPNs"
msgstr ""

#: ../../networking/remote_access_vpn.rst:134
#: ../../networking/site_to_site_vpn.rst:221
#: ../../networking/site_to_site_vpn.rst:284
#: ../../networking/site_to_site_vpn.rst:416
#: ../../networking/virtual_private_cloud_config.rst:364
#: ../../networking/virtual_private_cloud_config.rst:531
#: ../../networking/virtual_private_cloud_config.rst:766
#: ../../networking/virtual_private_cloud_config.rst:824
#: ../../networking/virtual_private_cloud_config.rst:885
#: ../../networking/virtual_private_cloud_config.rst:1051
#: ../../networking/virtual_private_cloud_config.rst:1319
msgid "Network ACL Lists"
msgstr ""

#: ../../networking/remote_access_vpn.rst:136
#: ../../networking/virtual_private_cloud_config.rst:887
#: ../../networking/virtual_private_cloud_config.rst:1053
#: ../../networking/virtual_private_cloud_config.rst:1321
msgid "In the Router node, select Public IP Addresses."
msgstr ""

#: ../../networking/remote_access_vpn.rst:138
#: ../../networking/virtual_private_cloud_config.rst:828
#: ../../networking/virtual_private_cloud_config.rst:889
#: ../../networking/virtual_private_cloud_config.rst:1055
#: ../../networking/virtual_private_cloud_config.rst:1323
msgid "The IP Addresses page is displayed."
msgstr ""

#: ../../networking/remote_access_vpn.rst:140
msgid "Click Source NAT IP address."
msgstr ""

#: ../../networking/remote_access_vpn.rst:144
msgid "Click OK to confirm. The IPsec key is displayed in a pop-up window."
msgstr ""

#: ../../networking/remote_access_vpn.rst:146
msgid "Now, you need to add the VPN users."
msgstr ""

#: ../../networking/remote_access_vpn.rst:148
msgid "Click the Source NAT IP."
msgstr ""

#: ../../networking/remote_access_vpn.rst:150
msgid "Select the VPN tab."
msgstr ""

#: ../../networking/remote_access_vpn.rst:152
msgid "Add the username and the corresponding password of the user you wanted to add."
msgstr ""

#: ../../networking/remote_access_vpn.rst:157
msgid "Repeat the same steps to add the VPN users."
msgstr ""

#: ../../networking/site_to_site_vpn.rst:4
msgid "Setting Up a Site-to-Site VPN Connection"
msgstr ""

#: ../../networking/site_to_site_vpn.rst:6
msgid "A Site-to-Site VPN connection helps you establish a secure connection from an enterprise datacenter to the cloud infrastructure. This allows users to access the guest VMs by establishing a VPN connection to the virtual router of the account from a device in the datacenter of the enterprise. You can also establish a secure connection between two VPC setups or high availability zones in your environment. Having this facility eliminates the need to establish VPN connections to individual VMs."
msgstr ""

#: ../../networking/site_to_site_vpn.rst:15
msgid "The difference from Remote VPN is that Site-to-site VPNs connects entire networks to each other, for example, connecting a branch office network to a company headquarters network. In a site-to-site VPN, hosts do not have VPN client software; they send and receive normal TCP/IP traffic through a VPN gateway."
msgstr ""

#: ../../networking/site_to_site_vpn.rst:21
msgid "The supported endpoints on the remote datacenters are:"
msgstr ""

#: ../../networking/site_to_site_vpn.rst:23
msgid "Cisco ISR with IOS 12.4 or later"
msgstr ""

#: ../../networking/site_to_site_vpn.rst:25
msgid "Juniper J-Series routers with JunOS 9.5 or later"
msgstr ""

#: ../../networking/site_to_site_vpn.rst:27
msgid "CloudStack virtual routers"
msgstr ""

#: ../../networking/site_to_site_vpn.rst:30
msgid "In addition to the specific Cisco and Juniper devices listed above, the expectation is that any Cisco or Juniper device running on the supported operating systems are able to establish VPN connections."
msgstr ""

#: ../../networking/site_to_site_vpn.rst:34
msgid "To set up a Site-to-Site VPN connection, perform the following:"
msgstr ""

#: ../../networking/site_to_site_vpn.rst:36
msgid "Create a Virtual Private Cloud (VPC)."
msgstr ""

#: ../../networking/site_to_site_vpn.rst:38
msgid "See \":ref:`configuring-vpc`\"."
msgstr ""

#: ../../networking/site_to_site_vpn.rst:40
msgid "Create a VPN Customer Gateway."
msgstr ""

#: ../../networking/site_to_site_vpn.rst:42
msgid "Create a VPN gateway for the VPC that you created."
msgstr ""

#: ../../networking/site_to_site_vpn.rst:44
msgid "Create VPN connection from the VPC VPN gateway to the customer VPN gateway."
msgstr ""

#: ../../networking/site_to_site_vpn.rst:49
msgid "Creating and Updating a VPN Customer Gateway"
msgstr ""

#: ../../networking/site_to_site_vpn.rst:52
msgid "A VPN customer gateway can be connected to only one VPN gateway at a time."
msgstr ""

#: ../../networking/site_to_site_vpn.rst:54
msgid "To add a VPN Customer Gateway:"
msgstr ""

#: ../../networking/site_to_site_vpn.rst:60
#: ../../networking/site_to_site_vpn.rst:170
msgid "In the Select view, select VPN Customer Gateway."
msgstr ""

#: ../../networking/site_to_site_vpn.rst:62
msgid "Click Add VPN Customer Gateway."
msgstr ""

#: ../../networking/site_to_site_vpn.rst:64
msgid "|addvpncustomergateway.png|"
msgstr ""

#: ../../networking/site_to_site_vpn.rst:68
msgid "**Name**: A unique name for the VPN customer gateway you create."
msgstr ""

#: ../../networking/site_to_site_vpn.rst:70
msgid "**Gateway**: The IP address for the remote gateway."
msgstr ""

#: ../../networking/site_to_site_vpn.rst:72
msgid "**CIDR list**: The guest CIDR list of the remote subnets. Enter a CIDR or a comma-separated list of CIDRs. Ensure that a guest CIDR list is not overlapped with the VPC's CIDR, or another guest CIDR. The CIDR must be RFC1918-compliant."
msgstr ""

#: ../../networking/site_to_site_vpn.rst:77
msgid "**IPsec Preshared Key**: Preshared keying is a method where the endpoints of the VPN share a secret key. This key value is used to authenticate the customer gateway and the VPC VPN gateway to each other. The sequence cannot contain a newline or double-quote."
msgstr ""

#: ../../networking/site_to_site_vpn.rst:83
msgid "The IKE peers (VPN end points) authenticate each other by computing and sending a keyed hash of data that includes the Preshared key. If the receiving peer is able to create the same hash independently by using its Preshared key, it knows that both peers must share the same secret, thus authenticating the customer gateway."
msgstr ""

#: ../../networking/site_to_site_vpn.rst:90
msgid "**IKE Encryption**: The Internet Key Exchange (IKE) policy for phase-1. The supported encryption algorithms are AES128, AES192, AES256, and 3DES. Authentication is accomplished through the Preshared Keys."
msgstr ""

#: ../../networking/site_to_site_vpn.rst:96
msgid "The phase-1 is the first phase in the IKE process. In this initial negotiation phase, the two VPN endpoints agree on the methods to be used to provide security for the underlying IP traffic. The phase-1 authenticates the two VPN gateways to each other, by confirming that the remote gateway has a matching Preshared Key."
msgstr ""

#: ../../networking/site_to_site_vpn.rst:102
msgid "**IKE Hash**: The IKE hash for phase-1. The supported hash algorithms are SHA1 and MD5."
msgstr ""

#: ../../networking/site_to_site_vpn.rst:105
msgid "**IKE DH**: A public-key cryptography protocol which allows two parties to establish a shared secret over an insecure communications channel. The 1536-bit Diffie-Hellman group is used within IKE to establish session keys. The supported options are None, Group-5 (1536-bit) and Group-2 (1024-bit)."
msgstr ""

#: ../../networking/site_to_site_vpn.rst:111
msgid "**ESP Encryption**: Encapsulating Security Payload (ESP) algorithm within phase-2. The supported encryption algorithms are AES128, AES192, AES256, and 3DES."
msgstr ""

#: ../../networking/site_to_site_vpn.rst:116
msgid "The phase-2 is the second phase in the IKE process. The purpose of IKE phase-2 is to negotiate IPSec security associations (SA) to set up the IPSec tunnel. In phase-2, new keying material is extracted from the Diffie-Hellman key exchange in phase-1, to provide session keys to use in protecting the VPN data flow."
msgstr ""

#: ../../networking/site_to_site_vpn.rst:122
msgid "**ESP Hash**: Encapsulating Security Payload (ESP) hash for phase-2. Supported hash algorithms are SHA1 and MD5."
msgstr ""

#: ../../networking/site_to_site_vpn.rst:125
msgid "**Perfect Forward Secrecy**: Perfect Forward Secrecy (or PFS) is the property that ensures that a session key derived from a set of long-term public and private keys will not be compromised. This property enforces a new Diffie-Hellman key exchange. It provides the keying material that has greater key material life and thereby greater resistance to cryptographic attacks. The available options are None, Group-5 (1536-bit) and Group-2 (1024-bit). The security of the key exchanges increase as the DH groups grow larger, as does the time of the exchanges."
msgstr ""

#: ../../networking/site_to_site_vpn.rst:136
msgid "When PFS is turned on, for every negotiation of a new phase-2 SA the two gateways must generate a new set of phase-1 keys. This adds an extra layer of protection that PFS adds, which ensures if the phase-2 SA's have expired, the keys used for new phase-2 SA's have not been generated from the current phase-1 keying material."
msgstr ""

#: ../../networking/site_to_site_vpn.rst:142
msgid "**IKE Lifetime (seconds)**: The phase-1 lifetime of the security association in seconds. Default is 86400 seconds (1 day). Whenever the time expires, a new phase-1 exchange is performed."
msgstr ""

#: ../../networking/site_to_site_vpn.rst:146
msgid "**ESP Lifetime (seconds)**: The phase-2 lifetime of the security association in seconds. Default is 3600 seconds (1 hour). Whenever the value is exceeded, a re-key is initiated to provide a new IPsec encryption and authentication session keys."
msgstr ""

#: ../../networking/site_to_site_vpn.rst:151
msgid "**Dead Peer Detection**: A method to detect an unavailable Internet Key Exchange (IKE) peer. Select this option if you want the virtual router to query the liveliness of its IKE peer at regular intervals. It's recommended to have the same configuration of DPD on both side of VPN connection."
msgstr ""

#: ../../networking/site_to_site_vpn.rst:161
msgid "Updating and Removing a VPN Customer Gateway"
msgstr ""

#: ../../networking/site_to_site_vpn.rst:163
msgid "You can update a customer gateway either with no VPN connection, or related VPN connection is in error state."
msgstr ""

#: ../../networking/site_to_site_vpn.rst:172
msgid "Select the VPN customer gateway you want to work with."
msgstr ""

#: ../../networking/site_to_site_vpn.rst:174
msgid "To modify the required parameters, click the Edit VPN Customer Gateway button |vpn-edit-icon.png|"
msgstr ""

#: ../../networking/site_to_site_vpn.rst:177
msgid "To remove the VPN customer gateway, click the Delete VPN Customer Gateway button |delete.png|"
msgstr ""

#: ../../networking/site_to_site_vpn.rst:184
msgid "Creating a VPN gateway for the VPC"
msgstr ""

#: ../../networking/site_to_site_vpn.rst:195
#: ../../networking/site_to_site_vpn.rst:256
#: ../../networking/site_to_site_vpn.rst:388
#: ../../networking/virtual_private_cloud_config.rst:673
#: ../../networking/virtual_private_cloud_config.rst:740
#: ../../networking/virtual_private_cloud_config.rst:859
#: ../../networking/virtual_private_cloud_config.rst:1293
msgid "Click the Configure button of the VPC to which you want to deploy the VMs."
msgstr ""

#: ../../networking/site_to_site_vpn.rst:198
#: ../../networking/site_to_site_vpn.rst:259
#: ../../networking/site_to_site_vpn.rst:391
#: ../../networking/virtual_private_cloud_config.rst:506
#: ../../networking/virtual_private_cloud_config.rst:743
#: ../../networking/virtual_private_cloud_config.rst:801
#: ../../networking/virtual_private_cloud_config.rst:862
#: ../../networking/virtual_private_cloud_config.rst:1296
msgid "The VPC page is displayed where all the tiers you created are listed in a diagram."
msgstr ""

#: ../../networking/site_to_site_vpn.rst:223
#: ../../networking/site_to_site_vpn.rst:286
#: ../../networking/site_to_site_vpn.rst:418
msgid "Select Site-to-Site VPN."
msgstr ""

#: ../../networking/site_to_site_vpn.rst:225
msgid "If you are creating the VPN gateway for the first time, selecting Site-to-Site VPN prompts you to create a VPN gateway."
msgstr ""

#: ../../networking/site_to_site_vpn.rst:228
msgid "In the confirmation dialog, click Yes to confirm."
msgstr ""

#: ../../networking/site_to_site_vpn.rst:230
msgid "Within a few moments, the VPN gateway is created. You will be prompted to view the details of the VPN gateway you have created. Click Yes to confirm."
msgstr ""

#: ../../networking/site_to_site_vpn.rst:234
msgid "The following details are displayed in the VPN Gateway page:"
msgstr ""

#: ../../networking/site_to_site_vpn.rst:238
msgid "Account"
msgstr ""

#: ../../networking/site_to_site_vpn.rst:240
msgid "Domain"
msgstr ""

#: ../../networking/site_to_site_vpn.rst:244
msgid "Creating a VPN Connection"
msgstr ""

#: ../../networking/site_to_site_vpn.rst:246
msgid "CloudStack supports creating up to 8 VPN connections."
msgstr ""

#: ../../networking/site_to_site_vpn.rst:254
msgid "All the VPCs that you create for the account are listed in the page."
msgstr ""

#: ../../networking/site_to_site_vpn.rst:262
#: ../../networking/site_to_site_vpn.rst:394
#: ../../networking/virtual_private_cloud_config.rst:509
msgid "Click the Settings icon."
msgstr ""

#: ../../networking/site_to_site_vpn.rst:288
#: ../../networking/site_to_site_vpn.rst:420
msgid "The Site-to-Site VPN page is displayed."
msgstr ""

#: ../../networking/site_to_site_vpn.rst:290
#: ../../networking/site_to_site_vpn.rst:422
msgid "From the Select View drop-down, ensure that VPN Connection is selected."
msgstr ""

#: ../../networking/site_to_site_vpn.rst:293
msgid "Click Create VPN Connection."
msgstr ""

#: ../../networking/site_to_site_vpn.rst:295
msgid "The Create VPN Connection dialog is displayed:"
msgstr ""

#: ../../networking/site_to_site_vpn.rst:297
msgid "|createvpnconnection.png|"
msgstr ""

#: ../../networking/site_to_site_vpn.rst:299
msgid "Select the desired customer gateway."
msgstr ""

#: ../../networking/site_to_site_vpn.rst:301
msgid "Select Passive if you want to establish a connection between two VPC virtual routers."
msgstr ""

#: ../../networking/site_to_site_vpn.rst:304
msgid "If you want to establish a connection between two VPC virtual routers, select Passive only on one of the VPC virtual routers, which waits for the other VPC virtual router to initiate the connection. Do not select Passive on the VPC virtual router that initiates the connection."
msgstr ""

#: ../../networking/site_to_site_vpn.rst:312
msgid "Within a few moments, the VPN Connection is displayed."
msgstr ""

#: ../../networking/site_to_site_vpn.rst:314
msgid "The following information on the VPN connection is displayed:"
msgstr ""

#: ../../networking/site_to_site_vpn.rst:320
msgid "State"
msgstr ""

#: ../../networking/site_to_site_vpn.rst:322
msgid "IPSec Preshared Key"
msgstr ""

#: ../../networking/site_to_site_vpn.rst:324
msgid "IKE Policy"
msgstr ""

#: ../../networking/site_to_site_vpn.rst:326
msgid "ESP Policy"
msgstr ""

#: ../../networking/site_to_site_vpn.rst:330
msgid "Site-to-Site VPN Connection Between VPC Networks"
msgstr ""

#: ../../networking/site_to_site_vpn.rst:332
msgid "CloudStack provides you with the ability to establish a site-to-site VPN connection between CloudStack virtual routers. To achieve that, add a passive mode Site-to-Site VPN. With this functionality, users can deploy applications in multiple Availability Zones or VPCs, which can communicate with each other by using a secure Site-to-Site VPN Tunnel."
msgstr ""

#: ../../networking/site_to_site_vpn.rst:338
msgid "This feature is supported on all the hypervisors."
msgstr ""

#: ../../networking/site_to_site_vpn.rst:340
msgid "Create two VPCs. For example, VPC A and VPC B."
msgstr ""

#: ../../networking/site_to_site_vpn.rst:342
msgid "For more information, see \":ref:`configuring-vpc`\"."
msgstr ""

#: ../../networking/site_to_site_vpn.rst:344
msgid "Create VPN gateways on both the VPCs you created."
msgstr ""

#: ../../networking/site_to_site_vpn.rst:346
msgid "For more information, see `\"Creating a VPN gateway for the VPC\" <#creating-a-vpn-gateway-for-the-vpc>`_."
msgstr ""

#: ../../networking/site_to_site_vpn.rst:349
msgid "Create VPN customer gateway for both the VPCs."
msgstr ""

#: ../../networking/site_to_site_vpn.rst:351
msgid "For more information, see `\"Creating and Updating a VPN Customer Gateway\" <#creating-and-updating-a-vpn-customer-gateway>`_."
msgstr ""

#: ../../networking/site_to_site_vpn.rst:354
msgid "Enable a VPN connection on VPC A in passive mode."
msgstr ""

#: ../../networking/site_to_site_vpn.rst:356
msgid "For more information, see `\"Creating a VPN Connection\" <#creating-a-vpn-connection>`_."
msgstr ""

#: ../../networking/site_to_site_vpn.rst:359
msgid "Ensure that the customer gateway is pointed to VPC B. The VPN connection is shown in the Disconnected state."
msgstr ""

#: ../../networking/site_to_site_vpn.rst:362
msgid "Enable a VPN connection on VPC B."
msgstr ""

#: ../../networking/site_to_site_vpn.rst:364
msgid "Ensure that the customer gateway is pointed to VPC A. Because virtual router of VPC A, in this case, is in passive mode and is waiting for the virtual router of VPC B to initiate the connection, VPC B virtual router should not be in passive mode."
msgstr ""

#: ../../networking/site_to_site_vpn.rst:369
msgid "The VPN connection is shown in the Disconnected state."
msgstr ""

#: ../../networking/site_to_site_vpn.rst:371
msgid "Creating VPN connection on both the VPCs initiates a VPN connection. Wait for few seconds. The default is 30 seconds for both the VPN connections to show the Connected state."
msgstr ""

#: ../../networking/site_to_site_vpn.rst:377
msgid "Restarting and Removing a VPN Connection"
msgstr ""

#: ../../networking/site_to_site_vpn.rst:425
msgid "All the VPN connections you created are displayed."
msgstr ""

#: ../../networking/site_to_site_vpn.rst:427
msgid "Select the VPN connection you want to work with."
msgstr ""

#: ../../networking/site_to_site_vpn.rst:429
msgid "The Details tab is displayed."
msgstr ""

#: ../../networking/site_to_site_vpn.rst:431
msgid "To remove a VPN connection, click the Delete VPN connection button |remove-vpn.png|"
msgstr ""

#: ../../networking/site_to_site_vpn.rst:434
msgid "To restart a VPN connection, click the Reset VPN connection button present in the Details tab. |reset-vpn.png|"
msgstr ""

#: ../../networking/inter_vlan_routing.rst:18
msgid "About Inter-VLAN Routing (nTier Apps)"
msgstr ""

#: ../../networking/inter_vlan_routing.rst:20
msgid "Inter-VLAN Routing (nTier Apps) is the capability to route network traffic between VLANs. This feature enables you to build Virtual Private Clouds (VPC), an isolated segment of your cloud, that can hold multi-tier applications. These tiers are deployed on different VLANs that can communicate with each other. You provision VLANs to the tiers your create, and VMs can be deployed on different tiers. The VLANs are connected to a virtual router, which facilitates communication between the VMs. In effect, you can segment VMs by means of VLANs into different networks that can host multi-tier applications, such as Web, Application, or Database. Such segmentation by means of VLANs logically separate application VMs for higher security and lower broadcasts, while remaining physically connected to the same device."
msgstr ""

#: ../../networking/inter_vlan_routing.rst:33
msgid "This feature is supported on XenServer, KVM, and VMware hypervisors."
msgstr ""

#: ../../networking/inter_vlan_routing.rst:35
msgid "The major advantages are:"
msgstr ""

#: ../../networking/inter_vlan_routing.rst:37
msgid "The administrator can deploy a set of VLANs and allow users to deploy VMs on these VLANs. A guest VLAN is randomly alloted to an account from a pre-specified set of guest VLANs. All the VMs of a certain tier of an account reside on the guest VLAN allotted to that account."
msgstr ""

#: ../../networking/inter_vlan_routing.rst:43
msgid "A VLAN allocated for an account cannot be shared between multiple accounts."
msgstr ""

#: ../../networking/inter_vlan_routing.rst:45
msgid "The administrator can allow users create their own VPC and deploy the application. In this scenario, the VMs that belong to the account are deployed on the VLANs allotted to that account."
msgstr ""

#: ../../networking/inter_vlan_routing.rst:49
msgid "Both administrators and users can create multiple VPCs. The guest network NIC is plugged to the VPC virtual router when the first VM is deployed in a tier."
msgstr ""

#: ../../networking/inter_vlan_routing.rst:53
msgid "The administrator can create the following gateways to send to or receive traffic from the VMs:"
msgstr ""

#: ../../networking/inter_vlan_routing.rst:56
msgid "**VPN Gateway**: For more information, see `\"Creating a VPN gateway for the VPC\" <#creating-a-vpn-gateway-for-the-vpc>`_."
msgstr ""

#: ../../networking/inter_vlan_routing.rst:59
msgid "**Public Gateway**: The public gateway for a VPC is added to the virtual router when the virtual router is created for VPC. The public gateway is not exposed to the end users. You are not allowed to list it, nor allowed to create any static routes."
msgstr ""

#: ../../networking/inter_vlan_routing.rst:64
msgid "**Private Gateway**: For more information, see \":ref:`adding-priv-gw-vpc`\"."
msgstr ""

#: ../../networking/inter_vlan_routing.rst:66
msgid "Both administrators and users can create various possible destinations-gateway combinations. However, only one gateway of each type can be used in a deployment."
msgstr ""

#: ../../networking/inter_vlan_routing.rst:70
msgid "For example:"
msgstr ""

#: ../../networking/inter_vlan_routing.rst:72
msgid "**VLANs and Public Gateway**: For example, an application is deployed in the cloud, and the Web application VMs communicate with the Internet."
msgstr ""

#: ../../networking/inter_vlan_routing.rst:76
msgid "**VLANs, VPN Gateway, and Public Gateway**: For example, an application is deployed in the cloud; the Web application VMs communicate with the Internet; and the database VMs communicate with the on-premise devices."
msgstr ""

#: ../../networking/inter_vlan_routing.rst:81
msgid "The administrator can define Network Access Control List (ACL) on the virtual router to filter the traffic among the VLANs or between the Internet and a VLAN. You can define ACL based on CIDR, port range, protocol, type code (if ICMP protocol is selected) and Ingress/Egress type."
msgstr ""

#: ../../networking/inter_vlan_routing.rst:87
msgid "The following figure shows the possible deployment scenarios of a Inter-VLAN setup:"
msgstr ""

#: ../../networking/inter_vlan_routing.rst:90
msgid "|mutltier.png|"
msgstr ""

#: ../../networking/inter_vlan_routing.rst:92
msgid "To set up a multi-tier Inter-VLAN deployment, see \":ref:`configuring-vpc`\"."
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:20
msgid "Configuring a Virtual Private Cloud"
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:23
msgid "About Virtual Private Clouds"
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:25
msgid "CloudStack Virtual Private Cloud is a private, isolated part of CloudStack. A VPC can have its own virtual network topology that resembles a traditional physical network. You can launch VMs in the virtual network that can have private addresses in the range of your choice, for example: 10.0.0.0/16. You can define network tiers within your VPC network range, which in turn enables you to group similar kinds of instances based on IP address range."
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:33
msgid "For example, if a VPC has the private range 10.0.0.0/16, its guest networks can have the network ranges 10.0.1.0/24, 10.0.2.0/24, 10.0.3.0/24, and so on."
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:39
msgid "Major Components of a VPC"
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:41
msgid "A VPC is comprised of the following network components:"
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:43
msgid "**VPC**: A VPC acts as a container for multiple isolated networks that can communicate with each other via its virtual router."
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:46
msgid "**Network Tiers**: Each tier acts as an isolated network with its own VLANs and CIDR list, where you can place groups of resources, such as VMs. The tiers are segmented by means of VLANs. The NIC of each tier acts as its gateway."
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:51
msgid "**Virtual Router**: A virtual router is automatically created and started when you create a VPC. The virtual router connect the tiers and direct traffic among the public gateway, the VPN gateways, and the NAT instances. For each tier, a corresponding NIC and IP exist in the virtual router. The virtual router provides DNS and DHCP services through its IP."
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:58
msgid "**Public Gateway**: The traffic to and from the Internet routed to the VPC through the public gateway. In a VPC, the public gateway is not exposed to the end user; therefore, static routes are not support for the public gateway."
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:63
msgid "**Private Gateway**: All the traffic to and from a private network routed to the VPC through the private gateway. For more information, see \":ref:`adding-priv-gw-vpc`\"."
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:67
msgid "**VPN Gateway**: The VPC side of a VPN connection."
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:69
msgid "**Site-to-Site VPN Connection**: A hardware-based VPN connection between your VPC and your datacenter, home network, or co-location facility. For more information, see \":ref:`setting-s2s-vpn-conn`\"."
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:73
msgid "**Customer Gateway**: The customer side of a VPN Connection. For more information, see `\"Creating and Updating a VPN Customer Gateway\" <#creating-and-updating-a-vpn-customer-gateway>`_."
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:77
msgid "**NAT Instance**: An instance that provides Port Address Translation for instances to access the Internet via the public gateway. For more information, see \":ref:`enabling-disabling-static-nat-on-vpc`\"."
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:81
msgid "**Network ACL**: Network ACL is a group of Network ACL items. Network ACL items are nothing but numbered rules that are evaluated in order, starting with the lowest numbered rule. These rules determine whether traffic is allowed in or out of any tier associated with the network ACL. For more information, see \":ref:`conf-net-acl`\"."
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:89
msgid "Network Architecture in a VPC"
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:91
msgid "In a VPC, the following four basic options of network architectures are present:"
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:94
msgid "VPC with a public gateway only"
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:96
msgid "VPC with public and private gateways"
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:98
msgid "VPC with public and private gateways and site-to-site VPN access"
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:100
msgid "VPC with a private gateway only and site-to-site VPN access"
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:104
msgid "Connectivity Options for a VPC"
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:106
msgid "You can connect your VPC to:"
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:108
msgid "The Internet through the public gateway."
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:110
msgid "The corporate datacenter by using a site-to-site VPN connection through the VPN gateway."
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:113
msgid "Both the Internet and your corporate datacenter by using both the public gateway and a VPN gateway."
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:118
msgid "VPC Network Considerations"
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:120
msgid "Consider the following before you create a VPC:"
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:122
msgid "A VPC, by default, is created in the enabled state."
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:124
msgid "A VPC can be created in Advance zone only, and can't belong to more than one zone at a time."
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:127
msgid "The default number of VPCs an account can create is 20. However, you can change it by using the max.account.vpcs global parameter, which controls the maximum number of VPCs an account is allowed to create."
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:131
msgid "The default number of tiers an account can create within a VPC is 3. You can configure this number by using the vpc.max.networks parameter."
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:135
msgid "Each tier should have an unique CIDR in the VPC. Ensure that the tier's CIDR should be within the VPC CIDR range."
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:138
msgid "A tier belongs to only one VPC."
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:140
msgid "All network tiers inside the VPC should belong to the same account."
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:142
msgid "When a VPC is created, by default, a SourceNAT IP is allocated to it. The Source NAT IP is released only when the VPC is removed."
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:145
msgid "A public IP can be used for only one purpose at a time. If the IP is a sourceNAT, it cannot be used for StaticNAT or port forwarding."
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:148
msgid "The instances can only have a private IP address that you provision. To communicate with the Internet, enable NAT to an instance that you launch in your VPC."
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:152
msgid "Only new networks can be added to a VPC. The maximum number of networks per VPC is limited by the value you specify in the vpc.max.networks parameter. The default value is three."
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:156
msgid "The load balancing service can be supported by only one tier inside the VPC."
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:159
msgid "If an IP address is assigned to a tier:"
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:161
msgid "That IP can't be used by more than one tier at a time in the VPC. For example, if you have tiers A and B, and a public IP1, you can create a port forwarding rule by using the IP either for A or B, but not for both."
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:166
msgid "That IP can't be used for StaticNAT, load balancing, or port forwarding rules for another guest network inside the VPC."
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:169
msgid "Remote access VPN is not supported in VPC networks."
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:173
msgid "Adding a Virtual Private Cloud"
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:175
msgid "When creating the VPC, you simply provide the zone and a set of IP addresses for the VPC network address space. You specify this set of addresses in the form of a Classless Inter-Domain Routing (CIDR) block."
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:185
msgid "Click Add VPC. The Add VPC page is displayed as follows:"
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:187
msgid "|add-vpc.png|"
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:191
msgid "**Name**: A short name for the VPC that you are creating."
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:193
msgid "**Description**: A brief description of the VPC."
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:195
msgid "**Zone**: Choose the zone where you want the VPC to be available."
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:197
msgid "**Super CIDR for Guest Networks**: Defines the CIDR range for all the tiers (guest networks) within a VPC. When you create a tier, ensure that its CIDR is within the Super CIDR value you enter. The CIDR must be RFC1918 compliant."
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:202
msgid "**DNS domain for Guest Networks**: If you want to assign a special domain name, specify the DNS suffix. This parameter is applied to all the tiers within the VPC. That implies, all the tiers you create in the VPC belong to the same DNS domain. If the parameter is not specified, a DNS domain name is generated automatically."
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:208
msgid "**Public Load Balancer Provider**: You have two options: VPC Virtual Router and Netscaler."
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:215
msgid "Adding Tiers"
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:217
msgid "Tiers are distinct locations within a VPC that act as isolated networks, which do not have access to other tiers by default. Tiers are set up on different VLANs that can communicate with each other by using a virtual router. Tiers provide inexpensive, low latency network connectivity to other tiers within the VPC."
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:229
#: ../../networking/virtual_private_cloud_config.rst:1368
msgid "All the VPC that you have created for the account is listed in the page."
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:233
msgid "The end users can see their own VPCs, while root and domain admin can see any VPC they are authorized to see."
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:236
#: ../../networking/virtual_private_cloud_config.rst:1371
msgid "Click the Configure button of the VPC for which you want to set up tiers."
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:239
msgid "Click Create network."
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:241
msgid "The Add new tier dialog is displayed, as follows:"
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:243
msgid "|add-tier.png|"
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:245
msgid "If you have already created tiers, the VPC diagram is displayed. Click Create Tier to add a new tier."
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:252
msgid "**Name**: A unique name for the tier you create."
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:254
msgid "**Network Offering**: The following default network offerings are listed: Internal LB, DefaultIsolatedNetworkOfferingForVpcNetworksNoLB, DefaultIsolatedNetworkOfferingForVpcNetworks"
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:259
msgid "In a VPC, only one tier can be created by using LB-enabled network offering."
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:267
msgid "**VLAN**: The VLAN ID for the tier that the root admin creates."
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:269
msgid "This option is only visible if the network offering you selected is VLAN-enabled."
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:272
msgid "For more information, see `\"Assigning VLANs to Isolated Networks\" <hosts.html#assigning-vlans-to-isolated-networks>`_."
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:283
msgid "Continue with configuring access control list for the tier."
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:289
msgid "Configuring Network Access Control List"
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:291
msgid "Define Network Access Control List (ACL) on the VPC virtual router to control incoming (ingress) and outgoing (egress) traffic between the VPC tiers, and the tiers and Internet. By default, all incoming traffic to the guest networks is blocked and all outgoing traffic from guest networks is allowed, once you add an ACL rule for outgoing traffic, then only outgoing traffic specified in this ACL rule is allowed, the rest is blocked. To open the ports, you must create a new network ACL. The network ACLs can be created for the tiers only if the NetworkACL service is supported."
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:303
msgid "About Network ACL Lists"
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:305
msgid "In CloudStack terminology, Network ACL is a group of Network ACL items. Network ACL items are nothing but numbered rules that are evaluated in order, starting with the lowest numbered rule. These rules determine whether traffic is allowed in or out of any tier associated with the network ACL. You need to add the Network ACL items to the Network ACL, then associate the Network ACL with a tier. Network ACL is associated with a VPC and can be assigned to multiple VPC tiers within a VPC. A Tier is associated with a Network ACL at all the times. Each tier can be associated with only one ACL."
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:315
msgid "The default Network ACL is used when no ACL is associated. Default behavior is all the incoming traffic is blocked and outgoing traffic is allowed from the tiers. Default network ACL cannot be removed or modified. Contents of the default Network ACL is:"
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:323
msgid "Rule"
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:323
msgid "Protocol"
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:323
msgid "Traffic type"
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:323
msgid "Action"
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:325
#: ../../networking/virtual_private_cloud_config.rst:326
msgid "All"
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:325
msgid "Ingress"
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:325
#: ../../networking/virtual_private_cloud_config.rst:326
msgid "0.0.0.0/0"
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:326
msgid "Egress"
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:331
msgid "Creating ACL Lists"
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:366
#: ../../networking/virtual_private_cloud_config.rst:393
msgid "Select Network ACL Lists."
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:368
msgid "The following default rules are displayed in the Network ACLs page: default\\_allow, default\\_deny."
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:371
msgid "Click Add ACL Lists, and specify the following:"
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:373
msgid "**ACL List Name**: A name for the ACL list."
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:375
msgid "**Description**: A short description of the ACL list that can be displayed to users."
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:380
msgid "Creating an ACL Rule"
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:395
msgid "In addition to the custom ACL lists you have created, the following default rules are displayed in the Network ACLs page: default\\_allow, default\\_deny."
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:399
#: ../../networking/virtual_private_cloud_config.rst:479
msgid "Select the desired ACL list."
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:401
msgid "Select the ACL List Rules tab."
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:403
msgid "To add an ACL rule, fill in the following fields to specify what kind of network traffic is allowed in the VPC."
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:406
msgid "**Rule Number**: The order in which the rules are evaluated."
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:408
msgid "**CIDR**: The CIDR acts as the Source CIDR for the Ingress rules, and Destination CIDR for the Egress rules. To accept traffic only from or to the IP addresses within a particular address block, enter a CIDR or a comma-separated list of CIDRs. The CIDR is the base IP address of the incoming traffic. For example, 192.168.0.0/22. To allow all CIDRs, set to 0.0.0.0/0."
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:415
msgid "**Action**: What action to be taken. Allow traffic or block."
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:417
msgid "**Protocol**: The networking protocol that sources use to send traffic to the tier. The TCP and UDP protocols are typically used for data exchange and end-user communications. The ICMP protocol is typically used to send error messages or network monitoring data. All supports all the traffic. Other option is Protocol Number."
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:424
msgid "**Start Port**, **End Port** (TCP, UDP only): A range of listening ports that are the destination for the incoming traffic. If you are opening a single port, use the same number in both fields."
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:428
msgid "**Protocol Number**: The protocol number associated with IPv4 or IPv6. For more information, see `Protocol Numbers <http://www.iana.org/assignments/protocol-numbers/protocol-numbers.xml>`_."
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:432
msgid "**ICMP Type**, **ICMP Code** (ICMP only): The type of message and error code that will be sent."
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:435
msgid "**Traffic Type**: The type of traffic: Incoming or outgoing."
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:437
msgid "Click Add. The ACL rule is added."
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:439
msgid "You can edit the tags assigned to the ACL rules and delete the ACL rules you have created. Click the appropriate button in the Details tab."
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:445
msgid "Creating a Tier with Custom ACL List"
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:447
#: ../../networking/virtual_private_cloud_config.rst:463
msgid "Create a VPC."
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:449
#: ../../networking/virtual_private_cloud_config.rst:469
msgid "Create a custom ACL list."
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:451
#: ../../networking/virtual_private_cloud_config.rst:471
msgid "Add ACL rules to the ACL list."
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:453
#: ../../networking/virtual_private_cloud_config.rst:465
msgid "Create a tier in the VPC."
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:455
msgid "Select the desired ACL list while creating a tier."
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:461
msgid "Assigning a Custom ACL List to a Tier"
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:467
msgid "Associate the tier with the default ACL rule."
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:473
msgid "Select the tier for which you want to assign the custom ACL."
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:475
msgid "Click the Replace ACL List icon. |replace-acl-icon.png|"
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:477
msgid "The Replace ACL List dialog is displayed."
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:487
msgid "Adding a Private Gateway to a VPC"
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:489
msgid "A private gateway can be added by the root admin only. The VPC private network has 1:1 relationship with the NIC of the physical network. You can configure multiple private gateways to a single VPC. No gateways with duplicated VLAN and IP are allowed in the same data center."
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:503
msgid "Click the Configure button of the VPC to which you want to configure load balancing rules."
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:511
#: ../../networking/virtual_private_cloud_config.rst:746
#: ../../networking/virtual_private_cloud_config.rst:804
msgid "The following options are displayed."
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:533
msgid "Select Private Gateways."
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:535
msgid "The Gateways page is displayed."
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:537
msgid "Click Add new gateway:"
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:539
msgid "|add-new-gateway-vpc.png|"
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:543
msgid "**Physical Network**: The physical network you have created in the zone."
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:546
msgid "**IP Address**: The IP address associated with the VPC gateway."
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:548
msgid "**Gateway**: The gateway through which the traffic is routed to and from the VPC."
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:551
msgid "**Netmask**: The netmask associated with the VPC gateway."
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:553
msgid "**VLAN**: The VLAN associated with the VPC gateway."
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:555
msgid "**Source NAT**: Select this option to enable the source NAT service on the VPC private gateway."
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:558
msgid "See \":ref:`source-nat-priv-gw`\"."
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:560
msgid "**ACL**: Controls both ingress and egress traffic on a VPC private gateway. By default, all the traffic is blocked."
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:563
msgid "See \":ref:`acl-priv-gw`\"."
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:565
msgid "The new gateway appears in the list. You can repeat these steps to add more gateway for this VPC."
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:572
msgid "Source NAT on Private Gateway"
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:574
msgid "You might want to deploy multiple VPCs with the same super CIDR and guest tier CIDR. Therefore, multiple guest VMs from different VPCs can have the same IPs to reach a enterprise data center through the private gateway. In such cases, a NAT service need to be configured on the private gateway to avoid IP conflicts. If Source NAT is enabled, the guest VMs in VPC reaches the enterprise network via private gateway IP address by using the NAT service."
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:582
msgid "The Source NAT service on a private gateway can be enabled while adding the private gateway. On deletion of a private gateway, source NAT rules specific to the private gateway are deleted."
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:586
msgid "To enable source NAT on existing private gateways, delete them and create afresh with source NAT."
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:593
msgid "ACL on Private Gateway"
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:595
msgid "The traffic on the VPC private gateway is controlled by creating both ingress and egress network ACL rules. The ACLs contains both allow and deny rules. As per the rule, all the ingress traffic to the private gateway interface and all the egress traffic out from the private gateway interface are blocked."
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:601
msgid "You can change this default behaviour while creating a private gateway. Alternatively, you can do the following:"
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:604
#: ../../networking/virtual_private_cloud_config.rst:635
msgid "In a VPC, identify the Private Gateway you want to work with."
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:606
msgid "In the Private Gateway page, do either of the following:"
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:608
msgid "Use the Quickview. See 3."
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:610
msgid "Use the Details tab. See 4 through ."
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:612
msgid "In the Quickview of the selected Private Gateway, click Replace ACL, select the ACL rule, then click OK"
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:615
msgid "Click the IP address of the Private Gateway you want to work with."
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:617
msgid "In the Detail tab, click the Replace ACL button. |replace-acl-icon.png|"
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:620
msgid "The Replace ACL dialog is displayed."
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:622
msgid "select the ACL rule, then click OK."
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:624
msgid "Wait for few seconds. You can see that the new ACL rule is displayed in the Details page."
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:629
msgid "Creating a Static Route"
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:631
msgid "CloudStack enables you to specify routing for the VPN connection you create. You can enter one or CIDR addresses to indicate which traffic is to be routed back to the gateway."
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:637
msgid "In the Private Gateway page, click the IP address of the Private Gateway you want to work with."
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:640
msgid "Select the Static Routes tab."
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:642
msgid "Specify the CIDR of destination network."
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:646
msgid "Wait for few seconds until the new route is created."
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:650
msgid "Blacklisting Routes"
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:652
msgid "CloudStack enables you to block a list of routes so that they are not assigned to any of the VPC private gateways. Specify the list of routes that you want to blacklist in the ``blacklisted.routes`` global parameter. Note that the parameter update affects only new static route creations. If you block an existing static route, it remains intact and continue functioning. You cannot add a static route if the route is blacklisted for the zone."
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:662
msgid "Deploying VMs to the Tier"
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:676
msgid "The VPC page is displayed where all the tiers you have created are listed."
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:679
msgid "Click Virtual Machines tab of the tier to which you want to add a VM."
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:681
msgid "|add-vm-vpc.png|"
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:683
msgid "The Add Instance page is displayed."
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:685
msgid "Follow the on-screen instruction to add an instance. For information on adding an instance, see the Installation Guide."
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:690
msgid "Deploying VMs to VPC Tier and Shared Networks"
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:692
msgid "CloudStack allows you deploy VMs on a VPC tier and one or more shared networks. With this feature, VMs deployed in a multi-tier application can receive monitoring services via a shared network provided by a service provider."
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:697
msgid "Log in to the CloudStack UI as an administrator."
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:699
msgid "In the left navigation, choose Instances."
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:701
msgid "Click Add Instance."
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:703
msgid "Select a zone."
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:705
msgid "Select a template or ISO, then follow the steps in the wizard."
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:707
msgid "Ensure that the hardware you have allows starting the selected service offering."
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:710
msgid "Under Networks, select the desired networks for the VM you are launching."
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:713
msgid "You can deploy a VM to a VPC tier and multiple shared networks."
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:715
msgid "|addvm-tier-sharednw.png|"
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:717
msgid "Click Next, review the configuration and click Launch."
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:719
msgid "Your VM will be deployed to the selected VPC tier and shared network."
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:723
msgid "Acquiring a New IP Address for a VPC"
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:725
msgid "When you acquire an IP address, all IP addresses are allocated to VPC, not to the guest networks within the VPC. The IPs are associated to the guest network only when the first port-forwarding, load balancing, or Static NAT rule is created for the IP or the network. IP can't be associated to more than one network at a time."
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:768
msgid "Select IP Addresses."
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:770
msgid "The Public IP Addresses page is displayed."
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:772
msgid "Click Acquire New IP, and click Yes in the confirmation dialog."
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:774
msgid "You are prompted for confirmation because, typically, IP addresses are a limited resource. Within a few moments, the new IP address should appear with the state Allocated. You can now use the IP address in port forwarding, load balancing, and static NAT rules."
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:781
msgid "Releasing an IP Address Alloted to a VPC"
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:783
msgid "The IP address is a limited resource. If you no longer need a particular IP, you can disassociate it from its VPC and return it to the pool of available addresses. An IP address can be released from its tier, only when all the networking ( port forwarding, load balancing, or StaticNAT ) rules are removed for this IP address. The released IP address will still belongs to the same VPC."
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:799
msgid "Click the Configure button of the VPC whose IP you want to release."
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:826
msgid "Select Public IP Addresses."
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:830
msgid "Click the IP you want to release."
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:832
msgid "In the Details tab, click the Release IP button |release-ip-icon.png|"
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:838
msgid "Enabling or Disabling Static NAT on a VPC"
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:840
msgid "A static NAT rule maps a public IP address to the private IP address of a VM in a VPC to allow Internet traffic to it. This section tells how to enable or disable static NAT for a particular IP address in a VPC."
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:865
msgid "For each tier, the following options are displayed."
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:891
msgid "Click the IP you want to work with."
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:893
msgid "In the Details tab,click the Static NAT button. |enable-disable.png| The button toggles between Enable and Disable, depending on whether static NAT is currently enabled for the IP address."
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:898
msgid "If you are enabling static NAT, a dialog appears as follows:"
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:900
msgid "|select-vmstatic-nat.png|"
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:902
msgid "Select the tier and the destination VM, then click Apply."
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:906
msgid "Adding Load Balancing Rules on a VPC"
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:908
msgid "In a VPC, you can configure two types of load balancing: external LB and internal LB. External LB is nothing but a LB rule created to redirect the traffic received at a public IP of the VPC virtual router. The traffic is load balanced within a tier based on your configuration. Citrix NetScaler and VPC virtual router are supported for external LB. When you use internal LB service, traffic received at a tier is load balanced across different VMs within that tier. For example, traffic reached at Web tier is redirected to another VM in that tier. External load balancing devices are not supported for internal LB. The service is provided by a internal LB VM configured on the target tier."
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:921
msgid "Load Balancing Within a Tier (External LB)"
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:923
msgid "A CloudStack user or administrator may create load balancing rules that balance traffic received at a public IP to one or more VMs that belong to a network tier that provides load balancing service in a VPC. A user creates a rule, specifies an algorithm, and assigns the rule to a set of VMs within a tier."
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:931
msgid "Enabling NetScaler as the LB Provider on a VPC Tier"
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:933
msgid "Add and enable Netscaler VPX in dedicated mode."
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:935
msgid "Netscaler can be used in a VPC environment only if it is in dedicated mode."
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:938
msgid "Create a network offering, as given in \":ref:`create-net-offering-ext-lb`\"."
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:940
msgid "Create a VPC with Netscaler as the Public LB provider."
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:942
msgid "For more information, see `\"Adding a Virtual Private Cloud\" <#adding-a-virtual-private-cloud>`_."
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:945
msgid "For the VPC, acquire an IP."
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:947
msgid "Create an external load balancing rule and apply, as given in :ref:`create-ext-lb-rule`."
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:954
msgid "Creating a Network Offering for External LB"
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:956
msgid "To have external LB support on VPC, create a network offering as follows:"
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:959
#: ../../networking/virtual_private_cloud_config.rst:1165
msgid "Log in to the CloudStack UI as a user or admin."
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:961
#: ../../networking/virtual_private_cloud_config.rst:1167
msgid "From the Select Offering drop-down, choose Network Offering."
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:965
#: ../../networking/virtual_private_cloud_config.rst:1171
msgid "In the dialog, make the following choices:"
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:967
#: ../../networking/virtual_private_cloud_config.rst:1173
msgid "**Name**: Any desired name for the network offering."
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:969
#: ../../networking/virtual_private_cloud_config.rst:1175
msgid "**Description**: A short description of the offering that can be displayed to users."
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:972
#: ../../networking/virtual_private_cloud_config.rst:1178
msgid "**Network Rate**: Allowed data transfer rate in MB per second."
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:974
#: ../../networking/virtual_private_cloud_config.rst:1180
msgid "**Traffic Type**: The type of network traffic that will be carried on the network."
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:977
#: ../../networking/virtual_private_cloud_config.rst:1183
msgid "**Guest Type**: Choose whether the guest network is isolated or shared."
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:980
#: ../../networking/virtual_private_cloud_config.rst:1186
msgid "**Persistent**: Indicate whether the guest network is persistent or not. The network that you can provision without having to deploy a VM on it is termed persistent network."
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:984
#: ../../networking/virtual_private_cloud_config.rst:1190
msgid "**VPC**: This option indicate whether the guest network is Virtual Private Cloud-enabled. A Virtual Private Cloud (VPC) is a private, isolated part of CloudStack. A VPC can have its own virtual network topology that resembles a traditional physical network. For more information on VPCs, see `\"About Virtual Private Clouds\" <#about-virtual-private-clouds>`_."
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:990
#: ../../networking/virtual_private_cloud_config.rst:1197
msgid "**Specify VLAN**: (Isolated guest networks only) Indicate whether a VLAN should be specified when this offering is used."
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:993
msgid "**Supported Services**: Select Load Balancer. Use Netscaler or VpcVirtualRouter."
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:996
msgid "**Load Balancer Type**: Select Public LB from the drop-down."
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:998
msgid "**LB Isolation**: Select Dedicated if Netscaler is used as the external LB provider."
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:1001
#: ../../networking/virtual_private_cloud_config.rst:1205
msgid "**System Offering**: Choose the system service offering that you want virtual routers to use in this network."
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:1004
#: ../../networking/virtual_private_cloud_config.rst:1208
msgid "**Conserve mode**: Indicate whether to use conserve mode. In this mode, network resources are allocated only when the first virtual machine starts in the network."
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:1008
#: ../../networking/virtual_private_cloud_config.rst:1212
msgid "Click OK and the network offering is created."
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:1014
msgid "Creating an External LB Rule"
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:1025
msgid "Click the Configure button of the VPC, for which you want to configure load balancing rules."
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:1028
#: ../../networking/virtual_private_cloud_config.rst:1241
msgid "The VPC page is displayed where all the tiers you created listed in a diagram."
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:1062
#: ../../networking/virtual_private_cloud_config.rst:1330
msgid "Select the tier to which you want to apply the rule."
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:1068
msgid "**Public Port**: The port that receives the incoming traffic to be balanced."
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:1074
#: ../../networking/virtual_private_cloud_config.rst:1270
msgid "**Algorithm**. Choose the load balancing algorithm you want CloudStack to use. CloudStack supports the following well-known algorithms:"
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:1080
#: ../../networking/virtual_private_cloud_config.rst:1276
msgid "Least connections"
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:1082
#: ../../networking/virtual_private_cloud_config.rst:1278
msgid "Source"
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:1084
msgid "**Stickiness**. (Optional) Click Configure and choose the algorithm for the stickiness policy. See Sticky Session Policies for Load Balancer Rules."
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:1088
msgid "**Add VMs**: Click Add VMs, then select two or more VMs that will divide the load of incoming traffic, and click Apply."
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:1091
msgid "The new load balancing rule appears in the list. You can repeat these steps to add more load balancing rules for this IP address."
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:1096
msgid "Load Balancing Across Tiers"
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:1098
msgid "CloudStack supports sharing workload across different tiers within your VPC. Assume that multiple tiers are set up in your environment, such as Web tier and Application tier. Traffic to each tier is balanced on the VPC virtual router on the public side, as explained in `\"Adding Load Balancing Rules on a VPC\" <#adding-load-balancing-rules-on-a-vpc>`_. If you want the traffic coming from the Web tier to the Application tier to be balanced, use the internal load balancing feature offered by CloudStack."
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:1109
msgid "How Does Internal LB Work in VPC?"
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:1111
msgid "In this figure, a public LB rule is created for the public IP 72.52.125.10 with public port 80 and private port 81. The LB rule, created on the VPC virtual router, is applied on the traffic coming from the Internet to the VMs on the Web tier. On the Application tier two internal load balancing rules are created. An internal LB rule for the guest IP 10.10.10.4 with load balancer port 23 and instance port 25 is configured on the VM, InternalLBVM1. Another internal LB rule for the guest IP 10.10.10.4 with load balancer port 45 and instance port 46 is configured on the VM, InternalLBVM1. Another internal LB rule for the guest IP 10.10.10.6, with load balancer port 23 and instance port 25 is configured on the VM, InternalLBVM2."
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:1123
msgid "|vpc-lb.png|"
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:1129
msgid "Internal LB and Public LB are mutually exclusive on a tier. If the tier has LB on the public side, then it can't have the Internal LB."
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:1132
msgid "Internal LB is supported just on VPC networks in CloudStack 4.2 release."
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:1135
msgid "Only Internal LB VM can act as the Internal LB provider in CloudStack 4.2 release."
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:1138
msgid "Network upgrade is not supported from the network offering with Internal LB to the network offering with Public LB."
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:1141
msgid "Multiple tiers can have internal LB support in a VPC."
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:1143
msgid "Only one tier can have Public LB support in a VPC."
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:1147
msgid "Enabling Internal LB on a VPC Tier"
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:1149
msgid "Create a network offering, as given in :ref:`creating-net-offering-internal-lb`."
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:1152
msgid "Create an internal load balancing rule and apply, as given in :ref:`create-int-lb-rule`."
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:1159
msgid "Creating a Network Offering for Internal LB"
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:1161
msgid "To have internal LB support on VPC, either use the default offering, DefaultIsolatedNetworkOfferingForVpcNetworksWithInternalLB, or create a network offering as follows:"
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:1200
msgid "**Supported Services**: Select Load Balancer. Select ``InternalLbVM`` from the provider list."
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:1203
msgid "**Load Balancer Type**: Select Internal LB from the drop-down."
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:1218
msgid "Creating an Internal LB Rule"
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:1220
msgid "When you create the Internal LB rule and applies to a VM, an Internal LB VM, which is responsible for load balancing, is created."
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:1223
msgid "You can view the created Internal LB VM in the Instances page if you navigate to **Infrastructure** > **Zones** > <zone\\_ name> > <physical\\_network\\_name> > **Network Service Providers** > **Internal LB VM**. You can manage the Internal LB VMs as and when required from the location."
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:1238
msgid "Locate the VPC for which you want to configure internal LB, then click Configure."
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:1244
msgid "Locate the Tier for which you want to configure an internal LB rule, click Internal LB."
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:1247
msgid "In the Internal LB page, click Add Internal LB."
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:1249
msgid "In the dialog, specify the following:"
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:1253
msgid "**Description**: A short description of the rule that can be displayed to users."
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:1256
msgid "**Source IP Address**: (Optional) The source IP from which traffic originates. The IP is acquired from the CIDR of that particular tier on which you want to create the Internal LB rule. If not specified, the IP address is automatically allocated from the network CIDR."
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:1262
msgid "For every Source IP, a new Internal LB VM is created for load balancing."
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:1265
msgid "**Source Port**: The port associated with the source IP. Traffic on this port is load balanced."
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:1268
msgid "**Instance Port**: The port of the internal LB VM."
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:1282
msgid "Adding a Port Forwarding Rule on a VPC"
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:1340
msgid "**Protocol**: The communication protocol in use between the two ports."
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:1343
msgid "TCP"
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:1345
msgid "UDP"
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:1347
msgid "**Add VM**: Click Add VM. Select the name of the instance to which this rule applies, and click Apply."
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:1350
msgid "You can test the rule by opening an SSH session to the instance."
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:1354
msgid "Removing Tiers"
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:1356
msgid "You can remove a tier from a VPC. A removed tier cannot be revoked. When a tier is removed, only the resources of the tier are expunged. All the network rules (port forwarding, load balancing and staticNAT) and the IP addresses associated to the tier are removed. The IP address still be belonging to the same VPC."
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:1374
msgid "The Configure VPC page is displayed. Locate the tier you want to work with."
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:1377
msgid "Select the tier you want to remove."
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:1379
msgid "In the Network Details tab, click the Delete Network button. |del-tier.png|"
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:1382
msgid "Click Yes to confirm. Wait for some time for the tier to be removed."
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:1386
msgid "Editing, Restarting, and Removing a Virtual Private Cloud"
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:1388
msgid "Ensure that all the tiers are removed before you remove a VPC."
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:1399
msgid "Select the VPC you want to work with."
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:1401
msgid "In the Details tab, click the Remove VPC button |remove-vpc.png|"
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:1403
msgid "You can remove the VPC by also using the remove button in the Quick View."
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:1406
msgid "You can edit the name and description of a VPC. To do that, select the VPC, then click the Edit button. |vpc-edit-icon.png|"
msgstr ""

#: ../../networking/virtual_private_cloud_config.rst:1409
msgid "To restart a VPC, select the VPC, then click the Restart button. |restart-vpc.png|"
msgstr ""

#: ../../networking/persistent_networks.rst:18
msgid "Persistent Networks"
msgstr ""

#: ../../networking/persistent_networks.rst:20
msgid "The network that you can provision without having to deploy any VMs on it is called a persistent network. A persistent network can be part of a VPC or a non-VPC environment."
msgstr ""

#: ../../networking/persistent_networks.rst:24
msgid "When you create other types of network, a network is only a database entry until the first VM is created on that network. When the first VM is created, a VLAN ID is assigned and the network is provisioned. Also, when the last VM is destroyed, the VLAN ID is released and the network is no longer available. With the addition of persistent network, you will have the ability to create a network in CloudStack in which physical devices can be deployed without having to run any VMs. Additionally, you can deploy physical devices on that network."
msgstr ""

#: ../../networking/persistent_networks.rst:33
msgid "One of the advantages of having a persistent network is that you can create a VPC with a tier consisting of only physical devices. For example, you might create a VPC for a three-tier application, deploy VMs for Web and Application tier, and use physical machines for the Database tier. Another use case is that if you are providing services by using physical hardware, you can define the network as persistent and therefore even if all its VMs are destroyed the services will not be discontinued."
msgstr ""

#: ../../networking/persistent_networks.rst:44
msgid "Persistent Network Considerations"
msgstr ""

#: ../../networking/persistent_networks.rst:46
msgid "Persistent network is designed for isolated networks."
msgstr ""

#: ../../networking/persistent_networks.rst:48
msgid "All default network offerings are non-persistent."
msgstr ""

#: ../../networking/persistent_networks.rst:50
msgid "A network offering cannot be editable because changing it affects the behavior of the existing networks that were created using this network offering."
msgstr ""

#: ../../networking/persistent_networks.rst:54
msgid "When you create a guest network, the network offering that you select defines the network persistence. This in turn depends on whether persistent network is enabled in the selected network offering."
msgstr ""

#: ../../networking/persistent_networks.rst:58
msgid "An existing network can be made persistent by changing its network offering to an offering that has the Persistent option enabled. While setting this property, even if the network has no running VMs, the network is provisioned."
msgstr ""

#: ../../networking/persistent_networks.rst:63
msgid "An existing network can be made non-persistent by changing its network offering to an offering that has the Persistent option disabled. If the network has no running VMs, during the next network garbage collection run the network is shut down."
msgstr ""

#: ../../networking/persistent_networks.rst:68
msgid "When the last VM on a network is destroyed, the network garbage collector checks if the network offering associated with the network is persistent, and shuts down the network only if it is non-persistent."
msgstr ""

#: ../../networking/persistent_networks.rst:75
msgid "Creating a Persistent Guest Network"
msgstr ""

#: ../../networking/persistent_networks.rst:77
msgid "To create a persistent network, perform the following:"
msgstr ""

#: ../../networking/persistent_networks.rst:79
msgid "Create a network offering with the Persistent option enabled."
msgstr ""

#: ../../networking/persistent_networks.rst:81
msgid "See `\"Creating a New Network Offering\" <networking.html#creating-a-new-network-offering>`_."
msgstr ""

#: ../../networking/persistent_networks.rst:84
msgid "Select Network from the left navigation pane."
msgstr ""

#: ../../networking/persistent_networks.rst:86
msgid "Select the guest network that you want to offer this network service to."
msgstr ""

#: ../../networking/persistent_networks.rst:89
msgid "Click the Edit button."
msgstr ""

#: ../../networking/persistent_networks.rst:91
msgid "From the Network Offering drop-down, select the persistent network offering you have just created."
msgstr ""

#: ../../networking/palo_alto_config.rst:18
msgid "Setup a Palo Alto Networks Firewall"
msgstr ""

#: ../../networking/palo_alto_config.rst:22
msgid "Functionality Provided"
msgstr ""

#: ../../networking/palo_alto_config.rst:24
msgid "This implementation enables the orchestration of a Palo Alto Networks Firewall from within CloudStack UI and API."
msgstr ""

#: ../../networking/palo_alto_config.rst:27
msgid "**The following features are supported**:"
msgstr ""

#: ../../networking/palo_alto_config.rst:29
msgid "List/Add/Delete Palo Alto Networks service provider"
msgstr ""

#: ../../networking/palo_alto_config.rst:31
msgid "List/Add/Delete Palo Alto Networks network service offering"
msgstr ""

#: ../../networking/palo_alto_config.rst:33
msgid "List/Add/Delete Palo Alto Networks network using the above service offering"
msgstr ""

#: ../../networking/palo_alto_config.rst:35
msgid "Add an instance to a Palo Alto Networks network"
msgstr ""

#: ../../networking/palo_alto_config.rst:37
msgid "Source NAT management on network create and delete"
msgstr ""

#: ../../networking/palo_alto_config.rst:39
msgid "List/Add/Delete Ingress Firewall rule"
msgstr ""

#: ../../networking/palo_alto_config.rst:41
msgid "List/Add/Delete Egress Firewall rule (both 'Allow' and 'Deny' default rules supported)"
msgstr ""

#: ../../networking/palo_alto_config.rst:44
msgid "List/Add/Delete Port Forwarding rule"
msgstr ""

#: ../../networking/palo_alto_config.rst:46
msgid "List/Add/Delete Static NAT rule"
msgstr ""

#: ../../networking/palo_alto_config.rst:48
msgid "Apply a Threat Profile to all firewall rules (more details in the Additional Features section)"
msgstr ""

#: ../../networking/palo_alto_config.rst:51
msgid "Apply a Log Forwarding profile to all firewall rules (more details in the Additional Features section)"
msgstr ""

#: ../../networking/palo_alto_config.rst:57
msgid "Initial Palo Alto Networks Firewall Configuration"
msgstr ""

#: ../../networking/palo_alto_config.rst:60
msgid "Anatomy of the Palo Alto Networks Firewall"
msgstr ""

#: ../../networking/palo_alto_config.rst:62
msgid "In **'Network > Interfaces'** there is a list of physical interfaces as well as aggregated physical interfaces which are used for managing traffic in and out of the Palo Alto Networks Firewall device."
msgstr ""

#: ../../networking/palo_alto_config.rst:66
msgid "In **'Network > Zones'** there is a list of the different configuration zones.  This implementation will use two zones; a public (defaults to 'untrust') and private (defaults to 'trust') zone."
msgstr ""

#: ../../networking/palo_alto_config.rst:70
msgid "In **'Network > Virtual Routers'** there is a list of VRs which handle traffic routing for the Palo Alto Firewall.  We only use a single Virtual Router on the firewall and it is used to handle all the routing to the next network hop."
msgstr ""

#: ../../networking/palo_alto_config.rst:75
msgid "In **'Objects > Security Profile Groups'** there is a list of profiles which can be applied to firewall rules.  These profiles are used to better understand the types of traffic that is flowing through your network. Configured when you add the firewall provider to CloudStack."
msgstr ""

#: ../../networking/palo_alto_config.rst:80
msgid "In **'Objects > Log Forwarding'** there is a list of profiles which can be applied to firewall rules.  These profiles are used to better track the logs generated by the firewall.  Configured when you add the firewall provider to CloudStack."
msgstr ""

#: ../../networking/palo_alto_config.rst:85
msgid "In **'Policies > Security'** there is a list of firewall rules that are currently configured.  You will not need to modify this section because it will be completely automated by CloudStack, but you can review the firewall rules which have been created here."
msgstr ""

#: ../../networking/palo_alto_config.rst:90
msgid "In **'Policies > NAT'** there is a list of the different NAT rules.  You will not need to modify this section because it will be completely automated by CloudStack, but you can review the different NAT rules that have been created here.  Source NAT, Static NAT and Destination NAT (Port Forwarding) rules will show up in this list."
msgstr ""

#: ../../networking/palo_alto_config.rst:99
msgid "Configure the Public / Private Zones on the firewall"
msgstr ""

#: ../../networking/palo_alto_config.rst:101
msgid "No manual configuration is required to setup these zones because CloudStack will configure them automatically when you add the Palo Alto Networks firewall device to CloudStack as a service provider.  This implementation depends on two zones, one for the public side and one for the private side of the firewall."
msgstr ""

#: ../../networking/palo_alto_config.rst:107
msgid "The public zone (defaults to 'untrust') will contain all of the public interfaces and public IPs."
msgstr ""

#: ../../networking/palo_alto_config.rst:110
msgid "The private zone (defaults to 'trust') will contain all of the private interfaces and guest network gateways."
msgstr ""

#: ../../networking/palo_alto_config.rst:113
msgid "The NAT and firewall rules will be configured between these zones."
msgstr ""

#: ../../networking/palo_alto_config.rst:118
msgid "Configure the Public / Private Interfaces on the firewall"
msgstr ""

#: ../../networking/palo_alto_config.rst:120
msgid "This implementation supports standard physical interfaces as well as grouped physical interfaces called aggregated interfaces.  Both standard interfaces and aggregated interfaces are treated the same, so they can be used interchangeably. For this document, we will assume that we are using 'ethernet1/1' as the public interface and 'ethernet1/2' as the private interface.  If aggregated interfaces where used, you would use something like 'ae1' and 'ae2' as the interfaces."
msgstr ""

#: ../../networking/palo_alto_config.rst:128
msgid "This implementation requires that the 'Interface Type' be set to 'Layer3' for both the public and private interfaces.  If you want to be able to use the 'Untagged' VLAN tag for public traffic in CloudStack, you will need to enable support for it in the public 'ethernet1/1' interface (details below)."
msgstr ""

#: ../../networking/palo_alto_config.rst:133
msgid "**Steps to configure the Public Interface**:"
msgstr ""

#: ../../networking/palo_alto_config.rst:135
#: ../../networking/palo_alto_config.rst:171
#: ../../networking/palo_alto_config.rst:228
msgid "Log into Palo Alto Networks Firewall"
msgstr ""

#: ../../networking/palo_alto_config.rst:137
#: ../../networking/palo_alto_config.rst:230
msgid "Navigate to 'Network > Interfaces'"
msgstr ""

#: ../../networking/palo_alto_config.rst:139
msgid "Click on 'ethernet1/1' (for aggregated ethernet, it will probably be called 'ae1')"
msgstr ""

#: ../../networking/palo_alto_config.rst:142
#: ../../networking/palo_alto_config.rst:155
msgid "Select 'Layer3' from the 'Interface Type' list"
msgstr ""

#: ../../networking/palo_alto_config.rst:144
msgid "Click 'Advanced'"
msgstr ""

#: ../../networking/palo_alto_config.rst:146
msgid "Check the 'Untagged Subinterface' check-box"
msgstr ""

#: ../../networking/palo_alto_config.rst:148
#: ../../networking/palo_alto_config.rst:157
#: ../../networking/palo_alto_config.rst:193
#: ../../networking/palo_alto_config.rst:195
#: ../../networking/palo_alto_config.rst:265
#: ../../networking/palo_alto_config.rst:339
#: ../../networking/palo_alto_config.rst:388
#: ../../networking/palo_alto_config.rst:426
#: ../../networking/palo_alto_config.rst:455
msgid "Click 'OK'"
msgstr ""

#: ../../networking/palo_alto_config.rst:150
msgid "**Steps to configure the Private Interface**:"
msgstr ""

#: ../../networking/palo_alto_config.rst:152
msgid "Click on 'ethernet1/2' (for aggregated ethernet, it will probably be called 'ae2')"
msgstr ""

#: ../../networking/palo_alto_config.rst:162
msgid "Configure a Virtual Router on the firewall"
msgstr ""

#: ../../networking/palo_alto_config.rst:164
msgid "The Virtual Router on the Palo Alto Networks Firewall is not to be confused with the Virtual Routers that CloudStack provisions.  For this implementation, the Virtual Router on the Palo Alto Networks Firewall will ONLY handle the upstream routing from the Firewall to the next hop."
msgstr ""

#: ../../networking/palo_alto_config.rst:169
msgid "**Steps to configure the Virtual Router**:"
msgstr ""

#: ../../networking/palo_alto_config.rst:173
msgid "Navigate to 'Network > Virtual Routers'"
msgstr ""

#: ../../networking/palo_alto_config.rst:175
msgid "Select the 'default' Virtual Router or Add a new Virtual Router if there are none in the list"
msgstr ""

#: ../../networking/palo_alto_config.rst:178
msgid "If you added a new Virtual Router, you will need to give it a 'Name'"
msgstr ""

#: ../../networking/palo_alto_config.rst:180
msgid "Navigate to 'Static Routes > IPv4'"
msgstr ""

#: ../../networking/palo_alto_config.rst:182
msgid "'Add' a new static route"
msgstr ""

#: ../../networking/palo_alto_config.rst:184
msgid "**Name**: next_hop (you can name it anything you want)"
msgstr ""

#: ../../networking/palo_alto_config.rst:186
msgid "**Destination**: 0.0.0.0/0 (send all traffic to this route)"
msgstr ""

#: ../../networking/palo_alto_config.rst:188
msgid "**Interface**: ethernet1/1 (or whatever you set your public interface as)"
msgstr ""

#: ../../networking/palo_alto_config.rst:191
msgid "**Next Hop**: (specify the gateway IP for the next hop in your network)"
msgstr ""

#: ../../networking/palo_alto_config.rst:200
msgid "Configure the default Public Subinterface"
msgstr ""

#: ../../networking/palo_alto_config.rst:202
msgid "The current implementation of the Palo Alto Networks firewall integration uses CIDRs in the form of 'w.x.y.z/32' for the public IP addresses that CloudStack provisions.  Because no broadcast or gateway IPs are in this single IP range, there is no way for the firewall to route the traffic for these IPs.  To route the traffic for these IPs, we create a single subinterface on the public interface with an IP and a CIDR which encapsulates the CloudStack public IP range.  This IP will need to be inside the subnet defined by the CloudStack public range netmask, but outside the CloudStack public IP range.  The CIDR should reflect the same subnet defined by the CloudStack public range netmask. The name of the subinterface is determined by the VLAN configured for the public range in CloudStack."
msgstr ""

#: ../../networking/palo_alto_config.rst:214
msgid "To clarify this concept, we will use the following example."
msgstr ""

#: ../../networking/palo_alto_config.rst:216
msgid "**Example CloudStack Public Range Configuration**:"
msgstr ""

#: ../../networking/palo_alto_config.rst:218
msgid "**Gateway**: 172.30.0.1"
msgstr ""

#: ../../networking/palo_alto_config.rst:220
msgid "**Netmask**: 255.255.255.0"
msgstr ""

#: ../../networking/palo_alto_config.rst:222
msgid "**IP Range**: 172.30.0.100 - 172.30.0.199"
msgstr ""

#: ../../networking/palo_alto_config.rst:224
msgid "**VLAN**: Untagged"
msgstr ""

#: ../../networking/palo_alto_config.rst:226
msgid "**Configure the Public Subinterface**:"
msgstr ""

#: ../../networking/palo_alto_config.rst:232
msgid "Select the 'ethernet1/1' line (not clicking on the name)"
msgstr ""

#: ../../networking/palo_alto_config.rst:234
msgid "Click 'Add Subinterface' at the bottom of the window"
msgstr ""

#: ../../networking/palo_alto_config.rst:236
msgid "Enter 'Interface Name': 'ethernet1/1' . '9999'"
msgstr ""

#: ../../networking/palo_alto_config.rst:238
msgid "9999 is used if the CloudStack public range VLAN is 'Untagged'"
msgstr ""

#: ../../networking/palo_alto_config.rst:240
msgid "If the CloudStack public range VLAN is tagged (eg: 333), then the name will reflect that tag"
msgstr ""

#: ../../networking/palo_alto_config.rst:243
msgid "The 'Tag' is the VLAN tag that the traffic is sent to the next hop with, so set it accordingly.  If you are passing 'Untagged' traffic from CloudStack to your next hop, leave it blank.  If you want to pass tagged traffic from CloudStack, specify the tag."
msgstr ""

#: ../../networking/palo_alto_config.rst:248
msgid "Select 'default' from the 'Config > Virtual Router' drop-down (assuming that is what your virtual router is called)"
msgstr ""

#: ../../networking/palo_alto_config.rst:251
msgid "Click the 'IPv4' tab"
msgstr ""

#: ../../networking/palo_alto_config.rst:253
msgid "Select 'Static' from the 'Type' radio options"
msgstr ""

#: ../../networking/palo_alto_config.rst:255
msgid "Click 'Add' in the 'IP' section"
msgstr ""

#: ../../networking/palo_alto_config.rst:257
msgid "Enter '172.30.0.254/24' in the new line"
msgstr ""

#: ../../networking/palo_alto_config.rst:259
msgid "The IP can be any IP outside the CloudStack public IP range, but inside the CloudStack public range netmask (it can NOT be the gateway IP)"
msgstr ""

#: ../../networking/palo_alto_config.rst:262
msgid "The subnet defined by the CIDR should match the CloudStack public range netmask"
msgstr ""

#: ../../networking/palo_alto_config.rst:269
msgid "Commit configuration on the Palo Alto Networks Firewall"
msgstr ""

#: ../../networking/palo_alto_config.rst:271
msgid "In order for all the changes we just made to take effect, we need to commit the changes."
msgstr ""

#: ../../networking/palo_alto_config.rst:274
msgid "Click the 'Commit' link in the top right corner of the window"
msgstr ""

#: ../../networking/palo_alto_config.rst:276
msgid "Click 'OK' in the commit window overlay"
msgstr ""

#: ../../networking/palo_alto_config.rst:278
msgid "Click 'Close' to the resulting commit status window after the commit finishes"
msgstr ""

#: ../../networking/palo_alto_config.rst:284
msgid "Setup the Palo Alto Networks Firewall in CloudStack"
msgstr ""

#: ../../networking/palo_alto_config.rst:287
msgid "Add the Palo Alto Networks Firewall as a Service Provider"
msgstr ""

#: ../../networking/palo_alto_config.rst:289
msgid "Navigate to 'Infrastructure > Zones > ZONE_NAME > Physical Network > NETWORK_NAME (guest) > Configure; Network Service Providers'"
msgstr ""

#: ../../networking/palo_alto_config.rst:292
msgid "Click on 'Palo Alto' in the list"
msgstr ""

#: ../../networking/palo_alto_config.rst:294
msgid "Click 'View Devices'"
msgstr ""

#: ../../networking/palo_alto_config.rst:296
msgid "Click 'Add Palo Alto Device'"
msgstr ""

#: ../../networking/palo_alto_config.rst:298
msgid "Enter your configuration in the overlay.  This example will reflect the details previously used in this guide."
msgstr ""

#: ../../networking/palo_alto_config.rst:301
msgid "**IP Address**: (the IP of the Palo Alto Networks Firewall)"
msgstr ""

#: ../../networking/palo_alto_config.rst:303
msgid "**Username**: (the admin username for the firewall)"
msgstr ""

#: ../../networking/palo_alto_config.rst:305
msgid "**Password**: (the admin password for the firewall)"
msgstr ""

#: ../../networking/palo_alto_config.rst:307
msgid "**Type**: Palo Alto Firewall"
msgstr ""

#: ../../networking/palo_alto_config.rst:309
msgid "**Public Interface**: ethernet1/1 (use what you setup earlier as the public interface if it is different from my examples)"
msgstr ""

#: ../../networking/palo_alto_config.rst:312
msgid "**Private Interface**: ethernet1/2 (use what you setup earlier as the private interface if it is different from my examples)"
msgstr ""

#: ../../networking/palo_alto_config.rst:315
msgid "**Number of Retries**: 2 (the default is fine)"
msgstr ""

#: ../../networking/palo_alto_config.rst:317
msgid "**Timeout**: 300 (the default is fine)"
msgstr ""

#: ../../networking/palo_alto_config.rst:319
msgid "**Public Network**: untrust (this is the public zone on the firewall and did not need to be configured)"
msgstr ""

#: ../../networking/palo_alto_config.rst:322
msgid "**Private Network**: trust (this is the private zone on the firewall and did not need to be configured)"
msgstr ""

#: ../../networking/palo_alto_config.rst:325
msgid "**Virtual Router**: default (this is the name of the Virtual Router we setup on the firewall)"
msgstr ""

#: ../../networking/palo_alto_config.rst:328
msgid "**Palo Alto Threat Profile**: (not required.  name of the 'Security Profile Groups' to apply.  more details in the 'Additional Features' section)"
msgstr ""

#: ../../networking/palo_alto_config.rst:332
msgid "**Palo Alto Log Profile**: (not required.  name of the 'Log Forwarding' profile to apply.  more details in the 'Additional Features' section)"
msgstr ""

#: ../../networking/palo_alto_config.rst:335
msgid "**Capacity**: (not required)"
msgstr ""

#: ../../networking/palo_alto_config.rst:337
msgid "**Dedicated**: (not required)"
msgstr ""

#: ../../networking/palo_alto_config.rst:341
msgid "Click on 'Palo Alto' in the breadcrumbs to go back one screen."
msgstr ""

#: ../../networking/palo_alto_config.rst:343
msgid "Click on 'Enable Provider' |EnableDisableFeature.png|"
msgstr ""

#: ../../networking/palo_alto_config.rst:347
msgid "Add a Network Service Offering to use the new Provider"
msgstr ""

#: ../../networking/palo_alto_config.rst:349
msgid "There are 6 'Supported Services' that need to be configured in the network service offering for this functionality.  They are DHCP, DNS, Firewall, Source NAT, Static NAT and Port Forwarding.  For the other settings, there are probably additional configurations which will work, but I will just document a common case."
msgstr ""

#: ../../networking/palo_alto_config.rst:355
msgid "Navigate to 'Service Offerings'"
msgstr ""

#: ../../networking/palo_alto_config.rst:357
msgid "In the drop-down at the top, select 'Network Offerings'"
msgstr ""

#: ../../networking/palo_alto_config.rst:359
msgid "Click 'Add Network Offering'"
msgstr ""

#: ../../networking/palo_alto_config.rst:361
msgid "**Name**: (name it whatever you want)"
msgstr ""

#: ../../networking/palo_alto_config.rst:363
msgid "**Description**: (again, can be whatever you want)"
msgstr ""

#: ../../networking/palo_alto_config.rst:365
msgid "**Guest Type**: Isolated"
msgstr ""

#: ../../networking/palo_alto_config.rst:367
msgid "**Supported Services**:"
msgstr ""

#: ../../networking/palo_alto_config.rst:369
msgid "**DHCP**: Provided by 'VirtualRouter'"
msgstr ""

#: ../../networking/palo_alto_config.rst:371
msgid "**DNS**: Provided by 'VirtualRouter'"
msgstr ""

#: ../../networking/palo_alto_config.rst:373
msgid "**Firewall**: Provided by 'PaloAlto'"
msgstr ""

#: ../../networking/palo_alto_config.rst:375
msgid "**Source NAT**: Provided by 'PaloAlto'"
msgstr ""

#: ../../networking/palo_alto_config.rst:377
msgid "**Static NAT**: Provided by 'PaloAlto'"
msgstr ""

#: ../../networking/palo_alto_config.rst:379
msgid "**Port Forwarding**: Provided by 'PaloAlto'"
msgstr ""

#: ../../networking/palo_alto_config.rst:381
msgid "**System Offering for Router**: System Offering For Software Router"
msgstr ""

#: ../../networking/palo_alto_config.rst:383
msgid "**Supported Source NAT Type**: Per account (this is the only supported option)"
msgstr ""

#: ../../networking/palo_alto_config.rst:386
msgid "**Default egress policy**: (both 'Allow' and 'Deny' are supported)"
msgstr ""

#: ../../networking/palo_alto_config.rst:390
msgid "Click on the newly created service offering"
msgstr ""

#: ../../networking/palo_alto_config.rst:392
msgid "Click 'Enable network offering' |EnableDisableFeature.png|"
msgstr ""

#: ../../networking/palo_alto_config.rst:394
msgid "When adding networks in CloudStack, select this network offering to use the Palo Alto Networks firewall."
msgstr ""

#: ../../networking/palo_alto_config.rst:399
msgid "Additional Features"
msgstr ""

#: ../../networking/palo_alto_config.rst:401
msgid "In addition to the standard functionality exposed by CloudStack, we have added a couple additional features to this implementation.  We did not add any new screens to CloudStack, but we have added a couple fields to the 'Add Palo Alto Service Provider' screen which will add functionality globally for the device."
msgstr ""

#: ../../networking/palo_alto_config.rst:408
msgid "Palo Alto Networks Threat Profile"
msgstr ""

#: ../../networking/palo_alto_config.rst:410
msgid "This feature allows you to specify a 'Security Profile Group' to be applied to all of the firewall rules which are created on the Palo Alto Networks firewall device."
msgstr ""

#: ../../networking/palo_alto_config.rst:414
msgid "To create a 'Security Profile Group' on the Palo Alto Networks firewall, do the following:"
msgstr ""

#: ../../networking/palo_alto_config.rst:417
#: ../../networking/palo_alto_config.rst:446
msgid "Log into the Palo Alto Networks firewall"
msgstr ""

#: ../../networking/palo_alto_config.rst:419
msgid "Navigate to 'Objects > Security Profile Groups'"
msgstr ""

#: ../../networking/palo_alto_config.rst:421
msgid "Click 'Add' at the bottom of the page to add a new group"
msgstr ""

#: ../../networking/palo_alto_config.rst:423
msgid "Give the group a Name and specify the profiles you would like to include in the group"
msgstr ""

#: ../../networking/palo_alto_config.rst:428
#: ../../networking/palo_alto_config.rst:457
msgid "Click the 'Commit' link in the top right of the screen and follow the on screen instructions"
msgstr ""

#: ../../networking/palo_alto_config.rst:431
msgid "Once you have created a profile, you can reference it by Name in the 'Palo Alto Threat Profile' field in the 'Add the Palo Alto Networks Firewall as a Service Provider' step."
msgstr ""

#: ../../networking/palo_alto_config.rst:437
msgid "Palo Alto Networks Log Forwarding Profile"
msgstr ""

#: ../../networking/palo_alto_config.rst:439
msgid "This feature allows you to specify a 'Log Forwarding' profile to better manage where the firewall logs are sent to.  This is helpful for keeping track of issues that can arise on the firewall."
msgstr ""

#: ../../networking/palo_alto_config.rst:443
msgid "To create a 'Log Forwarding' profile on the Palo Alto Networks Firewall, do the following:"
msgstr ""

#: ../../networking/palo_alto_config.rst:448
msgid "Navigate to 'Objects > Log Forwarding'"
msgstr ""

#: ../../networking/palo_alto_config.rst:450
msgid "Click 'Add' at the bottom of the page to add a new profile"
msgstr ""

#: ../../networking/palo_alto_config.rst:452
msgid "Give the profile a Name and specify the details you want for the traffic and threat settings"
msgstr ""

#: ../../networking/palo_alto_config.rst:460
msgid "Once you have created a profile, you can reference it by Name in the 'Palo Alto Log Profile' field in the 'Add the Palo Alto Networks Firewall as a Service Provider' step."
msgstr ""

#: ../../networking/palo_alto_config.rst:469
msgid "The implementation currently only supports a single public IP range in CloudStack"
msgstr ""

#: ../../networking/palo_alto_config.rst:472
msgid "Usage tracking is not yet implemented"
msgstr ""