Cloud Concepts

The concepts below will help educate on a basic understanding of the Eucalyptus platform.

Eucalyptus Machine Images (EMIs)

Eucalyptus Machine Images (EMIs) are copies of a virtual machine bootable disk that are stored in a central repository (e.g., Walrus). An EMI is a template from which multiple, identical instances can be deployed. EMIs are the Eucalyptus equivalent to Amazon Machine Images (AMIs) and can be used interchangeably. EMIs can be images of Linux or Windows file systems.


An instance is a virtual machine running under the control of a hypervisor. Eucalyptus supports two types of instances: EC2-backed instances and EBS-backed instances. An EC2-backed instance always boots or reboots from a known baseline (a static EMI). Instances can be configured to automatically connect to storage and network resources based on the user’s credentials. Access to storage is controlled by IAM policies. Access to network resources is controlled by security groups.

Virtual Machine Types

Think of a virtual machine type as a container for an EMI. The virtual machine type defines the available resources (e.g., number of CPUs, memory size, disk capacity) when an EMI is deployed. Virtual machine types allow a single EMI to be deployed as instances with differing hardware resources. There are default sizes, but the administrator can modify they according to the needs of the cloud. At boot time the EMI is loaded into a container and becomes a running instance.

Public and Private IP Addresses

Instances are assigned an IP address when they boot which is used for internal cloud network communication. This is a private IP address and is all that the instance OS knows. Eucalyptus can also assign the instance a public IP address which would be used by outside entities. Whether or not the instance gets both a private and public IP address depends on the network mode Eucalyptus is configured in.

Elastic IP Addresses

Elastic IPs are nothing more than public IPs that a user reserves for a specific use. Those reserved IPs can be assigned to specific instances by a user in cases where an instance must be reachable at a well-known and specific address. These IPs would replace the Eucalyptus-assigned public IPs. Reserved IPs remain reserved even after instance termination.

Security Groups

Security groups are in essence a firewall or set of networking rules that are applied to all instances associated with a group. Security groups define access rules and can be configured based on application needs. Each security group is in its own subnet and perhaps even its own VLAN.

Identity and Access Management (IAM)

Identity and Access Management (IAM) is an authentication, authorization, and accounting system that:

  • Manages user identities
  • Enforces access controls over resources
  • Provides reporting on resource usage as a basis for auditing and managing cloud activities

Eucalyptus stores all of the identities and policies in the local Cloud Controller (CLC) database by default, and identity information can also be pulled from LDAP or Active Directory. The user identity organizational model and the scheme of authorizations are compatible with the AWS Identity and Access Management system With some Eucalyptus extensions that support a private cloud