From 544fa7ff1b7af279f535016c23c9b1d73027403a Mon Sep 17 00:00:00 2001
From: Alex Huang <alex@cloud.com>
Date: Wed, 29 Dec 2010 07:14:19 -0800
Subject: [PATCH] remote access vpn, user ip address changes

---
 .../computing/LibvirtComputingResource.java   |   4 +-
 .../agent/api/routing/IPAssocCommand.java     |   2 +-
 .../routing/LoadBalancerConfigCommand.java    |   2 +-
 ...ommand.java => NetworkElementCommand.java} |   4 +-
 .../api/routing/SetFirewallRulesCommand.java  |   2 +-
 .../SetPortForwardingRulesCommand.java        |   2 +-
 api/src/com/cloud/api/BaseCmd.java            |  42 +-
 .../com/cloud/api/commands/AddVpnUserCmd.java |  60 +-
 .../api/commands/AssociateIPAddrCmd.java      |   4 +-
 .../AuthorizeSecurityGroupIngressCmd.java     |   4 +-
 .../api/commands/CancelMaintenanceCmd.java    |   2 +-
 .../CancelPrimaryStorageMaintenanceCmd.java   |   4 +-
 .../commands/CreateIpForwardingRuleCmd.java   |   2 +-
 .../commands/CreateLoadBalancerRuleCmd.java   |   4 +-
 .../commands/CreatePortForwardingRuleCmd.java |   3 +-
 .../commands/CreateRemoteAccessVpnCmd.java    |  39 +-
 .../api/commands/CreateSecurityGroupCmd.java  |   2 +-
 .../cloud/api/commands/CreateSnapshotCmd.java |   4 +-
 .../api/commands/CreateSnapshotPolicyCmd.java |   2 +-
 .../api/commands/CreateStoragePoolCmd.java    |   2 +-
 .../cloud/api/commands/CreateVolumeCmd.java   |   6 +-
 .../cloud/api/commands/DeleteAccountCmd.java  |   2 +-
 .../com/cloud/api/commands/DeletePoolCmd.java |   2 +-
 .../commands/DeleteRemoteAccessVpnCmd.java    |  65 +-
 .../api/commands/DeleteSecurityGroupCmd.java  |   2 +-
 .../cloud/api/commands/DeleteSnapshotCmd.java |   2 +-
 .../commands/DeleteSnapshotPoliciesCmd.java   |   2 +-
 .../cloud/api/commands/DeleteVolumeCmd.java   |   2 +-
 .../com/cloud/api/commands/DeployVMCmd.java   |   6 +-
 .../api/commands/DestroyConsoleProxyCmd.java  |   4 +-
 .../cloud/api/commands/DisableAccountCmd.java |   2 +-
 .../cloud/api/commands/DisableUserCmd.java    |   2 +-
 .../api/commands/DisassociateIPAddrCmd.java   |   5 +-
 .../com/cloud/api/commands/ListIsosCmd.java   |   2 +-
 .../ListRecurringSnapshotScheduleCmd.java     |   2 +-
 .../api/commands/ListRemoteAccessVpnsCmd.java |  31 +-
 .../api/commands/ListSecurityGroupsCmd.java   |   2 +-
 .../api/commands/ListSnapshotPoliciesCmd.java |   2 +-
 .../cloud/api/commands/ListSnapshotsCmd.java  |   2 +-
 .../ListTemplateOrIsoPermissionsCmd.java      |   2 +-
 .../cloud/api/commands/ListTemplatesCmd.java  |   2 +-
 .../cloud/api/commands/ListVpnUsersCmd.java   |   2 +-
 .../commands/PrepareForMaintenanceCmd.java    |   2 +-
 ...reparePrimaryStorageForMaintenanceCmd.java |   4 +-
 .../cloud/api/commands/RebootSystemVmCmd.java |   2 +-
 .../cloud/api/commands/ReconnectHostCmd.java  |   2 +-
 .../cloud/api/commands/RemoveVpnUserCmd.java  |  23 +-
 .../cloud/api/commands/RestartNetworkCmd.java |   4 +-
 .../RevokeSecurityGroupIngressCmd.java        |   4 +-
 .../cloud/api/commands/StartSystemVMCmd.java  |   2 +-
 .../cloud/api/commands/StopSystemVmCmd.java   |   2 +-
 .../api/commands/UpdateStoragePoolCmd.java    |   2 +-
 .../api/response/RemoteAccessVpnResponse.java |  11 -
 api/src/com/cloud/network/IpAddress.java      |   5 +-
 api/src/com/cloud/network/NetworkService.java |  36 -
 .../com/cloud/network/PublicIpAddress.java    |   5 +-
 .../com/cloud/network/RemoteAccessVpn.java    |  22 +-
 api/src/com/cloud/network/VpnUser.java        |  13 +-
 .../network/vpn/RemoteAccessVpnElement.java   |  29 +
 .../network/vpn/RemoteAccessVpnService.java   |  20 +-
 api/src/com/cloud/resource/Resource.java      |   4 +-
 .../com/cloud/server/ManagementService.java   |   8 -
 api/src/com/cloud/user/Account.java           |   8 +-
 api/src/com/cloud/user/User.java              |   6 +-
 api/src/com/cloud/user/UserContext.java       |  12 +-
 .../agent/api/routing/DhcpEntryCommand.java   |   2 +-
 .../api/routing/LoadBalancerCfgCommand.java   |   2 +-
 .../routing/RemoteAccessVpnCfgCommand.java    |  14 +-
 .../api/routing/SavePasswordCommand.java      |   2 +-
 .../agent/api/routing/UserDataCommand.java    |   2 +-
 .../agent/api/routing/VmDataCommand.java      |   2 +-
 .../agent/api/routing/VpnUsersCfgCommand.java |  13 +-
 .../VirtualRoutingResource.java               |  12 +-
 core/src/com/cloud/event/UsageEventVO.java    |   7 +-
 .../xen/resource/CitrixResourceBase.java      |  16 +-
 core/src/com/cloud/network/VpnUserVO.java     |  45 +-
 core/src/com/cloud/user/AccountVO.java        |  29 +-
 core/src/com/cloud/user/UserVO.java           | 337 +++++----
 server/src/com/cloud/acl/DomainChecker.java   |  38 +-
 server/src/com/cloud/api/ApiDBUtils.java      |  18 +-
 server/src/com/cloud/api/ApiDispatcher.java   |  24 +-
 .../src/com/cloud/api/ApiResponseHelper.java  |  33 +-
 server/src/com/cloud/api/ApiServer.java       |  41 +-
 server/src/com/cloud/api/ApiServlet.java      |   2 +-
 .../async/executor/DisableUserExecutor.java   |  16 +-
 .../DisassociateIpAddressExecutor.java        | 112 ---
 .../ConfigurationManagerImpl.java             |  30 +-
 .../DefaultComponentLibrary.java              |   4 +-
 .../migration/Db20to21MigrationUtil.java      |   2 +-
 server/src/com/cloud/network/IPAddressVO.java |  23 +-
 .../src/com/cloud/network/NetworkManager.java |   9 +-
 .../com/cloud/network/NetworkManagerImpl.java | 464 ++----------
 .../com/cloud/network/RemoteAccessVpnVO.java  |  87 +--
 .../src/com/cloud/network/addr/PublicIp.java  |  43 +-
 .../com/cloud/network/dao/IPAddressDao.java   |   7 +-
 .../cloud/network/dao/IPAddressDaoImpl.java   |  13 +-
 .../cloud/network/dao/RemoteAccessVpnDao.java |   5 +-
 .../network/dao/RemoteAccessVpnDaoImpl.java   |  34 +-
 .../com/cloud/network/dao/VpnUserDaoImpl.java |   5 +-
 .../cloud/network/guru/DirectNetworkGuru.java |   2 +-
 .../cloud/network/guru/PublicNetworkGuru.java |   7 +-
 .../lb/LoadBalancingRulesManagerImpl.java     |  22 +-
 .../VirtualNetworkApplianceManagerImpl.java   | 225 +++---
 .../cloud/network/rules/FirewallRuleVO.java   |   4 +
 .../com/cloud/network/rules/RulesManager.java |   2 +
 .../cloud/network/rules/RulesManagerImpl.java | 712 ++----------------
 .../security/SecurityGroupManagerImpl.java    |  12 +-
 .../dao/SecurityGroupVMMapDaoImpl.java        |   2 +-
 .../vpn/RemoteAccessVpnManagerImpl.java       | 524 +++++++++++++
 .../com/cloud/server/ManagementServer.java    |  14 -
 .../cloud/server/ManagementServerImpl.java    | 247 +-----
 .../cloud/servlet/ConsoleProxyServlet.java    |  79 +-
 .../com/cloud/storage/StorageManagerImpl.java |  14 +-
 .../allocator/LocalStoragePoolAllocator.java  |   2 +-
 .../storage/dao/DiskOfferingDaoImpl.java      |   4 +-
 .../cloud/storage/dao/StoragePoolDaoImpl.java |   2 +-
 .../com/cloud/storage/dao/VolumeDaoImpl.java  |   4 +-
 .../dao/PreallocatedLunDaoImpl.java           |   6 +-
 .../SecondaryStorageManagerImpl.java          |   3 +-
 .../storage/snapshot/SnapshotManagerImpl.java |   8 +-
 .../cloud/template/TemplateManagerImpl.java   |  38 +-
 .../com/cloud/user/AccountManagerImpl.java    |  60 +-
 .../com/cloud/user/dao/AccountDaoImpl.java    |  22 +-
 .../src/com/cloud/user/dao/UserDaoImpl.java   |   5 +-
 .../src/com/cloud/vm/UserVmManagerImpl.java   |  55 +-
 server/src/com/cloud/vm/dao/NicDao.java       |   2 +
 server/src/com/cloud/vm/dao/NicDaoImpl.java   |   9 +-
 setup/db/create-index-fk.sql                  |   9 -
 setup/db/create-schema.sql                    |  26 +-
 .../src/com/cloud/utils/SerialVersionUID.java |   1 +
 utils/src/com/cloud/utils/db/GenericDao.java  |   2 +-
 .../com/cloud/utils/db/GenericDaoBase.java    |   4 +-
 utils/src/com/cloud/utils/net/Ip.java         |  13 +-
 utils/src/com/cloud/utils/net/NetUtils.java   |  12 +-
 134 files changed, 1752 insertions(+), 2459 deletions(-)
 rename api/src/com/cloud/agent/api/routing/{RoutingCommand.java => NetworkElementCommand.java} (93%)
 create mode 100644 api/src/com/cloud/network/vpn/RemoteAccessVpnElement.java
 delete mode 100644 server/src/com/cloud/async/executor/DisassociateIpAddressExecutor.java
 create mode 100644 server/src/com/cloud/network/vpn/RemoteAccessVpnManagerImpl.java

diff --git a/agent/src/com/cloud/agent/resource/computing/LibvirtComputingResource.java b/agent/src/com/cloud/agent/resource/computing/LibvirtComputingResource.java
index 5c44d087b1c..c824f2233ae 100644
--- a/agent/src/com/cloud/agent/resource/computing/LibvirtComputingResource.java
+++ b/agent/src/com/cloud/agent/resource/computing/LibvirtComputingResource.java
@@ -134,7 +134,7 @@ import com.cloud.agent.api.check.CheckSshCommand;
 import com.cloud.agent.api.proxy.CheckConsoleProxyLoadCommand;
 import com.cloud.agent.api.proxy.ConsoleProxyLoadAnswer;
 import com.cloud.agent.api.proxy.WatchConsoleProxyLoadCommand;
-import com.cloud.agent.api.routing.RoutingCommand;
+import com.cloud.agent.api.routing.NetworkElementCommand;
 import com.cloud.agent.api.storage.CreateAnswer;
 import com.cloud.agent.api.storage.CreateCommand;
 import com.cloud.agent.api.storage.CreatePrivateTemplateAnswer;
@@ -1109,7 +1109,7 @@ public class LibvirtComputingResource extends ServerResourceBase implements Serv
             	return execute((FenceCommand) cmd);
             } else if (cmd instanceof StartCommand ) {
             	return execute((StartCommand) cmd);
-            } else if (cmd instanceof RoutingCommand) {
+            } else if (cmd instanceof NetworkElementCommand) {
             	return _virtRouterResource.executeRequest(cmd);
             } else if (cmd instanceof CheckSshCommand) {
             	return execute((CheckSshCommand) cmd);
diff --git a/api/src/com/cloud/agent/api/routing/IPAssocCommand.java b/api/src/com/cloud/agent/api/routing/IPAssocCommand.java
index e1608746a24..6def0b42661 100644
--- a/api/src/com/cloud/agent/api/routing/IPAssocCommand.java
+++ b/api/src/com/cloud/agent/api/routing/IPAssocCommand.java
@@ -24,7 +24,7 @@ import com.cloud.agent.api.to.IpAddressTO;
  * @author alena
  *
  */
-public class IPAssocCommand extends RoutingCommand {
+public class IPAssocCommand extends NetworkElementCommand {
     
 	IpAddressTO[] ipAddresses;
 
diff --git a/api/src/com/cloud/agent/api/routing/LoadBalancerConfigCommand.java b/api/src/com/cloud/agent/api/routing/LoadBalancerConfigCommand.java
index ae868061404..e1078227cec 100644
--- a/api/src/com/cloud/agent/api/routing/LoadBalancerConfigCommand.java
+++ b/api/src/com/cloud/agent/api/routing/LoadBalancerConfigCommand.java
@@ -23,7 +23,7 @@ import com.cloud.agent.api.to.LoadBalancerTO;
  * LoadBalancerConfigCommand sends the load balancer configuration
  * to the load balancer.  Isn't that kinda obvious?
  */
-public class LoadBalancerConfigCommand extends RoutingCommand {
+public class LoadBalancerConfigCommand extends NetworkElementCommand {
     LoadBalancerTO[] loadBalancers;
     
     public LoadBalancerConfigCommand( LoadBalancerTO[] loadBalancers) {
diff --git a/api/src/com/cloud/agent/api/routing/RoutingCommand.java b/api/src/com/cloud/agent/api/routing/NetworkElementCommand.java
similarity index 93%
rename from api/src/com/cloud/agent/api/routing/RoutingCommand.java
rename to api/src/com/cloud/agent/api/routing/NetworkElementCommand.java
index 8cd18152514..a42d725b76e 100644
--- a/api/src/com/cloud/agent/api/routing/RoutingCommand.java
+++ b/api/src/com/cloud/agent/api/routing/NetworkElementCommand.java
@@ -21,13 +21,13 @@ import java.util.HashMap;
 
 import com.cloud.agent.api.Command;
 
-public abstract class RoutingCommand extends Command {
+public abstract class NetworkElementCommand extends Command {
     HashMap<String, String> accessDetails = new HashMap<String, String>(0);
     
     public static final String ROUTER_NAME = "router.name";
     public static final String ROUTER_IP = "router.ip";
     
-    protected RoutingCommand() {
+    protected NetworkElementCommand() {
         super();
     }
     
diff --git a/api/src/com/cloud/agent/api/routing/SetFirewallRulesCommand.java b/api/src/com/cloud/agent/api/routing/SetFirewallRulesCommand.java
index 56d5c1d1a81..3a48e3ffd15 100644
--- a/api/src/com/cloud/agent/api/routing/SetFirewallRulesCommand.java
+++ b/api/src/com/cloud/agent/api/routing/SetFirewallRulesCommand.java
@@ -27,7 +27,7 @@ import com.cloud.agent.api.to.FirewallRuleTO;
  * AccessDetails allow different components to put in information about
  * how to access the components inside the command.
  */
-public class SetFirewallRulesCommand extends RoutingCommand {
+public class SetFirewallRulesCommand extends NetworkElementCommand {
     FirewallRuleTO[] rules;
 
     protected SetFirewallRulesCommand() {
diff --git a/api/src/com/cloud/agent/api/routing/SetPortForwardingRulesCommand.java b/api/src/com/cloud/agent/api/routing/SetPortForwardingRulesCommand.java
index 6ba10555342..86074984326 100644
--- a/api/src/com/cloud/agent/api/routing/SetPortForwardingRulesCommand.java
+++ b/api/src/com/cloud/agent/api/routing/SetPortForwardingRulesCommand.java
@@ -22,7 +22,7 @@ import java.util.List;
 import com.cloud.agent.api.to.PortForwardingRuleTO;
 import com.cloud.network.rules.PortForwardingRule;
 
-public class SetPortForwardingRulesCommand extends RoutingCommand {
+public class SetPortForwardingRulesCommand extends NetworkElementCommand {
     PortForwardingRuleTO[] rules;
 
     protected SetPortForwardingRulesCommand() {
diff --git a/api/src/com/cloud/api/BaseCmd.java b/api/src/com/cloud/api/BaseCmd.java
index 195e4998240..3265fa5a8aa 100755
--- a/api/src/com/cloud/api/BaseCmd.java
+++ b/api/src/com/cloud/api/BaseCmd.java
@@ -32,13 +32,16 @@ import com.cloud.consoleproxy.ConsoleProxyService;
 import com.cloud.dao.EntityManager;
 import com.cloud.exception.ConcurrentOperationException;
 import com.cloud.exception.InsufficientCapacityException;
+import com.cloud.exception.InvalidParameterValueException;
+import com.cloud.exception.PermissionDeniedException;
 import com.cloud.exception.ResourceAllocationException;
 import com.cloud.exception.ResourceUnavailableException;
-import com.cloud.network.VirtualNetworkApplianceService;
 import com.cloud.network.NetworkService;
+import com.cloud.network.VirtualNetworkApplianceService;
 import com.cloud.network.lb.LoadBalancingRulesService;
 import com.cloud.network.rules.RulesService;
 import com.cloud.network.security.SecurityGroupService;
+import com.cloud.network.vpn.RemoteAccessVpnService;
 import com.cloud.resource.ResourceService;
 import com.cloud.server.ManagementService;
 import com.cloud.storage.StorageService;
@@ -46,6 +49,7 @@ import com.cloud.storage.snapshot.SnapshotService;
 import com.cloud.template.TemplateService;
 import com.cloud.user.Account;
 import com.cloud.user.AccountService;
+import com.cloud.user.UserContext;
 import com.cloud.utils.Pair;
 import com.cloud.utils.component.ComponentLocator;
 import com.cloud.vm.UserVmService;
@@ -92,18 +96,19 @@ public abstract class BaseCmd {
     public static AccountService _accountService;
     public static UserVmService _userVmService;
     public static ManagementService _mgr;
-    public static StorageService _storageMgr;
+    public static StorageService _storageService;
     public static ResourceService _resourceService;
     public static NetworkService _networkService;
     public static TemplateService _templateService;
-    public static SecurityGroupService _securityGroupMgr;
-    public static SnapshotService _snapshotMgr;
-    public static ConsoleProxyService _consoleProxyMgr;
+    public static SecurityGroupService _securityGroupService;
+    public static SnapshotService _snapshotService;
+    public static ConsoleProxyService _consoleProxyService;
     public static VirtualNetworkApplianceService _routerService;
     public static ResponseGenerator _responseGenerator;
     public static EntityManager _entityMgr;
     public static RulesService _rulesService;
     public static LoadBalancingRulesService _lbService;
+    public static RemoteAccessVpnService _ravService;
    
     
     static void setComponents(ResponseGenerator generator) {
@@ -112,17 +117,18 @@ public abstract class BaseCmd {
         _accountService = locator.getManager(AccountService.class);
         _configService = locator.getManager(ConfigurationService.class);
         _userVmService = locator.getManager(UserVmService.class);
-        _storageMgr = locator.getManager(StorageService.class);
+        _storageService = locator.getManager(StorageService.class);
         _resourceService = locator.getManager(ResourceService.class);
         _networkService = locator.getManager(NetworkService.class);
         _templateService = locator.getManager(TemplateService.class);
-        _securityGroupMgr = locator.getManager(SecurityGroupService.class);
-        _snapshotMgr = locator.getManager(SnapshotService.class);
-        _consoleProxyMgr = locator.getManager(ConsoleProxyService.class);
+        _securityGroupService = locator.getManager(SecurityGroupService.class);
+        _snapshotService = locator.getManager(SnapshotService.class);
+        _consoleProxyService = locator.getManager(ConsoleProxyService.class);
         _routerService = locator.getManager(VirtualNetworkApplianceService.class);
         _entityMgr = locator.getManager(EntityManager.class);
         _rulesService = locator.getManager(RulesService.class);
         _lbService = locator.getManager(LoadBalancingRulesService.class);
+        _ravService = locator.getManager(RemoteAccessVpnService.class);
         _responseGenerator = generator;
     }
     
@@ -160,6 +166,22 @@ public abstract class BaseCmd {
         return formattedString;
     }
 
+    protected Account getValidOwner(String accountName, Long domainId) {
+        Account owner = null;
+        if (accountName != null) {
+            owner = _responseGenerator.findAccountByNameDomain(accountName, domainId);
+        } else {
+            owner = UserContext.current().getCaller();
+        }
+        if (owner == null) {
+            throw new InvalidParameterValueException("Invalid value for owner specified: " + accountName);
+        }
+        if (owner.getState() == Account.State.Disabled || owner.getState() == Account.State.Locked) {
+            throw new PermissionDeniedException("Account disabled.");
+        }
+        return owner;
+    }
+    
     public Map<String, Object> validateParams(Map<String, String> params, boolean decode) {
 //        List<Pair<Enum, Boolean>> properties = getProperties();
 
@@ -253,7 +275,7 @@ public abstract class BaseCmd {
         return validatedParams;
         */
     }
-
+    
     private Map<String, Object> lowercaseParams(Map<String, String> params, boolean decode) {
         Map<String, Object> lowercaseParams = new HashMap<String, Object>();
         for (String key : params.keySet()) {
diff --git a/api/src/com/cloud/api/commands/AddVpnUserCmd.java b/api/src/com/cloud/api/commands/AddVpnUserCmd.java
index 46a00821520..da7c94e1b12 100644
--- a/api/src/com/cloud/api/commands/AddVpnUserCmd.java
+++ b/api/src/com/cloud/api/commands/AddVpnUserCmd.java
@@ -20,7 +20,7 @@ package com.cloud.api.commands;
 
 import org.apache.log4j.Logger;
 
-import com.cloud.api.BaseAsyncCmd;
+import com.cloud.api.BaseAsyncCreateCmd;
 import com.cloud.api.BaseCmd;
 import com.cloud.api.Implementation;
 import com.cloud.api.Parameter;
@@ -28,13 +28,12 @@ import com.cloud.api.ServerApiException;
 import com.cloud.api.response.VpnUsersResponse;
 import com.cloud.domain.Domain;
 import com.cloud.event.EventTypes;
-import com.cloud.exception.ConcurrentOperationException;
 import com.cloud.network.VpnUser;
 import com.cloud.user.Account;
 import com.cloud.user.UserContext;
 
 @Implementation(description="Adds vpn users", responseObject=VpnUsersResponse.class)
-public class AddVpnUserCmd extends BaseAsyncCmd {
+public class AddVpnUserCmd extends BaseAsyncCreateCmd {
     public static final Logger s_logger = Logger.getLogger(AddVpnUserCmd.class.getName());
 
     private static final String s_name = "addvpnuserresponse";
@@ -94,7 +93,7 @@ public class AddVpnUserCmd extends BaseAsyncCmd {
 
 	@Override
 	public long getEntityOwnerId() {
-		Account account = UserContext.current().getAccount();
+		Account account = UserContext.current().getCaller();
         if ((account == null) || isAdmin(account.getType())) {
             if ((domainId != null) && (accountName != null)) {
                 Account userAccount = _responseGenerator.findAccountByNameDomain(accountName, domainId);
@@ -125,29 +124,38 @@ public class AddVpnUserCmd extends BaseAsyncCmd {
 
     @Override
     public void execute(){
-        try {
-            VpnUser vpnUser = _networkService.addVpnUser(this);
-            if (vpnUser != null) {
-                VpnUsersResponse vpnResponse = new VpnUsersResponse();
-                vpnResponse.setId(vpnUser.getId());
-                vpnResponse.setUserName(vpnUser.getUsername());
-                vpnResponse.setAccountName(vpnUser.getAccountName());
-                
-                Account accountTemp = _entityMgr.findById(Account.class, vpnUser.getAccountId());
-                if (accountTemp != null) {
-                    vpnResponse.setDomainId(accountTemp.getDomainId());
-                    vpnResponse.setDomainName(_entityMgr.findById(Domain.class, accountTemp.getDomainId()).getName());
-                }
-                
-                vpnResponse.setResponseName(getCommandName());
-                vpnResponse.setObjectName("vpnuser");
-                this.setResponseObject(vpnResponse);
-            } else {
+            VpnUser vpnUser = _entityMgr.findById(VpnUser.class, getEntityId());
+            Account account = _entityMgr.findById(Account.class, vpnUser.getAccountId());
+            if (!_ravService.applyVpnUsers(vpnUser.getAccountId())) {
                 throw new ServerApiException(BaseCmd.INTERNAL_ERROR, "Failed to add vpn user");
             }
-        } catch (ConcurrentOperationException ex) {
-            s_logger.warn("Exception: ", ex);
-            throw new ServerApiException(BaseCmd.INTERNAL_ERROR, ex.getMessage());
-        } 
+            
+            VpnUsersResponse vpnResponse = new VpnUsersResponse();
+            vpnResponse.setId(vpnUser.getId());
+            vpnResponse.setUserName(vpnUser.getUsername());
+            vpnResponse.setAccountName(account.getAccountName());
+            
+            vpnResponse.setDomainId(account.getDomainId());
+            vpnResponse.setDomainName(_entityMgr.findById(Domain.class, account.getDomainId()).getName());
+            
+            vpnResponse.setResponseName(getCommandName());
+            vpnResponse.setObjectName("vpnuser");
+            this.setResponseObject(vpnResponse);
+    }
+
+    @Override
+    public void create() {
+        Account owner = null;
+        if (accountName != null) {
+            owner = _responseGenerator.findAccountByNameDomain(accountName, domainId);
+        } else {
+            owner = UserContext.current().getCaller();
+        }
+        
+        VpnUser vpnUser = _ravService.addVpnUser(owner.getId(), userName, password);
+        if (vpnUser == null) {
+            throw new ServerApiException(BaseCmd.INTERNAL_ERROR, "Failed to add vpn user");
+        }
+        setEntityId(vpnUser.getId());
     }	
 }
diff --git a/api/src/com/cloud/api/commands/AssociateIPAddrCmd.java b/api/src/com/cloud/api/commands/AssociateIPAddrCmd.java
index d86a2c48aa8..725d3065497 100644
--- a/api/src/com/cloud/api/commands/AssociateIPAddrCmd.java
+++ b/api/src/com/cloud/api/commands/AssociateIPAddrCmd.java
@@ -67,14 +67,14 @@ public class AssociateIPAddrCmd extends BaseCmd {
         if (accountName != null) { 
             return accountName;
         }
-        return UserContext.current().getAccount().getAccountName();
+        return UserContext.current().getCaller().getAccountName();
     }
 
     public long getDomainId() {
         if (domainId != null) {
             return domainId;
         }
-        return UserContext.current().getAccount().getDomainId();
+        return UserContext.current().getCaller().getDomainId();
     }
 
     public long getZoneId() {
diff --git a/api/src/com/cloud/api/commands/AuthorizeSecurityGroupIngressCmd.java b/api/src/com/cloud/api/commands/AuthorizeSecurityGroupIngressCmd.java
index 057e268404c..008f4fe8a0d 100644
--- a/api/src/com/cloud/api/commands/AuthorizeSecurityGroupIngressCmd.java
+++ b/api/src/com/cloud/api/commands/AuthorizeSecurityGroupIngressCmd.java
@@ -154,7 +154,7 @@ public class AuthorizeSecurityGroupIngressCmd extends BaseAsyncCmd {
 
     @Override
     public long getEntityOwnerId() {
-        Account account = UserContext.current().getAccount();
+        Account account = UserContext.current().getCaller();
         if ((account == null) || isAdmin(account.getType())) {
             if ((domainId != null) && (accountName != null)) {
                 Account userAccount = _responseGenerator.findAccountByNameDomain(accountName, domainId);
@@ -207,7 +207,7 @@ public class AuthorizeSecurityGroupIngressCmd extends BaseAsyncCmd {
 	
     @Override
     public void execute(){
-        List<? extends IngressRule> ingressRules = _securityGroupMgr.authorizeSecurityGroupIngress(this);
+        List<? extends IngressRule> ingressRules = _securityGroupService.authorizeSecurityGroupIngress(this);
         if (ingressRules != null && ! ingressRules.isEmpty()) {
         SecurityGroupResponse response = _responseGenerator.createSecurityGroupResponseFromIngressRule(ingressRules);
             this.setResponseObject(response);
diff --git a/api/src/com/cloud/api/commands/CancelMaintenanceCmd.java b/api/src/com/cloud/api/commands/CancelMaintenanceCmd.java
index 835b8de05a2..58f4cbb6c33 100644
--- a/api/src/com/cloud/api/commands/CancelMaintenanceCmd.java
+++ b/api/src/com/cloud/api/commands/CancelMaintenanceCmd.java
@@ -71,7 +71,7 @@ public class CancelMaintenanceCmd extends BaseAsyncCmd  {
 
     @Override
     public long getEntityOwnerId() {
-        Account account = UserContext.current().getAccount();
+        Account account = UserContext.current().getCaller();
         if (account != null) {
             return account.getId();
         }
diff --git a/api/src/com/cloud/api/commands/CancelPrimaryStorageMaintenanceCmd.java b/api/src/com/cloud/api/commands/CancelPrimaryStorageMaintenanceCmd.java
index 5cf83de9399..6aa996c40e5 100644
--- a/api/src/com/cloud/api/commands/CancelPrimaryStorageMaintenanceCmd.java
+++ b/api/src/com/cloud/api/commands/CancelPrimaryStorageMaintenanceCmd.java
@@ -79,7 +79,7 @@ public class CancelPrimaryStorageMaintenanceCmd extends BaseAsyncCmd {
 
     @Override
     public long getEntityOwnerId() {
-        Account account = UserContext.current().getAccount();
+        Account account = UserContext.current().getCaller();
         if (account != null) {
             return account.getId();
         }
@@ -99,7 +99,7 @@ public class CancelPrimaryStorageMaintenanceCmd extends BaseAsyncCmd {
 	
     @Override
     public void execute(){
-        StoragePool result = _storageMgr.cancelPrimaryStorageForMaintenance(this);
+        StoragePool result = _storageService.cancelPrimaryStorageForMaintenance(this);
         if (result != null) {
             StoragePoolResponse response = _responseGenerator.createStoragePoolResponse(result);
             response.setResponseName(getCommandName());
diff --git a/api/src/com/cloud/api/commands/CreateIpForwardingRuleCmd.java b/api/src/com/cloud/api/commands/CreateIpForwardingRuleCmd.java
index 5bee10c9aa9..94534f99e48 100644
--- a/api/src/com/cloud/api/commands/CreateIpForwardingRuleCmd.java
+++ b/api/src/com/cloud/api/commands/CreateIpForwardingRuleCmd.java
@@ -77,7 +77,7 @@ public class CreateIpForwardingRuleCmd extends BaseAsyncCreateCmd implements Por
     public void execute(){ 
         boolean result;
         try {
-            result = _rulesService.applyPortForwardingRules(new Ip(ipAddress), UserContext.current().getAccount());
+            result = _rulesService.applyPortForwardingRules(new Ip(ipAddress), UserContext.current().getCaller());
         } catch (Exception e) {
             s_logger.error("Unable to apply port forwarding rules", e);
             _rulesService.revokePortForwardingRule(getEntityId(), true);
diff --git a/api/src/com/cloud/api/commands/CreateLoadBalancerRuleCmd.java b/api/src/com/cloud/api/commands/CreateLoadBalancerRuleCmd.java
index 3cfd62f8ca5..40749548c5e 100644
--- a/api/src/com/cloud/api/commands/CreateLoadBalancerRuleCmd.java
+++ b/api/src/com/cloud/api/commands/CreateLoadBalancerRuleCmd.java
@@ -166,12 +166,12 @@ public class CreateLoadBalancerRuleCmd extends BaseCmd  implements LoadBalancer
 
     @Override
     public long getAccountId() {
-        return UserContext.current().getAccount().getId();
+        return UserContext.current().getCaller().getId();
     }
 
     @Override
     public long getDomainId() {
-        return UserContext.current().getAccount().getDomainId();
+        return UserContext.current().getCaller().getDomainId();
     }
 
     @Override
diff --git a/api/src/com/cloud/api/commands/CreatePortForwardingRuleCmd.java b/api/src/com/cloud/api/commands/CreatePortForwardingRuleCmd.java
index 7598ea259a8..ba76dd62b81 100644
--- a/api/src/com/cloud/api/commands/CreatePortForwardingRuleCmd.java
+++ b/api/src/com/cloud/api/commands/CreatePortForwardingRuleCmd.java
@@ -102,7 +102,7 @@ public class CreatePortForwardingRuleCmd extends BaseAsyncCreateCmd  implements
         boolean success = false;
         PortForwardingRule rule = _entityMgr.findById(PortForwardingRule.class, getEntityId());
         try {
-            success = _rulesService.applyPortForwardingRules(rule.getSourceIpAddress(), callerContext.getAccount());
+            success = _rulesService.applyPortForwardingRules(rule.getSourceIpAddress(), callerContext.getCaller());
         }  finally {
             if (!success) {
                 _rulesService.revokePortForwardingRule(getEntityId(), true);
@@ -186,6 +186,7 @@ public class CreatePortForwardingRuleCmd extends BaseAsyncCreateCmd  implements
             setEntityId(result.getId());
         } catch (NetworkRuleConflictException ex) {
             s_logger.info("Network rule conflict: " + ex.getMessage());
+            s_logger.trace("Network Rule Conflict: ", ex);
             throw new ServerApiException(BaseCmd.NETWORK_RULE_CONFLICT_ERROR, ex.getMessage());
         }
     }
diff --git a/api/src/com/cloud/api/commands/CreateRemoteAccessVpnCmd.java b/api/src/com/cloud/api/commands/CreateRemoteAccessVpnCmd.java
index ecdaab58b87..c645909d68b 100644
--- a/api/src/com/cloud/api/commands/CreateRemoteAccessVpnCmd.java
+++ b/api/src/com/cloud/api/commands/CreateRemoteAccessVpnCmd.java
@@ -29,10 +29,12 @@ import com.cloud.api.response.RemoteAccessVpnResponse;
 import com.cloud.domain.Domain;
 import com.cloud.event.EventTypes;
 import com.cloud.exception.ConcurrentOperationException;
+import com.cloud.exception.NetworkRuleConflictException;
 import com.cloud.exception.ResourceUnavailableException;
 import com.cloud.network.RemoteAccessVpn;
 import com.cloud.user.Account;
 import com.cloud.user.UserContext;
+import com.cloud.utils.net.Ip;
 
 @Implementation(description="Creates a l2tp/ipsec remote access vpn", responseObject=RemoteAccessVpnResponse.class)
 public class CreateRemoteAccessVpnCmd extends BaseAsyncCreateCmd {
@@ -43,10 +45,7 @@ public class CreateRemoteAccessVpnCmd extends BaseAsyncCreateCmd {
     /////////////////////////////////////////////////////
     //////////////// API parameters /////////////////////
     /////////////////////////////////////////////////////
-    @Parameter(name="zoneid", type=CommandType.LONG, required=true, description="zone id where the vpn server needs to be created")
-    private Long zoneId;
-    
-    @Parameter(name="publicip", type=CommandType.STRING, required=false, description="public ip address of the vpn server")
+    @Parameter(name="publicip", type=CommandType.STRING, required=true, description="public ip address of the vpn server")
     private String publicIp;
 
     @Parameter(name="iprange", type=CommandType.STRING, required=false, description="the range of ip addresses to allocate to vpn clients. The first ip in the range will be taken by the vpn server")
@@ -86,13 +85,6 @@ public class CreateRemoteAccessVpnCmd extends BaseAsyncCreateCmd {
 		this.ipRange = ipRange;
 	}
 	
-	public void setZoneId(Long zoneId) {
-		this.zoneId = zoneId;
-	}
-
-	public Long getZoneId() {
-		return zoneId;
-	}
     /////////////////////////////////////////////////////
     /////////////// API Implementation///////////////////
     /////////////////////////////////////////////////////
@@ -106,7 +98,7 @@ public class CreateRemoteAccessVpnCmd extends BaseAsyncCreateCmd {
 
 	@Override
 	public long getEntityOwnerId() {
-		Account account = UserContext.current().getAccount();
+		Account account = UserContext.current().getCaller();
         if ((account == null) || isAdmin(account.getType())) {
             if ((domainId != null) && (accountName != null)) {
                 Account userAccount = _responseGenerator.findAccountByNameDomain(accountName, domainId);
@@ -125,7 +117,7 @@ public class CreateRemoteAccessVpnCmd extends BaseAsyncCreateCmd {
 
 	@Override
 	public String getEventDescription() {
-		return "Create Remote Access VPN for account " + getEntityOwnerId() + " in zone " + getZoneId();
+		return "Create Remote Access VPN for account " + getEntityOwnerId() + " using public " + publicIp;
 	}
 
 	@Override
@@ -134,29 +126,30 @@ public class CreateRemoteAccessVpnCmd extends BaseAsyncCreateCmd {
 	}
 	
     @Override
-    public void create(){
+    public void create() {
         try {
-            RemoteAccessVpn vpn = _networkService.createRemoteAccessVpn(this);
+            RemoteAccessVpn vpn = _ravService.createRemoteAccessVpn(new Ip(publicIp), ipRange);
             if (vpn != null) {
-                this.setEntityId(vpn.getId());
+                this.setEntityId(vpn.getServerAddress().longValue());
             } else {
                 throw new ServerApiException(BaseCmd.INTERNAL_ERROR, "Failed to create remote access vpn");
             }
-        } catch (ConcurrentOperationException ex) {
-            throw new ServerApiException(BaseCmd.INTERNAL_ERROR, ex.getMessage());
-        } 
+        } catch (NetworkRuleConflictException e) {
+            s_logger.info("Network rule conflict: " + e.getMessage());
+            s_logger.trace("Network Rule Conflict: ", e);
+            throw new ServerApiException(BaseCmd.NETWORK_RULE_CONFLICT_ERROR, e.getMessage());
+        }
     }
 
     @Override
     public void execute(){
         try {
-            RemoteAccessVpn result = _networkService.startRemoteAccessVpn(this);
+            RemoteAccessVpn result = _ravService.startRemoteAccessVpn(new Ip(getEntityId()));
             if (result != null) {
                 RemoteAccessVpnResponse response = new RemoteAccessVpnResponse();
-                response.setId(result.getId());
-                response.setPublicIp(result.getVpnServerAddress());
+                response.setPublicIp(result.getServerAddress().toString());
                 response.setIpRange(result.getIpRange());
-                response.setAccountName(result.getAccountName());
+                response.setAccountName(_entityMgr.findById(Account.class, result.getAccountId()).getAccountName());
                 response.setDomainId(result.getDomainId());
                 response.setDomainName(_entityMgr.findById(Domain.class, result.getDomainId()).getName());
                 response.setObjectName("remoteaccessvpn");
diff --git a/api/src/com/cloud/api/commands/CreateSecurityGroupCmd.java b/api/src/com/cloud/api/commands/CreateSecurityGroupCmd.java
index 6191b104245..faf271c0a62 100644
--- a/api/src/com/cloud/api/commands/CreateSecurityGroupCmd.java
+++ b/api/src/com/cloud/api/commands/CreateSecurityGroupCmd.java
@@ -83,7 +83,7 @@ public class CreateSecurityGroupCmd extends BaseCmd {
     
     @Override
     public void execute(){
-        SecurityGroup group = _securityGroupMgr.createSecurityGroup(this);
+        SecurityGroup group = _securityGroupService.createSecurityGroup(this);
         if (group != null) {
             SecurityGroupResponse response = _responseGenerator.createSecurityGroupResponse(group);
             response.setResponseName(getCommandName());
diff --git a/api/src/com/cloud/api/commands/CreateSnapshotCmd.java b/api/src/com/cloud/api/commands/CreateSnapshotCmd.java
index d13e32dee6e..b04f6ed126c 100644
--- a/api/src/com/cloud/api/commands/CreateSnapshotCmd.java
+++ b/api/src/com/cloud/api/commands/CreateSnapshotCmd.java
@@ -120,14 +120,14 @@ public class CreateSnapshotCmd extends BaseAsyncCreateCmd {
     
     @Override
     public void create(){
-        long id = _snapshotMgr.getNextInSequence(this);
+        long id = _snapshotService.getNextInSequence(this);
         this.setEntityId(id);
     }
     
     @Override
     public void execute(){
         try {
-            Snapshot snapshot = _snapshotMgr.createSnapshot(this);
+            Snapshot snapshot = _snapshotService.createSnapshot(this);
             if (snapshot != null) {
                 SnapshotResponse response = _responseGenerator.createSnapshotResponse(snapshot);
                 response.setResponseName(getCommandName());
diff --git a/api/src/com/cloud/api/commands/CreateSnapshotPolicyCmd.java b/api/src/com/cloud/api/commands/CreateSnapshotPolicyCmd.java
index 576fc415ab7..d0f739aea8d 100644
--- a/api/src/com/cloud/api/commands/CreateSnapshotPolicyCmd.java
+++ b/api/src/com/cloud/api/commands/CreateSnapshotPolicyCmd.java
@@ -109,7 +109,7 @@ public class CreateSnapshotPolicyCmd extends BaseCmd {
     
     @Override
     public void execute(){
-        SnapshotPolicy result = _snapshotMgr.createPolicy(this);
+        SnapshotPolicy result = _snapshotService.createPolicy(this);
         if (result != null) {
             SnapshotPolicyResponse response = _responseGenerator.createSnapshotPolicyResponse(result);
             response.setResponseName(getCommandName());
diff --git a/api/src/com/cloud/api/commands/CreateStoragePoolCmd.java b/api/src/com/cloud/api/commands/CreateStoragePoolCmd.java
index 7a0585295e5..2568d303621 100644
--- a/api/src/com/cloud/api/commands/CreateStoragePoolCmd.java
+++ b/api/src/com/cloud/api/commands/CreateStoragePoolCmd.java
@@ -109,7 +109,7 @@ public class CreateStoragePoolCmd extends BaseCmd {
     @Override
     public void execute(){
         try {
-            StoragePool result = _storageMgr.createPool(this);
+            StoragePool result = _storageService.createPool(this);
             if (result != null) {
                 StoragePoolResponse response = _responseGenerator.createStoragePoolResponse(result);
                 response.setResponseName(getCommandName());
diff --git a/api/src/com/cloud/api/commands/CreateVolumeCmd.java b/api/src/com/cloud/api/commands/CreateVolumeCmd.java
index c41ad2ebd81..75315713d8d 100644
--- a/api/src/com/cloud/api/commands/CreateVolumeCmd.java
+++ b/api/src/com/cloud/api/commands/CreateVolumeCmd.java
@@ -116,7 +116,7 @@ public class CreateVolumeCmd extends BaseAsyncCreateCmd {
     
     @Override
     public long getEntityOwnerId() {
-        Account account = UserContext.current().getAccount();
+        Account account = UserContext.current().getCaller();
         if ((account == null) || isAdmin(account.getType())) {
             if ((domainId != null) && (accountName != null)) {
                 Account userAccount = _responseGenerator.findAccountByNameDomain(accountName, domainId);
@@ -146,7 +146,7 @@ public class CreateVolumeCmd extends BaseAsyncCreateCmd {
     @Override
     public void create(){
         try {
-            Volume volume = _storageMgr.allocVolume(this);
+            Volume volume = _storageService.allocVolume(this);
             if (volume != null) {
                 this.setEntityId(volume.getId());
             } else {
@@ -160,7 +160,7 @@ public class CreateVolumeCmd extends BaseAsyncCreateCmd {
     
     @Override
     public void execute(){
-        Volume volume = _storageMgr.createVolume(this);
+        Volume volume = _storageService.createVolume(this);
         if (volume != null) {
             VolumeResponse response = _responseGenerator.createVolumeResponse(volume);
             //FIXME - have to be moved to ApiResponseHelper
diff --git a/api/src/com/cloud/api/commands/DeleteAccountCmd.java b/api/src/com/cloud/api/commands/DeleteAccountCmd.java
index 31909f1696a..7c0ca6ee6b9 100644
--- a/api/src/com/cloud/api/commands/DeleteAccountCmd.java
+++ b/api/src/com/cloud/api/commands/DeleteAccountCmd.java
@@ -69,7 +69,7 @@ public class DeleteAccountCmd extends BaseAsyncCmd {
 
     @Override
     public long getEntityOwnerId() {
-        Account account = UserContext.current().getAccount();
+        Account account = UserContext.current().getCaller();
         if (account != null) {
             return account.getId();
         }
diff --git a/api/src/com/cloud/api/commands/DeletePoolCmd.java b/api/src/com/cloud/api/commands/DeletePoolCmd.java
index deeb8b7de44..1e9b21a6c9e 100644
--- a/api/src/com/cloud/api/commands/DeletePoolCmd.java
+++ b/api/src/com/cloud/api/commands/DeletePoolCmd.java
@@ -42,7 +42,7 @@ public class DeletePoolCmd extends BaseCmd {
     
     @Override
     public void execute(){
-        boolean result = _storageMgr.deletePool(this);
+        boolean result = _storageService.deletePool(this);
         if (result) {
             SuccessResponse response = new SuccessResponse(getCommandName());
             this.setResponseObject(response);
diff --git a/api/src/com/cloud/api/commands/DeleteRemoteAccessVpnCmd.java b/api/src/com/cloud/api/commands/DeleteRemoteAccessVpnCmd.java
index ff84ae359d5..ff3c5729272 100644
--- a/api/src/com/cloud/api/commands/DeleteRemoteAccessVpnCmd.java
+++ b/api/src/com/cloud/api/commands/DeleteRemoteAccessVpnCmd.java
@@ -21,15 +21,12 @@ package com.cloud.api.commands;
 import org.apache.log4j.Logger;
 
 import com.cloud.api.BaseAsyncCmd;
-import com.cloud.api.BaseCmd;
 import com.cloud.api.Implementation;
 import com.cloud.api.Parameter;
-import com.cloud.api.ServerApiException;
 import com.cloud.api.response.SuccessResponse;
 import com.cloud.event.EventTypes;
-import com.cloud.exception.ConcurrentOperationException;
-import com.cloud.user.Account;
-import com.cloud.user.UserContext;
+import com.cloud.network.RemoteAccessVpn;
+import com.cloud.utils.net.Ip;
 
 @Implementation(description="Destroys a l2tp/ipsec remote access vpn", responseObject=SuccessResponse.class)
 public class DeleteRemoteAccessVpnCmd extends BaseAsyncCmd {
@@ -40,35 +37,13 @@ public class DeleteRemoteAccessVpnCmd extends BaseAsyncCmd {
     /////////////////////////////////////////////////////
     //////////////// API parameters /////////////////////
     /////////////////////////////////////////////////////
-    @Parameter(name="zoneid", type=CommandType.LONG, required=true, description="zone id where the vpn server needs to be created")
-    private Long zoneId;
-    
-    @Parameter(name="account", type=CommandType.STRING, description="an optional account for the virtual machine. Must be used with domainId.")
-    private String accountName;
-
-    @Parameter(name="domainid", type=CommandType.LONG, description="an optional domainId for the virtual machine. If the account parameter is used, domainId must also be used.")
-    private Long domainId;
+    @Parameter(name="publicip", type=CommandType.STRING, required=true, description="public ip address of the vpn server")
+    private String publicIp;
     
     /////////////////////////////////////////////////////
     /////////////////// Accessors ///////////////////////
     /////////////////////////////////////////////////////
 	
-	public void setZoneId(Long zoneId) {
-		this.zoneId = zoneId;
-	}
-
-	public Long getZoneId() {
-		return zoneId;
-	}
-
-	   
-	public String getAccountName() {
-		return accountName;
-	}
-
-	public Long getDomainId() {
-		return domainId;
-	}
     /////////////////////////////////////////////////////
     /////////////// API Implementation///////////////////
     /////////////////////////////////////////////////////
@@ -80,26 +55,13 @@ public class DeleteRemoteAccessVpnCmd extends BaseAsyncCmd {
 
 	@Override
 	public long getEntityOwnerId() {
-		Account account = UserContext.current().getAccount();
-        if ((account == null) || isAdmin(account.getType())) {
-            if ((domainId != null) && (accountName != null)) {
-                Account userAccount = _responseGenerator.findAccountByNameDomain(accountName, domainId);
-                if (userAccount != null) {
-                    return userAccount.getId();
-                }
-            }
-        }
-
-        if (account != null) {
-            return account.getId();
-        }
-
-        return Account.ACCOUNT_ID_SYSTEM; // no account info given, parent this command to SYSTEM so ERROR events are tracked
+	    RemoteAccessVpn vpn = _entityMgr.findById(RemoteAccessVpn.class, new Ip(publicIp));
+	    return vpn.getAccountId();
     }
 
 	@Override
 	public String getEventDescription() {
-		return "Delete Remote Access VPN for account " + getEntityOwnerId() + " in zone " + getZoneId();
+		return "Delete Remote Access VPN for account " + getEntityOwnerId() + " for  " + publicIp;
 	}
 
 	@Override
@@ -109,18 +71,7 @@ public class DeleteRemoteAccessVpnCmd extends BaseAsyncCmd {
 
     @Override
     public void execute(){
-        try {
-            boolean result = _networkService.destroyRemoteAccessVpn(this);
-            if (result) {
-                SuccessResponse response = new SuccessResponse(getCommandName());
-                this.setResponseObject(response);
-            } else {
-                throw new ServerApiException(BaseCmd.INTERNAL_ERROR, "Failed to delete remote access vpn");
-            }
-        } catch (ConcurrentOperationException ex) {
-            s_logger.warn("Exception: ", ex);
-            throw new ServerApiException(BaseCmd.INTERNAL_ERROR, ex.getMessage());
-        } 
+        _ravService.destroyRemoteAccessVpn(new Ip(publicIp));
     }
 	
 }
diff --git a/api/src/com/cloud/api/commands/DeleteSecurityGroupCmd.java b/api/src/com/cloud/api/commands/DeleteSecurityGroupCmd.java
index 817652f5b4f..46ca04a800d 100644
--- a/api/src/com/cloud/api/commands/DeleteSecurityGroupCmd.java
+++ b/api/src/com/cloud/api/commands/DeleteSecurityGroupCmd.java
@@ -58,7 +58,7 @@ public class DeleteSecurityGroupCmd extends BaseCmd {
     @Override
     public void execute(){
         try{
-            boolean result = _securityGroupMgr.deleteSecurityGroup(this);
+            boolean result = _securityGroupService.deleteSecurityGroup(this);
             if (result) {
                 SuccessResponse response = new SuccessResponse(getCommandName());
                 this.setResponseObject(response);
diff --git a/api/src/com/cloud/api/commands/DeleteSnapshotCmd.java b/api/src/com/cloud/api/commands/DeleteSnapshotCmd.java
index cc6a323e717..9fb3c8e24a6 100644
--- a/api/src/com/cloud/api/commands/DeleteSnapshotCmd.java
+++ b/api/src/com/cloud/api/commands/DeleteSnapshotCmd.java
@@ -92,7 +92,7 @@ public class DeleteSnapshotCmd extends BaseAsyncCmd {
 
     @Override
     public void execute(){
-        boolean result = _snapshotMgr.deleteSnapshot(this);
+        boolean result = _snapshotService.deleteSnapshot(this);
         if (result) {
             SuccessResponse response = new SuccessResponse(getCommandName());
             this.setResponseObject(response);
diff --git a/api/src/com/cloud/api/commands/DeleteSnapshotPoliciesCmd.java b/api/src/com/cloud/api/commands/DeleteSnapshotPoliciesCmd.java
index 7fe25f4c800..f1f35474325 100644
--- a/api/src/com/cloud/api/commands/DeleteSnapshotPoliciesCmd.java
+++ b/api/src/com/cloud/api/commands/DeleteSnapshotPoliciesCmd.java
@@ -70,7 +70,7 @@ public class DeleteSnapshotPoliciesCmd extends BaseCmd {
 
     @Override
     public void execute(){
-        boolean result = _snapshotMgr.deleteSnapshotPolicies(this);
+        boolean result = _snapshotService.deleteSnapshotPolicies(this);
         if (result) {
             SuccessResponse response = new SuccessResponse(getCommandName());
             this.setResponseObject(response);
diff --git a/api/src/com/cloud/api/commands/DeleteVolumeCmd.java b/api/src/com/cloud/api/commands/DeleteVolumeCmd.java
index 488f3fe62ec..c0919c7895c 100644
--- a/api/src/com/cloud/api/commands/DeleteVolumeCmd.java
+++ b/api/src/com/cloud/api/commands/DeleteVolumeCmd.java
@@ -64,7 +64,7 @@ public class DeleteVolumeCmd extends BaseCmd {
 	
     @Override
     public void execute(){
-        boolean result = _storageMgr.deleteVolume(this);
+        boolean result = _storageService.deleteVolume(this);
         if (result) {
             SuccessResponse response = new SuccessResponse(getCommandName());
             this.setResponseObject(response);
diff --git a/api/src/com/cloud/api/commands/DeployVMCmd.java b/api/src/com/cloud/api/commands/DeployVMCmd.java
index bb9c6bfe563..c3848f72cfd 100644
--- a/api/src/com/cloud/api/commands/DeployVMCmd.java
+++ b/api/src/com/cloud/api/commands/DeployVMCmd.java
@@ -101,7 +101,7 @@ public class DeployVMCmd extends BaseAsyncCreateCmd {
 
     public String getAccountName() {
         if (accountName == null) {
-            return UserContext.current().getAccount().getAccountName();
+            return UserContext.current().getCaller().getAccountName();
         }
         return accountName;
     }
@@ -116,7 +116,7 @@ public class DeployVMCmd extends BaseAsyncCreateCmd {
 
     public Long getDomainId() {
         if (domainId == null) {
-            return UserContext.current().getAccount().getDomainId();
+            return UserContext.current().getCaller().getDomainId();
         }
         return domainId;
     }
@@ -186,7 +186,7 @@ public class DeployVMCmd extends BaseAsyncCreateCmd {
     
     @Override
     public long getEntityOwnerId() {
-        Account account = UserContext.current().getAccount();
+        Account account = UserContext.current().getCaller();
         if ((account == null) || isAdmin(account.getType())) {
             if ((domainId != null) && (accountName != null)) {
                 Account userAccount = _responseGenerator.findAccountByNameDomain(accountName, domainId);
diff --git a/api/src/com/cloud/api/commands/DestroyConsoleProxyCmd.java b/api/src/com/cloud/api/commands/DestroyConsoleProxyCmd.java
index 520b68bf570..9603b404486 100644
--- a/api/src/com/cloud/api/commands/DestroyConsoleProxyCmd.java
+++ b/api/src/com/cloud/api/commands/DestroyConsoleProxyCmd.java
@@ -65,7 +65,7 @@ public class DestroyConsoleProxyCmd extends BaseAsyncCmd {
 
     @Override
     public long getEntityOwnerId() {
-        Account account = (Account)UserContext.current().getAccount();
+        Account account = (Account)UserContext.current().getCaller();
         if (account != null) {
             return account.getId();
         }
@@ -85,7 +85,7 @@ public class DestroyConsoleProxyCmd extends BaseAsyncCmd {
 	
     @Override
     public void execute(){
-        boolean result = _consoleProxyMgr.destroyConsoleProxy(this);
+        boolean result = _consoleProxyService.destroyConsoleProxy(this);
         if (result) {
             SuccessResponse response = new SuccessResponse(getCommandName());
             this.setResponseObject(response);
diff --git a/api/src/com/cloud/api/commands/DisableAccountCmd.java b/api/src/com/cloud/api/commands/DisableAccountCmd.java
index 1401aecfdcc..37cfab639ce 100644
--- a/api/src/com/cloud/api/commands/DisableAccountCmd.java
+++ b/api/src/com/cloud/api/commands/DisableAccountCmd.java
@@ -76,7 +76,7 @@ public class DisableAccountCmd extends BaseAsyncCmd {
 
     @Override
     public long getEntityOwnerId() {
-        Account account = UserContext.current().getAccount();
+        Account account = UserContext.current().getCaller();
         if (account != null) {
             return account.getId();
         }
diff --git a/api/src/com/cloud/api/commands/DisableUserCmd.java b/api/src/com/cloud/api/commands/DisableUserCmd.java
index 1376c5e036e..5985d7f2676 100644
--- a/api/src/com/cloud/api/commands/DisableUserCmd.java
+++ b/api/src/com/cloud/api/commands/DisableUserCmd.java
@@ -67,7 +67,7 @@ public class DisableUserCmd extends BaseAsyncCmd {
 
     @Override
     public long getEntityOwnerId() {
-        Account account = UserContext.current().getAccount();
+        Account account = UserContext.current().getCaller();
         if (account != null) {
             return account.getId();
         }
diff --git a/api/src/com/cloud/api/commands/DisassociateIPAddrCmd.java b/api/src/com/cloud/api/commands/DisassociateIPAddrCmd.java
index 6f24f10ea53..27c2c0022e4 100644
--- a/api/src/com/cloud/api/commands/DisassociateIPAddrCmd.java
+++ b/api/src/com/cloud/api/commands/DisassociateIPAddrCmd.java
@@ -25,6 +25,7 @@ import com.cloud.api.Implementation;
 import com.cloud.api.Parameter;
 import com.cloud.api.ServerApiException;
 import com.cloud.api.response.SuccessResponse;
+import com.cloud.utils.net.Ip;
 
 @Implementation(description="Disassociates an ip address from the account.", responseObject=SuccessResponse.class)
 public class DisassociateIPAddrCmd extends BaseCmd {
@@ -43,8 +44,8 @@ public class DisassociateIPAddrCmd extends BaseCmd {
     /////////////////// Accessors ///////////////////////
     /////////////////////////////////////////////////////
 
-    public String getIpAddress() {
-        return ipAddress;
+    public Ip getIpAddress() {
+        return new Ip(ipAddress);
     }
 
     /////////////////////////////////////////////////////
diff --git a/api/src/com/cloud/api/commands/ListIsosCmd.java b/api/src/com/cloud/api/commands/ListIsosCmd.java
index 38ceb942948..a855b9337e8 100755
--- a/api/src/com/cloud/api/commands/ListIsosCmd.java
+++ b/api/src/com/cloud/api/commands/ListIsosCmd.java
@@ -154,7 +154,7 @@ public class ListIsosCmd extends BaseListCmd {
         }
 
         boolean isAdmin = false;
-        Account account = UserContext.current().getAccount();
+        Account account = UserContext.current().getCaller();
         if ((account == null) || (account.getType() == Account.ACCOUNT_TYPE_ADMIN) || (account.getType() == Account.ACCOUNT_TYPE_DOMAIN_ADMIN)) {
             isAdmin = true;            
         }
diff --git a/api/src/com/cloud/api/commands/ListRecurringSnapshotScheduleCmd.java b/api/src/com/cloud/api/commands/ListRecurringSnapshotScheduleCmd.java
index c555548618a..eb85e66c3c8 100644
--- a/api/src/com/cloud/api/commands/ListRecurringSnapshotScheduleCmd.java
+++ b/api/src/com/cloud/api/commands/ListRecurringSnapshotScheduleCmd.java
@@ -65,7 +65,7 @@ public class ListRecurringSnapshotScheduleCmd extends BaseListCmd {
     
     @Override
     public void execute(){
-        List<? extends SnapshotSchedule> snapshotSchedules = _snapshotMgr.findRecurringSnapshotSchedule(this);
+        List<? extends SnapshotSchedule> snapshotSchedules = _snapshotService.findRecurringSnapshotSchedule(this);
         ListResponse<SnapshotScheduleResponse> response = new ListResponse<SnapshotScheduleResponse>();
         List<SnapshotScheduleResponse> snapshotScheduleResponses = new ArrayList<SnapshotScheduleResponse>();
         for (SnapshotSchedule snapshotSchedule : snapshotSchedules) {
diff --git a/api/src/com/cloud/api/commands/ListRemoteAccessVpnsCmd.java b/api/src/com/cloud/api/commands/ListRemoteAccessVpnsCmd.java
index 58cd691689a..388d12a9bc4 100644
--- a/api/src/com/cloud/api/commands/ListRemoteAccessVpnsCmd.java
+++ b/api/src/com/cloud/api/commands/ListRemoteAccessVpnsCmd.java
@@ -29,6 +29,7 @@ import com.cloud.api.Parameter;
 import com.cloud.api.response.ListResponse;
 import com.cloud.api.response.RemoteAccessVpnResponse;
 import com.cloud.network.RemoteAccessVpn;
+import com.cloud.utils.net.Ip;
 
 @Implementation(description="Lists remote access vpns", responseObject=RemoteAccessVpnResponse.class)
 public class ListRemoteAccessVpnsCmd extends BaseListCmd {
@@ -46,16 +47,9 @@ public class ListRemoteAccessVpnsCmd extends BaseListCmd {
     @Parameter(name="domainid", type=CommandType.LONG, description="the domain ID of the remote access vpn rule. If used with the account parameter, lists remote access vpns for the account in the specified domain.")
     private Long domainId;
 
-    @Parameter(name="id", type=CommandType.LONG, description="the ID of the remote access vpn")
-    private Long id;
-
-    @Parameter(name="zoneid", type=CommandType.LONG, description="the zone ID of the remote access vpn rule")
-    private Long zoneId;
- 
-    @Parameter(name="publicip", type=CommandType.STRING, description="the public IP address of the remote access vpn ")
+    @Parameter(name="publicip", type=CommandType.STRING, required=true, description="public ip address of the vpn server")
     private String publicIp;
 
-
     /////////////////////////////////////////////////////
     /////////////////// Accessors ///////////////////////
     /////////////////////////////////////////////////////
@@ -67,24 +61,11 @@ public class ListRemoteAccessVpnsCmd extends BaseListCmd {
     public Long getDomainId() {
         return domainId;
     }
-
-    public Long getId() {
-        return id;
+    
+    public Ip getPublicIp() {
+        return new Ip(publicIp);
     }
 
-    public void setZoneId(Long zoneId) {
-		this.zoneId = zoneId;
-	}
-
-	public Long getZoneId() {
-		return zoneId;
-	}
-
-    public String getPublicIp() {
-        return publicIp;
-    }
-
-
     /////////////////////////////////////////////////////
     /////////////// API Implementation///////////////////
     /////////////////////////////////////////////////////
@@ -96,7 +77,7 @@ public class ListRemoteAccessVpnsCmd extends BaseListCmd {
 
     @Override
     public void execute(){
-        List<? extends RemoteAccessVpn> vpns = _mgr.searchForRemoteAccessVpns(this);
+        List<? extends RemoteAccessVpn> vpns = _ravService.searchForRemoteAccessVpns(this);
         ListResponse<RemoteAccessVpnResponse> response = new ListResponse<RemoteAccessVpnResponse>();
         List<RemoteAccessVpnResponse> vpnResponses = new ArrayList<RemoteAccessVpnResponse>();
         for (RemoteAccessVpn vpn : vpns) {
diff --git a/api/src/com/cloud/api/commands/ListSecurityGroupsCmd.java b/api/src/com/cloud/api/commands/ListSecurityGroupsCmd.java
index 9367057a224..082d7c87eb1 100644
--- a/api/src/com/cloud/api/commands/ListSecurityGroupsCmd.java
+++ b/api/src/com/cloud/api/commands/ListSecurityGroupsCmd.java
@@ -89,7 +89,7 @@ public class ListSecurityGroupsCmd extends BaseListCmd {
 
     @Override
     public void execute(){
-        List<? extends SecurityGroupRules> securityGroups = _securityGroupMgr.searchForSecurityGroupRules(this);
+        List<? extends SecurityGroupRules> securityGroups = _securityGroupService.searchForSecurityGroupRules(this);
 
         ListResponse<SecurityGroupResponse> response = _responseGenerator.createSecurityGroupResponses(securityGroups);
         response.setResponseName(getCommandName());
diff --git a/api/src/com/cloud/api/commands/ListSnapshotPoliciesCmd.java b/api/src/com/cloud/api/commands/ListSnapshotPoliciesCmd.java
index 6952adaf502..2aedec6ccf4 100644
--- a/api/src/com/cloud/api/commands/ListSnapshotPoliciesCmd.java
+++ b/api/src/com/cloud/api/commands/ListSnapshotPoliciesCmd.java
@@ -77,7 +77,7 @@ public class ListSnapshotPoliciesCmd extends BaseListCmd {
 
     @Override
     public void execute(){
-        List<? extends SnapshotPolicy> result = _snapshotMgr.listPoliciesforVolume(this);
+        List<? extends SnapshotPolicy> result = _snapshotService.listPoliciesforVolume(this);
         ListResponse<SnapshotPolicyResponse> response = new ListResponse<SnapshotPolicyResponse>();
         List<SnapshotPolicyResponse> policyResponses = new ArrayList<SnapshotPolicyResponse>();
         for (SnapshotPolicy policy : result) {
diff --git a/api/src/com/cloud/api/commands/ListSnapshotsCmd.java b/api/src/com/cloud/api/commands/ListSnapshotsCmd.java
index 9a8823af80a..e01f0e7a71b 100644
--- a/api/src/com/cloud/api/commands/ListSnapshotsCmd.java
+++ b/api/src/com/cloud/api/commands/ListSnapshotsCmd.java
@@ -109,7 +109,7 @@ public class ListSnapshotsCmd extends BaseListCmd {
 
     @Override
     public void execute(){
-        List<? extends Snapshot> result = _snapshotMgr.listSnapshots(this);
+        List<? extends Snapshot> result = _snapshotService.listSnapshots(this);
         ListResponse<SnapshotResponse> response = new ListResponse<SnapshotResponse>();
         List<SnapshotResponse> snapshotResponses = new ArrayList<SnapshotResponse>();
         for (Snapshot snapshot : result) {
diff --git a/api/src/com/cloud/api/commands/ListTemplateOrIsoPermissionsCmd.java b/api/src/com/cloud/api/commands/ListTemplateOrIsoPermissionsCmd.java
index b1f04d1cd3d..2cd24400a0e 100644
--- a/api/src/com/cloud/api/commands/ListTemplateOrIsoPermissionsCmd.java
+++ b/api/src/com/cloud/api/commands/ListTemplateOrIsoPermissionsCmd.java
@@ -89,7 +89,7 @@ public class ListTemplateOrIsoPermissionsCmd extends BaseCmd {
     public void execute(){
         List<String> accountNames = _mgr.listTemplatePermissions(this);
         
-        Account account = UserContext.current().getAccount();
+        Account account = UserContext.current().getCaller();
         boolean isAdmin = ((account == null) || isAdmin(account.getType()));
 
         TemplatePermissionsResponse response = _responseGenerator.createTemplatePermissionsResponse(accountNames, id, isAdmin);
diff --git a/api/src/com/cloud/api/commands/ListTemplatesCmd.java b/api/src/com/cloud/api/commands/ListTemplatesCmd.java
index 81460c625c8..1f884cfd8fc 100644
--- a/api/src/com/cloud/api/commands/ListTemplatesCmd.java
+++ b/api/src/com/cloud/api/commands/ListTemplatesCmd.java
@@ -123,7 +123,7 @@ public class ListTemplatesCmd extends BaseListCmd {
         Set<Pair<Long, Long>> templateZonePairSet = _mgr.listTemplates(this);
                 
         boolean isAdmin = false;
-        Account account = UserContext.current().getAccount();
+        Account account = UserContext.current().getCaller();
         if ((account == null) || (account.getType() == Account.ACCOUNT_TYPE_ADMIN) || (account.getType() == Account.ACCOUNT_TYPE_DOMAIN_ADMIN)) {
             isAdmin = true;
         }
diff --git a/api/src/com/cloud/api/commands/ListVpnUsersCmd.java b/api/src/com/cloud/api/commands/ListVpnUsersCmd.java
index 0090fd095a0..39d01e3033c 100644
--- a/api/src/com/cloud/api/commands/ListVpnUsersCmd.java
+++ b/api/src/com/cloud/api/commands/ListVpnUsersCmd.java
@@ -83,7 +83,7 @@ public class ListVpnUsersCmd extends BaseListCmd {
     
     @Override
     public void execute(){
-        List<? extends VpnUser> vpnUsers = _mgr.searchForVpnUsers(this);
+        List<? extends VpnUser> vpnUsers = _ravService.searchForVpnUsers(this);
 
         ListResponse<VpnUsersResponse> response = new ListResponse<VpnUsersResponse>();
         List<VpnUsersResponse> vpnResponses = new ArrayList<VpnUsersResponse>();
diff --git a/api/src/com/cloud/api/commands/PrepareForMaintenanceCmd.java b/api/src/com/cloud/api/commands/PrepareForMaintenanceCmd.java
index 1e9b8dd24ed..a911bd0ae85 100644
--- a/api/src/com/cloud/api/commands/PrepareForMaintenanceCmd.java
+++ b/api/src/com/cloud/api/commands/PrepareForMaintenanceCmd.java
@@ -68,7 +68,7 @@ public class PrepareForMaintenanceCmd extends BaseAsyncCmd {
 
     @Override
     public long getEntityOwnerId() {
-        Account account = UserContext.current().getAccount();
+        Account account = UserContext.current().getCaller();
         if (account != null) {
             return account.getId();
         }
diff --git a/api/src/com/cloud/api/commands/PreparePrimaryStorageForMaintenanceCmd.java b/api/src/com/cloud/api/commands/PreparePrimaryStorageForMaintenanceCmd.java
index 6494b3de6c6..eabb02a7117 100644
--- a/api/src/com/cloud/api/commands/PreparePrimaryStorageForMaintenanceCmd.java
+++ b/api/src/com/cloud/api/commands/PreparePrimaryStorageForMaintenanceCmd.java
@@ -75,7 +75,7 @@ public class PreparePrimaryStorageForMaintenanceCmd extends BaseAsyncCmd {
 
     @Override
     public long getEntityOwnerId() {
-        Account account = UserContext.current().getAccount();
+        Account account = UserContext.current().getCaller();
         if (account != null) {
             return account.getId();
         }
@@ -95,7 +95,7 @@ public class PreparePrimaryStorageForMaintenanceCmd extends BaseAsyncCmd {
 
     @Override
     public void execute(){
-        StoragePool result = _storageMgr.preparePrimaryStorageForMaintenance(this);
+        StoragePool result = _storageService.preparePrimaryStorageForMaintenance(this);
         if (result != null){
             StoragePoolResponse response = _responseGenerator.createStoragePoolResponse(result);
             response.setResponseName("storagepool");
diff --git a/api/src/com/cloud/api/commands/RebootSystemVmCmd.java b/api/src/com/cloud/api/commands/RebootSystemVmCmd.java
index 5de212ec3b7..c401d9d4b1b 100644
--- a/api/src/com/cloud/api/commands/RebootSystemVmCmd.java
+++ b/api/src/com/cloud/api/commands/RebootSystemVmCmd.java
@@ -65,7 +65,7 @@ public class RebootSystemVmCmd extends BaseAsyncCmd {
 
     @Override
     public long getEntityOwnerId() {
-        Account account = UserContext.current().getAccount();
+        Account account = UserContext.current().getCaller();
         if (account != null) {
             return account.getId();
         }
diff --git a/api/src/com/cloud/api/commands/ReconnectHostCmd.java b/api/src/com/cloud/api/commands/ReconnectHostCmd.java
index 414394d62b4..332d422c240 100644
--- a/api/src/com/cloud/api/commands/ReconnectHostCmd.java
+++ b/api/src/com/cloud/api/commands/ReconnectHostCmd.java
@@ -70,7 +70,7 @@ public class ReconnectHostCmd extends BaseAsyncCmd {
 
     @Override
     public long getEntityOwnerId() {
-        Account account = UserContext.current().getAccount();
+        Account account = UserContext.current().getCaller();
         if (account != null) {
             return account.getId();
         }
diff --git a/api/src/com/cloud/api/commands/RemoveVpnUserCmd.java b/api/src/com/cloud/api/commands/RemoveVpnUserCmd.java
index d7de8242edf..e0888fe3643 100644
--- a/api/src/com/cloud/api/commands/RemoveVpnUserCmd.java
+++ b/api/src/com/cloud/api/commands/RemoveVpnUserCmd.java
@@ -27,7 +27,6 @@ import com.cloud.api.Parameter;
 import com.cloud.api.ServerApiException;
 import com.cloud.api.response.SuccessResponse;
 import com.cloud.event.EventTypes;
-import com.cloud.exception.ConcurrentOperationException;
 import com.cloud.user.Account;
 import com.cloud.user.UserContext;
 
@@ -82,7 +81,7 @@ public class RemoveVpnUserCmd extends BaseAsyncCmd {
 
 	@Override
 	public long getEntityOwnerId() {
-		Account account = UserContext.current().getAccount();
+		Account account = UserContext.current().getCaller();
         if ((account == null) || isAdmin(account.getType())) {
             if ((domainId != null) && (accountName != null)) {
                 Account userAccount = _responseGenerator.findAccountByNameDomain(accountName, domainId);
@@ -112,17 +111,13 @@ public class RemoveVpnUserCmd extends BaseAsyncCmd {
 
     @Override
     public void execute(){
-        try {
-            boolean result = _networkService.removeVpnUser(this);
-            if (result) {
-                SuccessResponse response = new SuccessResponse(getCommandName());
-                this.setResponseObject(response);
-            } else {
-                throw new ServerApiException(BaseCmd.INTERNAL_ERROR, "Failed to remove vpn user");
-            }
-        } catch (ConcurrentOperationException ex) {
-            s_logger.warn("Exception: ", ex);
-            throw new ServerApiException(BaseCmd.INTERNAL_ERROR, ex.getMessage());
-        } 
+        Account owner = getValidOwner(accountName, domainId);
+        boolean result = _ravService.removeVpnUser(owner.getId(), userName);
+        if (result) {
+            SuccessResponse response = new SuccessResponse(getCommandName());
+            this.setResponseObject(response);
+        } else {
+            throw new ServerApiException(BaseCmd.INTERNAL_ERROR, "Failed to remove vpn user");
+        }
     }
 }
diff --git a/api/src/com/cloud/api/commands/RestartNetworkCmd.java b/api/src/com/cloud/api/commands/RestartNetworkCmd.java
index 5b951ef0925..72ba23414b5 100644
--- a/api/src/com/cloud/api/commands/RestartNetworkCmd.java
+++ b/api/src/com/cloud/api/commands/RestartNetworkCmd.java
@@ -67,14 +67,14 @@ public class RestartNetworkCmd extends BaseAsyncCmd {
         if (accountName != null) { 
             return accountName;
         }
-        return UserContext.current().getAccount().getAccountName();
+        return UserContext.current().getCaller().getAccountName();
     }
 
     public long getDomainId() {
         if (domainId != null) {
             return domainId;
         }
-        return UserContext.current().getAccount().getDomainId();
+        return UserContext.current().getCaller().getDomainId();
     }
 
     public long getZoneId() {
diff --git a/api/src/com/cloud/api/commands/RevokeSecurityGroupIngressCmd.java b/api/src/com/cloud/api/commands/RevokeSecurityGroupIngressCmd.java
index 61e7cea80b5..321f2f4b2a1 100644
--- a/api/src/com/cloud/api/commands/RevokeSecurityGroupIngressCmd.java
+++ b/api/src/com/cloud/api/commands/RevokeSecurityGroupIngressCmd.java
@@ -128,7 +128,7 @@ public class RevokeSecurityGroupIngressCmd extends BaseAsyncCmd {
 
     @Override
     public long getEntityOwnerId() {
-        Account account = UserContext.current().getAccount();
+        Account account = UserContext.current().getCaller();
         if ((account == null) || isAdmin(account.getType())) {
             if ((domainId != null) && (accountName != null)) {
                 Account userAccount = _responseGenerator.findAccountByNameDomain(accountName, domainId);
@@ -180,7 +180,7 @@ public class RevokeSecurityGroupIngressCmd extends BaseAsyncCmd {
     
     @Override
     public void execute(){
-        boolean result = _securityGroupMgr.revokeSecurityGroupIngress(this);
+        boolean result = _securityGroupService.revokeSecurityGroupIngress(this);
         if (result) {
             SuccessResponse response = new SuccessResponse(getCommandName());
             this.setResponseObject(response);
diff --git a/api/src/com/cloud/api/commands/StartSystemVMCmd.java b/api/src/com/cloud/api/commands/StartSystemVMCmd.java
index 351f9664622..536ebc8b988 100644
--- a/api/src/com/cloud/api/commands/StartSystemVMCmd.java
+++ b/api/src/com/cloud/api/commands/StartSystemVMCmd.java
@@ -69,7 +69,7 @@ public class StartSystemVMCmd extends BaseAsyncCmd {
 
     @Override
     public long getEntityOwnerId() {
-        Account account = UserContext.current().getAccount();
+        Account account = UserContext.current().getCaller();
         if (account != null) {
             return account.getId();
         }
diff --git a/api/src/com/cloud/api/commands/StopSystemVmCmd.java b/api/src/com/cloud/api/commands/StopSystemVmCmd.java
index b5e6a41cb42..a190cad33ad 100644
--- a/api/src/com/cloud/api/commands/StopSystemVmCmd.java
+++ b/api/src/com/cloud/api/commands/StopSystemVmCmd.java
@@ -65,7 +65,7 @@ public class StopSystemVmCmd extends BaseAsyncCmd {
 
     @Override
     public long getEntityOwnerId() {
-        Account account = UserContext.current().getAccount();
+        Account account = UserContext.current().getCaller();
         if (account != null) {
             return account.getId();
         }
diff --git a/api/src/com/cloud/api/commands/UpdateStoragePoolCmd.java b/api/src/com/cloud/api/commands/UpdateStoragePoolCmd.java
index cfc2b096999..ce1df5174b2 100644
--- a/api/src/com/cloud/api/commands/UpdateStoragePoolCmd.java
+++ b/api/src/com/cloud/api/commands/UpdateStoragePoolCmd.java
@@ -67,7 +67,7 @@ public class UpdateStoragePoolCmd extends BaseCmd {
     
     @Override
     public void execute(){
-        StoragePool result = _storageMgr.updateStoragePool(this);
+        StoragePool result = _storageService.updateStoragePool(this);
         if (result != null){
             StoragePoolResponse response = _responseGenerator.createStoragePoolResponse(result);
             response.setResponseName(getCommandName());
diff --git a/api/src/com/cloud/api/response/RemoteAccessVpnResponse.java b/api/src/com/cloud/api/response/RemoteAccessVpnResponse.java
index 3b753b6849b..c56f837cad9 100644
--- a/api/src/com/cloud/api/response/RemoteAccessVpnResponse.java
+++ b/api/src/com/cloud/api/response/RemoteAccessVpnResponse.java
@@ -21,9 +21,6 @@ import com.cloud.serializer.Param;
 import com.google.gson.annotations.SerializedName;
 
 public class RemoteAccessVpnResponse extends BaseResponse {
-    @SerializedName("id") @Param(description="the vpn ID")
-    private Long id;
-
     @SerializedName("publicip") @Param(description="the public ip address of the vpn server")
     private String publicIp;
 
@@ -46,14 +43,6 @@ public class RemoteAccessVpnResponse extends BaseResponse {
 		return accountName;
 	}
 
-	public Long getId() {
-		return id;
-	}
-
-	public void setId(Long id) {
-		this.id = id;
-	}
-
 	public String getPublicIp() {
 		return publicIp;
 	}
diff --git a/api/src/com/cloud/network/IpAddress.java b/api/src/com/cloud/network/IpAddress.java
index 02436d629d1..e4552298684 100644
--- a/api/src/com/cloud/network/IpAddress.java
+++ b/api/src/com/cloud/network/IpAddress.java
@@ -20,6 +20,7 @@ package com.cloud.network;
 import java.util.Date;
 
 import com.cloud.acl.ControlledEntity;
+import com.cloud.utils.net.Ip;
 
 /**
  * IpAddress represents the public ip address to be allocated in the CloudStack.
@@ -46,7 +47,7 @@ public interface IpAddress extends ControlledEntity {
     
     long getDataCenterId();
 
-    String getAddress();
+    Ip getAddress();
     
     Long getAllocatedToAccountId();
     
@@ -64,5 +65,5 @@ public interface IpAddress extends ControlledEntity {
     
     boolean readyToUse();
     
-    Long getAssociatedNetworkId();
+    Long getAssociatedWithNetworkId();
 }
diff --git a/api/src/com/cloud/network/NetworkService.java b/api/src/com/cloud/network/NetworkService.java
index d71f6e712ca..fdcdae253d1 100644
--- a/api/src/com/cloud/network/NetworkService.java
+++ b/api/src/com/cloud/network/NetworkService.java
@@ -19,16 +19,11 @@ package com.cloud.network;
 
 import java.util.List;
 
-import com.cloud.api.commands.AddVpnUserCmd;
 import com.cloud.api.commands.AssociateIPAddrCmd;
 import com.cloud.api.commands.CreateNetworkCmd;
-import com.cloud.api.commands.CreateRemoteAccessVpnCmd;
-import com.cloud.api.commands.DeleteRemoteAccessVpnCmd;
 import com.cloud.api.commands.DisassociateIPAddrCmd;
 import com.cloud.api.commands.ListNetworksCmd;
-import com.cloud.api.commands.RemoveVpnUserCmd;
 import com.cloud.api.commands.RestartNetworkCmd;
-import com.cloud.exception.AccountLimitException;
 import com.cloud.exception.ConcurrentOperationException;
 import com.cloud.exception.InsufficientAddressCapacityException;
 import com.cloud.exception.InvalidParameterValueException;
@@ -52,37 +47,6 @@ public interface NetworkService {
     IpAddress associateIP(AssociateIPAddrCmd cmd) throws ResourceAllocationException, InsufficientAddressCapacityException, ConcurrentOperationException, ResourceUnavailableException;    
     boolean disassociateIpAddress(DisassociateIPAddrCmd cmd);
 
-    /**
-     * Create a remote access vpn from the given ip address and client ip range
-     * @param cmd the command specifying the ip address, ip range
-     * @return the newly created RemoteAccessVpnVO if successful, null otherwise
-     * @throws InvalidParameterValueException
-     * @throws PermissionDeniedException
-     * @throws ConcurrentOperationException 
-     */
-    RemoteAccessVpn createRemoteAccessVpn(CreateRemoteAccessVpnCmd cmd) throws ConcurrentOperationException, InvalidParameterValueException, PermissionDeniedException;
-    
-    /**
-     * Start a remote access vpn for the given ip address and client ip range
-     * @param cmd the command specifying the ip address, ip range
-     * @return the RemoteAccessVpnVO if successful, null otherwise
-     * @throws ConcurrentOperationException 
-     * @throws ResourceUnavailableException 
-     */
-    RemoteAccessVpn startRemoteAccessVpn(CreateRemoteAccessVpnCmd cmd) throws ConcurrentOperationException, ResourceUnavailableException;
-    
-    /**
-     * Destroy a previously created remote access VPN
-     * @param cmd the command specifying the account and zone
-     * @return success if successful, false otherwise
-     * @throws ConcurrentOperationException 
-     */
-    boolean destroyRemoteAccessVpn(DeleteRemoteAccessVpnCmd cmd) throws ConcurrentOperationException;
-
-    VpnUser addVpnUser(AddVpnUserCmd cmd) throws ConcurrentOperationException, AccountLimitException;
-
-    boolean removeVpnUser(RemoveVpnUserCmd cmd) throws ConcurrentOperationException;
-    
     Network createNetwork(CreateNetworkCmd cmd) throws InvalidParameterValueException, PermissionDeniedException;
     List<? extends Network> searchForNetworks(ListNetworksCmd cmd) throws InvalidParameterValueException, PermissionDeniedException;
     boolean deleteNetwork(long networkId) throws InvalidParameterValueException, PermissionDeniedException;
diff --git a/api/src/com/cloud/network/PublicIpAddress.java b/api/src/com/cloud/network/PublicIpAddress.java
index 61b9ff4b7a1..ba8d305e0b5 100644
--- a/api/src/com/cloud/network/PublicIpAddress.java
+++ b/api/src/com/cloud/network/PublicIpAddress.java
@@ -18,12 +18,12 @@
 package com.cloud.network;
 
 import com.cloud.acl.ControlledEntity;
+import com.cloud.dc.Vlan;
 
 /**
  * PublicIp is a combo object of IPAddressVO and VLAN information.
  */
-
-public interface PublicIpAddress extends ControlledEntity, IpAddress{
+public interface PublicIpAddress extends ControlledEntity, IpAddress, Vlan {
     
     String getMacAddress();
     
@@ -31,5 +31,6 @@ public interface PublicIpAddress extends ControlledEntity, IpAddress{
     
     public String getGateway();
     
+    @Override
     public String getVlanTag();
 }
\ No newline at end of file
diff --git a/api/src/com/cloud/network/RemoteAccessVpn.java b/api/src/com/cloud/network/RemoteAccessVpn.java
index bd180080005..c4a610830c1 100644
--- a/api/src/com/cloud/network/RemoteAccessVpn.java
+++ b/api/src/com/cloud/network/RemoteAccessVpn.java
@@ -18,28 +18,12 @@
 package com.cloud.network;
 
 import com.cloud.acl.ControlledEntity;
+import com.cloud.utils.net.Ip;
 
-/**
- * @author ahuang
- *
- */
 public interface RemoteAccessVpn extends ControlledEntity {
-    long getId();
-    String getAccountName();
-    String getVpnServerAddress();
-    void setVpnServerAddress(String vpnServerAddress);
+    Ip getServerAddress();
     String getIpRange();
-    void setIpRange(String ipRange);
     String getIpsecPresharedKey();
-
-    void setIpsecPresharedKey(String ipsecPresharedKey);
-
-    void setId(Long id);
-
-    void setZoneId(long zoneId);
-
-    long getZoneId();
-
     String getLocalIp();
-
+    long getNetworkId();
 }
diff --git a/api/src/com/cloud/network/VpnUser.java b/api/src/com/cloud/network/VpnUser.java
index b91528d43a6..c7a68238e88 100644
--- a/api/src/com/cloud/network/VpnUser.java
+++ b/api/src/com/cloud/network/VpnUser.java
@@ -19,13 +19,18 @@ package com.cloud.network;
 
 import com.cloud.acl.ControlledEntity;
 
-public interface VpnUser extends ControlledEntity{
+public interface VpnUser extends ControlledEntity {
+    enum State {
+        Add,
+        Revoke,
+        Active
+    }
+    
     long getId();
     
-    String getAccountName();
-
     String getUsername();
 
     String getPassword();
-
+    
+    State getState();
 }
diff --git a/api/src/com/cloud/network/vpn/RemoteAccessVpnElement.java b/api/src/com/cloud/network/vpn/RemoteAccessVpnElement.java
new file mode 100644
index 00000000000..4cdc9c159d5
--- /dev/null
+++ b/api/src/com/cloud/network/vpn/RemoteAccessVpnElement.java
@@ -0,0 +1,29 @@
+/**
+ *  Copyright (C) 2010 Cloud.com, Inc.  All rights reserved.
+ * 
+ * This software is licensed under the GNU General Public License v3 or later.
+ * 
+ * It is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or any later version.
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ * 
+ * You should have received a copy of the GNU General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ * 
+ */
+package com.cloud.network.vpn;
+
+import java.util.List;
+
+import com.cloud.network.RemoteAccessVpn;
+import com.cloud.network.VpnUser;
+import com.cloud.utils.component.Adapter;
+
+public interface RemoteAccessVpnElement extends Adapter {
+    String[] applyVpnUsers(RemoteAccessVpn vpn, List<? extends VpnUser> users);
+
+}
diff --git a/api/src/com/cloud/network/vpn/RemoteAccessVpnService.java b/api/src/com/cloud/network/vpn/RemoteAccessVpnService.java
index 2bba080af87..c2c497f5982 100644
--- a/api/src/com/cloud/network/vpn/RemoteAccessVpnService.java
+++ b/api/src/com/cloud/network/vpn/RemoteAccessVpnService.java
@@ -20,18 +20,28 @@ package com.cloud.network.vpn;
 
 import java.util.List;
 
+import com.cloud.api.commands.ListRemoteAccessVpnsCmd;
+import com.cloud.api.commands.ListVpnUsersCmd;
+import com.cloud.exception.ConcurrentOperationException;
+import com.cloud.exception.NetworkRuleConflictException;
+import com.cloud.exception.ResourceUnavailableException;
 import com.cloud.network.RemoteAccessVpn;
 import com.cloud.network.VpnUser;
-
+import com.cloud.utils.net.Ip;
 
 public interface RemoteAccessVpnService {
 
-    RemoteAccessVpn createRemoteAccessVpn(long zoneId, long ownerId, String publicIp, String ipRange);
-    RemoteAccessVpn destroyRemoteAccessVpn(long zoneId, long ownerId);
-    List<? extends RemoteAccessVpn> listRemoteAccessVpns(long vpnOwnerId, long zoneId, String publicIp);
+    RemoteAccessVpn createRemoteAccessVpn(Ip vpnServerAddress, String ipRange) throws NetworkRuleConflictException;
+    void destroyRemoteAccessVpn(Ip vpnServerAddress);
+    List<? extends RemoteAccessVpn> listRemoteAccessVpns(long vpnOwnerId, Ip publicIp);
+    RemoteAccessVpn startRemoteAccessVpn(Ip vpnServerAddress) throws ConcurrentOperationException, ResourceUnavailableException;
 
     VpnUser addVpnUser(long vpnOwnerId, String userName, String password);
-    VpnUser removeVpnUser(long vpnOwnerId, String userName);
+    boolean removeVpnUser(long vpnOwnerId, String userName);
     List<? extends VpnUser> listVpnUsers(long vpnOwnerId, String userName);
+    boolean applyVpnUsers(long vpnOwnerId);
     
+    List<? extends RemoteAccessVpn> searchForRemoteAccessVpns(ListRemoteAccessVpnsCmd cmd);
+    List<? extends VpnUser> searchForVpnUsers(ListVpnUsersCmd cmd);
+
 }
diff --git a/api/src/com/cloud/resource/Resource.java b/api/src/com/cloud/resource/Resource.java
index ebc5f3f434e..f4e8dd1d95a 100644
--- a/api/src/com/cloud/resource/Resource.java
+++ b/api/src/com/cloud/resource/Resource.java
@@ -30,7 +30,9 @@ public interface Resource {
         Reserving("Resource is being reserved right now"), 
         Reserved("Resource has been reserved."),  
         Releasing("Resource is being released"), 
-        Ready("Resource is ready which means it doesn't need to go through resservation");
+        Ready("Resource is ready which means it doesn't need to go through resservation"),
+        Deallocating("Resource is being deallocated"),
+        Free("Resource is now completely free");
 
         String _description;
         
diff --git a/api/src/com/cloud/server/ManagementService.java b/api/src/com/cloud/server/ManagementService.java
index 6715ca2d2a4..987e3884bc7 100644
--- a/api/src/com/cloud/server/ManagementService.java
+++ b/api/src/com/cloud/server/ManagementService.java
@@ -49,7 +49,6 @@ import com.cloud.api.commands.ListIsosCmd;
 import com.cloud.api.commands.ListPodsByCmd;
 import com.cloud.api.commands.ListPreallocatedLunsCmd;
 import com.cloud.api.commands.ListPublicIpAddressesCmd;
-import com.cloud.api.commands.ListRemoteAccessVpnsCmd;
 import com.cloud.api.commands.ListRoutersCmd;
 import com.cloud.api.commands.ListServiceOfferingsCmd;
 import com.cloud.api.commands.ListStoragePoolsCmd;
@@ -61,7 +60,6 @@ import com.cloud.api.commands.ListVMGroupsCmd;
 import com.cloud.api.commands.ListVMsCmd;
 import com.cloud.api.commands.ListVlanIpRangesCmd;
 import com.cloud.api.commands.ListVolumesCmd;
-import com.cloud.api.commands.ListVpnUsersCmd;
 import com.cloud.api.commands.ListZonesByCmd;
 import com.cloud.api.commands.RebootSystemVmCmd;
 import com.cloud.api.commands.RegisterCmd;
@@ -88,8 +86,6 @@ import com.cloud.exception.InvalidParameterValueException;
 import com.cloud.exception.PermissionDeniedException;
 import com.cloud.host.Host;
 import com.cloud.network.IpAddress;
-import com.cloud.network.RemoteAccessVpn;
-import com.cloud.network.VpnUser;
 import com.cloud.network.router.VirtualRouter;
 import com.cloud.offering.DiskOffering;
 import com.cloud.offering.ServiceOffering;
@@ -385,10 +381,6 @@ public interface ManagementService {
      */
     String uploadCertificate(UploadCustomCertificateCmd cmd);
     
-    public List<? extends RemoteAccessVpn> searchForRemoteAccessVpns(ListRemoteAccessVpnsCmd cmd);
-    
-    public List<? extends VpnUser> searchForVpnUsers(ListVpnUsersCmd cmd);
-
     String getVersion();
     
     /**
diff --git a/api/src/com/cloud/user/Account.java b/api/src/com/cloud/user/Account.java
index 92e0071d50a..f506a511871 100644
--- a/api/src/com/cloud/user/Account.java
+++ b/api/src/com/cloud/user/Account.java
@@ -49,14 +49,8 @@ public interface Account extends ControlledEntity {
 
     public long getId();
     public String getAccountName();
-    public void setAccountName(String accountId);
     public short getType();
-    public String getState();
-    public void setState(String state);
-    @Override
-    public long getDomainId();
+    public State getState();
     public Date getRemoved();
     public String getNetworkDomain();
-    public void setNetworkDomain(String networkDomain);
-    
 }
diff --git a/api/src/com/cloud/user/User.java b/api/src/com/cloud/user/User.java
index 2859e24697d..85c55ee5ba8 100644
--- a/api/src/com/cloud/user/User.java
+++ b/api/src/com/cloud/user/User.java
@@ -23,7 +23,7 @@ import java.util.Date;
 public interface User extends OwnedBy {
 	public static final long UID_SYSTEM = 1; 
 	
-	public Long getId();
+	public long getId();
 	
     public Date getCreated();
     
@@ -51,9 +51,9 @@ public interface User extends OwnedBy {
     
     public void setEmail(String email);
 
-    public String getState();
+    public Account.State getState();
 
-    public void setState(String state);
+    public void setState(Account.State state);
 
 	public String getApiKey();
 	
diff --git a/api/src/com/cloud/user/UserContext.java b/api/src/com/cloud/user/UserContext.java
index d0f0c1498d5..ae35844718c 100644
--- a/api/src/com/cloud/user/UserContext.java
+++ b/api/src/com/cloud/user/UserContext.java
@@ -46,11 +46,11 @@ public class UserContext {
         this.apiServer = apiServer;
     }
 
-    public long getUserId() {
+    public long getCallerUserId() {
         return userId;
     }
     
-    public void setUserId(long userId) {
+    public void setCallerUserId(long userId) {
         this.userId = userId;
     }
 
@@ -58,11 +58,11 @@ public class UserContext {
         return sessionId;
     }
 
-    public Account getAccount() {
+    public Account getCaller() {
         return account;
     }
 
-    public void setAccount(Account accountObject) {
+    public void setCaller(Account accountObject) {
         this.account = accountObject;
     }
 
@@ -90,8 +90,8 @@ public class UserContext {
 	    UserContext context = current();
 	    assert(context != null) : "Context should be already setup before you can call this one";
 
-	    context.setUserId(userId);
-	    context.setAccount(accountObject);
+	    context.setCallerUserId(userId);
+	    context.setCaller(accountObject);
 	    context.setSessionKey(sessionId);
 	}
 
diff --git a/core/src/com/cloud/agent/api/routing/DhcpEntryCommand.java b/core/src/com/cloud/agent/api/routing/DhcpEntryCommand.java
index e49035c85a6..291a8f6882e 100644
--- a/core/src/com/cloud/agent/api/routing/DhcpEntryCommand.java
+++ b/core/src/com/cloud/agent/api/routing/DhcpEntryCommand.java
@@ -19,7 +19,7 @@
 package com.cloud.agent.api.routing;
 
 
-public class DhcpEntryCommand extends RoutingCommand {
+public class DhcpEntryCommand extends NetworkElementCommand {
 
     String vmMac;
     String vmIpAddress;
diff --git a/core/src/com/cloud/agent/api/routing/LoadBalancerCfgCommand.java b/core/src/com/cloud/agent/api/routing/LoadBalancerCfgCommand.java
index fd2c38e98ba..3190e2a35d8 100644
--- a/core/src/com/cloud/agent/api/routing/LoadBalancerCfgCommand.java
+++ b/core/src/com/cloud/agent/api/routing/LoadBalancerCfgCommand.java
@@ -23,7 +23,7 @@ import com.cloud.network.LoadBalancerConfigurator;
  * @author chiradeep
  *
  */
-public class LoadBalancerCfgCommand extends RoutingCommand {
+public class LoadBalancerCfgCommand extends NetworkElementCommand {
 	private String [] config;
 	private String [] addFwRules;
 	private String [] removeFwRules;;
diff --git a/core/src/com/cloud/agent/api/routing/RemoteAccessVpnCfgCommand.java b/core/src/com/cloud/agent/api/routing/RemoteAccessVpnCfgCommand.java
index 669db7a954a..c1bae24cd14 100644
--- a/core/src/com/cloud/agent/api/routing/RemoteAccessVpnCfgCommand.java
+++ b/core/src/com/cloud/agent/api/routing/RemoteAccessVpnCfgCommand.java
@@ -19,9 +19,8 @@
 package com.cloud.agent.api.routing;
 
 
-public class RemoteAccessVpnCfgCommand extends RoutingCommand {
+public class RemoteAccessVpnCfgCommand extends NetworkElementCommand {
 	
-	String vpnAppliancePrivateIpAddress; //router private ip address typically
 	boolean create;
     String vpnServerIp;
     String ipRange;
@@ -42,8 +41,7 @@ public class RemoteAccessVpnCfgCommand extends RoutingCommand {
     }
     
     
-	public RemoteAccessVpnCfgCommand(boolean create, String routerPrivateIp, String vpnServerAddress, String localIp, String ipRange, String ipsecPresharedKey) {
-		this.vpnAppliancePrivateIpAddress = routerPrivateIp;
+	public RemoteAccessVpnCfgCommand(boolean create, String vpnServerAddress, String localIp, String ipRange, String ipsecPresharedKey) {
 		this.vpnServerIp = vpnServerAddress;
 		this.ipRange  = ipRange;
 		this.presharedKey = ipsecPresharedKey; 
@@ -79,12 +77,4 @@ public class RemoteAccessVpnCfgCommand extends RoutingCommand {
 		return localIp;
 	}
 
-	public String getVpnAppliancePrivateIpAddress() {
-		return vpnAppliancePrivateIpAddress;
-	}
-
-	public String getRouterPrivateIpAddress() {
-		return vpnAppliancePrivateIpAddress;
-	}
-
 }
diff --git a/core/src/com/cloud/agent/api/routing/SavePasswordCommand.java b/core/src/com/cloud/agent/api/routing/SavePasswordCommand.java
index fa11ef1af96..4c45d9bfcd1 100644
--- a/core/src/com/cloud/agent/api/routing/SavePasswordCommand.java
+++ b/core/src/com/cloud/agent/api/routing/SavePasswordCommand.java
@@ -19,7 +19,7 @@
 package com.cloud.agent.api.routing;
 
 
-public class SavePasswordCommand extends RoutingCommand {
+public class SavePasswordCommand extends NetworkElementCommand {
 
     String password;
     String vmIpAddress;
diff --git a/core/src/com/cloud/agent/api/routing/UserDataCommand.java b/core/src/com/cloud/agent/api/routing/UserDataCommand.java
index 184fe5251b8..93713b80dff 100644
--- a/core/src/com/cloud/agent/api/routing/UserDataCommand.java
+++ b/core/src/com/cloud/agent/api/routing/UserDataCommand.java
@@ -19,7 +19,7 @@
 package com.cloud.agent.api.routing;
 
 
-public class UserDataCommand extends RoutingCommand {
+public class UserDataCommand extends NetworkElementCommand {
 
     String userData;
     String vmIpAddress;
diff --git a/core/src/com/cloud/agent/api/routing/VmDataCommand.java b/core/src/com/cloud/agent/api/routing/VmDataCommand.java
index b7a5277e780..dfd7689c3f7 100644
--- a/core/src/com/cloud/agent/api/routing/VmDataCommand.java
+++ b/core/src/com/cloud/agent/api/routing/VmDataCommand.java
@@ -21,7 +21,7 @@ package com.cloud.agent.api.routing;
 import java.util.ArrayList;
 import java.util.List;
 
-public class VmDataCommand extends RoutingCommand {
+public class VmDataCommand extends NetworkElementCommand {
 
 	String routerPrivateIpAddress;
 	String vmIpAddress;
diff --git a/core/src/com/cloud/agent/api/routing/VpnUsersCfgCommand.java b/core/src/com/cloud/agent/api/routing/VpnUsersCfgCommand.java
index d80bae03b3b..b032144a154 100644
--- a/core/src/com/cloud/agent/api/routing/VpnUsersCfgCommand.java
+++ b/core/src/com/cloud/agent/api/routing/VpnUsersCfgCommand.java
@@ -22,7 +22,7 @@ import java.util.List;
 import com.cloud.network.VpnUserVO;
 
 
-public class VpnUsersCfgCommand extends RoutingCommand {
+public class VpnUsersCfgCommand extends NetworkElementCommand {
 	public static class UsernamePassword{ 
 		private String username;
 		private String password;
@@ -64,15 +64,13 @@ public class VpnUsersCfgCommand extends RoutingCommand {
 			return getUsername() + "," + getPassword();
 		}
 	}
-	String vpnAppliancePrivateIpAddress; //router private ip address typically
 	UsernamePassword [] userpwds;
 	
     protected VpnUsersCfgCommand() {
     	
     }
     
-    public VpnUsersCfgCommand(String routerIp, List<VpnUserVO> addUsers, List<VpnUserVO> removeUsers) {
-    	this.vpnAppliancePrivateIpAddress = routerIp;
+    public VpnUsersCfgCommand(List<VpnUserVO> addUsers, List<VpnUserVO> removeUsers) {
     	userpwds = new UsernamePassword[addUsers.size() + removeUsers.size()];
     	int i = 0;
     	for (VpnUserVO vpnUser: removeUsers) {
@@ -92,11 +90,4 @@ public class VpnUsersCfgCommand extends RoutingCommand {
 		return userpwds;
 	}
 
-	public String getVpnAppliancePrivateIpAddress() {
-		return vpnAppliancePrivateIpAddress;
-	}
-
-	public String getRouterPrivateIpAddress() {
-		return vpnAppliancePrivateIpAddress;
-	}
 }
diff --git a/core/src/com/cloud/agent/resource/virtualnetwork/VirtualRoutingResource.java b/core/src/com/cloud/agent/resource/virtualnetwork/VirtualRoutingResource.java
index 2221cfe612d..783316f7899 100755
--- a/core/src/com/cloud/agent/resource/virtualnetwork/VirtualRoutingResource.java
+++ b/core/src/com/cloud/agent/resource/virtualnetwork/VirtualRoutingResource.java
@@ -48,7 +48,7 @@ import com.cloud.agent.api.routing.DhcpEntryCommand;
 import com.cloud.agent.api.routing.IPAssocCommand;
 import com.cloud.agent.api.routing.IpAssocAnswer;
 import com.cloud.agent.api.routing.LoadBalancerCfgCommand;
-import com.cloud.agent.api.routing.RoutingCommand;
+import com.cloud.agent.api.routing.NetworkElementCommand;
 import com.cloud.agent.api.routing.LoadBalancerConfigCommand;
 import com.cloud.agent.api.routing.SavePasswordCommand;
 import com.cloud.agent.api.routing.SetPortForwardingRulesAnswer;
@@ -123,8 +123,8 @@ public class VirtualRoutingResource implements Manager {
     }
 
     private Answer execute(SetPortForwardingRulesCommand cmd) {
-        String routerIp = cmd.getAccessDetail(RoutingCommand.ROUTER_IP);
-        String routerName = cmd.getAccessDetail(RoutingCommand.ROUTER_NAME);
+        String routerIp = cmd.getAccessDetail(NetworkElementCommand.ROUTER_IP);
+        String routerName = cmd.getAccessDetail(NetworkElementCommand.ROUTER_NAME);
 
         String[] results = new String[cmd.getRules().length];
         int i = 0;
@@ -147,7 +147,7 @@ public class VirtualRoutingResource implements Manager {
     }
 
     private Answer execute(LoadBalancerConfigCommand cmd) {
-        String routerIp = cmd.getAccessDetail(RoutingCommand.ROUTER_IP);
+        String routerIp = cmd.getAccessDetail(NetworkElementCommand.ROUTER_IP);
         File tmpCfgFile = null;
         try {
             String cfgFilePath = "";
@@ -277,8 +277,8 @@ public class VirtualRoutingResource implements Manager {
         String[] results = new String[cmd.getIpAddresses().length];
         int i = 0;
         String result = null;
-        String routerName = cmd.getAccessDetail(RoutingCommand.ROUTER_NAME);
-        String routerIp = cmd.getAccessDetail(RoutingCommand.ROUTER_IP);
+        String routerName = cmd.getAccessDetail(NetworkElementCommand.ROUTER_NAME);
+        String routerIp = cmd.getAccessDetail(NetworkElementCommand.ROUTER_IP);
         for (IpAddressTO ip : ips) {
             result = assignPublicIpAddress(routerName, routerIp, ip.getPublicIp(), ip.isAdd(), ip.isSourceNat(), ip.getVlanId(), ip.getVlanGateway(), ip.getVlanNetmask());
             if (result != null) {
diff --git a/core/src/com/cloud/event/UsageEventVO.java b/core/src/com/cloud/event/UsageEventVO.java
index 4390978b8bf..4ed67fe527f 100644
--- a/core/src/com/cloud/event/UsageEventVO.java
+++ b/core/src/com/cloud/event/UsageEventVO.java
@@ -25,16 +25,12 @@ import javax.persistence.Entity;
 import javax.persistence.GeneratedValue;
 import javax.persistence.GenerationType;
 import javax.persistence.Id;
-import javax.persistence.PrimaryKeyJoinColumn;
-import javax.persistence.SecondaryTable;
 import javax.persistence.Table;
 
 import com.cloud.utils.db.GenericDao;
 
 @Entity
 @Table(name="usage_event")
-@SecondaryTable(name="account",
-        pkJoinColumns={@PrimaryKeyJoinColumn(name="account_id", referencedColumnName="id")})
 public class UsageEventVO implements UsageEvent {
 	@Id
     @GeneratedValue(strategy=GenerationType.IDENTITY)
@@ -91,7 +87,8 @@ public class UsageEventVO implements UsageEvent {
         this.resourceName = resourceName;
     }
 	
-	public long getId() {
+	@Override
+    public long getId() {
 		return id;
 	}
 	@Override
diff --git a/core/src/com/cloud/hypervisor/xen/resource/CitrixResourceBase.java b/core/src/com/cloud/hypervisor/xen/resource/CitrixResourceBase.java
index 0eb91718caf..5103171c8b7 100644
--- a/core/src/com/cloud/hypervisor/xen/resource/CitrixResourceBase.java
+++ b/core/src/com/cloud/hypervisor/xen/resource/CitrixResourceBase.java
@@ -127,7 +127,7 @@ import com.cloud.agent.api.routing.IpAssocAnswer;
 import com.cloud.agent.api.routing.LoadBalancerCfgCommand;
 import com.cloud.agent.api.routing.LoadBalancerConfigCommand;
 import com.cloud.agent.api.routing.RemoteAccessVpnCfgCommand;
-import com.cloud.agent.api.routing.RoutingCommand;
+import com.cloud.agent.api.routing.NetworkElementCommand;
 import com.cloud.agent.api.routing.SavePasswordCommand;
 import com.cloud.agent.api.routing.SetPortForwardingRulesAnswer;
 import com.cloud.agent.api.routing.SetPortForwardingRulesCommand;
@@ -944,8 +944,8 @@ public abstract class CitrixResourceBase implements ServerResource {
     protected SetPortForwardingRulesAnswer execute(SetPortForwardingRulesCommand cmd) {
         Connection conn = getConnection();
         String args;
-        String routerName = cmd.getAccessDetail(RoutingCommand.ROUTER_NAME);
-        String routerIp = cmd.getAccessDetail(RoutingCommand.ROUTER_IP);
+        String routerName = cmd.getAccessDetail(NetworkElementCommand.ROUTER_NAME);
+        String routerIp = cmd.getAccessDetail(NetworkElementCommand.ROUTER_IP);
         String[] results = new String[cmd.getRules().length];
         int i = 0;
         for (PortForwardingRuleTO rule : cmd.getRules()) {
@@ -1046,7 +1046,7 @@ public abstract class CitrixResourceBase implements ServerResource {
     
     protected Answer execute(final LoadBalancerConfigCommand cmd) {
         Connection conn = getConnection();
-        String routerIp = cmd.getAccessDetail(RoutingCommand.ROUTER_IP);
+        String routerIp = cmd.getAccessDetail(NetworkElementCommand.ROUTER_IP);
 
         if (routerIp == null) {
             return new Answer(cmd);
@@ -1119,7 +1119,7 @@ public abstract class CitrixResourceBase implements ServerResource {
     
     protected synchronized Answer execute(final RemoteAccessVpnCfgCommand cmd) {
         Connection conn = getConnection();
-        String args = cmd.getRouterPrivateIpAddress();
+        String args = cmd.getAccessDetail(NetworkElementCommand.ROUTER_IP);
         if (cmd.isCreate()) {
         	args += " -r " + cmd.getIpRange();
         	args += " -p " + cmd.getPresharedKey();
@@ -1141,7 +1141,7 @@ public abstract class CitrixResourceBase implements ServerResource {
     protected synchronized Answer execute(final VpnUsersCfgCommand cmd) {
         Connection conn = getConnection();
         for (VpnUsersCfgCommand.UsernamePassword userpwd: cmd.getUserpwds()) {
-            String args = cmd.getRouterPrivateIpAddress();
+            String args = cmd.getAccessDetail(NetworkElementCommand.ROUTER_IP);
         	if (!userpwd.isAdd()) {
         		args += " -U " + userpwd.getUsername();
         	} else {
@@ -1333,8 +1333,8 @@ public abstract class CitrixResourceBase implements ServerResource {
         Connection conn = getConnection();
         String[] results = new String[cmd.getIpAddresses().length];
         int i = 0;
-        String routerName = cmd.getAccessDetail(RoutingCommand.ROUTER_NAME);
-        String routerIp = cmd.getAccessDetail(RoutingCommand.ROUTER_IP);
+        String routerName = cmd.getAccessDetail(NetworkElementCommand.ROUTER_NAME);
+        String routerIp = cmd.getAccessDetail(NetworkElementCommand.ROUTER_IP);
         try {
             IpAddressTO[] ips = cmd.getIpAddresses(); 
             for (IpAddressTO ip : ips) {
diff --git a/core/src/com/cloud/network/VpnUserVO.java b/core/src/com/cloud/network/VpnUserVO.java
index c21fb726b5f..a48b0551c29 100644
--- a/core/src/com/cloud/network/VpnUserVO.java
+++ b/core/src/com/cloud/network/VpnUserVO.java
@@ -20,37 +20,36 @@ package com.cloud.network;
 
 import javax.persistence.Column;
 import javax.persistence.Entity;
+import javax.persistence.EnumType;
+import javax.persistence.Enumerated;
 import javax.persistence.GeneratedValue;
 import javax.persistence.GenerationType;
 import javax.persistence.Id;
-import javax.persistence.PrimaryKeyJoinColumn;
-import javax.persistence.SecondaryTable;
 import javax.persistence.Table;
 
 @Entity
 @Table(name=("vpn_users"))
-@SecondaryTable(name="account",
-        pkJoinColumns={@PrimaryKeyJoinColumn(name="account_id", referencedColumnName="id")})
 public class VpnUserVO implements VpnUser {
     @Id
     @GeneratedValue(strategy=GenerationType.IDENTITY)
     @Column(name="id")
     private long id;
 
-    @Column(name="account_id")
+    @Column(name="owner_id")
     private long accountId;
     
-    @Column(name="account_name", table="account", insertable=false, updatable=false)
-    private String accountName = null;
-    
-    @Column(name="domain_id", table="account", insertable=false, updatable=false)
+    @Column(name="domain_id")
     private long domainId;
 
     @Column(name="username")
     private String username;
     
     @Column(name="password")
-    private String password;
+    private String password;
+    
+    @Column(name="state")
+    @Enumerated(value=EnumType.STRING)
+    private State state;
 
     public VpnUserVO() { }
 
@@ -58,6 +57,7 @@ public class VpnUserVO implements VpnUser {
         this.accountId = accountId;
         this.username = userName;
         this.password = password;
+        this.state = State.Add;
     }
 
     @Override
@@ -70,11 +70,6 @@ public class VpnUserVO implements VpnUser {
         return accountId;
     }
     
-    @Override
-    public String getAccountName() {
-        return accountName;
-    }
-
 	@Override
     public String getUsername() {
 		return username;
@@ -88,20 +83,28 @@ public class VpnUserVO implements VpnUser {
     public String getPassword() {
 		return password;
 	}
+	
+	@Override
+    public State getState() {
+	    return state;
+	}
+	
+	public void setState(State state) {
+	    this.state = state;
+	}
 
 	public void setPassword(String password) {
 		this.password = password;
 	}
 
-	public void setId(Long id) {
-		this.id = id;
-	}
-
-
 	@Override
     public long getDomainId() {
 		return domainId;
 	}
     
-    
+
+	@Override
+    public String toString() {
+	    return new StringBuilder("VpnUser[").append(id).append("-").append(username).append("-").append(accountId).append("]").toString();
+	}
 }
diff --git a/core/src/com/cloud/user/AccountVO.java b/core/src/com/cloud/user/AccountVO.java
index 2bafcdf5bdf..f9b1d070d75 100644
--- a/core/src/com/cloud/user/AccountVO.java
+++ b/core/src/com/cloud/user/AccountVO.java
@@ -22,6 +22,8 @@ import java.util.Date;
 
 import javax.persistence.Column;
 import javax.persistence.Entity;
+import javax.persistence.EnumType;
+import javax.persistence.Enumerated;
 import javax.persistence.GeneratedValue;
 import javax.persistence.GenerationType;
 import javax.persistence.Id;
@@ -46,8 +48,9 @@ public class AccountVO implements Account {
     @Column(name="domain_id")
     private long domainId;
 
-    @Column(name="state")
-    private String state;
+    @Column(name="state")
+    @Enumerated(value=EnumType.STRING)
+    private State state;
 
     @Column(name=GenericDao.REMOVED_COLUMN)
     private Date removed;
@@ -80,15 +83,17 @@ public class AccountVO implements Account {
     @Override
     public String getAccountName() {
         return accountName;
-    }
-    @Override
+    }
+    
     public void setAccountName(String accountName) {
         this.accountName = accountName;
-    }
+    }
+    
     @Override
     public short getType() {
         return type;
-    }
+    }
+    
     public void setType(short type) {
         this.type = type;
     }
@@ -103,11 +108,11 @@ public class AccountVO implements Account {
     }
 
     @Override
-    public String getState() {
+    public State getState() {
         return state;
-    }
-    @Override
-    public void setState(String state) {
+    }
+    
+    public void setState(State state) {
         this.state = state;
     }
 
@@ -119,7 +124,7 @@ public class AccountVO implements Account {
     public String getNetworkDomain() {
         return networkDomain;
     }
-    @Override
+    
     public void setNetworkDomain(String networkDomain) {
         this.networkDomain = networkDomain;
     }
@@ -131,6 +136,6 @@ public class AccountVO implements Account {
     
     @Override
     public String toString() {
-        return new StringBuilder("Acct:").append(id).append(":").append(accountName).toString();
+        return new StringBuilder("Acct[").append(id).append("-").append(accountName).append("]").toString();
     }
 }
diff --git a/core/src/com/cloud/user/UserVO.java b/core/src/com/cloud/user/UserVO.java
index 6138a58ffea..6709d8d4a07 100644
--- a/core/src/com/cloud/user/UserVO.java
+++ b/core/src/com/cloud/user/UserVO.java
@@ -16,180 +16,197 @@
  * 
  */
 
-package com.cloud.user;
-
+package com.cloud.user;
+
 import java.util.Date;
 
 import javax.persistence.Column;
 import javax.persistence.Entity;
+import javax.persistence.EnumType;
+import javax.persistence.Enumerated;
 import javax.persistence.GeneratedValue;
 import javax.persistence.GenerationType;
 import javax.persistence.Id;
 import javax.persistence.Table;
-import javax.persistence.Transient;
 
+import com.cloud.user.Account.State;
 import com.cloud.utils.db.GenericDao;
-
-/**
- * A bean representing a user
- * 
- * @author Will Chan
- *
- */
-@Entity
-@Table(name="user")
-public class UserVO implements User {
-	@Id
-	@GeneratedValue(strategy=GenerationType.IDENTITY)
-	@Column(name="id")
-	private Long id = null;
-	
-	@Column(name="username")
-	private String username = null;
-	
-	@Column(name="password")
-	private String password = null;
-	
-	@Column(name="firstname")
-	private String firstname = null;
-	
-	@Column(name="lastname")
-	private String lastname = null;
-
-	@Column(name="account_id")
-	private long accountId;
-
-    @Column(name="email")
-    private String email = null;
-
-    @Column(name="state")
-    private String state;
-
-	@Column(name="api_key")
-	private String apiKey = null;
-
-	@Column(name="secret_key")
-	private String secretKey = null;
-	
-	@Column(name=GenericDao.CREATED_COLUMN)
-	private Date created;
-	
-    @Column(name=GenericDao.REMOVED_COLUMN)
-	private Date removed;
 
-    @Column(name="timezone")
+/**
+ * A bean representing a user
+ * 
+ * @author Will Chan
+ * 
+ */
+@Entity
+@Table(name = "user")
+public class UserVO implements User {
+    @Id
+    @GeneratedValue(strategy = GenerationType.IDENTITY)
+    @Column(name = "id")
+    private long id;
+
+    @Column(name = "username")
+    private String username = null;
+
+    @Column(name = "password")
+    private String password = null;
+
+    @Column(name = "firstname")
+    private String firstname = null;
+
+    @Column(name = "lastname")
+    private String lastname = null;
+
+    @Column(name = "account_id")
+    private long accountId;
+
+    @Column(name = "email")
+    private String email = null;
+
+    @Column(name = "state")
+    @Enumerated(value=EnumType.STRING)
+    private State state;
+
+    @Column(name = "api_key")
+    private String apiKey = null;
+
+    @Column(name = "secret_key")
+    private String secretKey = null;
+
+    @Column(name = GenericDao.CREATED_COLUMN)
+    private Date created;
+
+    @Column(name = GenericDao.REMOVED_COLUMN)
+    private Date removed;
+
+    @Column(name = "timezone")
     private String timezone;
-    
-    public UserVO() {}
-    public UserVO(Long id) {
-        this.id = id;
-    }
-
-	@Override
-    public Long getId() {
-		return id;
-	}
-	
-    @Override
-    public Date getCreated() {
-        return created;
-    }
-    @Override
-    public Date getRemoved() {
-        return removed;
-    }
-    
-	@Override
-    public String getUsername() {
-		return username;
-	}
-	@Override
-    public void setUsername(String username) {
-		this.username = username;
-	}
-	@Override
-    public String getPassword() {
-		return password;
-	}
-	@Override
-    public void setPassword(String password) {
-		this.password = password;
-	}
-	@Override
-    public String getFirstname() {
-		return firstname;
-	}
-	@Override
-    public void setFirstname(String firstname) {
-		this.firstname = firstname;
-	}
-	@Override
-    public String getLastname() {
-		return lastname;
-	}
-	@Override
-    public void setLastname(String lastname) {
-		this.lastname = lastname;
-	}
-	@Override
-    public long getAccountId() {
-	    return accountId;
-	}
-	@Override
-    public void setAccountId(long accountId) {
-	    this.accountId = accountId;
-	}
-    @Override
-    public String getEmail() {
-        return email;
-    }
-    @Override
-    public void setEmail(String email) {
-        this.email = email;
-    }
-    @Override
-    public String getState() {
-        return state;
-    }
-    @Override
-    public void setState(String state) {
-        this.state = state;
-    }
-	@Override
-    public String getApiKey() {
-	    return apiKey;
-	}
-	@Override
-    public void setApiKey(String apiKey) {
-	    this.apiKey = apiKey;
-	}
-    @Override
-    public String getSecretKey() {
-        return secretKey;
-    }
-    @Override
-    public void setSecretKey(String secretKey) {
-        this.secretKey = secretKey;
+
+    public UserVO() {
     }
-    @Override
-    public String getTimezone()
-    {
-    	return timezone;
-    }
-    @Override
-    public void setTimezone(String timezone)
-    {
-    	this.timezone = timezone;
+    
+    public UserVO(long id) {
+        this.id = id;
+    }
+
+    @Override
+    public long getId() {
+        return id;
+    }
+
+    @Override
+    public Date getCreated() {
+        return created;
+    }
+
+    @Override
+    public Date getRemoved() {
+        return removed;
+    }
+
+    @Override
+    public String getUsername() {
+        return username;
+    }
+
+    @Override
+    public void setUsername(String username) {
+        this.username = username;
+    }
+
+    @Override
+    public String getPassword() {
+        return password;
+    }
+
+    @Override
+    public void setPassword(String password) {
+        this.password = password;
+    }
+
+    @Override
+    public String getFirstname() {
+        return firstname;
+    }
+
+    @Override
+    public void setFirstname(String firstname) {
+        this.firstname = firstname;
+    }
+
+    @Override
+    public String getLastname() {
+        return lastname;
+    }
+
+    @Override
+    public void setLastname(String lastname) {
+        this.lastname = lastname;
+    }
+
+    @Override
+    public long getAccountId() {
+        return accountId;
+    }
+
+    @Override
+    public void setAccountId(long accountId) {
+        this.accountId = accountId;
+    }
+
+    @Override
+    public String getEmail() {
+        return email;
+    }
+
+    @Override
+    public void setEmail(String email) {
+        this.email = email;
+    }
+
+    @Override
+    public State getState() {
+        return state;
+    }
+
+    @Override
+    public void setState(State state) {
+        this.state = state;
+    }
+
+    @Override
+    public String getApiKey() {
+        return apiKey;
+    }
+
+    @Override
+    public void setApiKey(String apiKey) {
+        this.apiKey = apiKey;
+    }
+
+    @Override
+    public String getSecretKey() {
+        return secretKey;
+    }
+
+    @Override
+    public void setSecretKey(String secretKey) {
+        this.secretKey = secretKey;
+    }
+
+    @Override
+    public String getTimezone() {
+        return timezone;
+    }
+
+    @Override
+    public void setTimezone(String timezone) {
+        this.timezone = timezone;
     }
 
-    @Transient
-    String toString = null;
-    
     @Override
     public String toString() {
-        if (toString == null) {
-            toString = new StringBuilder("User:").append(id).append(":").append(username).toString(); 
-        }
-        return toString;
-    }
-}
+        return new StringBuilder("User[").append(id).append("-").append(username).append("]").toString();
+    }
+}
diff --git a/server/src/com/cloud/acl/DomainChecker.java b/server/src/com/cloud/acl/DomainChecker.java
index 7af3f8b42d8..9fa96b4216a 100644
--- a/server/src/com/cloud/acl/DomainChecker.java
+++ b/server/src/com/cloud/acl/DomainChecker.java
@@ -49,7 +49,7 @@ public class DomainChecker extends AdapterBase implements SecurityChecker {
     
     @Override
     public boolean checkAccess(Account account, Domain domain) throws PermissionDeniedException {
-        if (!account.getState().equals(Account.ACCOUNT_STATE_ENABLED)) {
+        if (account.getState() != Account.State.Enabled) {
             throw new PermissionDeniedException(account + " is disabled.");
         }
         
@@ -136,10 +136,11 @@ public class DomainChecker extends AdapterBase implements SecurityChecker {
 		    					//found as a child
 		    					return true;
 		    				}
-		    				if(domainRecord.getParent() != null)
-		    					domainRecord = _domainDao.findById(domainRecord.getParent());
-		    				else
-		    					break;
+		    				if(domainRecord.getParent() != null) {
+                                domainRecord = _domainDao.findById(domainRecord.getParent());
+                            } else {
+                                break;
+                            }
 		    			}
 		    		}
 				}
@@ -183,10 +184,11 @@ public class DomainChecker extends AdapterBase implements SecurityChecker {
 		    					//found as a child
 		    					return true;
 		    				}
-		    				if(domainRecord.getParent() != null)
-		    					domainRecord = _domainDao.findById(domainRecord.getParent());
-		    				else
-		    					break;
+		    				if(domainRecord.getParent() != null) {
+                                domainRecord = _domainDao.findById(domainRecord.getParent());
+                            } else {
+                                break;
+                            }
 		    			}
 		    		}
 				}
@@ -219,10 +221,11 @@ public class DomainChecker extends AdapterBase implements SecurityChecker {
 		    					//found as a child
 		    					return true;
 		    				}
-		    				if(domainRecord.getParent() != null)
-		    					domainRecord = _domainDao.findById(domainRecord.getParent());
-		    				else
-		    					break;
+		    				if(domainRecord.getParent() != null) {
+                                domainRecord = _domainDao.findById(domainRecord.getParent());
+                            } else {
+                                break;
+                            }
 		    			}
 		    		}
 				}
@@ -245,10 +248,11 @@ public class DomainChecker extends AdapterBase implements SecurityChecker {
 		    					//found as a child
 		    					return true;
 		    				}
-		    				if(localRecord.getParent() != null)
-		    					localRecord = _domainDao.findById(localRecord.getParent());
-		    				else
-		    					break;
+		    				if(localRecord.getParent() != null) {
+                                localRecord = _domainDao.findById(localRecord.getParent());
+                            } else {
+                                break;
+                            }
 		    			}
 		    		}
 		    		//didn't find in upper tree
diff --git a/server/src/com/cloud/api/ApiDBUtils.java b/server/src/com/cloud/api/ApiDBUtils.java
index 27fc552319f..a24cd05ae23 100755
--- a/server/src/com/cloud/api/ApiDBUtils.java
+++ b/server/src/com/cloud/api/ApiDBUtils.java
@@ -32,10 +32,10 @@ import com.cloud.network.LoadBalancerVO;
 import com.cloud.network.Network;
 import com.cloud.network.Network.Capability;
 import com.cloud.network.Network.Service;
-import com.cloud.network.Networks.TrafficType;
 import com.cloud.network.NetworkManager;
 import com.cloud.network.NetworkRuleConfigVO;
 import com.cloud.network.NetworkVO;
+import com.cloud.network.Networks.TrafficType;
 import com.cloud.network.dao.IPAddressDao;
 import com.cloud.network.dao.LoadBalancerDao;
 import com.cloud.network.dao.NetworkDao;
@@ -85,6 +85,7 @@ import com.cloud.user.dao.UserStatisticsDao;
 import com.cloud.uservm.UserVm;
 import com.cloud.utils.DateUtil;
 import com.cloud.utils.component.ComponentLocator;
+import com.cloud.utils.net.Ip;
 import com.cloud.vm.DomainRouterVO;
 import com.cloud.vm.InstanceGroupVO;
 import com.cloud.vm.Nic;
@@ -338,7 +339,7 @@ public class ApiDBUtils {
     }
 
     public static IPAddressVO findIpAddressById(String address) {
-        return _ipAddressDao.findById(address);
+        return _ipAddressDao.findById(new Ip(address));
     }
 
     public static GuestOSCategoryVO getHostGuestOSCategory(long hostId) {
@@ -419,19 +420,6 @@ public class ApiDBUtils {
         return _userVmDao.findById(vmId);
     }
 
-    public static UserVm findUserVmByPublicIpAndGuestIp(String publicIp, String guestIp) {
-        IPAddressVO addr = _ipAddressDao.findById(publicIp);
-        List<UserVmVO> vms = _userVmDao.listVmsUsingGuestIpAddress(addr.getDataCenterId(), guestIp);
-        if (vms != null) {
-            for (UserVmVO vm : vms) {
-                if (vm.getAccountId() == addr.getAllocatedToAccountId()) {
-                    return vm;
-                }
-            }
-        }
-        return null;
-    }
-
     public static VlanVO findVlanById(long vlanDbId) {
         return _vlanDao.findById(vlanDbId);
     }
diff --git a/server/src/com/cloud/api/ApiDispatcher.java b/server/src/com/cloud/api/ApiDispatcher.java
index 145120466de..6e985b88b71 100644
--- a/server/src/com/cloud/api/ApiDispatcher.java
+++ b/server/src/com/cloud/api/ApiDispatcher.java
@@ -107,17 +107,19 @@ public class ApiDispatcher {
             } else if (t instanceof ServerApiException) {
                 s_logger.warn(t.getClass() + " : " + ((ServerApiException) t).getDescription());
                 errorMsg = ((ServerApiException) t).getDescription();
-                if (UserContext.current().getAccount().getType() == Account.ACCOUNT_TYPE_ADMIN)
+                if (UserContext.current().getCaller().getType() == Account.ACCOUNT_TYPE_ADMIN) {
                     throw new ServerApiException(BaseCmd.INTERNAL_ERROR, t.getMessage());
-                else
-                    throw new ServerApiException(BaseCmd.INTERNAL_ERROR, BaseCmd.USER_ERROR_MESSAGE);      
+                } else {
+                    throw new ServerApiException(BaseCmd.INTERNAL_ERROR, BaseCmd.USER_ERROR_MESSAGE);
+                }      
             } else {
                 errorMsg = "Internal error";
                 s_logger.error("Exception while executing " + cmd.getClass().getSimpleName() + ":", t);
-                if (UserContext.current().getAccount().getType() == Account.ACCOUNT_TYPE_ADMIN)
+                if (UserContext.current().getCaller().getType() == Account.ACCOUNT_TYPE_ADMIN) {
                     throw new ServerApiException(BaseCmd.INTERNAL_ERROR, t.getMessage());
-                else
-                    throw new ServerApiException(BaseCmd.INTERNAL_ERROR, BaseCmd.USER_ERROR_MESSAGE);                
+                } else {
+                    throw new ServerApiException(BaseCmd.INTERNAL_ERROR, BaseCmd.USER_ERROR_MESSAGE);
+                }                
             }
         } finally {
             if(cmd.getCreateEventType() != null){
@@ -170,17 +172,19 @@ public class ApiDispatcher {
             } else if (t instanceof ServerApiException) {
                 errorMsg = ((ServerApiException) t).getDescription();
                 s_logger.warn(t.getClass()  + " : " + ((ServerApiException) t).getDescription());
-                if (UserContext.current().getAccount().getType() == Account.ACCOUNT_TYPE_ADMIN)
+                if (UserContext.current().getCaller().getType() == Account.ACCOUNT_TYPE_ADMIN) {
                     throw new ServerApiException(BaseCmd.INTERNAL_ERROR, t.getMessage());
-                else
+                } else {
                     throw new ServerApiException(BaseCmd.INTERNAL_ERROR, BaseCmd.USER_ERROR_MESSAGE);
+                }
             } else {
                 errorMsg = "Internal error";
                 s_logger.error("Exception while executing " + cmd.getClass().getSimpleName() + ":", t);
-                if (UserContext.current().getAccount().getType() == Account.ACCOUNT_TYPE_ADMIN)
+                if (UserContext.current().getCaller().getType() == Account.ACCOUNT_TYPE_ADMIN) {
                     throw new ServerApiException(BaseCmd.INTERNAL_ERROR, t.getMessage());
-                else
+                } else {
                     throw new ServerApiException(BaseCmd.INTERNAL_ERROR, BaseCmd.USER_ERROR_MESSAGE);
+                }
             }
         } finally {
             if(cmd instanceof BaseAsyncCmd){
diff --git a/server/src/com/cloud/api/ApiResponseHelper.java b/server/src/com/cloud/api/ApiResponseHelper.java
index 7fd9cff27b9..663e237981e 100644
--- a/server/src/com/cloud/api/ApiResponseHelper.java
+++ b/server/src/com/cloud/api/ApiResponseHelper.java
@@ -197,7 +197,7 @@ public class ApiResponseHelper implements ResponseGenerator {
         userResponse.setFirstname(user.getFirstname());
         userResponse.setId(user.getId());
         userResponse.setLastname(user.getLastname());
-        userResponse.setState(user.getState());
+        userResponse.setState(user.getState().toString());
         userResponse.setTimezone(user.getTimezone());
         userResponse.setUsername(user.getUsername());
         userResponse.setApiKey(user.getApiKey());
@@ -222,7 +222,7 @@ public class ApiResponseHelper implements ResponseGenerator {
         accountResponse.setAccountType(account.getType());
         accountResponse.setDomainId(account.getDomainId());
         accountResponse.setDomainName(ApiDBUtils.findDomainById(account.getDomainId()).getName());
-        accountResponse.setState(account.getState());
+        accountResponse.setState(account.getState().toString());
 
         // get network stat
         List<UserStatisticsVO> stats = ApiDBUtils.listUserStatsBy(account.getId());
@@ -597,7 +597,7 @@ public class ApiResponseHelper implements ResponseGenerator {
         long zoneId = ipAddress.getDataCenterId();
 
         IPAddressResponse ipResponse = new IPAddressResponse();
-        ipResponse.setIpAddress(ipAddress.getAddress());
+        ipResponse.setIpAddress(ipAddress.getAddress().toString());
         if (ipAddress.getAllocatedTime() != null) {
             ipResponse.setAllocated(ipAddress.getAllocatedTime());
         }
@@ -616,10 +616,10 @@ public class ApiResponseHelper implements ResponseGenerator {
         ipResponse.setForVirtualNetwork(forVirtualNetworks);
         ipResponse.setStaticNat(ipAddress.isOneToOneNat());
         
-        ipResponse.setAssociatedNetworkId(ipAddress.getAssociatedNetworkId());
+        ipResponse.setAssociatedNetworkId(ipAddress.getAssociatedWithNetworkId());
         
         //Network id the ip is associated withif associated networkId is null, try to get this information from vlan
-        Long associatedNetworkId = ipAddress.getAssociatedNetworkId(); 
+        Long associatedNetworkId = ipAddress.getAssociatedWithNetworkId(); 
         Long vlanNetworkId = ApiDBUtils.getVlanNetworkId(ipAddress.getVlanId());
         if (associatedNetworkId == null) {
             associatedNetworkId = vlanNetworkId;
@@ -638,7 +638,7 @@ public class ApiResponseHelper implements ResponseGenerator {
         ipResponse.setNetworkId(networkId);
         
         // show this info to admin only
-        Account account = UserContext.current().getAccount();
+        Account account = UserContext.current().getCaller();
         if ((account == null) || account.getType() == Account.ACCOUNT_TYPE_ADMIN) {
             ipResponse.setVlanId(ipAddress.getVlanId());
             ipResponse.setVlanName(ApiDBUtils.findVlanById(ipAddress.getVlanId()).getVlanTag());
@@ -698,7 +698,7 @@ public class ApiResponseHelper implements ResponseGenerator {
 
     @Override
     public ZoneResponse createZoneResponse(DataCenter dataCenter) {
-        Account account = UserContext.current().getAccount();
+        Account account = UserContext.current().getCaller();
         ZoneResponse zoneResponse = new ZoneResponse();
         zoneResponse.setId(dataCenter.getId());
         zoneResponse.setName(dataCenter.getName());
@@ -996,7 +996,7 @@ public class ApiResponseHelper implements ResponseGenerator {
         userVmResponse.setZoneId(userVm.getDataCenterId());
         userVmResponse.setZoneName(ApiDBUtils.findZoneById(userVm.getDataCenterId()).getName());
 
-        Account account = UserContext.current().getAccount();
+        Account account = UserContext.current().getCaller();
         // if user is an admin, display host id
         if (((account == null) || (account.getType() == Account.ACCOUNT_TYPE_ADMIN)) && (userVm.getHostId() != null)) {
             userVmResponse.setHostId(userVm.getHostId());
@@ -1264,10 +1264,10 @@ public class ApiResponseHelper implements ResponseGenerator {
         VpnUsersResponse vpnResponse = new VpnUsersResponse();
         vpnResponse.setId(vpnUser.getId());
         vpnResponse.setUserName(vpnUser.getUsername());
-        vpnResponse.setAccountName(vpnUser.getAccountName());
         
         Account accountTemp = ApiDBUtils.findAccountById(vpnUser.getAccountId());
         if (accountTemp != null) {
+            vpnResponse.setAccountName(accountTemp.getAccountName());
             vpnResponse.setDomainId(accountTemp.getDomainId());
             vpnResponse.setDomainName(ApiDBUtils.findDomainById(accountTemp.getDomainId()).getName());
         }
@@ -1279,15 +1279,14 @@ public class ApiResponseHelper implements ResponseGenerator {
     @Override
     public RemoteAccessVpnResponse createRemoteAccessVpnResponse(RemoteAccessVpn vpn) {
         RemoteAccessVpnResponse vpnResponse = new RemoteAccessVpnResponse();
-        vpnResponse.setId(vpn.getId());
-        vpnResponse.setPublicIp(vpn.getVpnServerAddress());
+        vpnResponse.setPublicIp(vpn.getServerAddress().toString());
         vpnResponse.setIpRange(vpn.getIpRange());
         vpnResponse.setPresharedKey(vpn.getIpsecPresharedKey());
-        vpnResponse.setAccountName(vpn.getAccountName());
+        vpnResponse.setDomainId(vpn.getDomainId());
         
         Account accountTemp = ApiDBUtils.findAccountById(vpn.getAccountId());
         if (accountTemp != null) {
-            vpnResponse.setDomainId(accountTemp.getDomainId());
+            vpnResponse.setAccountName(accountTemp.getAccountName());
             vpnResponse.setDomainName(ApiDBUtils.findDomainById(accountTemp.getDomainId()).getName());
         }
 
@@ -1636,7 +1635,7 @@ public class ApiResponseHelper implements ResponseGenerator {
             }
             
             //set status 
-            Account account = UserContext.current().getAccount();
+            Account account = UserContext.current().getCaller();
             boolean isAdmin = false;
             if ((account == null) || (account.getType() == Account.ACCOUNT_TYPE_ADMIN) || (account.getType() == Account.ACCOUNT_TYPE_DOMAIN_ADMIN)) {
                 isAdmin = true;
@@ -1708,7 +1707,7 @@ public class ApiResponseHelper implements ResponseGenerator {
             }
             
             //set status 
-            Account account = UserContext.current().getAccount();
+            Account account = UserContext.current().getCaller();
             boolean isAdmin = false;
             if ((account == null) || (account.getType() == Account.ACCOUNT_TYPE_ADMIN) || (account.getType() == Account.ACCOUNT_TYPE_DOMAIN_ADMIN)) {
                 isAdmin = true;
@@ -1868,7 +1867,9 @@ public class ApiResponseHelper implements ResponseGenerator {
                 response.setResponses(isoResponses);
                 
                 if(isBootable != null && !isBootable)
-                	continue; //fetch only non-bootable isos and return (for now only xen tools iso)
+                 {
+                    continue; //fetch only non-bootable isos and return (for now only xen tools iso)
+                }
             }
            
             List<VMTemplateHostVO> isoHosts = ApiDBUtils.listTemplateHostBy(iso.getId(), isoZonePair.second());
diff --git a/server/src/com/cloud/api/ApiServer.java b/server/src/com/cloud/api/ApiServer.java
index 4219f5f59d7..793901de0c8 100755
--- a/server/src/com/cloud/api/ApiServer.java
+++ b/server/src/com/cloud/api/ApiServer.java
@@ -381,8 +381,8 @@ public class ApiServer implements HttpRequestHandler {
 
     private String queueCommand(BaseCmd cmdObj, Map<String, String> params) {
     	UserContext ctx = UserContext.current();
-        Long userId = ctx.getUserId();
-        Account account = ctx.getAccount();
+        Long userId = ctx.getCallerUserId();
+        Account account = ctx.getCaller();
         if (cmdObj instanceof BaseAsyncCmd) {
             Long objectId = null;
             if (cmdObj instanceof BaseAsyncCreateCmd) {
@@ -416,7 +416,7 @@ public class ApiServer implements HttpRequestHandler {
             job.setInstanceType(asyncCmd.getInstanceType());
             job.setUserId(userId);
             if (account != null) {
-                job.setAccountId(ctx.getAccount().getId());
+                job.setAccountId(ctx.getCaller().getId());
             } else {
                 // Just have SYSTEM own the job for now.  Users won't be able to see this job,
                 // but in an admin case (like domain admin) they won't be able to see it anyway
@@ -461,7 +461,9 @@ public class ApiServer implements HttpRequestHandler {
         	// Using maps might possibly be more efficient if the set is large enough but for now, we'll just do a
         	// comparison of two lists.  Either way, there shouldn't be too many async jobs active for the account.
         	for (AsyncJob job : jobs) {
-        		if (job.getInstanceId() == null) continue;
+        		if (job.getInstanceId() == null) {
+                    continue;
+                }
         		for (ResponseObject response : responses) {
         		    if (response.getObjectId() != null && job.getInstanceId().longValue() == response.getObjectId().longValue()) {
         		        response.setJobId(job.getId());
@@ -473,7 +475,9 @@ public class ApiServer implements HttpRequestHandler {
     }
      
    private void buildAuditTrail(StringBuffer auditTrailSb, String command, String result) {
-        if (result == null) return;
+        if (result == null) {
+            return;
+        }
         auditTrailSb.append(" " + HttpServletResponse.SC_OK + " ");
         auditTrailSb.append(result);
         /*
@@ -594,7 +598,7 @@ public class ApiServer implements HttpRequestHandler {
             user = userAcctPair.first();
             Account account = userAcctPair.second();
 
-            if (!user.getState().equals(Account.ACCOUNT_STATE_ENABLED) || !account.getState().equals(Account.ACCOUNT_STATE_ENABLED)) {
+            if (user.getState() != Account.State.Enabled || !account.getState().equals(Account.State.Enabled)) {
                 s_logger.info("disabled or locked user accessing the api, userid = " + user.getId() + "; name = " + user.getUsername() + "; state: " + user.getState() + "; accountState: " + account.getState());
                 return false;
             }
@@ -668,16 +672,19 @@ public class ApiServer implements HttpRequestHandler {
         	Account account = _ms.findAccountById(userAcct.getAccountId());
             
             String hypervisorType = _ms.getConfigurationValue("hypervisor.type");
-            if (hypervisorType == null) 
-            	hypervisorType = "kvm";
+            if (hypervisorType == null) {
+                hypervisorType = "kvm";
+            }
             
             String directAttachSecurityGroupsEnabled = _ms.getConfigurationValue("direct.attach.security.groups.enabled");
-            if(directAttachSecurityGroupsEnabled == null) 
-            	directAttachSecurityGroupsEnabled = "false";     
+            if(directAttachSecurityGroupsEnabled == null) {
+                directAttachSecurityGroupsEnabled = "false";
+            }     
             
             String systemVmUseLocalStorage = _ms.getConfigurationValue("system.vm.use.local.storage");
-            if (systemVmUseLocalStorage == null) 
-            	systemVmUseLocalStorage = "false";            
+            if (systemVmUseLocalStorage == null) {
+                systemVmUseLocalStorage = "false";
+            }            
 
             // set the userId and account object for everyone
             session.setAttribute("userid", userAcct.getId());
@@ -722,7 +729,7 @@ public class ApiServer implements HttpRequestHandler {
     	    account = _ms.findAccountById(user.getAccountId());
     	}
 
-    	if ((user == null) || (user.getRemoved() != null) || !user.getState().equals(Account.ACCOUNT_STATE_ENABLED) || (account == null) || !account.getState().equals(Account.ACCOUNT_STATE_ENABLED)) {
+    	if ((user == null) || (user.getRemoved() != null) || !user.getState().equals(Account.State.Enabled) || (account == null) || !account.getState().equals(Account.State.Enabled)) {
     		s_logger.warn("Deleted/Disabled/Locked user with id=" + userId + " attempting to access public API");
     		return false;
     	}
@@ -864,9 +871,13 @@ public class ApiServer implements HttpRequestHandler {
                 	}
                 }
             } catch (ConnectionClosedException ex) {
-                if (s_logger.isTraceEnabled()) s_logger.trace("ApiServer:  Client closed connection");
+                if (s_logger.isTraceEnabled()) {
+                    s_logger.trace("ApiServer:  Client closed connection");
+                }
             } catch (IOException ex) {
-                if (s_logger.isTraceEnabled()) s_logger.trace("ApiServer:  IOException - " + ex);
+                if (s_logger.isTraceEnabled()) {
+                    s_logger.trace("ApiServer:  IOException - " + ex);
+                }
             } catch (HttpException ex) {
                 s_logger.warn("ApiServer:  Unrecoverable HTTP protocol violation" + ex);
             } finally {
diff --git a/server/src/com/cloud/api/ApiServlet.java b/server/src/com/cloud/api/ApiServlet.java
index 5867328d154..f7ab3b658de 100755
--- a/server/src/com/cloud/api/ApiServlet.java
+++ b/server/src/com/cloud/api/ApiServlet.java
@@ -254,7 +254,7 @@ public class ApiServlet extends HttpServlet {
             	updateUserContext(params, session != null ? session.getId() : null);
                 */
 
-            	auditTrailSb.insert(0, "(userId="+UserContext.current().getUserId()+ " accountId="+UserContext.current().getAccount().getId()+ " sessionId="+(session != null ? session.getId() : null)+ ")" );
+            	auditTrailSb.insert(0, "(userId="+UserContext.current().getCallerUserId()+ " accountId="+UserContext.current().getCaller().getId()+ " sessionId="+(session != null ? session.getId() : null)+ ")" );
 
             	try {
             		String response = _apiServer.handleRequest(params, true, responseType, auditTrailSb);            		
diff --git a/server/src/com/cloud/async/executor/DisableUserExecutor.java b/server/src/com/cloud/async/executor/DisableUserExecutor.java
index 6fc7e65a2ec..e7bc9bca5f7 100644
--- a/server/src/com/cloud/async/executor/DisableUserExecutor.java
+++ b/server/src/com/cloud/async/executor/DisableUserExecutor.java
@@ -27,7 +27,6 @@ import com.cloud.async.AsyncJobManager;
 import com.cloud.async.AsyncJobResult;
 import com.cloud.async.AsyncJobVO;
 import com.cloud.async.BaseAsyncJobExecutor;
-import com.cloud.async.SyncQueueItemVO;
 import com.cloud.serializer.GsonHelper;
 import com.cloud.server.ManagementServer;
 import com.cloud.user.Account;
@@ -40,7 +39,8 @@ import com.google.gson.Gson;
 public class DisableUserExecutor extends BaseAsyncJobExecutor {
     public static final Logger s_logger = Logger.getLogger(DisableUserExecutor.class.getName());
 	
-	public boolean execute() {
+	@Override
+    public boolean execute() {
 		Gson gson = GsonHelper.getBuilder().create();
 		AsyncJobManager asyncMgr = getAsyncJobMgr();
 		AsyncJobVO job = getJob();
@@ -84,8 +84,9 @@ public class DisableUserExecutor extends BaseAsyncJobExecutor {
 		AsyncJobManager asyncMgr = getAsyncJobMgr();
 		UserVO user = asyncMgr.getExecutorContext().getUserDao().findById(userId);
 		if(user == null) {
-			if(s_logger.isInfoEnabled())
-				s_logger.info("User " + userId + " does not exist");
+			if(s_logger.isInfoEnabled()) {
+                s_logger.info("User " + userId + " does not exist");
+            }
 			
 			asyncMgr.completeAsyncJob(getJob().getId(), AsyncJobResult.STATUS_FAILED, BaseCmd.INTERNAL_ERROR, 
 				"User " + userId + " does not exist");
@@ -129,7 +130,7 @@ public class DisableUserExecutor extends BaseAsyncJobExecutor {
 		
         List<UserVO> allUsersByAccount = asyncMgr.getExecutorContext().getUserDao().listByAccount(user.getAccountId());
         for (UserVO oneUser : allUsersByAccount) {
-            if (oneUser.getState().equals(Account.ACCOUNT_STATE_ENABLED)) {
+            if (oneUser.getState().equals(Account.State.Enabled)) {
                 return false;
             }
         }
@@ -149,8 +150,9 @@ public class DisableUserExecutor extends BaseAsyncJobExecutor {
 			
 			asyncMgr.updateAsyncJobStatus(job.getId(), routers.size(), "");
 			for(DomainRouterVO router : routers) {
-				if(s_logger.isInfoEnabled())
-					s_logger.info("Serialize DisableUser operation with previous activities on router " + router.getId());
+				if(s_logger.isInfoEnabled()) {
+                    s_logger.info("Serialize DisableUser operation with previous activities on router " + router.getId());
+                }
 				asyncMgr.syncAsyncJobExecution(job, "Router", router.getId());
 			}
 			
diff --git a/server/src/com/cloud/async/executor/DisassociateIpAddressExecutor.java b/server/src/com/cloud/async/executor/DisassociateIpAddressExecutor.java
deleted file mode 100644
index fadc692ce81..00000000000
--- a/server/src/com/cloud/async/executor/DisassociateIpAddressExecutor.java
+++ /dev/null
@@ -1,112 +0,0 @@
-/**
- *  Copyright (C) 2010 Cloud.com, Inc.  All rights reserved.
- * 
- * This software is licensed under the GNU General Public License v3 or later.
- * 
- * It is free software: you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation, either version 3 of the License, or any later version.
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- * GNU General Public License for more details.
- * 
- * You should have received a copy of the GNU General Public License
- * along with this program.  If not, see <http://www.gnu.org/licenses/>.
- * 
- */
-
-package com.cloud.async.executor;
-
-import org.apache.log4j.Logger;
-
-import com.cloud.api.BaseCmd;
-import com.cloud.async.AsyncJobManager;
-import com.cloud.async.AsyncJobResult;
-import com.cloud.async.AsyncJobVO;
-import com.cloud.async.BaseAsyncJobExecutor;
-import com.cloud.exception.PermissionDeniedException;
-import com.cloud.network.IPAddressVO;
-import com.cloud.network.dao.IPAddressDao;
-import com.cloud.serializer.GsonHelper;
-import com.cloud.server.ManagementServer;
-import com.cloud.vm.DomainRouterVO;
-import com.cloud.vm.dao.DomainRouterDao;
-import com.google.gson.Gson;
-
-public class DisassociateIpAddressExecutor extends BaseAsyncJobExecutor {
-    public static final Logger s_logger = Logger.getLogger(DisassociateIpAddressExecutor.class.getName());
-	
-	public boolean execute() {
-    	Gson gson = GsonHelper.getBuilder().create();
-    	AsyncJobManager asyncMgr = getAsyncJobMgr();
-    	AsyncJobVO job = getJob();
-    	ManagementServer managementServer = asyncMgr.getExecutorContext().getManagementServer();
-    	DisassociateIpAddressParam param = gson.fromJson(job.getCmdInfo(), DisassociateIpAddressParam.class);
-    	/*
-		if(getSyncSource() == null) {
-			DomainRouterVO router = getRouterSyncSource(param);
-	        if(router == null) {
-				asyncMgr.completeAsyncJob(getJob().getId(), AsyncJobResult.STATUS_FAILED, 
-					BaseCmd.NET_INVALID_PARAM_ERROR, "Unable to find router with given user " + param.getUserId() + " and ip " 
-					+ param.getIpAddress() + " to disassociate");
-	        } else {
-		    	asyncMgr.syncAsyncJobExecution(job.getId(), "Router", router.getId());
-	        }
-			return true;
-		} else {
-	    	try {
-	    		if(s_logger.isDebugEnabled())
-	    			s_logger.debug("Executing disassociateIpAddress, uid: " + param.getUserId() + ", account id: " 
-	    				+ param.getAccountId() + ", ip: " + param.getIpAddress());
-				boolean result = managementServer.disassociateIpAddress(param.getUserId(), 
-					param.getAccountId(), param.getIpAddress());
-				
-				if(result) {
-					if(s_logger.isDebugEnabled())
-						s_logger.debug("disassociateIpAddress executed successfully, complete async-execution");
-					
-					asyncMgr.completeAsyncJob(getJob().getId(), AsyncJobResult.STATUS_SUCCEEDED, 0, "success");
-				} else {
-					s_logger.warn("disassociateIpAddress execution failed, complete async-execution");
-					asyncMgr.completeAsyncJob(getJob().getId(), AsyncJobResult.STATUS_FAILED, BaseCmd.INTERNAL_ERROR, "failed");
-				}
-			} catch (PermissionDeniedException e) {
-				s_logger.warn("disassociateIpAddress execution failed : PermissionDeniedException, complete async-execution", e);
-				asyncMgr.completeAsyncJob(getJob().getId(), AsyncJobResult.STATUS_FAILED, BaseCmd.PARAM_ERROR, e.getMessage());
-			} catch(IllegalArgumentException e) {
-				s_logger.warn("disassociateIpAddress execution failed : IllegalArgumentException, complete async-execution", e);
-				asyncMgr.completeAsyncJob(getJob().getId(), AsyncJobResult.STATUS_FAILED, BaseCmd.PARAM_ERROR, e.getMessage());
-			} catch(Exception e) {
-				s_logger.warn("disassociateIpAddress execution failed : Exception, complete async-execution", e);
-				asyncMgr.completeAsyncJob(getJob().getId(), AsyncJobResult.STATUS_FAILED, BaseCmd.PARAM_ERROR, e.getMessage());
-			}
-		}
-		*/
-		return true;
-	}
-	
-	private DomainRouterVO getRouterSyncSource(DisassociateIpAddressParam param) {
-	    IPAddressDao ipAddressDao = getAsyncJobMgr().getExecutorContext().getIpAddressDao();
-	    DomainRouterDao routerDao = getAsyncJobMgr().getExecutorContext().getRouterDao();
-		
-        IPAddressVO ip = null;
-        try {
-            ip = ipAddressDao.acquireInLockTable(param.getIpAddress());
-            
-            DomainRouterVO router = null;
-            if (ip.isSourceNat()) {
-                router = routerDao.findByPublicIpAddress(param.getIpAddress());
-            } else {
-                router = routerDao.findBy(ip.getAllocatedToAccountId(), ip.getDataCenterId());
-            }
-            
-            return router;
-            
-        } finally {
-        	if(ip != null) {
-	            ipAddressDao.releaseFromLockTable(param.getIpAddress());
-        	}
-        }
-	}
-}
diff --git a/server/src/com/cloud/configuration/ConfigurationManagerImpl.java b/server/src/com/cloud/configuration/ConfigurationManagerImpl.java
index 2599bc0ca45..bf3ccbf144d 100755
--- a/server/src/com/cloud/configuration/ConfigurationManagerImpl.java
+++ b/server/src/com/cloud/configuration/ConfigurationManagerImpl.java
@@ -242,7 +242,7 @@ public class ConfigurationManagerImpl implements ConfigurationManager, Configura
     
     @Override
     public Configuration updateConfiguration(UpdateCfgCmd cmd) throws InvalidParameterValueException{
-    	Long userId = UserContext.current().getUserId();
+    	Long userId = UserContext.current().getCallerUserId();
     	String name = cmd.getCfgName();
     	String value = cmd.getValue();
     	
@@ -494,7 +494,7 @@ public class ConfigurationManagerImpl implements ConfigurationManager, Configura
     	Long userId = 1L;
     	
     	if (UserContext.current() != null) {
-            userId = UserContext.current().getUserId();
+            userId = UserContext.current().getCallerUserId();
         }
     	
     	// Make sure the pod exists
@@ -541,7 +541,7 @@ public class ConfigurationManagerImpl implements ConfigurationManager, Configura
     	String cidr = null;
     	Long id = cmd.getId();
     	String name = cmd.getPodName();
-    	Long userId = UserContext.current().getUserId();
+    	Long userId = UserContext.current().getCallerUserId();
 
     	//verify parameters
     	HostPodVO pod = _podDao.findById(id);;
@@ -670,7 +670,7 @@ public class ConfigurationManagerImpl implements ConfigurationManager, Configura
             throw new InvalidParameterValueException("Failed to create pod " + name + " -- if an end IP is specified, a start IP must be specified.");
         }
 
-        Long userId = UserContext.current().getUserId();
+        Long userId = UserContext.current().getCallerUserId();
         if (userId == null) {
             userId = Long.valueOf(User.UID_SYSTEM);
         }
@@ -895,7 +895,7 @@ public class ConfigurationManagerImpl implements ConfigurationManager, Configura
     @DB
     public boolean deleteZone(DeleteZoneCmd cmd) {
     	
-    	Long userId = UserContext.current().getUserId();
+    	Long userId = UserContext.current().getCallerUserId();
     	Long zoneId = cmd.getId();
     		
     	if (userId == null) {
@@ -950,7 +950,7 @@ public class ConfigurationManagerImpl implements ConfigurationManager, Configura
     	String vnetRange = cmd.getVlan();
     	String guestCidr = cmd.getGuestCidrAddress();
 //    	String domain = cmd.getDomain();
-    	Long userId = UserContext.current().getUserId();
+    	Long userId = UserContext.current().getCallerUserId();
 //    	Long domainId = cmd.getDomainId();
     	
     	if (userId == null) {
@@ -1196,7 +1196,7 @@ public class ConfigurationManagerImpl implements ConfigurationManager, Configura
     @Override
     public DataCenter createZone(CreateZoneCmd cmd)  {
         // grab parameters from the command
-        Long userId = UserContext.current().getUserId();
+        Long userId = UserContext.current().getCallerUserId();
         String zoneName = cmd.getZoneName();
         String dns1 = cmd.getDns1();
         String dns2 = cmd.getDns2();
@@ -1236,7 +1236,7 @@ public class ConfigurationManagerImpl implements ConfigurationManager, Configura
 
     @Override
     public ServiceOffering createServiceOffering(CreateServiceOfferingCmd cmd) throws InvalidParameterValueException {
-        Long userId = UserContext.current().getUserId();
+        Long userId = UserContext.current().getCallerUserId();
         if (userId == null) {
             userId = User.UID_SYSTEM;
         }
@@ -1327,7 +1327,7 @@ public class ConfigurationManagerImpl implements ConfigurationManager, Configura
     	Boolean ha = cmd.getOfferHa();
 //    	String tags = cmd.getTags();
     	Boolean useVirtualNetwork = cmd.getUseVirtualNetwork();
-    	Long userId = UserContext.current().getUserId();
+    	Long userId = UserContext.current().getCallerUserId();
     	Long domainId = cmd.getDomainId();
     	    	
         if (userId == null) {
@@ -1497,7 +1497,7 @@ public class ConfigurationManagerImpl implements ConfigurationManager, Configura
 //        }
 
     	if (_diskOfferingDao.update(diskOfferingId, diskOffering)) {
-            saveConfigurationEvent(UserContext.current().getUserId(), null, EventTypes.EVENT_DISK_OFFERING_EDIT, "Successfully updated disk offering with name: " + diskOffering.getName() + ".", "doId=" + diskOffering.getId(), "name=" + diskOffering.getName(),
+            saveConfigurationEvent(UserContext.current().getCallerUserId(), null, EventTypes.EVENT_DISK_OFFERING_EDIT, "Successfully updated disk offering with name: " + diskOffering.getName() + ".", "doId=" + diskOffering.getId(), "name=" + diskOffering.getName(),
                     "displayText=" + diskOffering.getDisplayText(), "diskSize=" + diskOffering.getDiskSize(),"tags=" + diskOffering.getTags(),"domainId="+cmd.getDomainId());
     		return _diskOfferingDao.findById(diskOfferingId);
     	} else { 
@@ -1526,7 +1526,7 @@ public class ConfigurationManagerImpl implements ConfigurationManager, Configura
     public boolean deleteServiceOffering(DeleteServiceOfferingCmd cmd) throws InvalidParameterValueException{
     	
         Long offeringId = cmd.getId();
-        Long userId = UserContext.current().getUserId();
+        Long userId = UserContext.current().getCallerUserId();
         
         if (userId == null) {
             userId = Long.valueOf(User.UID_SYSTEM);
@@ -1576,7 +1576,7 @@ public class ConfigurationManagerImpl implements ConfigurationManager, Configura
         String endIP = cmd.getEndIp();
         String vlanGateway = cmd.getGateway();
         String vlanNetmask = cmd.getNetmask();
-        Long userId = UserContext.current().getUserId();
+        Long userId = UserContext.current().getCallerUserId();
         String vlanId = cmd.getVlan();
         Boolean forVirtualNetwork = cmd.isForVirtualNetwork();
         Long networkId = cmd.getNetworkID();
@@ -2544,7 +2544,7 @@ public class ConfigurationManagerImpl implements ConfigurationManager, Configura
 	@Override
 	public boolean deleteVlanIpRange(DeleteVlanIpRangeCmd cmd) throws InvalidParameterValueException {
     	Long vlanDbId = cmd.getId();
-    	Long userId = UserContext.current().getUserId();
+    	Long userId = UserContext.current().getCallerUserId();
     	
     	if (userId == null) {
             userId = Long.valueOf(User.UID_SYSTEM);
@@ -2618,7 +2618,7 @@ public class ConfigurationManagerImpl implements ConfigurationManager, Configura
 	
     @Override
     public NetworkOffering createNetworkOffering(CreateNetworkOfferingCmd cmd) throws InvalidParameterValueException {
-        Long userId = UserContext.current().getUserId();
+        Long userId = UserContext.current().getCallerUserId();
         String name = cmd.getNetworkOfferingName();
         String displayText = cmd.getDisplayText();
         String tags = cmd.getTags();
@@ -2752,7 +2752,7 @@ public class ConfigurationManagerImpl implements ConfigurationManager, Configura
     @Override
     public boolean deleteNetworkOffering(DeleteNetworkOfferingCmd cmd) throws InvalidParameterValueException{        
         Long offeringId = cmd.getId();
-        Long userId = UserContext.current().getUserId();
+        Long userId = UserContext.current().getCallerUserId();
 
         //Verify network offering id
         NetworkOfferingVO offering = _networkOfferingDao.findById(offeringId);
diff --git a/server/src/com/cloud/configuration/DefaultComponentLibrary.java b/server/src/com/cloud/configuration/DefaultComponentLibrary.java
index e43391a1248..b8b96d2c727 100644
--- a/server/src/com/cloud/configuration/DefaultComponentLibrary.java
+++ b/server/src/com/cloud/configuration/DefaultComponentLibrary.java
@@ -81,6 +81,7 @@ import com.cloud.network.security.dao.SecurityGroupRulesDaoImpl;
 import com.cloud.network.security.dao.SecurityGroupVMMapDaoImpl;
 import com.cloud.network.security.dao.SecurityGroupWorkDaoImpl;
 import com.cloud.network.security.dao.VmRulesetLogDaoImpl;
+import com.cloud.network.vpn.RemoteAccessVpnManagerImpl;
 import com.cloud.offerings.dao.NetworkOfferingDaoImpl;
 import com.cloud.service.dao.ServiceOfferingDaoImpl;
 import com.cloud.storage.StorageManagerImpl;
@@ -114,8 +115,8 @@ import com.cloud.user.dao.UserStatisticsDaoImpl;
 import com.cloud.utils.Pair;
 import com.cloud.utils.component.Adapter;
 import com.cloud.utils.component.ComponentLibrary;
-import com.cloud.utils.component.Manager;
 import com.cloud.utils.component.ComponentLocator.ComponentInfo;
+import com.cloud.utils.component.Manager;
 import com.cloud.utils.db.GenericDao;
 import com.cloud.vm.ItWorkDaoImpl;
 import com.cloud.vm.UserVmManagerImpl;
@@ -286,6 +287,7 @@ public class DefaultComponentLibrary implements ComponentLibrary {
         addManager("EntityManager", EntityManagerImpl.class);
         addManager("LoadBalancingRulesManager", LoadBalancingRulesManagerImpl.class);
         addManager("RulesManager", RulesManagerImpl.class);
+        addManager("RemoteAccessVpnManager", RemoteAccessVpnManagerImpl.class);
     }
 
     protected <T> List<ComponentInfo<Adapter>> addAdapterChain(Class<T> interphace, List<Pair<String, Class<? extends T>>> adapters) {
diff --git a/server/src/com/cloud/migration/Db20to21MigrationUtil.java b/server/src/com/cloud/migration/Db20to21MigrationUtil.java
index fdf5da9d126..03068dd3784 100644
--- a/server/src/com/cloud/migration/Db20to21MigrationUtil.java
+++ b/server/src/com/cloud/migration/Db20to21MigrationUtil.java
@@ -125,7 +125,7 @@ public class Db20to21MigrationUtil {
         sb.done();
         
         SearchCriteria<DcPod> sc = sb.create();
-        List<DcPod> results = _dcDao.searchIncludingRemoved(sc, (Filter)null);
+        List<DcPod> results = _dcDao.customSearchIncludingRemoved(sc, (Filter)null);
         if(results.size() > 0) {
         	System.out.println("We've found following zones are deployed in your database");
         	for(DcPod cols : results) {
diff --git a/server/src/com/cloud/network/IPAddressVO.java b/server/src/com/cloud/network/IPAddressVO.java
index 583c09b42d7..eb170e81f9c 100644
--- a/server/src/com/cloud/network/IPAddressVO.java
+++ b/server/src/com/cloud/network/IPAddressVO.java
@@ -22,10 +22,14 @@ import java.util.Date;
 
 import javax.persistence.Column;
 import javax.persistence.Entity;
+import javax.persistence.EnumType;
+import javax.persistence.Enumerated;
 import javax.persistence.Id;
 import javax.persistence.Table;
 import javax.persistence.Temporal;
 import javax.persistence.TemporalType;
+
+import com.cloud.utils.net.Ip;
 
 /**
  * A bean representing a public IP Address
@@ -41,8 +45,9 @@ public class IPAddressVO implements IpAddress {
     private Long allocatedInDomainId = null;
 
 	@Id
-	@Column(name="public_ip_address")
-	private String address = null;
+	@Column(name="public_ip_address")
+	@Enumerated(value=EnumType.ORDINAL)
+	private Ip address = null;
 
 	@Column(name="data_center_id", updatable=false)
 	private long dataCenterId;
@@ -67,7 +72,7 @@ public class IPAddressVO implements IpAddress {
 	private long macAddress;
 	
 	@Column(name="network_id")
-	private Long associatedNetworkId;
+	private Long associatedWithNetworkId;
 
 	protected IPAddressVO() {
 	}
@@ -77,7 +82,7 @@ public class IPAddressVO implements IpAddress {
 	    return state == State.Allocated;
 	}
 
-	public IPAddressVO(String address, long dataCenterId, long macAddress, long vlanDbId, boolean sourceNat) {
+	public IPAddressVO(Ip address, long dataCenterId, long macAddress, long vlanDbId, boolean sourceNat) {
 		this.address = address;
 		this.dataCenterId = dataCenterId;
 		this.vlanId = vlanDbId;
@@ -99,7 +104,7 @@ public class IPAddressVO implements IpAddress {
 	}
 
 	@Override
-    public String getAddress() {
+    public Ip getAddress() {
 		return address;
 	}
 	
@@ -109,12 +114,12 @@ public class IPAddressVO implements IpAddress {
 	}
 	
 	@Override
-	public Long getAssociatedNetworkId() {
-	    return associatedNetworkId;
+	public Long getAssociatedWithNetworkId() {
+	    return associatedWithNetworkId;
 	}
 	
-	public void setAssociatedNetworkId(Long networkId) {
-	    this.associatedNetworkId = networkId;
+	public void setAssociatedWithNetworkId(Long networkId) {
+	    this.associatedWithNetworkId = networkId;
 	}
 	
     @Override
diff --git a/server/src/com/cloud/network/NetworkManager.java b/server/src/com/cloud/network/NetworkManager.java
index 38930949279..a3496d7005c 100644
--- a/server/src/com/cloud/network/NetworkManager.java
+++ b/server/src/com/cloud/network/NetworkManager.java
@@ -32,12 +32,14 @@ import com.cloud.network.Network.Service;
 import com.cloud.network.Networks.TrafficType;
 import com.cloud.network.addr.PublicIp;
 import com.cloud.network.rules.FirewallRule;
+import com.cloud.network.vpn.RemoteAccessVpnElement;
 import com.cloud.offering.NetworkOffering.GuestIpType;
 import com.cloud.offerings.NetworkOfferingVO;
 import com.cloud.service.ServiceOfferingVO;
 import com.cloud.user.Account;
 import com.cloud.user.AccountVO;
 import com.cloud.utils.Pair;
+import com.cloud.utils.net.Ip;
 import com.cloud.vm.DomainRouterVO;
 import com.cloud.vm.Nic;
 import com.cloud.vm.NicProfile;
@@ -84,7 +86,7 @@ public interface NetworkManager extends NetworkService {
      * @param ipAddress
      * @return true if it did; false if it didn't
      */
-    public boolean releasePublicIpAddress(String ipAddress, long ownerId, long userId);
+    public boolean releasePublicIpAddress(Ip ipAddress, long ownerId, long userId);
     
     /**
      * Associates or disassociates a list of public IP address for a router.
@@ -115,6 +117,8 @@ public interface NetworkManager extends NetworkService {
     void prepare(VirtualMachineProfile<? extends VMInstanceVO> profile, DeployDestination dest, ReservationContext context) throws InsufficientCapacityException, ConcurrentOperationException, ResourceUnavailableException;
     void release(VirtualMachineProfile<? extends VMInstanceVO> vmProfile);
     
+    void deallocate(VirtualMachineProfile<? extends VMInstanceVO> vm);
+    
     List<? extends Nic> getNics (VirtualMachine vm);
 	
     List<AccountVO> getAccountsUsingNetwork(long configurationId);    
@@ -133,4 +137,7 @@ public interface NetworkManager extends NetworkService {
 	
 	long getSystemNetworkIdByZoneAndTrafficTypeAndGuestType(long zoneId, TrafficType trafficType, GuestIpType guestType);
 	
+	List<? extends RemoteAccessVpnElement> getRemoteAccessVpnElements();
+	
+	PublicIpAddress getPublicIpAddress(Ip ipAddress);
 }
diff --git a/server/src/com/cloud/network/NetworkManagerImpl.java b/server/src/com/cloud/network/NetworkManagerImpl.java
index 18835e29c1a..500799e2a58 100755
--- a/server/src/com/cloud/network/NetworkManagerImpl.java
+++ b/server/src/com/cloud/network/NetworkManagerImpl.java
@@ -44,14 +44,10 @@ import com.cloud.agent.manager.Commands;
 import com.cloud.alert.AlertManager;
 import com.cloud.api.BaseCmd;
 import com.cloud.api.ServerApiException;
-import com.cloud.api.commands.AddVpnUserCmd;
 import com.cloud.api.commands.AssociateIPAddrCmd;
 import com.cloud.api.commands.CreateNetworkCmd;
-import com.cloud.api.commands.CreateRemoteAccessVpnCmd;
-import com.cloud.api.commands.DeleteRemoteAccessVpnCmd;
 import com.cloud.api.commands.DisassociateIPAddrCmd;
 import com.cloud.api.commands.ListNetworksCmd;
-import com.cloud.api.commands.RemoveVpnUserCmd;
 import com.cloud.api.commands.RestartNetworkCmd;
 import com.cloud.capacity.dao.CapacityDao;
 import com.cloud.configuration.Config;
@@ -73,7 +69,6 @@ import com.cloud.deploy.DeployDestination;
 import com.cloud.deploy.DeploymentPlan;
 import com.cloud.domain.dao.DomainDao;
 import com.cloud.event.EventTypes;
-import com.cloud.event.EventUtils;
 import com.cloud.event.EventVO;
 import com.cloud.event.UsageEventVO;
 import com.cloud.event.dao.EventDao;
@@ -111,6 +106,7 @@ import com.cloud.network.rules.FirewallRule;
 import com.cloud.network.rules.PortForwardingRuleVO;
 import com.cloud.network.rules.RulesManager;
 import com.cloud.network.rules.dao.PortForwardingRulesDao;
+import com.cloud.network.vpn.RemoteAccessVpnElement;
 import com.cloud.offering.NetworkOffering;
 import com.cloud.offering.NetworkOffering.GuestIpType;
 import com.cloud.offerings.NetworkOfferingVO;
@@ -251,14 +247,14 @@ public class NetworkManagerImpl implements NetworkManager, NetworkService, Manag
         if (vlanUse == VlanType.DirectAttached) {
             addr.setState(IpAddress.State.Allocated);
         } else {
-            addr.setAssociatedNetworkId(networkId);
+            addr.setAssociatedWithNetworkId(networkId);
         }
         
         if (!_ipAddressDao.update(addr.getAddress(), addr)) {
             throw new CloudRuntimeException("Found address to allocate but unable to update: " + addr);
         }
         if(!sourceNat){
-            UsageEventVO usageEvent = new UsageEventVO(EventTypes.EVENT_NET_IP_ASSIGN, owner.getAccountId(), dcId, 0, addr.getAddress());
+            UsageEventVO usageEvent = new UsageEventVO(EventTypes.EVENT_NET_IP_ASSIGN, owner.getAccountId(), dcId, 0, addr.getAddress().toString());
             _usageEventDao.persist(usageEvent);
         }
         
@@ -365,7 +361,7 @@ public class NetworkManagerImpl implements NetworkManager, NetworkService, Manag
         boolean sourceNat = false;
         Map<VlanVO, ArrayList<IPAddressVO>> vlanIpMap = new HashMap<VlanVO, ArrayList<IPAddressVO>>();
         for (final String ipAddress: ipAddrList) {
-            IPAddressVO ip = _ipAddressDao.findById(ipAddress);
+            IPAddressVO ip = _ipAddressDao.findById(new Ip(ipAddress));
 
             VlanVO vlan = _vlanDao.findById(ip.getVlanId());
             ArrayList<IPAddressVO> ipList = vlanIpMap.get(vlan.getId());
@@ -442,7 +438,7 @@ public class NetworkManagerImpl implements NetworkManager, NetworkService, Manag
      * @return
      */
     protected Account getAccountForApiCommand(String accountName, Long domainId) throws InvalidParameterValueException, PermissionDeniedException{
-        Account account = UserContext.current().getAccount();
+        Account account = UserContext.current().getCaller();
 
         if ((account == null) || isAdmin(account.getType())) {
             //The admin is making the call, determine if it is for someone else or for himself
@@ -496,7 +492,7 @@ public class NetworkManagerImpl implements NetworkManager, NetworkService, Manag
             for (IPAddressVO addr : userIps) {
                 if (addr.getState() == IpAddress.State.Allocating) {
                     addr.setState(IpAddress.State.Allocated);
-                    addr.setAssociatedNetworkId(network.getId());
+                    addr.setAssociatedWithNetworkId(network.getId());
                     _ipAddressDao.update(addr.getAddress(), addr);
                 } else if (addr.getState() == IpAddress.State.Releasing) {
                     _ipAddressDao.unassignIpAddress(addr.getAddress());
@@ -522,8 +518,8 @@ public class NetworkManagerImpl implements NetworkManager, NetworkService, Manag
         String accountName = cmd.getAccountName();
         long domainId = cmd.getDomainId();
         Long zoneId = cmd.getZoneId();
-        Account caller = UserContext.current().getAccount();
-        long userId = UserContext.current().getUserId();
+        Account caller = UserContext.current().getCaller();
+        long userId = UserContext.current().getCallerUserId();
 
         Account owner = _accountDao.findActiveAccount(accountName, domainId);
         if (owner == null) {
@@ -583,7 +579,7 @@ public class NetworkManagerImpl implements NetworkManager, NetworkService, Manag
             
             _accountMgr.incrementResourceCount(ownerId, ResourceType.public_ip);
 
-            String ipAddress = ip.getAddress();
+            Ip ipAddress = ip.getAddress();
             event.setParameters("address=" + ipAddress + "\nsourceNat=" + false + "\ndcId=" + zoneId);
             event.setDescription("Assigned a public IP address: " + ipAddress);
             _eventDao.persist(event);
@@ -629,19 +625,17 @@ public class NetworkManagerImpl implements NetworkManager, NetworkService, Manag
     }
 
     @Override
-    public boolean releasePublicIpAddress(String ipAddress, long ownerId, long userId) {
-        IPAddressVO ip = _ipAddressDao.markAsUnavailable(ipAddress, ownerId);
-        assert (ip != null) : "Unable to mark the ip address " + ipAddress + " owned by " + ownerId + " as unavailable.";
+    public boolean releasePublicIpAddress(Ip addr, long ownerId, long userId) {
+        IPAddressVO ip = _ipAddressDao.markAsUnavailable(addr, ownerId);
+        assert (ip != null) : "Unable to mark the ip address " + addr + " owned by " + ownerId + " as unavailable.";
         if (ip == null) {
             return true;
         }
         
         if (s_logger.isDebugEnabled()) {
-            s_logger.debug("Releasing ip " + ipAddress + "; sourceNat = " + ip.isSourceNat());
+            s_logger.debug("Releasing ip " + addr + "; sourceNat = " + ip.isSourceNat());
         }
         
-        Ip addr = new Ip(ip.getAddress());
-
         boolean success = true;
         try {
             if (!_rulesMgr.revokeAllRules(addr, userId)) {
@@ -658,8 +652,8 @@ public class NetworkManagerImpl implements NetworkManager, NetworkService, Manag
             success = false;
         }
         
-        if (ip.getAssociatedNetworkId() != null) {
-            Network network = _networksDao.findById(ip.getAssociatedNetworkId());
+        if (ip.getAssociatedWithNetworkId() != null) {
+            Network network = _networksDao.findById(ip.getAssociatedWithNetworkId());
             try {
                 if (!applyIpAssociations(network, true)) {
                     s_logger.warn("Unable to apply ip address associations for " + network);
@@ -671,16 +665,26 @@ public class NetworkManagerImpl implements NetworkManager, NetworkService, Manag
         }
         
         if (success) {
-            _ipAddressDao.unassignIpAddress(ipAddress);
-            s_logger.debug("released a public ip: " + ipAddress);    
+            _ipAddressDao.unassignIpAddress(addr);
+            s_logger.debug("released a public ip: " + addr);    
             if(!ip.isSourceNat()){       
-                UsageEventVO usageEvent = new UsageEventVO(EventTypes.EVENT_NET_IP_RELEASE, ownerId, ip.getDataCenterId(), 0, ipAddress);
+                UsageEventVO usageEvent = new UsageEventVO(EventTypes.EVENT_NET_IP_RELEASE, ownerId, ip.getDataCenterId(), 0, addr.toString());
                 _usageEventDao.persist(usageEvent);
             }
         }
         
+<<<<<<< HEAD
 
         EventUtils.saveEvent(userId, ip.getAllocatedToAccountId(), EventTypes.EVENT_NET_IP_RELEASE, "released a public ip: " + ipAddress);
+=======
+        final EventVO event = new EventVO();
+        event.setUserId(userId);
+        event.setAccountId(ip.getAllocatedToAccountId());
+        event.setType(EventTypes.EVENT_NET_IP_RELEASE);
+        event.setParameters("address=" + addr + "\nsourceNat="+ip.isSourceNat());
+        event.setDescription("released a public ip: " + addr);
+        _eventDao.persist(event);
+>>>>>>> remote access vpn, user ip address changes
         
         return success;
     }
@@ -693,42 +697,11 @@ public class NetworkManagerImpl implements NetworkManager, NetworkService, Manag
         return dflt;
     }
 
-    private void validateRemoteAccessVpnConfiguration() throws ConfigurationException {
-        String ipRange = _configs.get(Config.RemoteAccessVpnClientIpRange.key());
-        if (ipRange == null) {
-            s_logger.warn("Remote Access VPN configuration missing client ip range -- ignoring");
-            return;
-        }
-        Integer pskLength = getIntegerConfigValue(Config.RemoteAccessVpnPskLength.key(), 24);
-        if (pskLength != null && (pskLength < 8 || pskLength > 256)) {
-            throw new ConfigurationException("Remote Access VPN: IPSec preshared key length should be between 8 and 256");
-        } else if (pskLength == null) {
-            s_logger.warn("Remote Access VPN configuration missing Preshared Key Length -- ignoring");
-            return;
-        }
-
-        String [] range = ipRange.split("-");
-        if (range.length != 2) {
-            throw new ConfigurationException("Remote Access VPN: Invalid ip range " + ipRange);
-        }
-        if (!NetUtils.isValidIp(range[0]) || !NetUtils.isValidIp(range[1])){
-            throw new ConfigurationException("Remote Access VPN: Invalid ip in range specification " + ipRange);
-        }
-        if (!NetUtils.validIpRange(range[0], range[1])){
-            throw new ConfigurationException("Remote Access VPN: Invalid ip range " + ipRange);
-        }
-        String [] guestIpRange = getGuestIpRange();
-        if (NetUtils.ipRangesOverlap(range[0], range[1], guestIpRange[0], guestIpRange[1])) {
-            throw new ConfigurationException("Remote Access VPN: Invalid ip range: " + ipRange + " overlaps with guest ip range " + guestIpRange[0] + "-" + guestIpRange[1]);
-        }
-    }
-
     @Override
     public boolean configure(final String name, final Map<String, Object> params) throws ConfigurationException {
         _name = name;
 
         _configs = _configDao.getConfiguration("AgentManager", params);
-        validateRemoteAccessVpnConfiguration();
         Integer rateMbps = getIntegerConfigValue(Config.NetworkThrottlingRate.key(), null);  
         Integer multicastRateMbps = getIntegerConfigValue(Config.MulticastThrottlingRate.key(), null);
         _networkGcWait = NumbersUtil.parseInt(_configs.get(Config.NetworkGcWait.key()), 600);
@@ -1153,7 +1126,7 @@ public class NetworkManagerImpl implements NetworkManager, NetworkService, Manag
                 (accountType == Account.ACCOUNT_TYPE_READ_ONLY_ADMIN));
     }
 
-    private Account findAccountByIpAddress(String ipAddress) {
+    private Account findAccountByIpAddress(Ip ipAddress) {
         IPAddressVO address = _ipAddressDao.findById(ipAddress);
         if ((address != null) && (address.getAllocatedToAccountId() != null)) {
             return _accountDao.findById(address.getAllocatedToAccountId());
@@ -1165,9 +1138,9 @@ public class NetworkManagerImpl implements NetworkManager, NetworkService, Manag
     @DB
     public boolean disassociateIpAddress(DisassociateIPAddrCmd cmd) throws PermissionDeniedException, IllegalArgumentException {
 
-        Long userId = UserContext.current().getUserId();
-        Account account = UserContext.current().getAccount();
-        String ipAddress = cmd.getIpAddress();
+        Long userId = UserContext.current().getCallerUserId();
+        Account account = UserContext.current().getCaller();
+        Ip ipAddress = cmd.getIpAddress();
 
         // Verify input parameters
         Account accountByIp = findAccountByIpAddress(ipAddress);
@@ -1279,330 +1252,6 @@ public class NetworkManagerImpl implements NetworkManager, NetworkService, Manag
         return setupNetwork(owner, networkOffering, plan, null, null, false);
     }
 
-    private String [] getGuestIpRange() {
-        String guestRouterIp = _configs.get(Config.GuestIpNetwork.key());
-        String guestNetmask = _configs.get(Config.GuestNetmask.key());
-        return NetUtils.ipAndNetMaskToRange(guestRouterIp, guestNetmask);
-    }
-
-
-    @Override
-    @DB
-    public RemoteAccessVpnVO createRemoteAccessVpn(CreateRemoteAccessVpnCmd cmd)
-    throws InvalidParameterValueException, PermissionDeniedException, ConcurrentOperationException {
-        return null;
-//        String publicIp = cmd.getPublicIp();
-//        IPAddressVO ipAddr = null;
-//        Account account = getAccountForApiCommand(cmd.getAccountName(), cmd.getDomainId());
-//        if (publicIp == null) {
-//            List<IPAddressVO> accountAddrs = _ipAddressDao.listByAccount(account.getId());
-//            for (IPAddressVO addr: accountAddrs){
-//                if (addr.getSourceNat() && addr.getDataCenterId() == cmd.getZoneId()){
-//                    ipAddr = addr;
-//                    publicIp = ipAddr.getAddress();
-//                    break;
-//                }
-//            }
-//            if (ipAddr == null) {
-//                throw new InvalidParameterValueException("Account " + account.getAccountName() +  " does not have any public ip addresses in zone " + cmd.getZoneId());
-//            }
-//        }
-//
-//        // make sure ip address exists
-//        ipAddr = _ipAddressDao.findById(publicIp);
-//        if (ipAddr == null) {
-//            throw new InvalidParameterValueException("Unable to create remote access vpn, invalid public IP address " + publicIp);
-//        }
-//
-//        VlanVO vlan = _vlanDao.findById(ipAddr.getVlanDbId());
-//        if (vlan != null) {
-//            if (!VlanType.VirtualNetwork.equals(vlan.getVlanType())) {
-//                throw new InvalidParameterValueException("Unable to create VPN for IP address " + publicIp + ", only VirtualNetwork type IP addresses can be used for VPN.");
-//            }
-//        } 
-//        assert vlan != null:"Inconsistent DB state -- ip address does not belong to any vlan?";
-//
-//        if ((ipAddr.getAccountId() == null) || (ipAddr.getAllocated() == null)) {
-//            throw new PermissionDeniedException("Unable to create VPN, permission denied for ip " + publicIp);
-//        }
-//
-//        if (account != null) {
-//            if ((account.getType() == Account.ACCOUNT_TYPE_ADMIN) || (account.getType() == Account.ACCOUNT_TYPE_DOMAIN_ADMIN)) {
-//                if (!_domainDao.isChildDomain(account.getDomainId(), ipAddr.getDomainId())) {
-//                    throw new PermissionDeniedException("Unable to create VPN with public IP address " + publicIp + ", permission denied.");
-//                }
-//            } else if (account.getId() != ipAddr.getAccountId().longValue()) {
-//                throw new PermissionDeniedException("Unable to create VPN for account " + account.getAccountName() + " doesn't own ip address " + publicIp);
-//            }
-//        }
-//
-//        RemoteAccessVpnVO vpnVO = _remoteAccessVpnDao.findByPublicIpAddress(publicIp);
-//        if (vpnVO != null) {
-//            throw new InvalidParameterValueException("A Remote Access VPN already exists for this public Ip address");
-//        }
-//        //TODO: assumes one virtual network / domr per account per zone
-//        vpnVO = _remoteAccessVpnDao.findByAccountAndZone(account.getId(), cmd.getZoneId());
-//        if (vpnVO != null) {
-//            throw new InvalidParameterValueException("A Remote Access VPN already exists for this account");
-//        }
-//        String ipRange = cmd.getIpRange();
-//        if (ipRange == null) {
-//            ipRange = _configs.get(Config.RemoteAccessVpnClientIpRange.key());
-//        }
-//        String [] range = ipRange.split("-");
-//        if (range.length != 2) {
-//            throw new InvalidParameterValueException("Invalid ip range");
-//        }
-//        if (!NetUtils.isValidIp(range[0]) || !NetUtils.isValidIp(range[1])){
-//            throw new InvalidParameterValueException("Invalid ip in range specification " + ipRange);
-//        }
-//        if (!NetUtils.validIpRange(range[0], range[1])){
-//            throw new InvalidParameterValueException("Invalid ip range " + ipRange);
-//        }
-//        String [] guestIpRange = getGuestIpRange();
-//        if (NetUtils.ipRangesOverlap(range[0], range[1], guestIpRange[0], guestIpRange[1])) {
-//            throw new InvalidParameterValueException("Invalid ip range: " + ipRange + " overlaps with guest ip range " + guestIpRange[0] + "-" + guestIpRange[1]);
-//        }
-//        //TODO: check sufficient range
-//        //TODO: check overlap with private and public ip ranges in datacenter
-//
-//        long startIp = NetUtils.ip2Long(range[0]);
-//        String newIpRange = NetUtils.long2Ip(++startIp) + "-" + range[1];
-//        String sharedSecret = PasswordGenerator.generatePresharedKey(getIntegerConfigValue(Config.RemoteAccessVpnPskLength.key(), 24)); 
-//        Transaction txn = Transaction.currentTxn();
-//        txn.start();
-//        boolean locked = false;
-//        try {
-//            ipAddr = _ipAddressDao.acquireInLockTable(publicIp);
-//            if (ipAddr == null) {
-//                throw new ConcurrentOperationException("Another operation active, unable to create vpn");
-//            }
-//            locked = true;
-//            //check overlap with port forwarding rules on this ip (udp ports 500, 4500)
-//            List<PortForwardingRuleVO> existing = _rulesDao.listIPForwardingByPortAndProto(publicIp, NetUtils.VPN_PORT, NetUtils.UDP_PROTO);
-//            if (!existing.isEmpty()) {
-//                throw new InvalidParameterValueException("UDP Port " + NetUtils.VPN_PORT + " is configured for destination NAT");
-//            }
-//            existing = _rulesDao.listIPForwardingByPortAndProto(publicIp, NetUtils.VPN_NATT_PORT, NetUtils.UDP_PROTO);
-//            if (!existing.isEmpty()) {
-//                throw new InvalidParameterValueException("UDP Port " + NetUtils.VPN_NATT_PORT + " is configured for destination NAT");
-//            }
-//            existing = _rulesDao.listIPForwardingByPortAndProto(publicIp, NetUtils.VPN_L2TP_PORT, NetUtils.UDP_PROTO);
-//            if (!existing.isEmpty()) {
-//                throw new InvalidParameterValueException("UDP Port " + NetUtils.VPN_L2TP_PORT + " is configured for destination NAT");
-//            }
-//            if (_rulesDao.isPublicIpOneToOneNATted(publicIp)) {
-//                throw new InvalidParameterValueException("Public Ip " + publicIp + " is configured for destination NAT");
-//            }
-//            vpnVO = new RemoteAccessVpnVO(account.getId(), cmd.getZoneId(), publicIp, range[0], newIpRange, sharedSecret);
-//            vpnVO = _remoteAccessVpnDao.persist(vpnVO);
-//            PortForwardingRuleVO rule = new PortForwardingRuleVO(null, publicIp, NetUtils.VPN_PORT, guestIpRange[0], NetUtils.VPN_PORT, true, NetUtils.UDP_PROTO, false, null);
-//            _rulesDao.persist(rule);
-//            rule = new PortForwardingRuleVO(null, publicIp, NetUtils.VPN_NATT_PORT, guestIpRange[0], NetUtils.VPN_NATT_PORT, true, NetUtils.UDP_PROTO, false, null);
-//            _rulesDao.persist(rule);
-//            rule = new PortForwardingRuleVO(null, publicIp, NetUtils.VPN_L2TP_PORT, guestIpRange[0], NetUtils.VPN_L2TP_PORT, true, NetUtils.UDP_PROTO, false, null);
-//            _rulesDao.persist(rule);
-//            txn.commit();
-//            return vpnVO;
-//        } finally {
-//            if (locked) {
-//                _ipAddressDao.releaseFromLockTable(publicIp);
-//            }
-//        }
-    }
-
-    @Override
-    @DB
-    public RemoteAccessVpnVO startRemoteAccessVpn(CreateRemoteAccessVpnCmd cmd) throws ConcurrentOperationException, ResourceUnavailableException {
-        Long userId = UserContext.current().getUserId();
-        Account account = getAccountForApiCommand(cmd.getAccountName(), cmd.getDomainId());
-        EventUtils.saveStartedEvent(userId, account.getId(), EventTypes.EVENT_REMOTE_ACCESS_VPN_CREATE, "Creating a Remote Access VPN for account: " + account.getAccountName() + " in zone " + cmd.getZoneId(), cmd.getStartEventId());
-        RemoteAccessVpnVO vpnVO = _remoteAccessVpnDao.findById(cmd.getEntityId());
-        String publicIp = vpnVO.getVpnServerAddress();
-        Long  vpnId = vpnVO.getId();
-        Transaction txn = Transaction.currentTxn();
-        txn.start();
-        boolean locked = false;
-        boolean created = false;
-        try {
-            IPAddressVO ipAddr = _ipAddressDao.acquireInLockTable(publicIp);
-            if (ipAddr == null) {
-                throw new ConcurrentOperationException("Another operation active, unable to create vpn");
-            }
-            locked = true;
-
-            vpnVO = _routerMgr.startRemoteAccessVpn(vpnVO);
-            created = (vpnVO != null);
-
-            return vpnVO;
-        } finally {
-            if (created) {
-                EventUtils.saveEvent(userId, account.getId(), EventTypes.EVENT_REMOTE_ACCESS_VPN_CREATE, "Created a Remote Access VPN for account: " + account.getAccountName() + " in zone " + cmd.getZoneId());
-            } else {
-                EventUtils.saveEvent(userId, account.getId(), EventVO.LEVEL_ERROR, EventTypes.EVENT_REMOTE_ACCESS_VPN_CREATE, "Unable to create Remote Access VPN ", account.getAccountName() + " in zone " + cmd.getZoneId());
-                _remoteAccessVpnDao.remove(vpnId);
-            }
-            txn.commit();
-            if (locked) {
-                _ipAddressDao.releaseFromLockTable(publicIp);
-            }
-        }
-    }
-
-    @Override
-    @DB
-    public boolean destroyRemoteAccessVpn(DeleteRemoteAccessVpnCmd cmd) throws ConcurrentOperationException {
-//        Long userId = UserContext.current().getUserId();
-//        Account account = getAccountForApiCommand(cmd.getAccountName(), cmd.getDomainId());
-//        //TODO: assumes one virtual network / domr per account per zone
-//        RemoteAccessVpnVO vpnVO = _remoteAccessVpnDao.findByAccountAndZone(account.getId(), cmd.getZoneId());
-//        if (vpnVO == null) {
-//            throw new InvalidParameterValueException("No VPN found for account " + account.getAccountName() + " in zone " + cmd.getZoneId());
-//        }
-//        EventUtils.saveStartedEvent(userId, account.getId(), EventTypes.EVENT_REMOTE_ACCESS_VPN_DESTROY, "Deleting Remote Access VPN for account: " + account.getAccountName() + " in zone " + cmd.getZoneId(), cmd.getStartEventId());
-//        String publicIp = vpnVO.getVpnServerAddress();
-//        Long  vpnId = vpnVO.getId();
-//        Transaction txn = Transaction.currentTxn();
-//        txn.start();
-//        boolean locked = false;
-//        boolean deleted = false;
-//        try {
-//            IPAddressVO ipAddr = _ipAddressDao.acquireInLockTable(publicIp);
-//            if (ipAddr == null) {
-//                throw new ConcurrentOperationException("Another operation active, unable to create vpn");
-//            }
-//            locked = true;
-//
-//            deleted = _routerMgr.deleteRemoteAccessVpn(vpnVO);
-//            return deleted;
-//        } finally {
-//            if (deleted) {
-//                _remoteAccessVpnDao.remove(vpnId);
-//                _rulesDao.deleteIPForwardingByPublicIpAndPort(publicIp, NetUtils.VPN_PORT);
-//                _rulesDao.deleteIPForwardingByPublicIpAndPort(publicIp, NetUtils.VPN_NATT_PORT);
-//                _rulesDao.deleteIPForwardingByPublicIpAndPort(publicIp, NetUtils.VPN_L2TP_PORT);
-//                EventUtils.saveEvent(userId, account.getId(), EventTypes.EVENT_REMOTE_ACCESS_VPN_DESTROY, "Deleted Remote Access VPN for account: " + account.getAccountName() + " in zone " + cmd.getZoneId());
-//            } else {
-//                EventUtils.saveEvent(userId, account.getId(), EventVO.LEVEL_ERROR, EventTypes.EVENT_REMOTE_ACCESS_VPN_DESTROY, "Unable to delete Remote Access VPN ", account.getAccountName() + " in zone " + cmd.getZoneId());
-//            }
-//            txn.commit();
-//            if (locked) {
-//                _ipAddressDao.releaseFromLockTable(publicIp);
-//            }
-//        }
-        return false; // FIXME
-    }
-
-    @Override
-    @DB
-    public VpnUserVO addVpnUser(AddVpnUserCmd cmd) throws ConcurrentOperationException, InvalidParameterValueException, AccountLimitException {
-        Long userId = UserContext.current().getUserId();
-        Account account = getAccountForApiCommand(cmd.getAccountName(), cmd.getDomainId());
-        EventUtils.saveStartedEvent(userId, account.getId(), EventTypes.EVENT_VPN_USER_ADD, "Add VPN user for account: " + account.getAccountName(), cmd.getStartEventId());
-
-        if (!cmd.getUserName().matches("^[a-zA-Z0-9][a-zA-Z0-9@._-]{2,63}$")) {
-            throw new InvalidParameterValueException("Username has to be begin with an alphabet have 3-64 characters including alphabets, numbers and the set '@.-_'");
-        }
-        if (!cmd.getPassword().matches("^[a-zA-Z0-9][a-zA-Z0-9@#+=._-]{2,31}$")) {
-            throw new InvalidParameterValueException("Password has to be 3-32 characters including alphabets, numbers and the set '@#+=.-_'");
-        }
-        account = _accountDao.acquireInLockTable(account.getId());
-        if (account == null) {
-            throw new ConcurrentOperationException("Unable to add vpn user: Another operation active");
-        }
-        try {
-            long userCount = _vpnUsersDao.getVpnUserCount(account.getId());
-            Integer userLimit = getIntegerConfigValue(Config.RemoteAccessVpnUserLimit.key(), 8);
-            if (userCount >= userLimit) {
-                throw new AccountLimitException("Cannot add more than " + userLimit + " remote access vpn users");
-            }
-            VpnUserVO user = addRemoveVpnUser(account, cmd.getUserName(), cmd.getPassword(), true);
-            if (user != null) {
-                EventUtils.saveEvent(userId, account.getId(), EventTypes.EVENT_VPN_USER_ADD, "Added a VPN user for account: " + account.getAccountName() + " username= " + cmd.getUserName());
-                return user;
-            } else {
-                EventUtils.saveEvent(userId, account.getId(), EventVO.LEVEL_ERROR, EventTypes.EVENT_VPN_USER_ADD, "Unable to add VPN user for account: ", account.getAccountName() + " username= " + cmd.getUserName());
-                throw new ServerApiException(BaseCmd.INTERNAL_ERROR, "Unable to add VPN user for account: "+ account.getAccountName() + " username= " + cmd.getUserName());
-            }
-        } finally {
-            if (account != null) {
-                _accountDao.releaseFromLockTable(account.getId());
-            }
-        }
-
-
-    }
-
-    @Override
-    public boolean removeVpnUser(RemoveVpnUserCmd cmd) throws ConcurrentOperationException {
-        Long userId = UserContext.current().getUserId();
-        Account account = getAccountForApiCommand(cmd.getAccountName(), cmd.getDomainId());
-        EventUtils.saveStartedEvent(userId, account.getId(), EventTypes.EVENT_VPN_USER_REMOVE, "Remove VPN user for account: " + account.getAccountName(), cmd.getStartEventId());
-
-        VpnUserVO user = addRemoveVpnUser(account, cmd.getUserName(), null, false);
-        if (user != null) {
-            EventUtils.saveEvent(userId, account.getId(), EventTypes.EVENT_VPN_USER_REMOVE, "Removed a VPN user for account: " + account.getAccountName() + " username= " + cmd.getUserName());
-        } else {
-            EventUtils.saveEvent(userId, account.getId(), EventVO.LEVEL_ERROR, EventTypes.EVENT_VPN_USER_ADD, "Unable to remove VPN user for account: ", account.getAccountName() + " username= " + cmd.getUserName());
-        }
-        return (user != null);
-
-    }
-
-    @DB
-    protected VpnUserVO addRemoveVpnUser(Account account, String username, String password, boolean add) throws ConcurrentOperationException {
-        List<RemoteAccessVpnVO> vpnVOList = _remoteAccessVpnDao.findByAccount(account.getId());
-
-        Transaction txn = Transaction.currentTxn();
-        txn.start();
-        boolean locked = false;
-        boolean success = true;
-        VpnUserVO user = null;
-        final String op = add ? "add" : "remove";
-        try {
-            account = _accountDao.acquireInLockTable(account.getId());
-            if (account == null) {
-                throw new ConcurrentOperationException("Unable to " +  op + " vpn user: Another operation active");
-            }
-            locked = true;
-            List<VpnUserVO> addVpnUsers = new ArrayList<VpnUserVO>();
-            List<VpnUserVO> removeVpnUsers = new ArrayList<VpnUserVO>();
-            if (add) {
-
-                user = _vpnUsersDao.persist(new VpnUserVO(account.getId(), username, password));
-                addVpnUsers.add(user);
-
-            } else {
-                user = _vpnUsersDao.findByAccountAndUsername(account.getId(), username);
-                if (user == null) {
-                    s_logger.debug("Could not find vpn user " + username);
-                    throw new InvalidParameterValueException("Could not find vpn user " + username);
-                }
-                _vpnUsersDao.remove(user.getId());
-                removeVpnUsers.add(user);
-            }
-            for (RemoteAccessVpnVO vpn : vpnVOList) {
-                success = success && _routerMgr.addRemoveVpnUsers(vpn, addVpnUsers, removeVpnUsers);
-            }
-
-            // Note: If the router was successfully updated, we then return the user.
-            if (success) {
-                return user;
-            } else {
-                return null;
-            }
-        } finally {
-            if (success) {
-                txn.commit();
-            } else {
-                txn.rollback();
-            }
-            if (locked) {
-                _accountDao.releaseFromLockTable(account.getId());
-            }
-        }
-    }
-
     @Override
     public List<NetworkOfferingVO> listNetworkOfferings() {
         return _networkOfferingDao.listNonSystemNetworkOfferings();
@@ -1622,11 +1271,37 @@ public class NetworkManagerImpl implements NetworkManager, NetworkService, Manag
     public Network getNetwork(long id) {
         return _networksDao.findById(id);
     }
+    
+    @Override
+    public List<? extends RemoteAccessVpnElement> getRemoteAccessVpnElements() {
+        List<RemoteAccessVpnElement> elements = new ArrayList<RemoteAccessVpnElement>();
+        for (NetworkElement element : _networkElements) {
+            if (element instanceof RemoteAccessVpnElement) {
+                elements.add((RemoteAccessVpnElement)element);
+            }
+        }
+        
+        return elements;
+    }
+    
+    @Override
+    public void deallocate(VirtualMachineProfile<? extends VMInstanceVO> vm) {
+        List<NicVO> nics = _nicDao.listBy(vm.getId());
+        for (NicVO nic : nics) {
+            nic.setState(Nic.State.Deallocating);
+            _nicDao.update(nic.getId(), nic);
+            NetworkVO network = _networksDao.findById(nic.getNetworkId());
+            NicProfile profile = new NicProfile(nic, network, null, null);
+            NetworkGuru guru = _networkGurus.get(network.getGuruName());
+            guru.deallocate(network, profile, vm);
+            _nicDao.remove(nic.getId());
+        }
+    }
 
     @Override @DB
     public Network createNetwork(CreateNetworkCmd cmd) throws InvalidParameterValueException, PermissionDeniedException{
-        Account ctxAccount = UserContext.current().getAccount();
-        Long userId = UserContext.current().getUserId();
+        Account ctxAccount = UserContext.current().getCaller();
+        Long userId = UserContext.current().getCallerUserId();
         Long networkOfferingId = cmd.getNetworkOfferingId();
         Long zoneId = cmd.getZoneId();
         String gateway = cmd.getGateway();
@@ -1813,7 +1488,7 @@ public class NetworkManagerImpl implements NetworkManager, NetworkService, Manag
         Object id = cmd.getId(); 
         Object keyword = cmd.getKeyword();
         Long zoneId= cmd.getZoneId();
-        Account account = UserContext.current().getAccount();
+        Account account = UserContext.current().getCaller();
         Long domainId = cmd.getDomainId();
         String accountName = cmd.getAccountName();
         String type = cmd.getType();
@@ -1901,8 +1576,8 @@ public class NetworkManagerImpl implements NetworkManager, NetworkService, Manag
     
     @Override @DB
     public boolean deleteNetwork(long networkId) throws InvalidParameterValueException, PermissionDeniedException{        
-        Long userId = UserContext.current().getUserId();
-        Account account = UserContext.current().getAccount();
+        Long userId = UserContext.current().getCallerUserId();
+        Account account = UserContext.current().getCaller();
 
         //Verify network id
         NetworkVO network = _networksDao.findById(networkId);
@@ -2094,7 +1769,7 @@ public class NetworkManagerImpl implements NetworkManager, NetworkService, Manag
         //This method reapplies Ip addresses, LoadBalancer and PortForwarding rules
         String accountName = cmd.getAccountName();
         long domainId = cmd.getDomainId();
-        Account caller = UserContext.current().getAccount();
+        Account caller = UserContext.current().getCaller();
 
         Account owner = _accountDao.findActiveAccount(accountName, domainId);
         if (owner == null) {
@@ -2206,6 +1881,7 @@ public class NetworkManagerImpl implements NetworkManager, NetworkService, Manag
     }
     
     @Override
+<<<<<<< HEAD
     public long getSystemNetworkIdByZoneAndTrafficTypeAndGuestType(long zoneId, TrafficType trafficType, GuestIpType guestType) {
         //find system public network offering
         Long networkOfferingId = null;
@@ -2228,4 +1904,14 @@ public class NetworkManagerImpl implements NetworkManager, NetworkService, Manag
         return networks.get(0).getId();
     }
     
+=======
+    public PublicIpAddress getPublicIpAddress(Ip ip) {
+        IPAddressVO addr = _ipAddressDao.findById(ip);
+        if (addr == null) {
+            return null;
+        }
+        
+        return new PublicIp(addr, _vlanDao.findById(addr.getVlanId()), NetUtils.createSequenceBasedMacAddress(addr.getMacAddress()));
+    }
+>>>>>>> remote access vpn, user ip address changes
 }
diff --git a/server/src/com/cloud/network/RemoteAccessVpnVO.java b/server/src/com/cloud/network/RemoteAccessVpnVO.java
index 93750fab13c..8a39b213ff7 100644
--- a/server/src/com/cloud/network/RemoteAccessVpnVO.java
+++ b/server/src/com/cloud/network/RemoteAccessVpnVO.java
@@ -20,37 +20,29 @@ package com.cloud.network;
 
 import javax.persistence.Column;
 import javax.persistence.Entity;
-import javax.persistence.GeneratedValue;
-import javax.persistence.GenerationType;
+import javax.persistence.EnumType;
+import javax.persistence.Enumerated;
 import javax.persistence.Id;
-import javax.persistence.PrimaryKeyJoinColumn;
-import javax.persistence.SecondaryTable;
 import javax.persistence.Table;
+
+import com.cloud.utils.net.Ip;
 
 @Entity
 @Table(name=("remote_access_vpn"))
-@SecondaryTable(name="account",
-        pkJoinColumns={@PrimaryKeyJoinColumn(name="account_id", referencedColumnName="id")})
 public class RemoteAccessVpnVO implements RemoteAccessVpn {
-    @Id
-    @GeneratedValue(strategy=GenerationType.IDENTITY)
-    @Column(name="id")
-    private long id;
-
     @Column(name="account_id")
     private long accountId;
+
+    @Column(name="network_id")
+    private long networkId;
     
-    @Column(name="zone_id")
-    private long zoneId;
-    
-    @Column(name="account_name", table="account", insertable=false, updatable=false)
-    private String accountName = null;
-    
-    @Column(name="domain_id", table="account", insertable=false, updatable=false)
+    @Column(name="domain_id")
     private long domainId;
-
+
+    @Id
     @Column(name="vpn_server_addr")
-    private String vpnServerAddress;
+    @Enumerated(value=EnumType.ORDINAL)
+    private Ip serverAddress;
     
     @Column(name="local_ip")
     private String localIp;
@@ -63,41 +55,24 @@ public class RemoteAccessVpnVO implements RemoteAccessVpn {
 
     public RemoteAccessVpnVO() { }
 
-    public RemoteAccessVpnVO(long accountId, long zoneId, String publicIp, String localIp, String ipRange,  String presharedKey) {
+    public RemoteAccessVpnVO(long accountId, long domainId, long networkId, Ip publicIp, String localIp, String ipRange,  String presharedKey) {
         this.accountId = accountId;
-        this.vpnServerAddress = publicIp;
+        this.serverAddress = publicIp;
         this.ipRange = ipRange;
         this.ipsecPresharedKey = presharedKey;
-        this.zoneId = zoneId;
-        this.localIp = localIp;
-
+        this.localIp = localIp;
+        this.domainId = domainId;
+        this.networkId = networkId;
     }
 
-    @Override
-    public long getId() {
-        return id;
-    }
-
-    
-
     @Override
     public long getAccountId() {
         return accountId;
     }
     
-    @Override
-    public String getAccountName() {
-        return accountName;
-    }
-
 	@Override
-    public String getVpnServerAddress() {
-		return vpnServerAddress;
-	}
-
-	@Override
-    public void setVpnServerAddress(String vpnServerAddress) {
-		this.vpnServerAddress = vpnServerAddress;
+    public Ip getServerAddress() {
+		return serverAddress;
 	}
 
 	@Override
@@ -105,7 +80,6 @@ public class RemoteAccessVpnVO implements RemoteAccessVpn {
 		return ipRange;
 	}
 
-	@Override
     public void setIpRange(String ipRange) {
 		this.ipRange = ipRange;
 	}
@@ -115,26 +89,10 @@ public class RemoteAccessVpnVO implements RemoteAccessVpn {
 		return ipsecPresharedKey;
 	}
 
-	@Override
     public void setIpsecPresharedKey(String ipsecPresharedKey) {
 		this.ipsecPresharedKey = ipsecPresharedKey;
 	}
 
-	@Override
-    public void setId(Long id) {
-		this.id = id;
-	}
-
-	@Override
-    public void setZoneId(long zoneId) {
-		this.zoneId = zoneId;
-	}
-
-	@Override
-    public long getZoneId() {
-		return zoneId;
-	}
-
 	@Override
     public String getLocalIp() {
 		return localIp;
@@ -144,6 +102,9 @@ public class RemoteAccessVpnVO implements RemoteAccessVpn {
     public long getDomainId() {
 		return domainId;
 	}
-    
-    
+	
+	@Override
+    public long getNetworkId() {
+	    return networkId;
+	}
 }
diff --git a/server/src/com/cloud/network/addr/PublicIp.java b/server/src/com/cloud/network/addr/PublicIp.java
index cd451aa6373..277c3e97faf 100644
--- a/server/src/com/cloud/network/addr/PublicIp.java
+++ b/server/src/com/cloud/network/addr/PublicIp.java
@@ -22,12 +22,13 @@ import java.util.Date;
 import com.cloud.dc.VlanVO;
 import com.cloud.network.IPAddressVO;
 import com.cloud.network.PublicIpAddress;
+import com.cloud.utils.net.Ip;
 import com.cloud.utils.net.NetUtils;
 
 /**
  * PublicIp is a combo object of IPAddressVO and VLAN information.
  */
-public class PublicIp implements PublicIpAddress{
+public class PublicIp implements PublicIpAddress {
     IPAddressVO _addr;
     VlanVO _vlan;
     String macAddress;
@@ -39,7 +40,7 @@ public class PublicIp implements PublicIpAddress{
     }
     
     @Override
-    public String getAddress() {
+    public Ip getAddress() {
         return _addr.getAddress();
     }
     
@@ -127,8 +128,42 @@ public class PublicIp implements PublicIpAddress{
     }
     
     @Override
-    public Long getAssociatedNetworkId() {
-        return _addr.getAssociatedNetworkId();
+    public Long getAssociatedWithNetworkId() {
+        return _addr.getAssociatedWithNetworkId();
     }
     
+    @Override
+    public Long getNetworkId() {
+        return _vlan.getNetworkId();
+    }
+
+    @Override
+    public String getVlanGateway() {
+        return _vlan.getVlanGateway();
+    }
+
+    @Override
+    public String getVlanNetmask() {
+        return _vlan.getVlanNetmask();
+    }
+
+    @Override
+    public String getIpRange() {
+        return _vlan.getIpRange();
+    }
+
+    @Override
+    public VlanType getVlanType() {
+        return _vlan.getVlanType();
+    }
+    
+    @Override
+    public long getId() {
+        return _vlan.getId();
+    }
+    
+    @Override
+    public String toString() {
+        return _addr.getAddress().toString();
+    }
 }
diff --git a/server/src/com/cloud/network/dao/IPAddressDao.java b/server/src/com/cloud/network/dao/IPAddressDao.java
index 1c65cf7c52b..4a1f5922a25 100644
--- a/server/src/com/cloud/network/dao/IPAddressDao.java
+++ b/server/src/com/cloud/network/dao/IPAddressDao.java
@@ -22,12 +22,13 @@ import java.util.List;
 
 import com.cloud.network.IPAddressVO;
 import com.cloud.utils.db.GenericDao;
+import com.cloud.utils.net.Ip;
 
-public interface IPAddressDao extends GenericDao<IPAddressVO, String> {
+public interface IPAddressDao extends GenericDao<IPAddressVO, Ip> {
 	
-    IPAddressVO markAsUnavailable(String ipAddress, long ownerId);
+    IPAddressVO markAsUnavailable(Ip ipAddress, long ownerId);
     
-	void unassignIpAddress(String ipAddress);	
+	void unassignIpAddress(Ip ipAddress);	
 
 	List<IPAddressVO> listByAccount(long accountId);
 	
diff --git a/server/src/com/cloud/network/dao/IPAddressDaoImpl.java b/server/src/com/cloud/network/dao/IPAddressDaoImpl.java
index 43da2cbedf0..03b54c7005b 100644
--- a/server/src/com/cloud/network/dao/IPAddressDaoImpl.java
+++ b/server/src/com/cloud/network/dao/IPAddressDaoImpl.java
@@ -40,10 +40,11 @@ import com.cloud.utils.db.SearchCriteria.Func;
 import com.cloud.utils.db.SearchCriteria.Op;
 import com.cloud.utils.db.Transaction;
 import com.cloud.utils.exception.CloudRuntimeException;
+import com.cloud.utils.net.Ip;
 
 @Local(value = { IPAddressDao.class })
 @DB
-public class IPAddressDaoImpl extends GenericDaoBase<IPAddressVO, String> implements IPAddressDao {
+public class IPAddressDaoImpl extends GenericDaoBase<IPAddressVO, Ip> implements IPAddressDao {
     private static final Logger s_logger = Logger.getLogger(IPAddressDaoImpl.class);
 
     protected final SearchBuilder<IPAddressVO> AllFieldsSearch;
@@ -62,7 +63,7 @@ public class IPAddressDaoImpl extends GenericDaoBase<IPAddressVO, String> implem
         AllFieldsSearch.and("vlan", AllFieldsSearch.entity().getVlanId(), Op.EQ);
         AllFieldsSearch.and("accountId", AllFieldsSearch.entity().getAllocatedToAccountId(), Op.EQ);
         AllFieldsSearch.and("sourceNat", AllFieldsSearch.entity().isSourceNat(), Op.EQ);
-        AllFieldsSearch.and("network", AllFieldsSearch.entity().getAssociatedNetworkId(), Op.EQ);
+        AllFieldsSearch.and("network", AllFieldsSearch.entity().getAssociatedWithNetworkId(), Op.EQ);
         AllFieldsSearch.done();
 
         VlanDbIdSearchUnallocated = createSearchBuilder();
@@ -131,7 +132,7 @@ public class IPAddressDaoImpl extends GenericDaoBase<IPAddressVO, String> implem
             if (!update(ip.getAddress(), ip)) {
                 throw new CloudRuntimeException("Unable to update a locked ip address " + ip.getAddress());
             }
-            ipStringList.add(ip.getAddress());
+            ipStringList.add(ip.getAddress().toString());
         }
         txn.commit();
         return ipStringList;
@@ -174,7 +175,7 @@ public class IPAddressDaoImpl extends GenericDaoBase<IPAddressVO, String> implem
     }
 
     @Override
-    public void unassignIpAddress(String ipAddress) {
+    public void unassignIpAddress(Ip ipAddress) {
         IPAddressVO address = createForUpdate();
         address.setAllocatedToAccountId(null);
         address.setAllocatedInDomainId(null);
@@ -182,7 +183,7 @@ public class IPAddressDaoImpl extends GenericDaoBase<IPAddressVO, String> implem
         address.setSourceNat(false);
         address.setOneToOneNat(false);
         address.setState(State.Free);
-        address.setAssociatedNetworkId(null);
+        address.setAssociatedWithNetworkId(null);
         update(ipAddress, address);
     }
 
@@ -253,7 +254,7 @@ public class IPAddressDaoImpl extends GenericDaoBase<IPAddressVO, String> implem
     }
 
     @Override @DB
-    public IPAddressVO markAsUnavailable(String ipAddress, long ownerId) {
+    public IPAddressVO markAsUnavailable(Ip ipAddress, long ownerId) {
         SearchCriteria<IPAddressVO> sc = AllFieldsSearch.create();
         sc.setParameters("accountId", ownerId);
         sc.setParameters("ipAddress", ipAddress);
diff --git a/server/src/com/cloud/network/dao/RemoteAccessVpnDao.java b/server/src/com/cloud/network/dao/RemoteAccessVpnDao.java
index 071f54f2890..36bea257d62 100644
--- a/server/src/com/cloud/network/dao/RemoteAccessVpnDao.java
+++ b/server/src/com/cloud/network/dao/RemoteAccessVpnDao.java
@@ -22,9 +22,10 @@ import java.util.List;
 
 import com.cloud.network.RemoteAccessVpnVO;
 import com.cloud.utils.db.GenericDao;
+import com.cloud.utils.net.Ip;
 
-public interface RemoteAccessVpnDao extends GenericDao<RemoteAccessVpnVO, Long> {
+public interface RemoteAccessVpnDao extends GenericDao<RemoteAccessVpnVO, Ip> {
     RemoteAccessVpnVO findByPublicIpAddress(String ipAddress);
-    RemoteAccessVpnVO findByAccountAndZone(Long accountId, Long zoneId);
+    RemoteAccessVpnVO findByAccountAndNetwork(Long accountId, Long zoneId);
     List<RemoteAccessVpnVO> findByAccount(Long accountId);
 }
diff --git a/server/src/com/cloud/network/dao/RemoteAccessVpnDaoImpl.java b/server/src/com/cloud/network/dao/RemoteAccessVpnDaoImpl.java
index 50b717357c1..28606e60694 100644
--- a/server/src/com/cloud/network/dao/RemoteAccessVpnDaoImpl.java
+++ b/server/src/com/cloud/network/dao/RemoteAccessVpnDaoImpl.java
@@ -28,49 +28,41 @@ import com.cloud.network.RemoteAccessVpnVO;
 import com.cloud.utils.db.GenericDaoBase;
 import com.cloud.utils.db.SearchBuilder;
 import com.cloud.utils.db.SearchCriteria;
+import com.cloud.utils.net.Ip;
 
 @Local(value={RemoteAccessVpnDao.class})
-public class RemoteAccessVpnDaoImpl extends GenericDaoBase<RemoteAccessVpnVO, Long> implements RemoteAccessVpnDao {
+public class RemoteAccessVpnDaoImpl extends GenericDaoBase<RemoteAccessVpnVO, Ip> implements RemoteAccessVpnDao {
     private static final Logger s_logger = Logger.getLogger(RemoteAccessVpnDaoImpl.class);
     
-    private final SearchBuilder<RemoteAccessVpnVO> ListByIp;
-    private final SearchBuilder<RemoteAccessVpnVO> AccountAndZoneSearch;
-    private final SearchBuilder<RemoteAccessVpnVO> AccountSearch;
+    private final SearchBuilder<RemoteAccessVpnVO> AllFieldsSearch;
 
 
     protected RemoteAccessVpnDaoImpl() {
-        ListByIp  = createSearchBuilder();
-        ListByIp.and("ipAddress", ListByIp.entity().getVpnServerAddress(), SearchCriteria.Op.EQ);
-        ListByIp.done();
-
-        AccountAndZoneSearch = createSearchBuilder();
-        AccountAndZoneSearch.and("accountId", AccountAndZoneSearch.entity().getAccountId(), SearchCriteria.Op.EQ);
-        AccountAndZoneSearch.and("zoneId", AccountAndZoneSearch.entity().getZoneId(), SearchCriteria.Op.EQ);
-        AccountAndZoneSearch.done();
-        
-        AccountSearch = createSearchBuilder();
-        AccountSearch.and("accountId", AccountSearch.entity().getAccountId(), SearchCriteria.Op.EQ);
-        AccountSearch.done();
+        AllFieldsSearch = createSearchBuilder();
+        AllFieldsSearch.and("accountId", AllFieldsSearch.entity().getAccountId(), SearchCriteria.Op.EQ);
+        AllFieldsSearch.and("networkId", AllFieldsSearch.entity().getNetworkId(), SearchCriteria.Op.EQ);
+        AllFieldsSearch.and("ipAddress", AllFieldsSearch.entity().getServerAddress(), SearchCriteria.Op.EQ);
+        AllFieldsSearch.done();
     }
 
     @Override
     public RemoteAccessVpnVO findByPublicIpAddress(String ipAddress) {
-        SearchCriteria<RemoteAccessVpnVO> sc = ListByIp.create();
+        SearchCriteria<RemoteAccessVpnVO> sc = AllFieldsSearch.create();
         sc.setParameters("ipAddress", ipAddress);
         return findOneBy(sc);
     }
 
     @Override
-    public RemoteAccessVpnVO findByAccountAndZone(Long accountId, Long zoneId) {
-        SearchCriteria<RemoteAccessVpnVO> sc = AccountAndZoneSearch.create();
+    public RemoteAccessVpnVO findByAccountAndNetwork(Long accountId, Long networkId) {
+        SearchCriteria<RemoteAccessVpnVO> sc = AllFieldsSearch.create();
         sc.setParameters("accountId", accountId);
-        sc.setParameters("zoneId", zoneId);
+        sc.setParameters("networkId", networkId);
         return findOneBy(sc);
     }
 
 	@Override
 	public List<RemoteAccessVpnVO> findByAccount(Long accountId) {
-		SearchCriteria<RemoteAccessVpnVO> sc = AccountSearch.create();
+		SearchCriteria<RemoteAccessVpnVO> sc = AllFieldsSearch.create();
         sc.setParameters("accountId", accountId);
         return listBy(sc);
 	}
diff --git a/server/src/com/cloud/network/dao/VpnUserDaoImpl.java b/server/src/com/cloud/network/dao/VpnUserDaoImpl.java
index 7b33ed4346a..6fb19f2a9fe 100644
--- a/server/src/com/cloud/network/dao/VpnUserDaoImpl.java
+++ b/server/src/com/cloud/network/dao/VpnUserDaoImpl.java
@@ -22,6 +22,7 @@ import java.util.List;
 
 import javax.ejb.Local;
 
+import com.cloud.network.VpnUser.State;
 import com.cloud.network.VpnUserVO;
 import com.cloud.utils.db.GenericDaoBase;
 import com.cloud.utils.db.GenericSearchBuilder;
@@ -49,6 +50,7 @@ public class VpnUserDaoImpl extends GenericDaoBase<VpnUserVO, Long> implements V
         
         VpnUserCount = createSearchBuilder(Long.class);
         VpnUserCount.and("accountId", VpnUserCount.entity().getAccountId(), SearchCriteria.Op.EQ);
+        VpnUserCount.and("state", VpnUserCount.entity().getState(), SearchCriteria.Op.NEQ);
         VpnUserCount.select(null, Func.COUNT, null);
         VpnUserCount.done();
     }
@@ -73,7 +75,8 @@ public class VpnUserDaoImpl extends GenericDaoBase<VpnUserVO, Long> implements V
 	public long getVpnUserCount(Long accountId) {
 		SearchCriteria<Long> sc = VpnUserCount.create();
 		sc.setParameters("accountId", accountId);
-		List<Long> rs = searchIncludingRemoved(sc, null);
+		sc.setParameters("state", State.Revoke);
+		List<Long> rs = customSearch(sc, null);
 		if (rs.size() == 0) {
             return 0;
         }
diff --git a/server/src/com/cloud/network/guru/DirectNetworkGuru.java b/server/src/com/cloud/network/guru/DirectNetworkGuru.java
index 051d722d571..ec4bcc1ed59 100644
--- a/server/src/com/cloud/network/guru/DirectNetworkGuru.java
+++ b/server/src/com/cloud/network/guru/DirectNetworkGuru.java
@@ -93,7 +93,7 @@ public class DirectNetworkGuru extends AdapterBase implements NetworkGuru {
     protected void getIp(NicProfile nic, DataCenter dc, VirtualMachineProfile<? extends VirtualMachine> vm, Network network) throws InsufficientVirtualNetworkCapcityException, InsufficientAddressCapacityException, ConcurrentOperationException {
         if (nic.getIp4Address() == null) {
             PublicIp ip = _networkMgr.assignPublicIpAddress(dc.getId(), vm.getOwner(), VlanType.DirectAttached, network.getId());
-            nic.setIp4Address(ip.getAddress());
+            nic.setIp4Address(ip.getAddress().toString());
             nic.setGateway(ip.getGateway());
             nic.setNetmask(ip.getNetmask());
             nic.setIsolationUri(IsolationType.Vlan.toUri(ip.getVlanTag()));
diff --git a/server/src/com/cloud/network/guru/PublicNetworkGuru.java b/server/src/com/cloud/network/guru/PublicNetworkGuru.java
index 4837b406b05..59dbce2b260 100644
--- a/server/src/com/cloud/network/guru/PublicNetworkGuru.java
+++ b/server/src/com/cloud/network/guru/PublicNetworkGuru.java
@@ -10,8 +10,8 @@ import javax.ejb.Local;
 import org.apache.log4j.Logger;
 
 import com.cloud.dc.DataCenter;
-import com.cloud.dc.DataCenterVO;
 import com.cloud.dc.DataCenter.NetworkType;
+import com.cloud.dc.DataCenterVO;
 import com.cloud.dc.Vlan.VlanType;
 import com.cloud.dc.dao.DataCenterDao;
 import com.cloud.dc.dao.VlanDao;
@@ -36,6 +36,7 @@ import com.cloud.resource.Resource.ReservationStrategy;
 import com.cloud.user.Account;
 import com.cloud.utils.component.AdapterBase;
 import com.cloud.utils.component.Inject;
+import com.cloud.utils.net.Ip;
 import com.cloud.vm.NicProfile;
 import com.cloud.vm.ReservationContext;
 import com.cloud.vm.VirtualMachine;
@@ -75,7 +76,7 @@ public class PublicNetworkGuru extends AdapterBase implements NetworkGuru {
     protected void getIp(NicProfile nic, DataCenter dc, VirtualMachineProfile<? extends VirtualMachine> vm, Network network) throws InsufficientVirtualNetworkCapcityException, InsufficientAddressCapacityException, ConcurrentOperationException {
         if (nic.getIp4Address() == null) {
             PublicIp ip = _networkMgr.assignPublicIpAddress(dc.getId(), vm.getOwner(), dc.getNetworkType().equals(NetworkType.Basic) ?  VlanType.DirectAttached : VlanType.VirtualNetwork, null);
-            nic.setIp4Address(ip.getAddress());
+            nic.setIp4Address(ip.getAddress().toString());
             nic.setGateway(ip.getGateway());
             nic.setNetmask(ip.getNetmask());
             if(ip.getVlanTag() != null && ip.getVlanTag().equalsIgnoreCase("untagged")) {
@@ -138,7 +139,7 @@ public class PublicNetworkGuru extends AdapterBase implements NetworkGuru {
     
     @Override
     public void deallocate(Network network, NicProfile nic, VirtualMachineProfile<? extends VirtualMachine> vm) {
-        _ipAddressDao.unassignIpAddress(nic.getIp4Address());
+        _ipAddressDao.unassignIpAddress(new Ip(nic.getIp4Address()));
         nic.deallocate();
     }
     
diff --git a/server/src/com/cloud/network/lb/LoadBalancingRulesManagerImpl.java b/server/src/com/cloud/network/lb/LoadBalancingRulesManagerImpl.java
index 1811264b40b..08d19fad782 100644
--- a/server/src/com/cloud/network/lb/LoadBalancingRulesManagerImpl.java
+++ b/server/src/com/cloud/network/lb/LoadBalancingRulesManagerImpl.java
@@ -119,7 +119,7 @@ public class LoadBalancingRulesManagerImpl implements LoadBalancingRulesManager,
             throw new InvalidParameterValueException("Failed to assign to load balancer " + loadBalancerId + ", the load balancer was not found.");
         }
         
-        _accountMgr.checkAccess(caller.getAccount(), loadBalancer);
+        _accountMgr.checkAccess(caller.getCaller(), loadBalancer);
 
         List<LoadBalancerVMMapVO> mappedInstances = _lb2VmMapDao.listByLoadBalancerId(loadBalancerId, false);
         Set<Long> mappedInstanceIds = new HashSet<Long>();
@@ -140,7 +140,7 @@ public class LoadBalancingRulesManagerImpl implements LoadBalancingRulesManager,
                 throw new InvalidParameterValueException("Invalid instance id: " + instanceId);
             }
             
-            _accountMgr.checkAccess(caller.getAccount(), vm);
+            _accountMgr.checkAccess(caller.getCaller(), vm);
             
             if (vm.getAccountId() != loadBalancer.getAccountId()) {
                 throw new PermissionDeniedException("Cannot add virtual machines that do not belong to the same owner.");
@@ -197,7 +197,7 @@ public class LoadBalancingRulesManagerImpl implements LoadBalancingRulesManager,
             throw new InvalidParameterException("Invalid load balancer value: " + loadBalancerId);
         } 
         
-        _accountMgr.checkAccess(caller.getAccount(), loadBalancer);
+        _accountMgr.checkAccess(caller.getCaller(), loadBalancer);
        
         try {
             loadBalancer.setState(FirewallRule.State.Add);
@@ -268,7 +268,7 @@ public class LoadBalancingRulesManagerImpl implements LoadBalancingRulesManager,
             throw new InvalidParameterException("Invalid load balancer value: " + loadBalancerId);
         }
         
-        _accountMgr.checkAccess(caller.getAccount(), lb);
+        _accountMgr.checkAccess(caller.getCaller(), lb);
         
         lb.setState(FirewallRule.State.Revoke);
         _lbDao.persist(lb);
@@ -305,7 +305,7 @@ public class LoadBalancingRulesManagerImpl implements LoadBalancingRulesManager,
         Ip srcIp = lb.getSourceIpAddress();
 
         // make sure ip address exists
-        IPAddressVO ipAddr = _ipAddressDao.findById(srcIp.addr());
+        IPAddressVO ipAddr = _ipAddressDao.findById(srcIp);
         if (ipAddr == null || !ipAddr.readyToUse()) {
             throw new InvalidParameterValueException("Unable to create load balancer rule, invalid IP address " + srcIp);
         }
@@ -339,9 +339,9 @@ public class LoadBalancingRulesManagerImpl implements LoadBalancingRulesManager,
         
         Long networkId = lb.getNetworkId();
         if (networkId == -1 ) {
-            networkId = ipAddr.getAssociatedNetworkId();
+            networkId = ipAddr.getAssociatedWithNetworkId();
         }
-        _accountMgr.checkAccess(caller.getAccount(), ipAddr);
+        _accountMgr.checkAccess(caller.getCaller(), ipAddr);
         LoadBalancerVO newRule = new LoadBalancerVO(lb.getXid(), lb.getName(), lb.getDescription(), lb.getSourceIpAddress(), lb.getSourcePortEnd(),
                 lb.getDefaultPortStart(), lb.getAlgorithm(), networkId, ipAddr.getAccountId(), ipAddr.getDomainId());
 
@@ -363,7 +363,7 @@ public class LoadBalancingRulesManagerImpl implements LoadBalancingRulesManager,
             }
             throw new CloudRuntimeException("Unable to add rule for " + newRule.getSourceIpAddress(), e);
         } finally {
-            long userId = caller.getUserId();
+            long userId = caller.getCallerUserId();
 
             EventVO event = new EventVO();
             event.setUserId(userId);
@@ -1184,7 +1184,7 @@ public class LoadBalancingRulesManagerImpl implements LoadBalancingRulesManager,
 
     @Override
     public List<UserVmVO> listLoadBalancerInstances(ListLoadBalancerRuleInstancesCmd cmd) throws PermissionDeniedException {
-        Account account = UserContext.current().getAccount();
+        Account account = UserContext.current().getCaller();
         Long loadBalancerId = cmd.getId();
         Boolean applied = cmd.isApplied();
 
@@ -1224,7 +1224,7 @@ public class LoadBalancingRulesManagerImpl implements LoadBalancingRulesManager,
             }
         }
 
-        IPAddressVO addr = _ipAddressDao.findById(loadBalancer.getSourceIpAddress().toString());
+        IPAddressVO addr = _ipAddressDao.findById(loadBalancer.getSourceIpAddress());
         List<UserVmVO> userVms = _vmDao.listVirtualNetworkInstancesByAcctAndZone(loadBalancer.getAccountId(), addr.getDataCenterId(), loadBalancer.getNetworkId());
 
         for (UserVmVO userVm : userVms) {
@@ -1250,7 +1250,7 @@ public class LoadBalancingRulesManagerImpl implements LoadBalancingRulesManager,
 
     @Override
     public List<LoadBalancerVO> searchForLoadBalancers(ListLoadBalancerRulesCmd cmd) throws InvalidParameterValueException, PermissionDeniedException {
-        Account caller = UserContext.current().getAccount();
+        Account caller = UserContext.current().getCaller();
         Account owner = null;
         Long domainId = cmd.getDomainId();
         String accountName = cmd.getAccountName();
diff --git a/server/src/com/cloud/network/router/VirtualNetworkApplianceManagerImpl.java b/server/src/com/cloud/network/router/VirtualNetworkApplianceManagerImpl.java
index e913d48d65b..f80ff2604d8 100644
--- a/server/src/com/cloud/network/router/VirtualNetworkApplianceManagerImpl.java
+++ b/server/src/com/cloud/network/router/VirtualNetworkApplianceManagerImpl.java
@@ -51,12 +51,10 @@ import com.cloud.agent.api.check.CheckSshCommand;
 import com.cloud.agent.api.routing.DhcpEntryCommand;
 import com.cloud.agent.api.routing.IPAssocCommand;
 import com.cloud.agent.api.routing.LoadBalancerConfigCommand;
-import com.cloud.agent.api.routing.RemoteAccessVpnCfgCommand;
-import com.cloud.agent.api.routing.RoutingCommand;
+import com.cloud.agent.api.routing.NetworkElementCommand;
 import com.cloud.agent.api.routing.SavePasswordCommand;
 import com.cloud.agent.api.routing.SetPortForwardingRulesCommand;
 import com.cloud.agent.api.routing.VmDataCommand;
-import com.cloud.agent.api.routing.VpnUsersCfgCommand;
 import com.cloud.agent.api.to.IpAddressTO;
 import com.cloud.agent.api.to.LoadBalancerTO;
 import com.cloud.agent.manager.Commands;
@@ -393,7 +391,7 @@ public class VirtualNetworkApplianceManagerImpl implements VirtualNetworkApplian
     public VirtualRouter upgradeRouter(UpgradeRouterCmd cmd) throws InvalidParameterValueException, PermissionDeniedException {
         Long routerId = cmd.getId();
         Long serviceOfferingId = cmd.getServiceOfferingId();
-        Account account = UserContext.current().getAccount();
+        Account account = UserContext.current().getCaller();
 
         DomainRouterVO router = _routerDao.findById(routerId);
         if (router == null) {
@@ -590,7 +588,7 @@ public class VirtualNetworkApplianceManagerImpl implements VirtualNetworkApplian
      */
 
     private boolean resendVpnServerData(final DomainRouterVO router) {
-        RemoteAccessVpnVO vpnVO = _remoteAccessVpnDao.findByAccountAndZone(router.getAccountId(), router.getDataCenterId());
+        RemoteAccessVpnVO vpnVO = _remoteAccessVpnDao.findByAccountAndNetwork(router.getAccountId(), router.getDataCenterId());
 
         if (vpnVO != null) {
             try {
@@ -638,7 +636,7 @@ public class VirtualNetworkApplianceManagerImpl implements VirtualNetworkApplian
             return stopDomainRouter(cmd.getId());
         }
         Long routerId = cmd.getId();
-        Account account = UserContext.current().getAccount();
+        Account account = UserContext.current().getCaller();
 
         // verify parameters
         DomainRouterVO router = _routerDao.findById(routerId);
@@ -777,7 +775,7 @@ public class VirtualNetworkApplianceManagerImpl implements VirtualNetworkApplian
     @Override
     public VirtualRouter rebootRouter(RebootRouterCmd cmd) throws InvalidParameterValueException, PermissionDeniedException {
         Long routerId = cmd.getId();
-        Account account = UserContext.current().getAccount();
+        Account account = UserContext.current().getCaller();
 
         // verify parameters
         DomainRouterVO router = _routerDao.findById(routerId);
@@ -1325,7 +1323,7 @@ public class VirtualNetworkApplianceManagerImpl implements VirtualNetworkApplian
             List<NetworkVO> publicConfigs = _networkMgr.setupNetwork(_systemAcct, publicOffering, plan, null, null, false);
             NicProfile defaultNic = new NicProfile();
             defaultNic.setDefaultNic(true);
-            defaultNic.setIp4Address(sourceNatIp.getAddress());
+            defaultNic.setIp4Address(sourceNatIp.getAddress().addr());
             defaultNic.setGateway(sourceNatIp.getGateway());
             defaultNic.setNetmask(sourceNatIp.getNetmask());
             defaultNic.setTrafficType(TrafficType.Public);
@@ -1562,78 +1560,80 @@ public class VirtualNetworkApplianceManagerImpl implements VirtualNetworkApplian
 
     @Override
     public RemoteAccessVpnVO startRemoteAccessVpn(RemoteAccessVpnVO vpnVO) throws ResourceUnavailableException {
-        DomainRouterVO router = getRouter(vpnVO.getAccountId(), vpnVO.getZoneId());
-        if (router == null) {
-            s_logger.warn("Failed to start remote access VPN: no router found for account and zone");
-            return null;
-        }
-        if (router.getState() != State.Running && router.getState() != State.Starting) {
-            s_logger.warn("Failed to start remote access VPN: router not in running state");
-            return null;
-        }
-        List<VpnUserVO> vpnUsers = _vpnUsersDao.listByAccount(vpnVO.getAccountId());
-        VpnUsersCfgCommand addUsersCmd = new VpnUsersCfgCommand(router.getPrivateIpAddress(), vpnUsers, new ArrayList<VpnUserVO>());
-        RemoteAccessVpnCfgCommand startVpnCmd = new RemoteAccessVpnCfgCommand(true, router.getPrivateIpAddress(), vpnVO.getVpnServerAddress(),
-                vpnVO.getLocalIp(), vpnVO.getIpRange(), vpnVO.getIpsecPresharedKey());
-        Commands cmds = new Commands(OnError.Stop);
-        cmds.addCommand("users", addUsersCmd);
-        cmds.addCommand("startVpn", startVpnCmd);
-        try {
-            _agentMgr.send(router.getHostId(), cmds);
-        } catch (AgentUnavailableException e) {
-            s_logger.debug("Failed to start remote access VPN: ", e);
-            return null;
-        } catch (OperationTimedoutException e) {
-            s_logger.debug("Failed to start remote access VPN: ", e);
-            return null;
-        }
-        Answer answer = cmds.getAnswer("users");
-        if (!answer.getResult()) {
-            s_logger.error("Unable to start vpn: unable add users to vpn in zone " + vpnVO.getZoneId() + " for account " + vpnVO.getAccountId()
-                    + " on domR: " + router.getInstanceName() + " due to " + answer.getDetails());
-            throw new ResourceUnavailableException("Unable to start vpn: Unable to add users to vpn in zone " + vpnVO.getZoneId() + " for account "
-                    + vpnVO.getAccountId() + " on domR: " + router.getInstanceName() + " due to " + answer.getDetails(), DataCenter.class,
-                    vpnVO.getZoneId());
-        }
-        answer = cmds.getAnswer("startVpn");
-        if (!answer.getResult()) {
-            s_logger.error("Unable to start vpn in zone " + vpnVO.getZoneId() + " for account " + vpnVO.getAccountId() + " on domR: "
-                    + router.getInstanceName() + " due to " + answer.getDetails());
-            throw new ResourceUnavailableException("Unable to start vpn in zone " + vpnVO.getZoneId() + " for account " + vpnVO.getAccountId()
-                    + " on domR: " + router.getInstanceName() + " due to " + answer.getDetails(), DataCenter.class, vpnVO.getZoneId());
-        }
-        return vpnVO;
+        return null;
+//        DomainRouterVO router = getRouter(vpnVO.getAccountId(), vpnVO.getZoneId());
+//        if (router == null) {
+//            s_logger.warn("Failed to start remote access VPN: no router found for account and zone");
+//            return null;
+//        }
+//        if (router.getState() != State.Running && router.getState() != State.Starting) {
+//            s_logger.warn("Failed to start remote access VPN: router not in running state");
+//            return null;
+//        }
+//        List<VpnUserVO> vpnUsers = _vpnUsersDao.listByAccount(vpnVO.getAccountId());
+//        VpnUsersCfgCommand addUsersCmd = new VpnUsersCfgCommand(router.getPrivateIpAddress(), vpnUsers, new ArrayList<VpnUserVO>());
+//        RemoteAccessVpnCfgCommand startVpnCmd = new RemoteAccessVpnCfgCommand(true, router.getPrivateIpAddress(), vpnVO.getServerAddress(),
+//                vpnVO.getLocalIp(), vpnVO.getIpRange(), vpnVO.getIpsecPresharedKey());
+//        Commands cmds = new Commands(OnError.Stop);
+//        cmds.addCommand("users", addUsersCmd);
+//        cmds.addCommand("startVpn", startVpnCmd);
+//        try {
+//            _agentMgr.send(router.getHostId(), cmds);
+//        } catch (AgentUnavailableException e) {
+//            s_logger.debug("Failed to start remote access VPN: ", e);
+//            return null;
+//        } catch (OperationTimedoutException e) {
+//            s_logger.debug("Failed to start remote access VPN: ", e);
+//            return null;
+//        }
+//        Answer answer = cmds.getAnswer("users");
+//        if (!answer.getResult()) {
+//            s_logger.error("Unable to start vpn: unable add users to vpn in zone " + vpnVO.getZoneId() + " for account " + vpnVO.getAccountId()
+//                    + " on domR: " + router.getInstanceName() + " due to " + answer.getDetails());
+//            throw new ResourceUnavailableException("Unable to start vpn: Unable to add users to vpn in zone " + vpnVO.getZoneId() + " for account "
+//                    + vpnVO.getAccountId() + " on domR: " + router.getInstanceName() + " due to " + answer.getDetails(), DataCenter.class,
+//                    vpnVO.getZoneId());
+//        }
+//        answer = cmds.getAnswer("startVpn");
+//        if (!answer.getResult()) {
+//            s_logger.error("Unable to start vpn in zone " + vpnVO.getZoneId() + " for account " + vpnVO.getAccountId() + " on domR: "
+//                    + router.getInstanceName() + " due to " + answer.getDetails());
+//            throw new ResourceUnavailableException("Unable to start vpn in zone " + vpnVO.getZoneId() + " for account " + vpnVO.getAccountId()
+//                    + " on domR: " + router.getInstanceName() + " due to " + answer.getDetails(), DataCenter.class, vpnVO.getZoneId());
+//        }
+//        return vpnVO;
     }
 
     @Override
     public boolean deleteRemoteAccessVpn(RemoteAccessVpnVO vpnVO) {
-        DomainRouterVO router = getRouter(vpnVO.getAccountId(), vpnVO.getZoneId());
-        if (router == null) {
-            s_logger.warn("Failed to delete remote access VPN: no router found for account and zone");
-            return false;
-        }
-        if (router.getState() != State.Running) {
-            s_logger.warn("Failed to delete remote access VPN: router not in running state");
-            return false;
-        }
-        try {
-            Answer answer = _agentMgr.send(
-                    router.getHostId(),
-                    new RemoteAccessVpnCfgCommand(false, router.getPrivateIpAddress(), vpnVO.getVpnServerAddress(), vpnVO.getLocalIp(), vpnVO
-                            .getIpRange(), vpnVO.getIpsecPresharedKey()));
-            if (answer != null && answer.getResult()) {
-                return true;
-            } else {
-                s_logger.debug("Failed to delete remote access VPN: " + answer.getDetails());
-                return false;
-            }
-        } catch (AgentUnavailableException e) {
-            s_logger.debug("Failed to delete remote access VPN: ", e);
-            return false;
-        } catch (OperationTimedoutException e) {
-            s_logger.debug("Failed to delete remote access VPN: ", e);
-            return false;
-        }
+        return false;
+//        DomainRouterVO router = getRouter(vpnVO.getAccountId(), vpnVO.getZoneId());
+//        if (router == null) {
+//            s_logger.warn("Failed to delete remote access VPN: no router found for account and zone");
+//            return false;
+//        }
+//        if (router.getState() != State.Running) {
+//            s_logger.warn("Failed to delete remote access VPN: router not in running state");
+//            return false;
+//        }
+//        try {
+//            Answer answer = _agentMgr.send(
+//                    router.getHostId(),
+//                    new RemoteAccessVpnCfgCommand(false, router.getPrivateIpAddress(), vpnVO.getServerAddress(), vpnVO.getLocalIp(), vpnVO
+//                            .getIpRange(), vpnVO.getIpsecPresharedKey()));
+//            if (answer != null && answer.getResult()) {
+//                return true;
+//            } else {
+//                s_logger.debug("Failed to delete remote access VPN: " + answer.getDetails());
+//                return false;
+//            }
+//        } catch (AgentUnavailableException e) {
+//            s_logger.debug("Failed to delete remote access VPN: ", e);
+//            return false;
+//        } catch (OperationTimedoutException e) {
+//            s_logger.debug("Failed to delete remote access VPN: ", e);
+//            return false;
+//        }
     }
 
     public DomainRouterVO start(long routerId, User user, Account caller) throws StorageUnavailableException, InsufficientCapacityException,
@@ -1717,30 +1717,31 @@ public class VirtualNetworkApplianceManagerImpl implements VirtualNetworkApplian
 
     @Override
     public boolean addRemoveVpnUsers(RemoteAccessVpnVO vpnVO, List<VpnUserVO> addUsers, List<VpnUserVO> removeUsers) {
-        DomainRouterVO router = getRouter(vpnVO.getAccountId(), vpnVO.getZoneId());
-        if (router == null) {
-            s_logger.warn("Failed to add/remove VPN users: no router found for account and zone");
-            return false;
-        }
-        if (router.getState() != State.Running) {
-            s_logger.warn("Failed to add/remove VPN users: router not in running state");
-            return false;
-        }
-        try {
-            Answer answer = _agentMgr.send(router.getHostId(), new VpnUsersCfgCommand(router.getPrivateIpAddress(), addUsers, removeUsers));
-            if (answer != null && answer.getResult()) {
-                return true;
-            } else {
-                s_logger.debug("Failed to add/remove VPN users: " + answer.getDetails());
-                return false;
-            }
-        } catch (AgentUnavailableException e) {
-            s_logger.debug("Failed to add/remove VPN users:: ", e);
-            return false;
-        } catch (OperationTimedoutException e) {
-            s_logger.debug("Failed to add/remove VPN users:: ", e);
-            return false;
-        }
+        return false;
+//        DomainRouterVO router = getRouter(vpnVO.getAccountId(), vpnVO.getZoneId());
+//        if (router == null) {
+//            s_logger.warn("Failed to add/remove VPN users: no router found for account and zone");
+//            return false;
+//        }
+//        if (router.getState() != State.Running) {
+//            s_logger.warn("Failed to add/remove VPN users: router not in running state");
+//            return false;
+//        }
+//        try {
+//            Answer answer = _agentMgr.send(router.getHostId(), new VpnUsersCfgCommand(router.getPrivateIpAddress(), addUsers, removeUsers));
+//            if (answer != null && answer.getResult()) {
+//                return true;
+//            } else {
+//                s_logger.debug("Failed to add/remove VPN users: " + answer.getDetails());
+//                return false;
+//            }
+//        } catch (AgentUnavailableException e) {
+//            s_logger.debug("Failed to add/remove VPN users:: ", e);
+//            return false;
+//        } catch (OperationTimedoutException e) {
+//            s_logger.debug("Failed to add/remove VPN users:: ", e);
+//            return false;
+//        }
     }
 
     @Override
@@ -1759,7 +1760,7 @@ public class VirtualNetworkApplianceManagerImpl implements VirtualNetworkApplian
 
     @Override
     public VirtualRouter startRouter(long routerId) throws ResourceUnavailableException, InsufficientCapacityException, ConcurrentOperationException {
-        Account account = UserContext.current().getAccount();
+        Account account = UserContext.current().getCaller();
 
         // verify parameters
         DomainRouterVO router = _routerDao.findById(routerId);
@@ -1768,7 +1769,7 @@ public class VirtualNetworkApplianceManagerImpl implements VirtualNetworkApplian
         }
         _accountMgr.checkAccess(account, router);
 
-        UserVO user = _userDao.findById(UserContext.current().getUserId());
+        UserVO user = _userDao.findById(UserContext.current().getCallerUserId());
         return this.start(router, user, account);
     }
 
@@ -1787,9 +1788,9 @@ public class VirtualNetworkApplianceManagerImpl implements VirtualNetworkApplian
     @Override
     public VirtualRouter stopDomainRouter(long routerId) throws ResourceUnavailableException, ConcurrentOperationException {
         UserContext context = UserContext.current();
-        Account account = context.getAccount();
+        Account account = context.getCaller();
         long accountId = account.getId();
-        long userId = context.getUserId();
+        long userId = context.getCallerUserId();
 
         // verify parameters
         DomainRouterVO router = _routerDao.findById(routerId);
@@ -1799,7 +1800,7 @@ public class VirtualNetworkApplianceManagerImpl implements VirtualNetworkApplian
 
         _accountMgr.checkAccess(account, router);
 
-        UserVO user = _userDao.findById(context.getUserId());
+        UserVO user = _userDao.findById(context.getCallerUserId());
 
         if (!_itMgr.stop(router, user, account)) {
             return null;
@@ -1849,13 +1850,13 @@ public class VirtualNetworkApplianceManagerImpl implements VirtualNetworkApplian
                  if(vmId!=0){
                      vmGuestAddress = _vmDao.findById(vmId).getGuestIpAddress();
                  }
-                 IpAddressTO ip = new IpAddressTO(ipAddr.getAddress(), add, firstIP, sourceNat, vlanId, vlanGateway, vlanNetmask, vifMacAddress, vmGuestAddress);
+                 IpAddressTO ip = new IpAddressTO(ipAddr.getAddress().addr(), add, firstIP, sourceNat, vlanId, vlanGateway, vlanNetmask, vifMacAddress, vmGuestAddress);
                  ipsToSend[i++] = ip;
                  firstIP = false;
              }
              IPAssocCommand cmd = new IPAssocCommand(ipsToSend);
-             cmd.setAccessDetail(RoutingCommand.ROUTER_IP, router.getPrivateIpAddress());
-             cmd.setAccessDetail(RoutingCommand.ROUTER_NAME, router.getInstanceName());
+             cmd.setAccessDetail(NetworkElementCommand.ROUTER_IP, router.getPrivateIpAddress());
+             cmd.setAccessDetail(NetworkElementCommand.ROUTER_NAME, router.getInstanceName());
              cmds.addCommand("IPAssocCommand", cmd);
         }
          return cmds;
@@ -1943,8 +1944,8 @@ public class VirtualNetworkApplianceManagerImpl implements VirtualNetworkApplian
             }
 
             LoadBalancerConfigCommand cmd = new LoadBalancerConfigCommand(lbs);
-            cmd.setAccessDetail(RoutingCommand.ROUTER_IP, router.getPrivateIpAddress());
-            cmd.setAccessDetail(RoutingCommand.ROUTER_NAME, router.getInstanceName());
+            cmd.setAccessDetail(NetworkElementCommand.ROUTER_IP, router.getPrivateIpAddress());
+            cmd.setAccessDetail(NetworkElementCommand.ROUTER_NAME, router.getInstanceName());
             cmds.addCommand(cmd);
             
             //Send commands to router
@@ -1970,8 +1971,8 @@ public class VirtualNetworkApplianceManagerImpl implements VirtualNetworkApplian
             pfs.add(pf);
         }
         SetPortForwardingRulesCommand cmd = new SetPortForwardingRulesCommand(pfs);
-        cmd.setAccessDetail(RoutingCommand.ROUTER_IP, router.getPrivateIpAddress());
-        cmd.setAccessDetail(RoutingCommand.ROUTER_NAME, router.getInstanceName());
+        cmd.setAccessDetail(NetworkElementCommand.ROUTER_IP, router.getPrivateIpAddress());
+        cmd.setAccessDetail(NetworkElementCommand.ROUTER_NAME, router.getInstanceName());
         cmds.addCommand(cmd);
         
         //Send commands to router
diff --git a/server/src/com/cloud/network/rules/FirewallRuleVO.java b/server/src/com/cloud/network/rules/FirewallRuleVO.java
index c09476c54c3..d57fdecca2c 100644
--- a/server/src/com/cloud/network/rules/FirewallRuleVO.java
+++ b/server/src/com/cloud/network/rules/FirewallRuleVO.java
@@ -18,6 +18,7 @@
 package com.cloud.network.rules;
 
 import java.util.Date;
+import java.util.UUID;
 
 import javax.persistence.Column;
 import javax.persistence.DiscriminatorColumn;
@@ -150,6 +151,9 @@ public class FirewallRuleVO implements FirewallRule {
     
     public FirewallRuleVO(String xId, Ip srcIp, int portStart, int portEnd, String protocol, long networkId, long accountId, long domainId, Purpose purpose) {
         this.xId = xId;
+        if (xId == null) {
+            this.xId = UUID.randomUUID().toString();
+        }
         this.accountId = accountId;
         this.domainId = domainId;
         this.sourceIpAddress = srcIp;
diff --git a/server/src/com/cloud/network/rules/RulesManager.java b/server/src/com/cloud/network/rules/RulesManager.java
index 1699d83828a..32cb1230eef 100644
--- a/server/src/com/cloud/network/rules/RulesManager.java
+++ b/server/src/com/cloud/network/rules/RulesManager.java
@@ -72,4 +72,6 @@ public interface RulesManager extends RulesService {
     List<? extends PortForwardingRule> gatherPortForwardingRulesForApplication(List<? extends IpAddress> addrs);
 
 	boolean revokePortForwardingRule(long vmId);
+	
+	FirewallRule[] reservePorts(IpAddress ip, String protocol, FirewallRule.Purpose purpose, int... ports) throws NetworkRuleConflictException;
 }
diff --git a/server/src/com/cloud/network/rules/RulesManagerImpl.java b/server/src/com/cloud/network/rules/RulesManagerImpl.java
index 02e96269ddf..60bcda4080e 100644
--- a/server/src/com/cloud/network/rules/RulesManagerImpl.java
+++ b/server/src/com/cloud/network/rules/RulesManagerImpl.java
@@ -138,9 +138,9 @@ public class RulesManagerImpl implements RulesManager, RulesService, Manager {
     @Override @DB
     public PortForwardingRule createPortForwardingRule(PortForwardingRule rule, Long vmId) throws NetworkRuleConflictException {
         UserContext ctx = UserContext.current();
-        Account caller = ctx.getAccount();
+        Account caller = ctx.getCaller();
         
-        String ipAddr = rule.getSourceIpAddress().addr();
+        Ip ipAddr = rule.getSourceIpAddress();
         
         IPAddressVO ipAddress = _ipAddressDao.findById(ipAddr);
         
@@ -283,7 +283,7 @@ public class RulesManagerImpl implements RulesManager, RulesService, Manager {
             if (s_logger.isDebugEnabled()) {
                 s_logger.debug("Removing one to one nat so setting the ip back to one to one nat is false: "  + rule.getSourceIpAddress());
             }
-            IPAddressVO ipAddress = _ipAddressDao.findById(rule.getSourceIpAddress().addr());
+            IPAddressVO ipAddress = _ipAddressDao.findById(rule.getSourceIpAddress());
             ipAddress.setOneToOneNat(false);
             _ipAddressDao.update(ipAddress.getAddress(), ipAddress);
         }
@@ -303,7 +303,7 @@ public class RulesManagerImpl implements RulesManager, RulesService, Manager {
     @Override
     public boolean revokePortForwardingRule(long ruleId, boolean apply) {
         UserContext ctx = UserContext.current();
-        Account caller = ctx.getAccount();
+        Account caller = ctx.getCaller();
         
         PortForwardingRuleVO rule = _forwardingDao.findById(ruleId);
         if (rule == null) {
@@ -311,7 +311,7 @@ public class RulesManagerImpl implements RulesManager, RulesService, Manager {
         }
         
         _accountMgr.checkAccess(caller, rule);
-        revokeRule(rule, caller, ctx.getUserId());
+        revokeRule(rule, caller, ctx.getCallerUserId());
         
         if (apply) {
             return applyPortForwardingRules(rule.getSourceIpAddress(), true);
@@ -346,9 +346,9 @@ public class RulesManagerImpl implements RulesManager, RulesService, Manager {
     @Override
     public List<? extends PortForwardingRule> listPortForwardingRules(ListPortForwardingRulesCmd cmd) {
         Ip ipAddress = new Ip(cmd.getIpAddress());
-        Account caller = UserContext.current().getAccount();
+        Account caller = UserContext.current().getCaller();
 
-        IPAddressVO ipAddressVO = _ipAddressDao.findById(ipAddress.addr());
+        IPAddressVO ipAddressVO = _ipAddressDao.findById(ipAddress);
         if (ipAddressVO == null || !ipAddressVO.readyToUse()) {
             throw new InvalidParameterValueException("Ip address not ready for port forwarding rules yet: " + ipAddress);
         }
@@ -450,669 +450,51 @@ public class RulesManagerImpl implements RulesManager, RulesService, Manager {
     public String getName() {
         return _name;
     }
-//    @Override
-//    public boolean updateFirewallRule(final PortForwardingRuleVO rule, String oldPrivateIP, String oldPrivatePort) {
-//
-//        final IPAddressVO ipVO = _ipAddressDao.findById(rule.getSourceIpAddress());
-//        if (ipVO == null || ipVO.getAllocated() == null) {
-//            return false;
-//        }
-//
-//        final DomainRouterVO router = _routerMgr.getRouter(ipVO.getAccountId(), ipVO.getDataCenterId());
-//        Long hostId = router.getHostId();
-//        if (router == null || router.getHostId() == null) {
-//            return true;
-//        }
-//
-//        if (rule.isForwarding()) {
-//            return updatePortForwardingRule(rule, router, hostId, oldPrivateIP, oldPrivatePort);
-//        } else if (rule.getGroupId() != null) {
-//            final List<PortForwardingRuleVO> fwRules = _rulesDao.listIPForwardingForLB(ipVO.getAccountId(), ipVO.getDataCenterId());
-//
-//            return updateLoadBalancerRules(fwRules, router, hostId);
-//        }
-//        return true;
-//    }
-//
-//    @Override
-//    public List<PortForwardingRuleVO> updateFirewallRules(final String publicIpAddress, final List<PortForwardingRuleVO> fwRules, final DomainRouterVO router) {
-//        final List<PortForwardingRuleVO> result = new ArrayList<PortForwardingRuleVO>();
-//        if (fwRules.size() == 0) {
-//            return result;
-//        }
-//
-//        if (router == null || router.getHostId() == null) {
-//            return fwRules;
-//        } else {
-//            final HostVO host = _hostDao.findById(router.getHostId());
-//            return updateFirewallRules(host, router.getInstanceName(), router.getPrivateIpAddress(), fwRules);
-//        }
-//    }
-//
-//    public List<PortForwardingRuleVO> updateFirewallRules(final HostVO host, final String routerName, final String routerIp, final List<PortForwardingRuleVO> fwRules) {
-//        final List<PortForwardingRuleVO> result = new ArrayList<PortForwardingRuleVO>();
-//        if (fwRules.size() == 0) {
-//            s_logger.debug("There are no firewall rules");
-//            return result;
-//        }
-//
-//        Commands cmds = new Commands(OnError.Continue);
-//        final List<PortForwardingRuleVO> lbRules = new ArrayList<PortForwardingRuleVO>();
-//        final List<PortForwardingRuleVO> fwdRules = new ArrayList<PortForwardingRuleVO>();
-//
-//        int i=0;
-//        for (PortForwardingRuleVO rule : fwRules) {
-//            // Determine the VLAN ID and netmask of the rule's public IP address
-//            IPAddressVO ip = _ipAddressDao.findById(rule.getSourceIpAddress());
-//            VlanVO vlan = _vlanDao.findById(new Long(ip.getVlanDbId()));
-//            String vlanNetmask = vlan.getVlanNetmask();
-//            rule.setVlanNetmask(vlanNetmask);
-//
-//            if (rule.isForwarding()) {
-//                fwdRules.add(rule);
-//                final SetFirewallRuleCommand cmd = new SetFirewallRuleCommand(routerName, routerIp,rule, false);
-//                cmds.addCommand(cmd);
-//            } else if (rule.getGroupId() != null){
-//                lbRules.add(rule);
-//            }
-//
-//        }
-//        if (lbRules.size() > 0) { //at least one load balancer rule
-//            final LoadBalancerConfigurator cfgrtr = new HAProxyConfigurator();
-//            final String [] cfg = cfgrtr.generateConfiguration(fwRules);
-//            final String [][] addRemoveRules = cfgrtr.generateFwRules(fwRules);
-//            final LoadBalancerCfgCommand cmd = new LoadBalancerCfgCommand(cfg, addRemoveRules, routerName, routerIp);
-//            cmds.addCommand(cmd);
-//        }
-//        if (cmds.size() == 0) {
-//            return result;
-//        }
-//        Answer [] answers = null;
-//        try {
-//            answers = _agentMgr.send(host.getId(), cmds);
-//        } catch (final AgentUnavailableException e) {
-//            s_logger.warn("agent unavailable", e);
-//        } catch (final OperationTimedoutException e) {
-//            s_logger.warn("Timed Out", e);
-//        }
-//        if (answers == null ){
-//            return result;
-//        }
-//        i=0;
-//        for (final PortForwardingRuleVO rule:fwdRules){
-//            final Answer ans = answers[i++];
-//            if (ans != null) {
-//                if (ans.getResult()) {
-//                    result.add(rule);
-//                } else {
-//                    s_logger.warn("Unable to update firewall rule: " + rule.toString());
-//                }
-//            }
-//        }
-//        if (i == (answers.length-1)) {
-//            final Answer lbAnswer = answers[i];
-//            if (lbAnswer.getResult()) {
-//                result.addAll(lbRules);
-//            } else {
-//                s_logger.warn("Unable to update lb rules.");
-//            }
-//        }
-//        return result;
-//    }
-//
-//    private boolean updatePortForwardingRule(final PortForwardingRuleVO rule, final DomainRouterVO router, Long hostId, String oldPrivateIP, String oldPrivatePort) {
-//        IPAddressVO ip = _ipAddressDao.findById(rule.getSourceIpAddress());
-//        VlanVO vlan = _vlanDao.findById(new Long(ip.getVlanDbId()));
-//        rule.setVlanNetmask(vlan.getVlanNetmask());
-//
-//        final SetFirewallRuleCommand cmd = new SetFirewallRuleCommand(router.getInstanceName(), router.getPrivateIpAddress(), rule, oldPrivateIP, oldPrivatePort);
-//        final Answer ans = _agentMgr.easySend(hostId, cmd);
-//        if (ans == null) {
-//            return false;
-//        } else {
-//            return ans.getResult();
-//        }
-//    }
-//
-//    @Override
-//    public List<PortForwardingRuleVO>  updatePortForwardingRules(final List<PortForwardingRuleVO> fwRules, final DomainRouterVO router, Long hostId ){
-//        final List<PortForwardingRuleVO> fwdRules = new ArrayList<PortForwardingRuleVO>();
-//        final List<PortForwardingRuleVO> result = new ArrayList<PortForwardingRuleVO>();
-//
-//        if (fwRules.size() == 0) {
-//            return result;
-//        }
-//
-//        Commands cmds = new Commands(OnError.Continue);
-//        int i=0;
-//        for (final PortForwardingRuleVO rule: fwRules) {
-//            IPAddressVO ip = _ipAddressDao.findById(rule.getSourceIpAddress());
-//            VlanVO vlan = _vlanDao.findById(new Long(ip.getVlanDbId()));
-//            String vlanNetmask = vlan.getVlanNetmask();
-//            rule.setVlanNetmask(vlanNetmask);
-//            if (rule.isForwarding()) {
-//                fwdRules.add(rule);
-//                final SetFirewallRuleCommand cmd = new SetFirewallRuleCommand(router.getInstanceName(), router.getPrivateIpAddress(),rule, false);
-//                cmds.addCommand(cmd);
-//            }
-//        }
-//        try {
-//            _agentMgr.send(hostId, cmds);
-//        } catch (final AgentUnavailableException e) {
-//            s_logger.warn("agent unavailable", e);
-//        } catch (final OperationTimedoutException e) {
-//            s_logger.warn("Timed Out", e);
-//        }
-//        Answer[] answers = cmds.getAnswers();
-//        if (answers == null ){
-//            return result;
-//        }
-//        i=0;
-//        for (final PortForwardingRuleVO rule:fwdRules){
-//            final Answer ans = answers[i++];
-//            if (ans != null) {
-//                if (ans.getResult()) {
-//                    result.add(rule);
-//                }
-//            }
-//        }
-//        return result;
-//    }
-//
-//    @Override
-//    public PortForwardingRuleVO createPortForwardingRule(CreatePortForwardingRuleCmd cmd) throws InvalidParameterValueException, PermissionDeniedException, NetworkRuleConflictException {
-//        // validate IP Address exists
-//        IPAddressVO ipAddress = _ipAddressDao.findById(cmd.getIpAddress());
-//        if (ipAddress == null) {
-//            throw new InvalidParameterValueException("Unable to create port forwarding rule on address " + ipAddress + ", invalid IP address specified.");
-//        }
-//
-//        // validate user VM exists
-//        UserVmVO userVM = _vmDao.findById(cmd.getVirtualMachineId());
-//        if (userVM == null) {
-//            throw new InvalidParameterValueException("Unable to create port forwarding rule on address " + ipAddress + ", invalid virtual machine id specified (" + cmd.getVirtualMachineId() + ").");
-//        }
-//
-//        // validate that IP address and userVM belong to the same account
-//        if ((ipAddress.getAccountId() == null) || (ipAddress.getAccountId().longValue() != userVM.getAccountId())) {
-//            throw new InvalidParameterValueException("Unable to create port forwarding rule, IP address " + ipAddress + " owner is not the same as owner of virtual machine " + userVM.toString()); 
-//        }
-//
-//        // validate that userVM is in the same availability zone as the IP address
-//        if (ipAddress.getDataCenterId() != userVM.getDataCenterId()) {
-//            throw new InvalidParameterValueException("Unable to create port forwarding rule, IP address " + ipAddress + " is not in the same availability zone as virtual machine " + userVM.toString());
-//        }
-//
-//        // if an admin account was passed in, or no account was passed in, make sure we honor the accountName/domainId parameters
-//        Account account = UserContext.current().getAccount();
-//        if (account != null) {
-//            if ((account.getType() == Account.ACCOUNT_TYPE_ADMIN) || (account.getType() == Account.ACCOUNT_TYPE_DOMAIN_ADMIN)) {
-//                if (!_domainDao.isChildDomain(account.getDomainId(), userVM.getDomainId())) {
-//                    throw new PermissionDeniedException("Unable to create port forwarding rule, IP address " + ipAddress + " to virtual machine " + cmd.getVirtualMachineId() + ", permission denied.");
-//                }
-//            } else if (account.getId() != userVM.getAccountId()) {
-//                throw new PermissionDeniedException("Unable to create port forwarding rule, IP address " + ipAddress + " to virtual machine " + cmd.getVirtualMachineId() + ", permission denied.");
-//            }
-//        }
-//
-//        // set up some local variables
-//        String protocol = cmd.getProtocol();
-//        String publicPort = cmd.getPublicPort();
-//        String privatePort = cmd.getPrivatePort();
-//
-//        // sanity check that the vm can be applied to the load balancer
-//        ServiceOfferingVO offering = _serviceOfferingDao.findById(userVM.getServiceOfferingId());
-//        if ((offering == null) || !GuestIpType.Virtualized.equals(offering.getGuestIpType())) {
-//            if (s_logger.isDebugEnabled()) {
-//                s_logger.debug("Unable to create port forwarding rule (" + protocol + ":" + publicPort + "->" + privatePort + ") for virtual machine " + userVM.toString() + ", bad network type (" + ((offering == null) ? "null" : offering.getGuestIpType()) + ")");
-//            }
-//
-//            throw new IllegalArgumentException("Unable to create port forwarding rule (" + protocol + ":" + publicPort + "->" + privatePort + ") for virtual machine " + userVM.toString() + ", bad network type (" + ((offering == null) ? "null" : offering.getGuestIpType()) + ")");
-//        }
-//
-//        // check for ip address/port conflicts by checking existing forwarding and load balancing rules
-//        List<PortForwardingRuleVO> existingRulesOnPubIp = _rulesDao.listIPForwarding(ipAddress.getAddress());
-//
-//        // FIXME:  The mapped ports should be String, String, List<String> since more than one proto can be mapped...
-//        Map<String, Ternary<String, String, List<String>>> mappedPublicPorts = new HashMap<String, Ternary<String, String, List<String>>>();
-//
-//        if (existingRulesOnPubIp != null) {
-//            for (PortForwardingRuleVO fwRule : existingRulesOnPubIp) {
-//                Ternary<String, String, List<String>> portMappings = mappedPublicPorts.get(fwRule.getSourcePort());
-//                List<String> protocolList = null;
-//                if (portMappings == null) {
-//                    protocolList = new ArrayList<String>();
-//                } else {
-//                    protocolList = portMappings.third();
-//                }
-//                protocolList.add(fwRule.getProtocol());
-//                mappedPublicPorts.put(fwRule.getSourcePort(), new Ternary<String, String, List<String>>(fwRule.getDestinationIpAddress(), fwRule.getDestinationPort(), protocolList));
-//            }
-//        }
-//
-//        Ternary<String, String, List<String>> privateIpPort = mappedPublicPorts.get(publicPort);
-//        if (privateIpPort != null) {
-//            if (privateIpPort.first().equals(userVM.getGuestIpAddress()) && privateIpPort.second().equals(privatePort)) {
-//                List<String> protocolList = privateIpPort.third();
-//                for (String mappedProtocol : protocolList) {
-//                    if (mappedProtocol.equalsIgnoreCase(protocol)) {
-//                        if (s_logger.isDebugEnabled()) {
-//                            s_logger.debug("skipping the creating of firewall rule " + ipAddress + ":" + publicPort + " to " + userVM.getGuestIpAddress() + ":" + privatePort + "; rule already exists.");
-//                        }
-//                        // already mapped
-//                        throw new NetworkRuleConflictException("An existing port forwarding service rule for " + ipAddress + ":" + publicPort
-//                                + " already exists, found while trying to create mapping to " + userVM.getGuestIpAddress() + ":" + privatePort + ".");
-//                    }
-//                }
-//            } else {
-//                // FIXME:  Will we need to refactor this for both assign port forwarding service and create port forwarding rule?
-//                //                throw new NetworkRuleConflictException("An existing port forwarding service rule for " + ipAddress + ":" + publicPort
-//                //                        + " already exists, found while trying to create mapping to " + userVM.getGuestIpAddress() + ":" + privatePort + ((securityGroupId == null) ? "." : " from port forwarding service "
-//                //                        + securityGroupId.toString() + "."));
-//                throw new NetworkRuleConflictException("An existing port forwarding service rule for " + ipAddress + ":" + publicPort
-//                        + " already exists, found while trying to create mapping to " + userVM.getGuestIpAddress() + ":" + privatePort + ".");
-//            }
-//        }
-//
-//        PortForwardingRuleVO newFwRule = new PortForwardingRuleVO();
-//        newFwRule.setEnabled(true);
-//        newFwRule.setForwarding(true);
-//        newFwRule.setPrivatePort(privatePort);
-//        newFwRule.setProtocol(protocol);
-//        newFwRule.setPublicPort(publicPort);
-//        newFwRule.setPublicIpAddress(ipAddress.getAddress());
-//        newFwRule.setPrivateIpAddress(userVM.getGuestIpAddress());
-//        //        newFwRule.setGroupId(securityGroupId);
-//        newFwRule.setGroupId(null);
-//
-//        // In 1.0 the rules were always persisted when a user created a rule.  When the rules get sent down
-//        // the stopOnError parameter is set to false, so the agent will apply all rules that it can.  That
-//        // behavior is preserved here by persisting the rule before sending it to the agent.
-//        _rulesDao.persist(newFwRule);
-//
-//        boolean success = updateFirewallRule(newFwRule, null, null);
-//
-//        // Save and create the event
-//        String description;
-//        String ruleName = "ip forwarding";
-//        String level = EventVO.LEVEL_INFO;
-//
-//        if (success == true) {
-//            description = "created new " + ruleName + " rule [" + newFwRule.getSourceIpAddress() + ":" + newFwRule.getSourcePort() + "]->["
-//            + newFwRule.getDestinationIpAddress() + ":" + newFwRule.getDestinationPort() + "]" + " " + newFwRule.getProtocol();
-//        } else {
-//            level = EventVO.LEVEL_ERROR;
-//            description = "failed to create new " + ruleName + " rule [" + newFwRule.getSourceIpAddress() + ":" + newFwRule.getSourcePort() + "]->["
-//            + newFwRule.getDestinationIpAddress() + ":" + newFwRule.getDestinationPort() + "]" + " " + newFwRule.getProtocol();
-//        }
-//
-//        EventUtils.saveEvent(UserContext.current().getUserId(), userVM.getAccountId(), level, EventTypes.EVENT_NET_RULE_ADD, description);
-//
-//        return newFwRule;
-//    }
-//
-//    @Override @DB
-//    public PortForwardingRule createIpForwardingRuleOnDomr(long ruleId) {
-//        Transaction txn = Transaction.currentTxn();
-//        txn.start();
-//        boolean success = false;
-//        PortForwardingRuleVO rule = null;
-//        IPAddressVO ipAddress = null;
-//        boolean locked = false;
-//        try {
-//            //get the rule 
-//            rule = _rulesDao.findById(ruleId);
-//
-//            if(rule == null){
-//                throw new PermissionDeniedException("Cannot create ip forwarding rule in db");
-//            }
-//
-//            //get ip address 
-//            ipAddress = _ipAddressDao.findById(rule.getSourceIpAddress());
-//            if (ipAddress == null) {
-//                throw new InvalidParameterValueException("Unable to create ip forwarding rule on address " + ipAddress + ", invalid IP address specified.");
-//            }
-//
-//            //sync point
-//            ipAddress = _ipAddressDao.acquireInLockTable(ipAddress.getAddress());
-//
-//            if(ipAddress == null){
-//                s_logger.warn("Unable to acquire lock on ipAddress for creating 1-1 NAT rule");
-//                return rule;
-//            }else{
-//                locked = true;
-//            }
-//
-//            //get the domain router object
-//            DomainRouterVO router = _routerMgr.getRouter(ipAddress.getAccountId(), ipAddress.getDataCenterId());
-//            success = createOrDeleteIpForwardingRuleOnDomr(rule,router,rule.getDestinationIpAddress(),true); //true +> create
-//
-//            if(!success){
-//                //corner case; delete record from db as domR rule creation failed
-//                _rulesDao.remove(ruleId);
-//                throw new PermissionDeniedException("Cannot create ip forwarding rule on domr, hence deleting created record in db");
-//            }
-//
-//            //update the user_ip_address record
-//            ipAddress.setOneToOneNat(true);
-//            _ipAddressDao.update(ipAddress.getAddress(),ipAddress);
-//
-//            // Save and create the event
-//            String description;
-//            String ruleName = "ip forwarding";
-//            String level = EventVO.LEVEL_INFO;
-//
-//            description = "created new " + ruleName + " rule [" + rule.getSourceIpAddress() + "]->["
-//            + rule.getDestinationIpAddress() + "]" + ":" + rule.getProtocol();
-//
-//            EventUtils.saveEvent(UserContext.current().getUserId(), ipAddress.getAccountId(), level, EventTypes.EVENT_NET_RULE_ADD, description);
-//            txn.commit();
-//        } catch (Exception e) {
-//            txn.rollback();
-//            throw new ServerApiException(BaseCmd.INTERNAL_ERROR, e.getMessage());
-//        }finally{
-//            if(locked){
-//                _ipAddressDao.releaseFromLockTable(ipAddress.getAddress());
-//            }
-//        }
-//        return rule;
-//    }
-//
-//    @Override @DB
-//    public PortForwardingRule createIpForwardingRuleInDb(String ipAddr, long virtualMachineId) {
-//
-//        Transaction txn = Transaction.currentTxn();
-//        txn.start();
-//        UserVmVO userVM = null;
-//        PortForwardingRuleVO newFwRule = null;
-//        boolean locked = false;
-//        try {
-//            // validate IP Address exists
-//            IPAddressVO ipAddress = _ipAddressDao.findById(ipAddr);
-//            if (ipAddress == null) {
-//                throw new InvalidParameterValueException("Unable to create ip forwarding rule on address " + ipAddress + ", invalid IP address specified.");
-//            }
-//
-//            // validate user VM exists
-//            userVM = _vmDao.findById(virtualMachineId);
-//            if (userVM == null) {
-//                throw new InvalidParameterValueException("Unable to create ip forwarding rule on address " + ipAddress + ", invalid virtual machine id specified (" + virtualMachineId + ").");
-//            }
-//
-//            //sync point; cannot lock on rule ; hence sync on vm
-//            userVM = _vmDao.acquireInLockTable(userVM.getId());
-//
-//            if(userVM == null){
-//                s_logger.warn("Unable to acquire lock on user vm for creating 1-1 NAT rule");
-//                return newFwRule;
-//            }else{
-//                locked = true;
-//            }
-//
-//            // validate that IP address and userVM belong to the same account
-//            if ((ipAddress.getAccountId() == null) || (ipAddress.getAccountId().longValue() != userVM.getAccountId())) {
-//                throw new InvalidParameterValueException("Unable to create ip forwarding rule, IP address " + ipAddress + " owner is not the same as owner of virtual machine " + userVM.toString()); 
-//            }
-//
-//            // validate that userVM is in the same availability zone as the IP address
-//            if (ipAddress.getDataCenterId() != userVM.getDataCenterId()) {
-//                throw new InvalidParameterValueException("Unable to create ip forwarding rule, IP address " + ipAddress + " is not in the same availability zone as virtual machine " + userVM.toString());
-//            }
-//
-//            // if an admin account was passed in, or no account was passed in, make sure we honor the accountName/domainId parameters
-//            Account account = UserContext.current().getAccount();
-//            if (account != null) {
-//                if ((account.getType() == Account.ACCOUNT_TYPE_ADMIN) || (account.getType() == Account.ACCOUNT_TYPE_DOMAIN_ADMIN)) {
-//                    if (!_domainDao.isChildDomain(account.getDomainId(), userVM.getDomainId())) {
-//                        throw new PermissionDeniedException("Unable to create ip forwarding rule, IP address " + ipAddress + " to virtual machine " + virtualMachineId + ", permission denied.");
-//                    }
-//                } else if (account.getId() != userVM.getAccountId()) {
-//                    throw new PermissionDeniedException("Unable to create ip forwarding rule, IP address " + ipAddress + " to virtual machine " + virtualMachineId + ", permission denied.");
-//                }
-//            }
-//
-//            // check for ip address/port conflicts by checking existing forwarding and load balancing rules
-//            List<PortForwardingRuleVO> existingNatRules = _rulesDao.findByPublicIpPrivateIpForNatRule(ipAddr, userVM.getGuestIpAddress());
-//
-//            if(existingNatRules.size() > 0){
-//                throw new NetworkRuleConflictException("The specified rule for public ip:"+ipAddr+" vm id:"+virtualMachineId+" already exists");
-//            }
-//
-//            //if given ip address is already source nat, return error
-//            if(ipAddress.isSourceNat()){
-//                throw new PermissionDeniedException("Cannot create a static nat rule for the ip:"+ipAddress.getAddress()+" ,this is already a source nat ip address");
-//            }
-//
-//            //if given ip address is already static nat, return error
-//            if(ipAddress.isOneToOneNat()){
-//                throw new PermissionDeniedException("Cannot create a static nat rule for the ip:"+ipAddress.getAddress()+" ,this is already a static nat ip address");
-//            }
-//            
-//            newFwRule = new PortForwardingRuleVO();
-//            newFwRule.setEnabled(true);
-//            newFwRule.setForwarding(true);
-//            newFwRule.setPrivatePort(null);
-//            newFwRule.setProtocol(NetUtils.NAT_PROTO);//protocol cannot be null; adding this as a NAT
-//            newFwRule.setPublicPort(null);
-//            newFwRule.setPublicIpAddress(ipAddress.getAddress());
-//            newFwRule.setPrivateIpAddress(userVM.getGuestIpAddress());
-//            newFwRule.setGroupId(null);
-//
-//            _rulesDao.persist(newFwRule);           
-//            txn.commit();
-//        } catch (Exception e) {
-//            s_logger.warn("Unable to create new firewall rule for 1:1 NAT");
-//            txn.rollback();
-//            throw new ServerApiException(BaseCmd.INTERNAL_ERROR,"Unable to create new firewall rule for 1:1 NAT:"+e.getMessage());
-//        }finally{
-//            if(locked) {
-//                _vmDao.releaseFromLockTable(userVM.getId());
-//            }
-//        }
-//
-//        return newFwRule;
-//    }
-//
-//    @Override @DB
-//    public boolean deleteIpForwardingRule(Long id) {
-//        Long ruleId = id;
-//        Long userId = UserContext.current().getUserId();
-//        Account account = UserContext.current().getAccount();
-//
-//        //verify input parameters here
-//        PortForwardingRuleVO rule = _firewallRulesDao.findById(ruleId);
-//        if (rule == null) {
-//            throw new InvalidParameterValueException("Unable to find port forwarding rule " + ruleId);
-//        }
-//
-//        String publicIp = rule.getSourceIpAddress();
-//
-//
-//        IPAddressVO ipAddress = _ipAddressDao.findById(publicIp);
-//        if (ipAddress == null) {
-//            throw new InvalidParameterValueException("Unable to find IP address for ip forwarding rule " + ruleId);
-//        }
-//
-//        // although we are not writing these values to the DB, we will check
-//        // them out of an abundance
-//        // of caution (may not be warranted)
-//
-//        Account ruleOwner = _accountDao.findById(ipAddress.getAccountId());
-//        if (ruleOwner == null) {
-//            throw new InvalidParameterValueException("Unable to find owning account for ip forwarding rule " + ruleId);
-//        }
-//
-//        // if an admin account was passed in, or no account was passed in, make sure we honor the accountName/domainId parameters
-//        if (account != null) {
-//            if (isAdmin(account.getType())) {
-//                if (!_domainDao.isChildDomain(account.getDomainId(), ruleOwner.getDomainId())) {
-//                    throw new PermissionDeniedException("Unable to delete ip forwarding rule " + ruleId + ", permission denied.");
-//                }
-//            } else if (account.getId() != ruleOwner.getId()) {
-//                throw new PermissionDeniedException("Unable to delete ip forwarding rule " + ruleId + ", permission denied.");
-//            }
-//        }
-//
-//        Transaction txn = Transaction.currentTxn();
-//        boolean locked = false;
-//        boolean success = false;
-//        try {
-//
-//            ipAddress = _ipAddressDao.acquireInLockTable(publicIp);
-//            if (ipAddress == null) {
-//                throw new PermissionDeniedException("Unable to obtain lock on record for deletion");
-//            }
-//
-//            locked = true;
-//            txn.start();
-//
-//            final DomainRouterVO router = _routerMgr.getRouter(ipAddress.getAccountId(), ipAddress.getDataCenterId());
-//            success = createOrDeleteIpForwardingRuleOnDomr(rule, router, rule.getDestinationIpAddress(), false);
-//            _firewallRulesDao.remove(ruleId);
-//
-//            //update the ip_address record
-//            ipAddress.setOneToOneNat(false);
-//            _ipAddressDao.persist(ipAddress);
-//
-//            String description;
-//            String type = EventTypes.EVENT_NET_RULE_DELETE;
-//            String level = EventVO.LEVEL_INFO;
-//            String ruleName = rule.isForwarding() ? "ip forwarding" : "load balancer";
-//
-//            if (success) {
-//                description = "deleted " + ruleName + " rule [" + publicIp +"]->[" + rule.getDestinationIpAddress() + "] " + rule.getProtocol();
-//            } else {
-//                level = EventVO.LEVEL_ERROR;
-//                description = "Error while deleting " + ruleName + " rule [" + publicIp + "]->[" + rule.getDestinationIpAddress() +"] " + rule.getProtocol();
-//            }
-//            EventUtils.saveEvent(userId, ipAddress.getAccountId(), level, type, description);
-//            txn.commit();
-//        }catch (Exception ex) {
-//            txn.rollback();
-//            s_logger.error("Unexpected exception deleting port forwarding rule " + ruleId, ex);
-//            return false;
-//        }finally {
-//            if (locked) {
-//                _ipAddressDao.releaseFromLockTable(publicIp);
-//            }
-//            txn.close();
-//        }
-//        return success;
-//    }
-//
-//    private boolean  createOrDeleteIpForwardingRuleOnDomr(PortForwardingRuleVO fwRule, DomainRouterVO router, String guestIp, boolean create){
-//
-//        Commands cmds = new Commands(OnError.Continue);
-//        final SetFirewallRuleCommand cmd = new SetFirewallRuleCommand(router.getInstanceName(), router.getPrivateIpAddress(),fwRule, create);
-//        cmds.addCommand(cmd);       
-//        try {
-//            _agentMgr.send(router.getHostId(), cmds);
-//        } catch (final AgentUnavailableException e) {
-//            s_logger.warn("agent unavailable", e);
-//        } catch (final OperationTimedoutException e) {
-//            s_logger.warn("Timed Out", e);
-//        }
-//        Answer[] answers = cmds.getAnswers();
-//        if (answers == null || answers[0].getResult() == false ){
-//            return false;
-//        }else{
-//            return true;
-//        }
-//    }
-//    @Override
-//    public PortForwardingRuleVO updatePortForwardingRule(UpdatePortForwardingRuleCmd cmd) throws InvalidParameterValueException, PermissionDeniedException{
-//        String publicIp = cmd.getPublicIp();
-//        String privateIp = cmd.getPrivateIp();
-//        String privatePort = cmd.getPrivatePort();
-//        String publicPort = cmd.getPublicPort();
-//        String protocol = cmd.getProtocol();
-//        Long vmId = cmd.getVirtualMachineId();
-//        Long userId = UserContext.current().getUserId();
-//        Account account = UserContext.current().getAccount();
-//        UserVmVO userVM = null;
-//        
-//        if (userId == null) {
-//            userId = Long.valueOf(User.UID_SYSTEM);
-//        }
-//
-//        IPAddressVO ipAddressVO = findIPAddressById(publicIp);
-//        if (ipAddressVO == null) {
-//            throw new InvalidParameterValueException("Unable to find IP address " + publicIp);
-//        }
-//
-//        if (ipAddressVO.getAccountId() == null) {
-//            throw new InvalidParameterValueException("Unable to update port forwarding rule, owner of IP address " + publicIp + " not found.");
-//        }
-//
-//        if (privateIp != null) {
-//            if (!NetUtils.isValidIp(privateIp)) {
-//                throw new InvalidParameterValueException("Invalid private IP address specified: " + privateIp);
-//            }
-//            Criteria c = new Criteria();
-//            c.addCriteria(Criteria.ACCOUNTID, new Object[] {ipAddressVO.getAccountId()});
-//            c.addCriteria(Criteria.DATACENTERID, ipAddressVO.getDataCenterId());
-//            c.addCriteria(Criteria.IPADDRESS, privateIp);
-//            List<UserVmVO> userVMs = searchForUserVMs(c);
-//            if ((userVMs == null) || userVMs.isEmpty()) {
-//                throw new ServerApiException(BaseCmd.PARAM_ERROR, "Invalid private IP address specified: " + privateIp + ", no virtual machine instances running with that address.");
-//            }
-//            userVM = userVMs.get(0);
-//        } else if (vmId != null) {
-//            userVM = findUserVMInstanceById(vmId);
-//            if (userVM == null) {
-//                throw new InvalidParameterValueException("Unable to find virtual machine with id " + vmId);
-//            }
-//
-//            if ((ipAddressVO.getAccountId() == null) || (ipAddressVO.getAccountId().longValue() != userVM.getAccountId())) {
-//                throw new PermissionDeniedException("Unable to update port forwarding rule on IP address " + publicIp + ", permission denied."); 
-//            }
-//
-//            if (ipAddressVO.getDataCenterId() != userVM.getDataCenterId()) {
-//                throw new PermissionDeniedException("Unable to update port forwarding rule, IP address " + publicIp + " is not in the same availability zone as virtual machine " + userVM.toString());
-//            }
-//
-//            privateIp = userVM.getGuestIpAddress();
-//        } else {
-//            throw new InvalidParameterValueException("No private IP address (privateip) or virtual machine instance id (virtualmachineid) specified, unable to update port forwarding rule");
-//        }
-//
-//        // if an admin account was passed in, or no account was passed in, make sure we honor the accountName/domainId parameters
-//        if (account != null) {
-//            if (isAdmin(account.getType())) {
-//                if (!_domainDao.isChildDomain(account.getDomainId(), ipAddressVO.getDomainId())) {
-//                    throw new PermissionDeniedException("Unable to update port forwarding rule on IP address " + publicIp + ", permission denied.");
-//                }
-//            } else if (account.getId() != ipAddressVO.getAccountId()) {
-//                throw new PermissionDeniedException("Unable to update port forwarding rule on IP address " + publicIp + ", permission denied.");
-//            }
-//        }
-//        
-//        List<PortForwardingRuleVO> fwRules = _firewallRulesDao.listIPForwardingForUpdate(publicIp, publicPort, protocol);
-//        if ((fwRules != null) && (fwRules.size() == 1)) {
-//            PortForwardingRuleVO fwRule = fwRules.get(0);
-//            String oldPrivateIP = fwRule.getDestinationIpAddress();
-//            String oldPrivatePort = fwRule.getDestinationPort();
-//            fwRule.setPrivateIpAddress(privateIp);
-//            fwRule.setPrivatePort(privatePort);
-//            _firewallRulesDao.update(fwRule.getId(), fwRule);
-//            _networkMgr.updateFirewallRule(fwRule, oldPrivateIP, oldPrivatePort);
-//            return fwRule;
-//        }else{
-//            s_logger.warn("Unable to find the rule to be updated for public ip:public port"+publicIp+":"+publicPort+ "private ip:private port:"+privateIp+":"+privatePort);
-//            throw new InvalidParameterValueException("Unable to find the rule to be updated for public ip:public port"+publicIp+":"+publicPort+ " private ip:private port:"+privateIp+":"+privatePort);
-//        }
-//    }
-//
-//    @Override
-//    public PortForwardingRuleVO findForwardingRuleById(Long ruleId) {
-//        return _firewallRulesDao.findById(ruleId);
-//    }
 
     @Override
     public List<? extends FirewallRule> listFirewallRulesByIp(Ip ip) {
         return null;
     }
     
+    @Override @DB
+    public FirewallRuleVO[] reservePorts(IpAddress ip, String protocol, FirewallRule.Purpose purpose, int... ports) throws NetworkRuleConflictException {
+        FirewallRuleVO[] rules = new FirewallRuleVO[ports.length];
+        
+        Transaction txn = Transaction.currentTxn();
+        txn.start();
+        for (int i = 0; i < ports.length; i++) {
+            rules[i] = 
+                new FirewallRuleVO(null,
+                        ip.getAddress(),
+                        ports[i],
+                        protocol,
+                        ip.getAssociatedWithNetworkId(),
+                        ip.getAllocatedToAccountId(),
+                        ip.getAllocatedInDomainId(),
+                        purpose);
+            rules[i] = _firewallDao.persist(rules[i]);
+        }
+        txn.commit();
+
+        boolean success = false;
+        try {
+            for (FirewallRuleVO newRule : rules) {
+                detectRulesConflict(newRule, ip);
+            }
+            success = true;
+            return rules;
+        } finally {
+            if (!success) {
+                txn.start();
+                
+                for (FirewallRuleVO newRule : rules) {
+                    _forwardingDao.remove(newRule.getId());
+                }
+                txn.commit();
+            }
+        } 
+    }
+    
     @Override
     public List<? extends PortForwardingRule> gatherPortForwardingRulesForApplication(List<? extends IpAddress> addrs) {
         List<PortForwardingRuleVO> allRules = new ArrayList<PortForwardingRuleVO>();
@@ -1124,7 +506,7 @@ public class RulesManagerImpl implements RulesManager, RulesService, Manager {
                 }
                 continue;
             }
-            allRules.addAll(_forwardingDao.listForApplication(new Ip(addr.getAddress())));
+            allRules.addAll(_forwardingDao.listForApplication(addr.getAddress()));
         }
         
         if (s_logger.isDebugEnabled()) {
diff --git a/server/src/com/cloud/network/security/SecurityGroupManagerImpl.java b/server/src/com/cloud/network/security/SecurityGroupManagerImpl.java
index f564137caac..ff510d651c0 100644
--- a/server/src/com/cloud/network/security/SecurityGroupManagerImpl.java
+++ b/server/src/com/cloud/network/security/SecurityGroupManagerImpl.java
@@ -429,7 +429,7 @@ public class SecurityGroupManagerImpl implements SecurityGroupManager, SecurityG
 		Integer icmpCode = cmd.getIcmpCode();
 		List<String> cidrList = cmd.getCidrList();
 		Map groupList = cmd.getUserSecurityGroupList();
-        Account account = UserContext.current().getAccount();
+        Account account = UserContext.current().getCaller();
         String accountName = cmd.getAccountName();
         Long domainId = cmd.getDomainId();
 		Integer startPortOrType = null;
@@ -639,8 +639,8 @@ public class SecurityGroupManagerImpl implements SecurityGroupManager, SecurityG
 	public boolean revokeSecurityGroupIngress(RevokeSecurityGroupIngressCmd cmd) {
 		
 		//input validation
-		Account account = UserContext.current().getAccount();
-		Long userId  = UserContext.current().getUserId();
+		Account account = UserContext.current().getCaller();
+		Long userId  = UserContext.current().getCallerUserId();
         Long domainId = cmd.getDomainId();
         String accountName = cmd.getAccountName();
         Integer startPort = cmd.getStartPort();
@@ -857,7 +857,7 @@ public class SecurityGroupManagerImpl implements SecurityGroupManager, SecurityG
 	    Long domainId = cmd.getDomainId();
 	    Long accountId = null;
 
-	    Account account = UserContext.current().getAccount();
+	    Account account = UserContext.current().getCaller();
         if (account != null) {
             if ((account.getType() == Account.ACCOUNT_TYPE_ADMIN) || (account.getType() == Account.ACCOUNT_TYPE_DOMAIN_ADMIN)) {
                 if ((domainId != null) && (accountName != null)) {
@@ -1117,7 +1117,7 @@ public class SecurityGroupManagerImpl implements SecurityGroupManager, SecurityG
 		String name = cmd.getSecurityGroupName();
 		String accountName = cmd.getAccountName();
 		Long domainId = cmd.getDomainId();
-		Account account = UserContext.current().getAccount();
+		Account account = UserContext.current().getCaller();
 		
 		if (!_enabled) {
 			return true;
@@ -1196,7 +1196,7 @@ public class SecurityGroupManagerImpl implements SecurityGroupManager, SecurityG
 
     @Override
     public List<SecurityGroupRulesVO> searchForSecurityGroupRules(ListSecurityGroupsCmd cmd) throws PermissionDeniedException, InvalidParameterValueException {
-        Account account = UserContext.current().getAccount();
+        Account account = UserContext.current().getCaller();
         Long domainId = cmd.getDomainId();
         String accountName = cmd.getAccountName();
         Long accountId = null;
diff --git a/server/src/com/cloud/network/security/dao/SecurityGroupVMMapDaoImpl.java b/server/src/com/cloud/network/security/dao/SecurityGroupVMMapDaoImpl.java
index 2e3605e198a..5dd8b3483e4 100644
--- a/server/src/com/cloud/network/security/dao/SecurityGroupVMMapDaoImpl.java
+++ b/server/src/com/cloud/network/security/dao/SecurityGroupVMMapDaoImpl.java
@@ -122,7 +122,7 @@ public class SecurityGroupVMMapDaoImpl extends GenericDaoBase<SecurityGroupVMMap
     public List<Long> listVmIdsBySecurityGroup(long securityGroupId) {
         SearchCriteria<Long> sc = ListVmIdBySecurityGroup.create();
         sc.setParameters("securityGroupId", securityGroupId);
-        return searchIncludingRemoved(sc, null);
+        return customSearchIncludingRemoved(sc, null);
     }
 
 	@Override
diff --git a/server/src/com/cloud/network/vpn/RemoteAccessVpnManagerImpl.java b/server/src/com/cloud/network/vpn/RemoteAccessVpnManagerImpl.java
new file mode 100644
index 00000000000..1526aacc4b0
--- /dev/null
+++ b/server/src/com/cloud/network/vpn/RemoteAccessVpnManagerImpl.java
@@ -0,0 +1,524 @@
+/**
+ *  Copyright (C) 2010 Cloud.com, Inc.  All rights reserved.
+ * 
+ * This software is licensed under the GNU General Public License v3 or later.
+ * 
+ * It is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or any later version.
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ * 
+ * You should have received a copy of the GNU General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ * 
+ */
+package com.cloud.network.vpn;
+
+import java.util.ArrayList;
+import java.util.List;
+import java.util.Map;
+
+import javax.ejb.Local;
+import javax.naming.ConfigurationException;
+
+import org.apache.log4j.Logger;
+
+import com.cloud.api.commands.DeleteRemoteAccessVpnCmd;
+import com.cloud.api.commands.ListRemoteAccessVpnsCmd;
+import com.cloud.api.commands.ListVpnUsersCmd;
+import com.cloud.configuration.Config;
+import com.cloud.configuration.dao.ConfigurationDao;
+import com.cloud.domain.DomainVO;
+import com.cloud.domain.dao.DomainDao;
+import com.cloud.event.EventTypes;
+import com.cloud.event.EventUtils;
+import com.cloud.exception.AccountLimitException;
+import com.cloud.exception.ConcurrentOperationException;
+import com.cloud.exception.InvalidParameterValueException;
+import com.cloud.exception.NetworkRuleConflictException;
+import com.cloud.exception.ResourceUnavailableException;
+import com.cloud.network.Network;
+import com.cloud.network.NetworkManager;
+import com.cloud.network.PublicIpAddress;
+import com.cloud.network.RemoteAccessVpn;
+import com.cloud.network.RemoteAccessVpnVO;
+import com.cloud.network.VpnUser;
+import com.cloud.network.VpnUser.State;
+import com.cloud.network.VpnUserVO;
+import com.cloud.network.dao.IPAddressDao;
+import com.cloud.network.dao.RemoteAccessVpnDao;
+import com.cloud.network.dao.VpnUserDao;
+import com.cloud.network.router.VirtualNetworkApplianceManager;
+import com.cloud.network.rules.FirewallRule.Purpose;
+import com.cloud.network.rules.RulesManager;
+import com.cloud.user.Account;
+import com.cloud.user.AccountManager;
+import com.cloud.user.UserContext;
+import com.cloud.user.dao.AccountDao;
+import com.cloud.utils.NumbersUtil;
+import com.cloud.utils.Pair;
+import com.cloud.utils.PasswordGenerator;
+import com.cloud.utils.component.ComponentLocator;
+import com.cloud.utils.component.Inject;
+import com.cloud.utils.component.Manager;
+import com.cloud.utils.db.DB;
+import com.cloud.utils.db.Filter;
+import com.cloud.utils.db.JoinBuilder;
+import com.cloud.utils.db.SearchBuilder;
+import com.cloud.utils.db.SearchCriteria;
+import com.cloud.utils.db.Transaction;
+import com.cloud.utils.net.Ip;
+import com.cloud.utils.net.NetUtils;
+
+@Local(value=RemoteAccessVpnService.class)
+public class RemoteAccessVpnManagerImpl implements RemoteAccessVpnService, Manager {
+    private final static Logger s_logger = Logger.getLogger(RemoteAccessVpnManagerImpl.class);
+    String _name;
+    
+    @Inject AccountDao _accountDao;
+    @Inject VpnUserDao _vpnUsersDao;
+    @Inject RemoteAccessVpnDao _remoteAccessVpnDao;
+    @Inject IPAddressDao _ipAddressDao;
+    @Inject VirtualNetworkApplianceManager _routerMgr;
+    @Inject AccountManager _accountMgr;
+    @Inject NetworkManager _networkMgr;
+    @Inject RulesManager _rulesMgr;
+    @Inject DomainDao _domainDao;
+    
+    int _userLimit;
+    int _pskLength;
+    String _clientIpRange;
+    SearchBuilder<RemoteAccessVpnVO> VpnSearch;
+
+    @Override
+    public RemoteAccessVpn createRemoteAccessVpn(Ip publicIp, String ipRange) throws NetworkRuleConflictException {
+        UserContext ctx = UserContext.current();
+        Account caller = ctx.getCaller();
+        
+        // make sure ip address exists
+        PublicIpAddress ipAddr = _networkMgr.getPublicIpAddress(publicIp);
+        if (ipAddr == null) {
+            throw new InvalidParameterValueException("Unable to create remote access vpn, invalid public IP address " + publicIp);
+        }
+        
+        _accountMgr.checkAccess(caller, ipAddr);
+        
+        if (!ipAddr.readyToUse() || ipAddr.getAssociatedWithNetworkId() == null) {
+            throw new InvalidParameterValueException("The Ip address is not ready to be used yet: " + ipAddr.getAddress());
+        }
+        
+        RemoteAccessVpnVO vpnVO = _remoteAccessVpnDao.findByPublicIpAddress(publicIp.toString());
+        if (vpnVO != null) {
+            throw new InvalidParameterValueException("A Remote Access VPN already exists for this public Ip address");
+        }
+
+        // TODO: assumes one virtual network / domr per account per zone
+        vpnVO = _remoteAccessVpnDao.findByAccountAndNetwork(ipAddr.getAllocatedToAccountId(), ipAddr.getAssociatedWithNetworkId());
+        if (vpnVO != null) {
+            throw new InvalidParameterValueException("A Remote Access VPN already exists for this account");
+        }
+        
+        if (ipRange == null) {
+            ipRange = _clientIpRange;
+        }
+        String[] range = ipRange.split("-");
+        if (range.length != 2) {
+            throw new InvalidParameterValueException("Invalid ip range");
+        }
+        if (!NetUtils.isValidIp(range[0]) || !NetUtils.isValidIp(range[1])) {
+            throw new InvalidParameterValueException("Invalid ip in range specification " + ipRange);
+        }
+        if (!NetUtils.validIpRange(range[0], range[1])) {
+            throw new InvalidParameterValueException("Invalid ip range " + ipRange);
+        }
+        
+        Network network = _networkMgr.getNetwork(ipAddr.getAssociatedWithNetworkId());
+        Pair<String, Integer> cidr = NetUtils.getCidr(network.getCidr());
+        
+        
+        //FIXME: This check won't work for the case where the guest ip range changes depending on the vlan allocated.
+        String[] guestIpRange = NetUtils.getIpRangeFromCidr(cidr.first(), cidr.second());
+        if (NetUtils.ipRangesOverlap(range[0], range[1], guestIpRange[0], guestIpRange[1])) {
+            throw new InvalidParameterValueException("Invalid ip range: " + ipRange + " overlaps with guest ip range " + guestIpRange[0] + "-"
+                    + guestIpRange[1]);
+        }
+        // TODO: check sufficient range
+        // TODO: check overlap with private and public ip ranges in datacenter
+
+        long startIp = NetUtils.ip2Long(range[0]);
+        String newIpRange = NetUtils.long2Ip(++startIp) + "-" + range[1];
+        String sharedSecret = PasswordGenerator.generatePresharedKey(_pskLength);
+        _rulesMgr.reservePorts(ipAddr, NetUtils.UDP_PROTO, Purpose.Vpn, NetUtils.VPN_PORT, NetUtils.VPN_L2TP_PORT, NetUtils.VPN_NATT_PORT);
+        vpnVO = new RemoteAccessVpnVO(ipAddr.getAllocatedToAccountId(), ipAddr.getAllocatedInDomainId(), ipAddr.getAssociatedWithNetworkId(), publicIp, range[0], newIpRange, sharedSecret);
+        return _remoteAccessVpnDao.persist(vpnVO);
+    }
+    
+    private void validateRemoteAccessVpnConfiguration() throws ConfigurationException {
+        String ipRange = _clientIpRange;
+        if (ipRange == null) {
+            s_logger.warn("Remote Access VPN configuration missing client ip range -- ignoring");
+            return;
+        }
+        Integer pskLength = _pskLength;
+        if (pskLength != null && (pskLength < 8 || pskLength > 256)) {
+            throw new ConfigurationException("Remote Access VPN: IPSec preshared key length should be between 8 and 256");
+        } else if (pskLength == null) {
+            s_logger.warn("Remote Access VPN configuration missing Preshared Key Length -- ignoring");
+            return;
+        }
+
+        String [] range = ipRange.split("-");
+        if (range.length != 2) {
+            throw new ConfigurationException("Remote Access VPN: Invalid ip range " + ipRange);
+        }
+        if (!NetUtils.isValidIp(range[0]) || !NetUtils.isValidIp(range[1])){
+            throw new ConfigurationException("Remote Access VPN: Invalid ip in range specification " + ipRange);
+        }
+        if (!NetUtils.validIpRange(range[0], range[1])){
+            throw new ConfigurationException("Remote Access VPN: Invalid ip range " + ipRange);
+        }
+    }
+
+    @Override
+    public void destroyRemoteAccessVpn(Ip ip) {
+    }
+
+    @Override
+    public List<? extends RemoteAccessVpn> listRemoteAccessVpns(long vpnOwnerId, Ip publicIp) {
+        // TODO Auto-generated method stub
+        return null;
+    }
+
+    @Override
+    @DB
+    public VpnUser addVpnUser(long vpnOwnerId, String username, String password) {
+        long callerId = UserContext.current().getCallerUserId();
+        Account caller = UserContext.current().getCaller();
+
+        if (!username.matches("^[a-zA-Z0-9][a-zA-Z0-9@._-]{2,63}$")) {
+            throw new InvalidParameterValueException("Username has to be begin with an alphabet have 3-64 characters including alphabets, numbers and the set '@.-_'");
+        }
+        if (!password.matches("^[a-zA-Z0-9][a-zA-Z0-9@#+=._-]{2,31}$")) {
+            throw new InvalidParameterValueException("Password has to be 3-32 characters including alphabets, numbers and the set '@#+=.-_'");
+        }
+        Transaction txn = Transaction.currentTxn();
+        txn.start();
+        Account owner = _accountDao.lockRow(vpnOwnerId, true);
+        if (owner == null) {
+            throw new InvalidParameterValueException("Unable to add vpn user: Another operation active");
+        }
+        _accountMgr.checkAccess(caller, owner);
+        
+        long userCount = _vpnUsersDao.getVpnUserCount(owner.getId());
+        if (userCount >= _userLimit) {
+            throw new AccountLimitException("Cannot add more than " + _userLimit + " remote access vpn users");
+        }
+        
+        VpnUser user = _vpnUsersDao.persist(new VpnUserVO(vpnOwnerId, username, password));
+        EventUtils.saveEvent(callerId, owner.getId(), EventTypes.EVENT_VPN_USER_ADD, "Added a VPN user for account: " + owner.getAccountName() + " username= " + username);
+        txn.commit();
+        return user;
+    } 
+
+    @Override
+    public boolean removeVpnUser(long vpnOwnerId, String username) {
+        long callerId = UserContext.current().getCallerUserId();
+        Account caller = UserContext.current().getCaller();
+        
+        VpnUserVO user = _vpnUsersDao.findByAccountAndUsername(vpnOwnerId, username);
+        if (user == null) {
+            throw new InvalidParameterValueException("Could not find vpn user " + username);
+        }
+        _accountMgr.checkAccess(caller, user);
+
+        user.setState(State.Revoke);
+        _vpnUsersDao.update(user.getId(), user);
+        EventUtils.saveEvent(callerId, vpnOwnerId, EventTypes.EVENT_VPN_USER_REMOVE, "Removed a VPN user username= " + username);
+        return true;
+    }
+
+    @Override
+    public List<? extends VpnUser> listVpnUsers(long vpnOwnerId, String userName) {
+        Account caller = UserContext.current().getCaller();
+        Account owner = _accountDao.findById(vpnOwnerId);
+        _accountMgr.checkAccess(caller, owner);
+        return _vpnUsersDao.listByAccount(vpnOwnerId);
+    }
+    
+    @Override
+    @DB
+    public RemoteAccessVpnVO startRemoteAccessVpn(Ip vpnServerAddress) throws ConcurrentOperationException, ResourceUnavailableException {
+//        long userId = UserContext.current().getCallerUserId();
+//        Account caller = UserContext.current().getCaller();
+//        
+//        RemoteAccessVpnVO vpn = _remoteAccessVpnDao.findById(vpnId);
+//        if (vpn == null) {
+//            throw new InvalidParameterValueException("Unable to find your vpn: " + vpnId);
+//        }
+//        
+//        _accountMgr.checkAccess(caller, vpn);
+//        
+//        
+//        Account account = getAccountForApiCommand(cmd.getAccountName(), cmd.getDomainId());
+//        EventUtils.saveStartedEvent(userId, account.getId(), EventTypes.EVENT_REMOTE_ACCESS_VPN_CREATE, "Creating a Remote Access VPN for account: " + account.getAccountName() + " in zone " + cmd.getZoneId(), cmd.getStartEventId());
+//        String publicIp = vpn.getServerAddress();
+//        Long  vpnId = vpn.getId();
+//        Transaction txn = Transaction.currentTxn();
+//        txn.start();
+//        boolean locked = false;
+//        boolean created = false;
+//        try {
+//            IPAddressVO ipAddr = _ipAddressDao.acquireInLockTable(publicIp);
+//            if (ipAddr == null) {
+//                throw new ConcurrentOperationException("Another operation active, unable to create vpn");
+//            }
+//            locked = true;
+//
+//            vpn = _routerMgr.startRemoteAccessVpn(vpn);
+//            created = (vpn != null);
+//
+//            return vpn;
+//        } finally {
+//            if (created) {
+//                EventUtils.saveEvent(userId, account.getId(), EventTypes.EVENT_REMOTE_ACCESS_VPN_CREATE, "Created a Remote Access VPN for account: " + account.getAccountName() + " in zone " + cmd.getZoneId());
+//            } else {
+//                EventUtils.saveEvent(userId, account.getId(), EventVO.LEVEL_ERROR, EventTypes.EVENT_REMOTE_ACCESS_VPN_CREATE, "Unable to create Remote Access VPN ", account.getAccountName() + " in zone " + cmd.getZoneId());
+//                _remoteAccessVpnDao.remove(vpnId);
+//            }
+//            txn.commit();
+//            if (locked) {
+//                _ipAddressDao.releaseFromLockTable(publicIp);
+//            }
+//        }
+        return null;
+    }
+
+    @DB
+    public boolean destroyRemoteAccessVpn(DeleteRemoteAccessVpnCmd cmd) throws ConcurrentOperationException {
+//        Long userId = UserContext.current().getUserId();
+//        Account account = getAccountForApiCommand(cmd.getAccountName(), cmd.getDomainId());
+//        //TODO: assumes one virtual network / domr per account per zone
+//        RemoteAccessVpnVO vpnVO = _remoteAccessVpnDao.findByAccountAndZone(account.getId(), cmd.getZoneId());
+//        if (vpnVO == null) {
+//            throw new InvalidParameterValueException("No VPN found for account " + account.getAccountName() + " in zone " + cmd.getZoneId());
+//        }
+//        EventUtils.saveStartedEvent(userId, account.getId(), EventTypes.EVENT_REMOTE_ACCESS_VPN_DESTROY, "Deleting Remote Access VPN for account: " + account.getAccountName() + " in zone " + cmd.getZoneId(), cmd.getStartEventId());
+//        String publicIp = vpnVO.getVpnServerAddress();
+//        Long  vpnId = vpnVO.getId();
+//        Transaction txn = Transaction.currentTxn();
+//        txn.start();
+//        boolean locked = false;
+//        boolean deleted = false;
+//        try {
+//            IPAddressVO ipAddr = _ipAddressDao.acquireInLockTable(publicIp);
+//            if (ipAddr == null) {
+//                throw new ConcurrentOperationException("Another operation active, unable to create vpn");
+//            }
+//            locked = true;
+//
+//            deleted = _routerMgr.deleteRemoteAccessVpn(vpnVO);
+//            return deleted;
+//        } finally {
+//            if (deleted) {
+//                _remoteAccessVpnDao.remove(vpnId);
+//                _rulesDao.deleteIPForwardingByPublicIpAndPort(publicIp, NetUtils.VPN_PORT);
+//                _rulesDao.deleteIPForwardingByPublicIpAndPort(publicIp, NetUtils.VPN_NATT_PORT);
+//                _rulesDao.deleteIPForwardingByPublicIpAndPort(publicIp, NetUtils.VPN_L2TP_PORT);
+//                EventUtils.saveEvent(userId, account.getId(), EventTypes.EVENT_REMOTE_ACCESS_VPN_DESTROY, "Deleted Remote Access VPN for account: " + account.getAccountName() + " in zone " + cmd.getZoneId());
+//            } else {
+//                EventUtils.saveEvent(userId, account.getId(), EventVO.LEVEL_ERROR, EventTypes.EVENT_REMOTE_ACCESS_VPN_DESTROY, "Unable to delete Remote Access VPN ", account.getAccountName() + " in zone " + cmd.getZoneId());
+//            }
+//            txn.commit();
+//            if (locked) {
+//                _ipAddressDao.releaseFromLockTable(publicIp);
+//            }
+//        }
+        return false; // FIXME
+    }
+
+    @DB @Override
+    public boolean applyVpnUsers(long vpnOwnerId) {
+        Account caller = UserContext.current().getCaller();
+        Account owner = _accountDao.findById(vpnOwnerId);
+        _accountMgr.checkAccess(caller, owner);
+
+        s_logger.debug("Applying vpn users for " + owner);
+        List<RemoteAccessVpnVO> vpns = _remoteAccessVpnDao.findByAccount(vpnOwnerId);
+        
+        List<VpnUserVO> users = _vpnUsersDao.listByAccount(vpnOwnerId);
+
+        List<RemoteAccessVpnElement> elements = null;
+        
+        boolean success = true;
+        
+        boolean[] finals = new boolean[users.size()];
+        for (RemoteAccessVpnElement element : elements) {
+            s_logger.debug("Applying vpn access to " + element.getName());
+            for (RemoteAccessVpnVO vpn : vpns) {
+                String[] results = element.applyVpnUsers(vpn, users);
+                
+                for (int i = 0; i < results.length; i++) {
+                    s_logger.debug("VPN User " + users.get(i) + (results[i] == null ? " is set on " : (" couldn't be set due to " + results[i]) + " on ")  + vpn);
+                    if (results[i] == null) {
+                        if (!finals[i]) {
+                            finals[i] = true;
+                        }
+                    } else {
+                        finals[i] = false;
+                        success = false;
+                    }
+                }
+            }
+        }
+        
+        for (int i = 0; i < finals.length; i++) {
+            if (finals[i]) {
+                VpnUserVO user = users.get(i);
+                if (user.getState() == State.Add) {
+                    user.setState(State.Active);
+                    _vpnUsersDao.update(user.getId(), user);
+                } else if (user.getState() == State.Revoke) {
+                    _vpnUsersDao.remove(user.getId());
+                }
+            }
+        }
+        
+        return success;
+    }
+    
+    @Override
+    public List<VpnUserVO> searchForVpnUsers(ListVpnUsersCmd cmd) {
+        Account account = UserContext.current().getCaller();
+        String accountName = cmd.getAccountName();
+        Long domainId = cmd.getDomainId();
+        Long accountId = null;
+        String username = cmd.getUsername();
+
+        Filter searchFilter = new Filter(VpnUserVO.class, "username", true, cmd.getStartIndex(), cmd.getPageSizeVal());
+
+        Object id = cmd.getId();
+        
+
+        SearchBuilder<VpnUserVO> sb = _vpnUsersDao.createSearchBuilder();
+        sb.and("id", sb.entity().getId(), SearchCriteria.Op.EQ);
+        sb.and("username", sb.entity().getUsername(), SearchCriteria.Op.EQ);
+        sb.and("accountId", sb.entity().getAccountId(), SearchCriteria.Op.EQ);
+
+        if ((accountId == null) && (domainId != null)) {
+            // if accountId isn't specified, we can do a domain match for the admin case
+            SearchBuilder<DomainVO> domainSearch = _domainDao.createSearchBuilder();
+            domainSearch.and("path", domainSearch.entity().getPath(), SearchCriteria.Op.LIKE);
+            sb.join("domainSearch", domainSearch, sb.entity().getDomainId(), domainSearch.entity().getId(), JoinBuilder.JoinType.INNER);
+        }
+
+        SearchCriteria<VpnUserVO> sc = sb.create();
+       
+        if (id != null) {
+            sc.setParameters("id", id);
+        }
+
+        if (username != null) {
+            sc.setParameters("username", username);
+        }
+        
+
+        if (accountId != null) {
+            sc.setParameters("accountId", accountId);
+        } else if (domainId != null) {
+            DomainVO domain = _domainDao.findById(domainId);
+            sc.setJoinParameters("domainSearch", "path", domain.getPath() + "%");
+        }
+
+        return _vpnUsersDao.search(sc, searchFilter);
+    }
+    
+
+    @Override
+    public List<RemoteAccessVpnVO> searchForRemoteAccessVpns(ListRemoteAccessVpnsCmd cmd) {
+        // do some parameter validation
+        Account caller = UserContext.current().getCaller();
+        String accountName = cmd.getAccountName();
+        Long domainId = cmd.getDomainId();
+        
+        Ip ipAddress = cmd.getPublicIp();
+        if (ipAddress != null) {
+            PublicIpAddress publicIp = _networkMgr.getPublicIpAddress(ipAddress);
+            if (publicIp == null) {
+                throw new InvalidParameterValueException("Unable to list remote access vpns, IP address " + ipAddress + " not found.");
+            } else {
+                Long ipAddrAcctId = publicIp.getAllocatedToAccountId();
+                if (ipAddrAcctId == null) {
+                    throw new InvalidParameterValueException("Unable to list remote access vpns, IP address " + ipAddress + " is not associated with an account.");
+                }
+            }
+            _accountMgr.checkAccess(caller, publicIp);
+            
+            List<RemoteAccessVpnVO> vpns = new ArrayList<RemoteAccessVpnVO>(1);
+            vpns.add(_remoteAccessVpnDao.findById(ipAddress));
+            return vpns;
+        }
+
+        Account owner = null;
+        if (accountName != null) {
+            owner = _accountDao.findAccount(accountName, domainId);
+        }
+        _accountMgr.checkAccess(caller, owner);
+
+        Filter searchFilter = new Filter(RemoteAccessVpnVO.class, "serverAddress", true, cmd.getStartIndex(), cmd.getPageSizeVal());
+
+        
+        SearchCriteria<RemoteAccessVpnVO> sc = VpnSearch.create();
+       
+        sc.setParameters("accountId", owner.getId());
+        DomainVO domain = _domainDao.findById(domainId);
+        sc.setJoinParameters("domainSearch", "path", domain.getPath() + "%");
+
+        return _remoteAccessVpnDao.search(sc, searchFilter);
+    }
+
+
+    @Override
+    public boolean configure(String name, Map<String, Object> params) throws ConfigurationException {
+        _name = name;
+        
+        ComponentLocator locator = ComponentLocator.getCurrentLocator();
+        ConfigurationDao configDao = locator.getDao(ConfigurationDao.class);
+        Map<String, String> configs = configDao.getConfiguration(params);
+        
+        _userLimit = NumbersUtil.parseInt(configs.get(Config.RemoteAccessVpnUserLimit.key()), 8);
+        
+        _clientIpRange = configs.get(Config.RemoteAccessVpnClientIpRange.key());
+        
+        _pskLength = NumbersUtil.parseInt(configs.get(Config.RemoteAccessVpnPskLength.key()), 24);
+        
+        validateRemoteAccessVpnConfiguration();
+
+        VpnSearch = _remoteAccessVpnDao.createSearchBuilder();
+        VpnSearch.and("accountId", VpnSearch.entity().getAccountId(), SearchCriteria.Op.EQ);
+        SearchBuilder<DomainVO> domainSearch = _domainDao.createSearchBuilder();
+        domainSearch.and("path", domainSearch.entity().getPath(), SearchCriteria.Op.LIKE);
+        VpnSearch.join("domainSearch", domainSearch, VpnSearch.entity().getDomainId(), domainSearch.entity().getId(), JoinBuilder.JoinType.INNER);
+        VpnSearch.done();
+
+        return true;
+    }
+
+    @Override
+    public boolean start() {
+        return true;
+    }
+
+    @Override
+    public boolean stop() {
+        return true;
+    }
+
+    @Override
+    public String getName() {
+        return _name;
+    }
+
+}
diff --git a/server/src/com/cloud/server/ManagementServer.java b/server/src/com/cloud/server/ManagementServer.java
index d068c8884cc..b2ca3eb75f7 100755
--- a/server/src/com/cloud/server/ManagementServer.java
+++ b/server/src/com/cloud/server/ManagementServer.java
@@ -320,13 +320,6 @@ public interface ManagementServer extends ManagementService {
      */
     List<UserVmVO> searchForUserVMs(Criteria c);
 
-    /**
-     * Find an IP Address VO object by ip address string
-     * @param ipAddress
-     * @return IP Address VO object corresponding to the given address string, null if not found
-     */
-    IPAddressVO findIPAddressById(String ipAddress);
-
     List<EventVO> listPendingEvents(int entryTime, int duration);
     
     /**
@@ -454,13 +447,6 @@ public interface ManagementServer extends ManagementService {
      */
     Account findAccountById(Long accountId);
     
-    /**
-     * Find the owning account of an IP Address
-     * @param ipAddress
-     * @return owning account if ip address is allocated, null otherwise
-     */
-    Account findAccountByIpAddress(String ipAddress);
-
     /**
      * Deletes a Limit
      * @param limitId - the database ID of the Limit
diff --git a/server/src/com/cloud/server/ManagementServerImpl.java b/server/src/com/cloud/server/ManagementServerImpl.java
index ca72c07898e..2c8b54ccdf2 100755
--- a/server/src/com/cloud/server/ManagementServerImpl.java
+++ b/server/src/com/cloud/server/ManagementServerImpl.java
@@ -98,7 +98,6 @@ import com.cloud.api.commands.ListIsosCmd;
 import com.cloud.api.commands.ListPodsByCmd;
 import com.cloud.api.commands.ListPreallocatedLunsCmd;
 import com.cloud.api.commands.ListPublicIpAddressesCmd;
-import com.cloud.api.commands.ListRemoteAccessVpnsCmd;
 import com.cloud.api.commands.ListRoutersCmd;
 import com.cloud.api.commands.ListServiceOfferingsCmd;
 import com.cloud.api.commands.ListStoragePoolsCmd;
@@ -110,7 +109,6 @@ import com.cloud.api.commands.ListVMGroupsCmd;
 import com.cloud.api.commands.ListVMsCmd;
 import com.cloud.api.commands.ListVlanIpRangesCmd;
 import com.cloud.api.commands.ListVolumesCmd;
-import com.cloud.api.commands.ListVpnUsersCmd;
 import com.cloud.api.commands.ListZonesByCmd;
 import com.cloud.api.commands.RebootSystemVmCmd;
 import com.cloud.api.commands.RegisterCmd;
@@ -181,12 +179,8 @@ import com.cloud.hypervisor.Hypervisor.HypervisorType;
 import com.cloud.info.ConsoleProxyInfo;
 import com.cloud.network.IPAddressVO;
 import com.cloud.network.NetworkVO;
-import com.cloud.network.RemoteAccessVpnVO;
-import com.cloud.network.VpnUserVO;
 import com.cloud.network.dao.IPAddressDao;
 import com.cloud.network.dao.NetworkDao;
-import com.cloud.network.dao.RemoteAccessVpnDao;
-import com.cloud.network.dao.VpnUserDao;
 import com.cloud.network.router.VirtualNetworkApplianceManager;
 import com.cloud.network.security.SecurityGroupVO;
 import com.cloud.network.security.dao.SecurityGroupDao;
@@ -336,9 +330,6 @@ public class ManagementServerImpl implements ManagementServer {
     private final UploadMonitor _uploadMonitor;
     private final UploadDao _uploadDao;
     private final CertificateDao _certDao;
-    private final RemoteAccessVpnDao _remoteAccessVpnDao;
-    private final VpnUserDao _vpnUsersDao;
-    
 
     private final ScheduledExecutorService _executor = Executors.newScheduledThreadPool(1, new NamedThreadFactory("AccountChecker"));
     private final ScheduledExecutorService _eventExecutor = Executors.newScheduledThreadPool(1, new NamedThreadFactory("EventChecker"));
@@ -409,8 +400,6 @@ public class ManagementServerImpl implements ManagementServer {
         _groupVMMapDao = locator.getDao(InstanceGroupVMMapDao.class);
         _uploadDao = locator.getDao(UploadDao.class);
         _certDao = locator.getDao(CertificateDao.class);
-        _remoteAccessVpnDao = locator.getDao(RemoteAccessVpnDao.class);
-        _vpnUsersDao = locator.getDao(VpnUserDao.class);
         _configs = _configDao.getConfiguration();
         _vmInstanceDao = locator.getDao(VMInstanceDao.class);
         _volumeDao = locator.getDao(VolumeDao.class);
@@ -783,7 +772,7 @@ public class ManagementServerImpl implements ManagementServer {
 
     @Override
     public List<DataCenterVO> listDataCenters(ListZonesByCmd cmd) {   	
-        Account account = UserContext.current().getAccount();    	
+        Account account = UserContext.current().getCaller();    	
         List<DataCenterVO> dcs = null;
     	Long domainId = cmd.getDomainId();
     	Long id = cmd.getId();
@@ -956,7 +945,7 @@ public class ManagementServerImpl implements ManagementServer {
 
     @Override
     public List<UserAccountVO> searchForUsers(ListUsersCmd cmd) throws PermissionDeniedException {
-        Account account = UserContext.current().getAccount();
+        Account account = UserContext.current().getCaller();
         Long domainId = cmd.getDomainId();
         if (domainId != null) {
             if ((account != null) && !_domainDao.isChildDomain(account.getDomainId(), domainId)) {
@@ -1086,7 +1075,7 @@ public class ManagementServerImpl implements ManagementServer {
     	Filter searchFilter = new Filter(ServiceOfferingVO.class, "created", false, cmd.getStartIndex(), cmd.getPageSizeVal());
         SearchCriteria<ServiceOfferingVO> sc = _offeringsDao.createSearchCriteria();
 
-        Account account = UserContext.current().getAccount();
+        Account account = UserContext.current().getCaller();
         Object name = cmd.getServiceOfferingName();
         Object id = cmd.getId();
         Object keyword = cmd.getKeyword();
@@ -1582,7 +1571,7 @@ public class ManagementServerImpl implements ManagementServer {
     public Set<Pair<Long, Long>> listIsos(ListIsosCmd cmd) throws IllegalArgumentException, InvalidParameterValueException {
         TemplateFilter isoFilter = TemplateFilter.valueOf(cmd.getIsoFilter());
         Long accountId = null;
-        Account account = UserContext.current().getAccount();
+        Account account = UserContext.current().getCaller();
         Long domainId = cmd.getDomainId();
         String accountName = cmd.getAccountName();
         if ((account == null) || (account.getType() == Account.ACCOUNT_TYPE_ADMIN)) {
@@ -1618,7 +1607,7 @@ public class ManagementServerImpl implements ManagementServer {
     public Set<Pair<Long, Long>> listTemplates(ListTemplatesCmd cmd) throws IllegalArgumentException, InvalidParameterValueException {
         TemplateFilter templateFilter = TemplateFilter.valueOf(cmd.getTemplateFilter());
         Long accountId = null;
-        Account account = UserContext.current().getAccount();
+        Account account = UserContext.current().getCaller();
         Long domainId = cmd.getDomainId();
         String accountName = cmd.getAccountName();
         if ((account == null) || (account.getType() == Account.ACCOUNT_TYPE_ADMIN)) {
@@ -1748,7 +1737,7 @@ public class ManagementServerImpl implements ManagementServer {
 
     @Override
     public List<AccountVO> searchForAccounts(ListAccountsCmd cmd) {
-        Account account = UserContext.current().getAccount();
+        Account account = UserContext.current().getCaller();
         Long domainId = cmd.getDomainId();
         Long accountId = cmd.getId();
         String accountName = null;
@@ -1836,15 +1825,6 @@ public class ManagementServerImpl implements ManagementServer {
         return _accountDao.search(sc, searchFilter);
     }
 
-    @Override
-    public Account findAccountByIpAddress(String ipAddress) {
-        IPAddressVO address = _publicIpAddressDao.findById(ipAddress);
-        if ((address != null) && (address.getAllocatedToAccountId() != null)) {
-            return _accountDao.findById(address.getAllocatedToAccountId());
-        }
-        return null;
-    }
-
     @Override
     public boolean deleteLimit(Long limitId) {
         // A limit ID must be passed in
@@ -1946,7 +1926,7 @@ public class ManagementServerImpl implements ManagementServer {
     	Long guestOSId = cmd.getOsTypeId();
     	Boolean passwordEnabled = cmd.isPasswordEnabled();
     	Boolean bootable = cmd.isBootable();
-    	Account account= UserContext.current().getAccount();
+    	Account account= UserContext.current().getCaller();
     	
     	//verify that template exists
     	VMTemplateVO template = findTemplateById(id);
@@ -2044,7 +2024,7 @@ public class ManagementServerImpl implements ManagementServer {
     
     @Override
     public List<UserVmVO> searchForUserVMs(ListVMsCmd cmd) throws InvalidParameterValueException, PermissionDeniedException {
-        Account account = UserContext.current().getAccount();
+        Account account = UserContext.current().getCaller();
         Long domainId = cmd.getDomainId();
         String accountName = cmd.getAccountName();
         Long accountId = null;
@@ -2285,14 +2265,9 @@ public class ManagementServerImpl implements ManagementServer {
         return _userVmDao.search(sc, searchFilter);
     }
 
-    @Override
-    public IPAddressVO findIPAddressById(String ipAddress) {
-        return _publicIpAddressDao.findById(ipAddress);
-    }
-
     @Override
     public List<EventVO> searchForEvents(ListEventsCmd cmd) throws PermissionDeniedException, InvalidParameterValueException {
-        Account account = UserContext.current().getAccount();
+        Account account = UserContext.current().getCaller();
         Long accountId = null;
         boolean isAdmin = false;
         String accountName = cmd.getAccountName();
@@ -2417,7 +2392,7 @@ public class ManagementServerImpl implements ManagementServer {
         Long domainId = cmd.getDomainId();
         String accountName = cmd.getAccountName();
         Long accountId = null;
-        Account account = UserContext.current().getAccount();
+        Account account = UserContext.current().getCaller();
 
         // validate domainId before proceeding
         if (domainId != null) {
@@ -2543,7 +2518,7 @@ public class ManagementServerImpl implements ManagementServer {
 
     @Override
     public List<VolumeVO> searchForVolumes(ListVolumesCmd cmd) throws InvalidParameterValueException, PermissionDeniedException {
-        Account account = UserContext.current().getAccount();
+        Account account = UserContext.current().getCaller();
         Long domainId = cmd.getDomainId();
         String accountName = cmd.getAccountName();
         Long accountId = null;
@@ -2706,7 +2681,7 @@ public class ManagementServerImpl implements ManagementServer {
 
     @Override
     public List<IPAddressVO> searchForIPAddresses(ListPublicIpAddressesCmd cmd) throws InvalidParameterValueException, PermissionDeniedException {
-        Account account = UserContext.current().getAccount();
+        Account account = UserContext.current().getCaller();
         Long domainId = cmd.getDomainId();
         String accountName = cmd.getAccountName();
         Long accountId = null;
@@ -3031,7 +3006,7 @@ public class ManagementServerImpl implements ManagementServer {
     @Override
     public List<DomainVO> searchForDomains(ListDomainsCmd cmd) throws PermissionDeniedException {
         Long domainId = cmd.getId();
-        Account account = UserContext.current().getAccount();
+        Account account = UserContext.current().getCaller();
         String path = null;
         
         if (account != null && account.getType() == Account.ACCOUNT_TYPE_DOMAIN_ADMIN) {
@@ -3092,7 +3067,7 @@ public class ManagementServerImpl implements ManagementServer {
             isRecursive = false;
         }
 
-        Account account = UserContext.current().getAccount();
+        Account account = UserContext.current().getCaller();
         if (account != null) {
             if (domainId != null) {
                 if (!_domainDao.isChildDomain(account.getDomainId(), domainId)) {
@@ -3146,8 +3121,8 @@ public class ManagementServerImpl implements ManagementServer {
     public DomainVO createDomain(CreateDomainCmd cmd) throws InvalidParameterValueException, PermissionDeniedException {
         String name = cmd.getDomainName();
         Long parentId = cmd.getParentDomainId();
-        Long ownerId = UserContext.current().getAccount().getId();
-        Account account = UserContext.current().getAccount();
+        Long ownerId = UserContext.current().getCaller().getId();
+        Account account = UserContext.current().getCaller();
 
         if (ownerId == null) {
             ownerId = Long.valueOf(1);
@@ -3192,7 +3167,7 @@ public class ManagementServerImpl implements ManagementServer {
 
     @Override
     public boolean deleteDomain(DeleteDomainCmd cmd) throws InvalidParameterValueException, PermissionDeniedException {
-        Account account = UserContext.current().getAccount();
+        Account account = UserContext.current().getCaller();
         Long domainId = cmd.getId();
         Boolean cleanup = cmd.getCleanup();
 
@@ -3284,7 +3259,7 @@ public class ManagementServerImpl implements ManagementServer {
     	}
 
     	// check permissions
-    	Account account = UserContext.current().getAccount();
+    	Account account = UserContext.current().getCaller();
     	if ((account != null) && !isChildDomain(account.getDomainId(), domain.getId())) {
             throw new PermissionDeniedException("Unable to update domain " + domainId + ", permission denied");
     	}
@@ -3466,9 +3441,9 @@ public class ManagementServerImpl implements ManagementServer {
         
         //Input validation
         Long id = cmd.getId();
-        Account account = UserContext.current().getAccount();
+        Account account = UserContext.current().getCaller();
         List<String> accountNames = cmd.getAccountNames();
-        Long userId = UserContext.current().getUserId();
+        Long userId = UserContext.current().getCallerUserId();
         Boolean isFeatured = cmd.isFeatured();
         Boolean isPublic = cmd.isPublic();
         String operation = cmd.getOperation();
@@ -3608,7 +3583,7 @@ public class ManagementServerImpl implements ManagementServer {
 
     @Override
     public List<String> listTemplatePermissions(ListTemplateOrIsoPermissionsCmd cmd) throws InvalidParameterValueException, PermissionDeniedException {
-        Account account = UserContext.current().getAccount();
+        Account account = UserContext.current().getCaller();
         Long domainId = cmd.getDomainId();
         String acctName = cmd.getAccountName();
         Long id = cmd.getId();
@@ -3742,7 +3717,7 @@ public class ManagementServerImpl implements ManagementServer {
 
         // SearchBuilder and SearchCriteria are now flexible so that the search builder can be built with all possible
         // search terms and only those with criteria can be set.  The proper SQL should be generated as a result.
-        Account account = UserContext.current().getAccount();
+        Account account = UserContext.current().getCaller();
         Object name = cmd.getDiskOfferingName();
         Object id = cmd.getId();
         Object keyword = cmd.getKeyword();
@@ -3832,13 +3807,13 @@ public class ManagementServerImpl implements ManagementServer {
         }
 
         // treat any requests from API server as trusted requests
-        if (!UserContext.current().isApiServer() && job.getAccountId() != UserContext.current().getAccount().getId()) {
+        if (!UserContext.current().isApiServer() && job.getAccountId() != UserContext.current().getCaller().getId()) {
             if (s_logger.isDebugEnabled()) {
                 s_logger.debug("Mismatched account id in job and user context, perform further securty check. job id: "
-                	+ jobId + ", job owner account: " + job.getAccountId() + ", accound id in current context: " + UserContext.current().getAccount().getId());
+                	+ jobId + ", job owner account: " + job.getAccountId() + ", accound id in current context: " + UserContext.current().getCaller().getId());
             }
         	
-        	Account account = UserContext.current().getAccount();
+        	Account account = UserContext.current().getCaller();
         	if (account != null) {
         	    if (isAdmin(account.getType())) {
         	        Account jobAccount = _accountDao.findById(job.getAccountId());
@@ -4040,7 +4015,7 @@ public class ManagementServerImpl implements ManagementServer {
 
         Object accountId = null;
         Long domainId = cmd.getDomainId();
-        Account account = UserContext.current().getAccount();
+        Account account = UserContext.current().getCaller();
         if ((account == null) || isAdmin(account.getType())) {
             String accountName = cmd.getAccountName();
 
@@ -4504,7 +4479,7 @@ public class ManagementServerImpl implements ManagementServer {
         Long zoneId = cmd.getZoneId();
         AsyncJobVO job = null; // FIXME: cmd.getJob();
         String mode = cmd.getMode();
-        Account account = UserContext.current().getAccount();
+        Account account = UserContext.current().getCaller();
         
         VolumeVO volume = _volumeDao.findById(volumeId);        
         if (volume == null) {
@@ -4574,7 +4549,7 @@ public class ManagementServerImpl implements ManagementServer {
             }
         }
         
-        long userId = UserContext.current().getUserId();
+        long userId = UserContext.current().getCallerUserId();
         long accountId = volume.getAccountId();        
 
         String secondaryStorageURL = _storageMgr.getSecondaryStorageURL(zoneId); 
@@ -4648,7 +4623,7 @@ public class ManagementServerImpl implements ManagementServer {
 
     @Override
     public InstanceGroupVO updateVmGroup(UpdateVMGroupCmd cmd) {
-        Account account = UserContext.current().getAccount();
+        Account account = UserContext.current().getCaller();
         Long groupId = cmd.getId();
         String groupName = cmd.getGroupName();
 
@@ -4683,7 +4658,7 @@ public class ManagementServerImpl implements ManagementServer {
 
     @Override
     public List<InstanceGroupVO> searchForVmGroups(ListVMGroupsCmd cmd) {
-        Account account = UserContext.current().getAccount();
+        Account account = UserContext.current().getCaller();
         Long domainId = cmd.getDomainId();
         String accountName = cmd.getAccountName();
         Long accountId = null;
@@ -4786,11 +4761,13 @@ public class ManagementServerImpl implements ManagementServer {
         return event.getId();
     }
     
+    @Override
     public Long saveStartedEvent(Long userId, Long accountId, String type, String description, long startEventId) 
     {
         return EventUtils.saveStartedEvent(userId, accountId, type, description, startEventId);
     }
     
+    @Override
     public Long saveCompletedEvent(Long userId, Long accountId, String level, String type, String description, long startEventId) 
     {
         return EventUtils.saveEvent(userId, accountId, level, type, description, startEventId);
@@ -4949,166 +4926,6 @@ public class ManagementServerImpl implements ManagementServer {
     	return hypers.split(",");
     }
 
-    @Override
-	public List<RemoteAccessVpnVO> searchForRemoteAccessVpns(ListRemoteAccessVpnsCmd cmd) throws InvalidParameterValueException,
-			PermissionDeniedException {
-		// do some parameter validation
-        Account account = UserContext.current().getAccount();
-        String accountName = cmd.getAccountName();
-        Long domainId = cmd.getDomainId();
-        Long accountId = null;
-        Account ipAddressOwner = null;
-        String ipAddress = cmd.getPublicIp();
-
-        if (ipAddress != null) {
-            IPAddressVO ipAddressVO = _publicIpAddressDao.findById(ipAddress);
-            if (ipAddressVO == null) {
-                throw new InvalidParameterValueException("Unable to list remote access vpns, IP address " + ipAddress + " not found.");
-            } else {
-                Long ipAddrAcctId = ipAddressVO.getAllocatedToAccountId();
-                if (ipAddrAcctId == null) {
-                    throw new InvalidParameterValueException("Unable to list remote access vpns, IP address " + ipAddress + " is not associated with an account.");
-                }
-                ipAddressOwner = _accountDao.findById(ipAddrAcctId);
-            }
-        }
-
-        if ((account == null) || isAdmin(account.getType())) {
-            // validate domainId before proceeding
-            if (domainId != null) {
-                if ((account != null) && !_domainDao.isChildDomain(account.getDomainId(), domainId)) {
-                    throw new PermissionDeniedException("Unable to list remote access vpns for domain id " + domainId + ", permission denied.");
-                }
-                if (accountName != null) {
-                    Account userAccount = _accountDao.findActiveAccount(accountName, domainId);
-                    if (userAccount != null) {
-                        accountId = userAccount.getId();
-                    } else {
-                        throw new InvalidParameterValueException("Unable to find account " + accountName + " in domain " + domainId);
-                    }
-                }
-            } else if (ipAddressOwner != null) {
-                if ((account != null) && !_domainDao.isChildDomain(account.getDomainId(), ipAddressOwner.getDomainId())) {
-                    throw new PermissionDeniedException("Unable to list remote access vpn  for IP address " + ipAddress + ", permission denied.");
-                }
-            } else {
-                domainId = ((account == null) ? DomainVO.ROOT_DOMAIN : account.getDomainId());
-            }
-        } else {
-            accountId = account.getId();
-        }
-
-        Filter searchFilter = new Filter(RemoteAccessVpnVO.class, "vpnServerAddress", true, cmd.getStartIndex(), cmd.getPageSizeVal());
-
-        Object id = cmd.getId();
-        Object zoneId = cmd.getZoneId();
-        
-
-        SearchBuilder<RemoteAccessVpnVO> sb = _remoteAccessVpnDao.createSearchBuilder();
-        sb.and("id", sb.entity().getId(), SearchCriteria.Op.EQ);
-        sb.and("zoneId", sb.entity().getZoneId(), SearchCriteria.Op.EQ);
-        sb.and("accountId", sb.entity().getAccountId(), SearchCriteria.Op.EQ);
-        sb.and("ipAddress", sb.entity().getVpnServerAddress(), SearchCriteria.Op.EQ);
-
-        if ((accountId == null) && (domainId != null)) {
-            // if accountId isn't specified, we can do a domain match for the admin case
-            SearchBuilder<DomainVO> domainSearch = _domainDao.createSearchBuilder();
-            domainSearch.and("path", domainSearch.entity().getPath(), SearchCriteria.Op.LIKE);
-            sb.join("domainSearch", domainSearch, sb.entity().getDomainId(), domainSearch.entity().getId(), JoinBuilder.JoinType.INNER);
-        }
-
-        SearchCriteria<RemoteAccessVpnVO> sc = sb.create();
-       
-        if (id != null) {
-            sc.setParameters("id", id);
-        }
-
-        if (ipAddress != null) {
-            sc.setParameters("ipAddress", ipAddress);
-        }
-        
-        if (zoneId != null) {
-        	sc.setParameters("zoneId", zoneId);
-        }
-
-        if (accountId != null) {
-            sc.setParameters("accountId", accountId);
-        } else if (domainId != null) {
-            DomainVO domain = _domainDao.findById(domainId);
-            sc.setJoinParameters("domainSearch", "path", domain.getPath() + "%");
-        }
-
-        return _remoteAccessVpnDao.search(sc, searchFilter);
-	}
-
-	@Override
-	public List<VpnUserVO> searchForVpnUsers(ListVpnUsersCmd cmd) {
-		Account account = UserContext.current().getAccount();
-        String accountName = cmd.getAccountName();
-        Long domainId = cmd.getDomainId();
-        Long accountId = null;
-        String username = cmd.getUsername();
-
-
-        if ((account == null) || isAdmin(account.getType())) {
-            // validate domainId before proceeding
-            if (domainId != null) {
-                if ((account != null) && !_domainDao.isChildDomain(account.getDomainId(), domainId)) {
-                    throw new PermissionDeniedException("Unable to list remote access vpn users for domain id " + domainId + ", permission denied.");
-                }
-                if (accountName != null) {
-                    Account userAccount = _accountDao.findActiveAccount(accountName, domainId);
-                    if (userAccount != null) {
-                        accountId = userAccount.getId();
-                    } else {
-                        throw new InvalidParameterValueException("Unable to find account " + accountName + " in domain " + domainId);
-                    }
-                }
-            } else {
-                domainId = ((account == null) ? DomainVO.ROOT_DOMAIN : account.getDomainId());
-            }
-        } else {
-            accountId = account.getId();
-        }
-
-        Filter searchFilter = new Filter(VpnUserVO.class, "username", true, cmd.getStartIndex(), cmd.getPageSizeVal());
-
-        Object id = cmd.getId();
-        
-
-        SearchBuilder<VpnUserVO> sb = _vpnUsersDao.createSearchBuilder();
-        sb.and("id", sb.entity().getId(), SearchCriteria.Op.EQ);
-        sb.and("username", sb.entity().getUsername(), SearchCriteria.Op.EQ);
-        sb.and("accountId", sb.entity().getAccountId(), SearchCriteria.Op.EQ);
-
-        if ((accountId == null) && (domainId != null)) {
-            // if accountId isn't specified, we can do a domain match for the admin case
-            SearchBuilder<DomainVO> domainSearch = _domainDao.createSearchBuilder();
-            domainSearch.and("path", domainSearch.entity().getPath(), SearchCriteria.Op.LIKE);
-            sb.join("domainSearch", domainSearch, sb.entity().getDomainId(), domainSearch.entity().getId(), JoinBuilder.JoinType.INNER);
-        }
-
-        SearchCriteria<VpnUserVO> sc = sb.create();
-       
-        if (id != null) {
-            sc.setParameters("id", id);
-        }
-
-        if (username != null) {
-            sc.setParameters("username", username);
-        }
-        
-
-        if (accountId != null) {
-            sc.setParameters("accountId", accountId);
-        } else if (domainId != null) {
-            DomainVO domain = _domainDao.findById(domainId);
-            sc.setJoinParameters("domainSearch", "path", domain.getPath() + "%");
-        }
-
-        return _vpnUsersDao.search(sc, searchFilter);
-	}
-	
 	@Override
 	public String getHashKey() {
 		// although we may have race conditioning here, database transaction serialization should
diff --git a/server/src/com/cloud/servlet/ConsoleProxyServlet.java b/server/src/com/cloud/servlet/ConsoleProxyServlet.java
index f71f257a4c4..cd59f213091 100644
--- a/server/src/com/cloud/servlet/ConsoleProxyServlet.java
+++ b/server/src/com/cloud/servlet/ConsoleProxyServlet.java
@@ -94,12 +94,14 @@ public class ConsoleProxyServlet extends HttpServlet {
             	}
             } else {
             	// adjust to latest API refactoring changes
-            	if(session.getAttribute("userid") != null)
-            		userId = ((Long)session.getAttribute("userid")).toString();
+            	if(session.getAttribute("userid") != null) {
+                    userId = ((Long)session.getAttribute("userid")).toString();
+                }
                 
             	accountObj = (Account)session.getAttribute("accountobj");
-                if(accountObj != null)
-                	account = "" + accountObj.getId();
+                if(accountObj != null) {
+                    account = "" + accountObj.getId();
+                }
             }
 
             // Do a sanity check here to make sure the user hasn't already been deleted
@@ -131,12 +133,13 @@ public class ConsoleProxyServlet extends HttpServlet {
 				return;
 			}
 			
-			if(cmd.equalsIgnoreCase("thumbnail"))
-				handleThumbnailRequest(req, resp, vmId);
-			else if(cmd.equalsIgnoreCase("access"))
-				handleAccessRequest(req, resp, vmId);
-			else 
-				handleAuthRequest(req, resp, vmId);
+			if(cmd.equalsIgnoreCase("thumbnail")) {
+                handleThumbnailRequest(req, resp, vmId);
+            } else if(cmd.equalsIgnoreCase("access")) {
+                handleAccessRequest(req, resp, vmId);
+            } else {
+                handleAuthRequest(req, resp, vmId);
+            }
 			
 		} catch (Throwable e) {
 			s_logger.error("Unexepected exception in ConsoleProxyServlet", e);
@@ -189,8 +192,9 @@ public class ConsoleProxyServlet extends HttpServlet {
 		try {
 			resp.sendRedirect(composeThumbnailUrl(rootUrl, vm, host, w, h));
 		} catch (IOException e) {
-			if(s_logger.isInfoEnabled())
-				s_logger.info("Client may already close the connection");
+			if(s_logger.isInfoEnabled()) {
+                s_logger.info("Client may already close the connection");
+            }
 		}
 	}
 	
@@ -222,8 +226,9 @@ public class ConsoleProxyServlet extends HttpServlet {
 		}
 		
 		String vmName = vm.getName();
-		if(vmName == null)
-			vmName = vm.getInstanceName();
+		if(vmName == null) {
+            vmName = vm.getInstanceName();
+        }
 		
 		StringBuffer sb = new StringBuffer();
 		sb.append("<html><title>").append(vmName).append("</title><frameset><frame src=\"").append(composeConsoleAccessUrl(rootUrl, vm, host));
@@ -270,8 +275,9 @@ public class ConsoleProxyServlet extends HttpServlet {
 
 		String host = hostVo.getPrivateIpAddress();
 		Pair<String, Integer> portInfo = _ms.getVncPort(vm);
-		if(portInfo.first() != null)
-			host = portInfo.first();
+		if(portInfo.first() != null) {
+            host = portInfo.first();
+        }
 		String sid = vm.getVncPassword();
 		long tag = vm.getId();
 		String ticket = URLEncoder.encode(genAccessTicket(host, String.valueOf(portInfo.second()), sid, String.valueOf(tag)));
@@ -283,8 +289,9 @@ public class ConsoleProxyServlet extends HttpServlet {
 		sb.append("&tag=").append(tag);
 		sb.append("&ticket=").append(ticket);
 
-		if(s_logger.isInfoEnabled())
-			s_logger.info("Compose thumbnail url: " + sb.toString());
+		if(s_logger.isInfoEnabled()) {
+            s_logger.info("Compose thumbnail url: " + sb.toString());
+        }
 		return sb.toString();
 	}
 	
@@ -293,8 +300,9 @@ public class ConsoleProxyServlet extends HttpServlet {
 		
 		String host = hostVo.getPrivateIpAddress();
 		Pair<String, Integer> portInfo = _ms.getVncPort(vm);
-		if(portInfo.first() != null)
-			host = portInfo.first();
+		if(portInfo.first() != null) {
+            host = portInfo.first();
+        }
 		String sid = vm.getVncPassword();
 		long tag = vm.getId();
 		String ticket = URLEncoder.encode(genAccessTicket(host, String.valueOf(portInfo.second()), sid, String.valueOf(tag)));
@@ -305,8 +313,9 @@ public class ConsoleProxyServlet extends HttpServlet {
 		sb.append("&tag=").append(tag);
 		sb.append("&ticket=").append(ticket);
 		
-		if(s_logger.isInfoEnabled())
-			s_logger.info("Compose console url: " + sb.toString());
+		if(s_logger.isInfoEnabled()) {
+            s_logger.info("Compose console url: " + sb.toString());
+        }
 		return sb.toString();
 	}
 	
@@ -342,8 +351,9 @@ public class ConsoleProxyServlet extends HttpServlet {
 			resp.setContentType("text/html");
 			resp.getWriter().print(content);
 		} catch(IOException e) {
-			if(s_logger.isInfoEnabled())
-				s_logger.info("Client may already close the connection");
+			if(s_logger.isInfoEnabled()) {
+                s_logger.info("Client may already close the connection");
+            }
 		}
 	}
 	
@@ -356,9 +366,10 @@ public class ConsoleProxyServlet extends HttpServlet {
         case User :
         	userVm = _ms.findUserVMInstanceById(vmId);
         	if(userVm.getAccountId() != accountObj.getId() && accountObj.getType() != Account.ACCOUNT_TYPE_ADMIN) {
-        		if(s_logger.isDebugEnabled())
-	        		s_logger.debug("VM access is denied. VM owner account " + userVm.getAccountId() 
+        		if(s_logger.isDebugEnabled()) {
+                    s_logger.debug("VM access is denied. VM owner account " + userVm.getAccountId() 
 	        			+ " does not match the account id in session " + accountObj.getId());
+                }
         		return false;
         	}
         	break;
@@ -368,8 +379,9 @@ public class ConsoleProxyServlet extends HttpServlet {
         case SecondaryStorageVm:
         	// only root admin is allowed to access system vm and domR
         	if(accountObj.getType() != Account.ACCOUNT_TYPE_ADMIN) {
-        		if(s_logger.isDebugEnabled())
-	        		s_logger.debug("VM access is denied. Accessing restricted VM requires admin privilege");
+        		if(s_logger.isDebugEnabled()) {
+                    s_logger.debug("VM access is denied. Accessing restricted VM requires admin privilege");
+                }
         		return false;
         	}
         	break;
@@ -379,8 +391,9 @@ public class ConsoleProxyServlet extends HttpServlet {
 	}
 	
 	private boolean isValidCmd(String cmd) {
-		if(cmd.equalsIgnoreCase("thumbnail") || cmd.equalsIgnoreCase("access") || cmd.equalsIgnoreCase("auth"))
-			return true;
+		if(cmd.equalsIgnoreCase("thumbnail") || cmd.equalsIgnoreCase("access") || cmd.equalsIgnoreCase("auth")) {
+            return true;
+        }
 		
 		return false;
 	}
@@ -393,8 +406,8 @@ public class ConsoleProxyServlet extends HttpServlet {
     	    account = _ms.findAccountById(user.getAccountId());
     	}
 
-    	if ((user == null) || (user.getRemoved() != null) || !user.getState().equals(Account.ACCOUNT_STATE_ENABLED) 
-    		|| (account == null) || !account.getState().equals(Account.ACCOUNT_STATE_ENABLED)) {
+    	if ((user == null) || (user.getRemoved() != null) || !user.getState().equals(Account.State.Enabled) 
+    		|| (account == null) || !account.getState().equals(Account.State.Enabled)) {
     		s_logger.warn("Deleted/Disabled/Locked user with id=" + userId + " attempting to access public API");
     		return false;
     	}
@@ -461,7 +474,7 @@ public class ConsoleProxyServlet extends HttpServlet {
             user = userAcctPair.first();
             Account account = userAcctPair.second();
 
-            if (!user.getState().equals(Account.ACCOUNT_STATE_ENABLED) || !account.getState().equals(Account.ACCOUNT_STATE_ENABLED)) {
+            if (!user.getState().equals(Account.State.Enabled) || !account.getState().equals(Account.State.Enabled)) {
                 s_logger.info("disabled or locked user accessing the api, userid = " + user.getId() + "; name = " + user.getUsername() + "; state: " + user.getState() + "; accountState: " + account.getState());
                 return false;
             }     
diff --git a/server/src/com/cloud/storage/StorageManagerImpl.java b/server/src/com/cloud/storage/StorageManagerImpl.java
index 82972dfdf48..f7642152f44 100755
--- a/server/src/com/cloud/storage/StorageManagerImpl.java
+++ b/server/src/com/cloud/storage/StorageManagerImpl.java
@@ -581,7 +581,7 @@ public class StorageManagerImpl implements StorageManager, StorageService, Manag
 
                 // Get the newly created VDI from the snapshot.
                 // This will return a null volumePath if it could not be created
-                Pair<String, String> volumeDetails = createVDIFromSnapshot(UserContext.current().getUserId(), snapshot, pool);
+                Pair<String, String> volumeDetails = createVDIFromSnapshot(UserContext.current().getCallerUserId(), snapshot, pool);
 
                 volumeUUID = volumeDetails.first();
                 details = volumeDetails.second();
@@ -1620,7 +1620,7 @@ public class StorageManagerImpl implements StorageManager, StorageService, Manag
     @Override
     public VolumeVO allocVolume(CreateVolumeCmd cmd) throws InvalidParameterValueException, PermissionDeniedException, ResourceAllocationException {
         // FIXME:  some of the scheduled event stuff might be missing here...
-        Account account = UserContext.current().getAccount();
+        Account account = UserContext.current().getCaller();
         String accountName = cmd.getAccountName();
         Long domainId = cmd.getDomainId();
         Account targetAccount = null;
@@ -2146,7 +2146,7 @@ public class StorageManagerImpl implements StorageManager, StorageService, Manag
     @Override @DB
     public synchronized StoragePoolVO preparePrimaryStorageForMaintenance(PreparePrimaryStorageForMaintenanceCmd cmd) throws ServerApiException{
     	Long primaryStorageId = cmd.getId();
-    	Long userId = UserContext.current().getUserId();
+    	Long userId = UserContext.current().getCallerUserId();
         boolean restart = true;
         StoragePoolVO primaryStorage = null;
         try 
@@ -2327,7 +2327,7 @@ public class StorageManagerImpl implements StorageManager, StorageService, Manag
 	@DB
 	public synchronized StoragePoolVO cancelPrimaryStorageForMaintenance(CancelPrimaryStorageMaintenanceCmd cmd) throws ServerApiException{
 		Long primaryStorageId = cmd.getId();
-		Long userId = UserContext.current().getUserId();
+		Long userId = UserContext.current().getCallerUserId();
 		StoragePoolVO primaryStorage = null;
     	try {
     		Transaction.currentTxn();
@@ -2473,7 +2473,7 @@ public class StorageManagerImpl implements StorageManager, StorageService, Manag
 	
 	@Override
 	public boolean deleteVolume(DeleteVolumeCmd cmd) throws InvalidParameterValueException {
-    	Account account = UserContext.current().getAccount();
+    	Account account = UserContext.current().getCaller();
     	Long volumeId = cmd.getId();
     	
     	boolean isAdmin;
@@ -2547,7 +2547,7 @@ public class StorageManagerImpl implements StorageManager, StorageService, Manag
 	
     @Override
     public <T extends VMInstanceVO> DiskProfile allocateRawVolume(VolumeType type, String name, DiskOfferingVO offering, Long size, T vm, Account owner) {
-        long userId = UserContext.current().getUserId();
+        long userId = UserContext.current().getCallerUserId();
         if (size == null) {
             size = offering.getDiskSizeInBytes();
         }
@@ -2580,7 +2580,7 @@ public class StorageManagerImpl implements StorageManager, StorageService, Manag
     
     @Override 
     public <T extends VMInstanceVO> DiskProfile allocateTemplatedVolume(VolumeType type, String name, DiskOfferingVO offering, VMTemplateVO template, T vm, Account owner) {
-        long userId = UserContext.current().getUserId();
+        long userId = UserContext.current().getCallerUserId();
         assert (template.getFormat() != ImageFormat.ISO) : "ISO is not a template really....";
         
         SearchCriteria<VMTemplateHostVO> sc = HostTemplateStatesSearch.create();
diff --git a/server/src/com/cloud/storage/allocator/LocalStoragePoolAllocator.java b/server/src/com/cloud/storage/allocator/LocalStoragePoolAllocator.java
index 59698337cf0..67ab1e0180e 100644
--- a/server/src/com/cloud/storage/allocator/LocalStoragePoolAllocator.java
+++ b/server/src/com/cloud/storage/allocator/LocalStoragePoolAllocator.java
@@ -120,7 +120,7 @@ public class LocalStoragePoolAllocator extends FirstFitStoragePoolAllocator {
         	SearchCriteria<Long> sc = VmsOnPoolSearch.create();
         	sc.setJoinParameters("volumeJoin", "poolId", pool.getId());
         	sc.setParameters("state", State.Expunging);
-        	List<Long> vmsOnHost = _vmInstanceDao.searchIncludingRemoved(sc, null);
+        	List<Long> vmsOnHost = _vmInstanceDao.customSearchIncludingRemoved(sc, null);
             
         	if(s_logger.isDebugEnabled()) {
         		s_logger.debug("Found " + vmsOnHost.size() + " VM instances are alloacated at host " + spHost.getHostId() + " with local storage pool " + pool.getName());
diff --git a/server/src/com/cloud/storage/dao/DiskOfferingDaoImpl.java b/server/src/com/cloud/storage/dao/DiskOfferingDaoImpl.java
index 2e9c4591413..e421e9ccf5d 100644
--- a/server/src/com/cloud/storage/dao/DiskOfferingDaoImpl.java
+++ b/server/src/com/cloud/storage/dao/DiskOfferingDaoImpl.java
@@ -82,9 +82,9 @@ public class DiskOfferingDaoImpl extends GenericDaoBase<DiskOfferingVO, Long> im
     }
     
     @Override
-    public <K> List<K> searchIncludingRemoved(SearchCriteria<K> sc, final Filter filter) {
+    public <K> List<K> customSearchIncludingRemoved(SearchCriteria<K> sc, final Filter filter) {
         sc.addAnd(_typeAttr, Op.EQ, Type.Disk);
-        return super.searchIncludingRemoved(sc, filter);
+        return super.customSearchIncludingRemoved(sc, filter);
     }
     
     @Override
diff --git a/server/src/com/cloud/storage/dao/StoragePoolDaoImpl.java b/server/src/com/cloud/storage/dao/StoragePoolDaoImpl.java
index 0ad0fa5ef56..5c0c18b8c5a 100644
--- a/server/src/com/cloud/storage/dao/StoragePoolDaoImpl.java
+++ b/server/src/com/cloud/storage/dao/StoragePoolDaoImpl.java
@@ -380,7 +380,7 @@ public class StoragePoolDaoImpl extends GenericDaoBase<StoragePoolVO, Long>  imp
         sc.setParameters("status", (Object[])statuses);
         sc.setParameters("pool", primaryStorageId);
         
-        List<Long> rs = searchIncludingRemoved(sc, null);
+        List<Long> rs = customSearchIncludingRemoved(sc, null);
         if (rs.size() == 0) {
             return 0;
         }
diff --git a/server/src/com/cloud/storage/dao/VolumeDaoImpl.java b/server/src/com/cloud/storage/dao/VolumeDaoImpl.java
index 76155bed84e..5cd20f8315e 100755
--- a/server/src/com/cloud/storage/dao/VolumeDaoImpl.java
+++ b/server/src/com/cloud/storage/dao/VolumeDaoImpl.java
@@ -242,7 +242,7 @@ public class VolumeDaoImpl extends GenericDaoBase<VolumeVO, Long> implements Vol
 	    sc.setParameters("template", templateId);
 	    sc.setParameters("pool", poolId);
 	    
-	    List<Long> results = searchIncludingRemoved(sc, null);
+	    List<Long> results = customSearchIncludingRemoved(sc, null);
 	    assert results.size() > 0 : "How can this return a size of " + results.size();
 	    
 	    return results.get(0) > 0;
@@ -432,7 +432,7 @@ public class VolumeDaoImpl extends GenericDaoBase<VolumeVO, Long> implements Vol
 	public Pair<Long, Long> getCountAndTotalByPool(long poolId) {
         SearchCriteria<SumCount> sc = TotalSizeByPoolSearch.create();
         sc.setParameters("poolId", poolId);
-        List<SumCount> results = searchIncludingRemoved(sc, null);
+        List<SumCount> results = customSearchIncludingRemoved(sc, null);
         SumCount sumCount = results.get(0);
         return new Pair<Long, Long>(sumCount.count, sumCount.sum);
 	}
diff --git a/server/src/com/cloud/storage/preallocatedlun/dao/PreallocatedLunDaoImpl.java b/server/src/com/cloud/storage/preallocatedlun/dao/PreallocatedLunDaoImpl.java
index 2e37fd7cf4b..d03d703ce1b 100644
--- a/server/src/com/cloud/storage/preallocatedlun/dao/PreallocatedLunDaoImpl.java
+++ b/server/src/com/cloud/storage/preallocatedlun/dao/PreallocatedLunDaoImpl.java
@@ -185,7 +185,7 @@ public class PreallocatedLunDaoImpl extends GenericDaoBase<PreallocatedLunVO, Lo
         SearchCriteria<Long> sc = TotalSizeSearch.create();
         sc.setParameters("target", targetIqn);
         
-        List<Long> results = searchIncludingRemoved(sc, null);
+        List<Long> results = customSearchIncludingRemoved(sc, null);
         if (results.size() == 0) {
             return 0;
         }
@@ -198,7 +198,7 @@ public class PreallocatedLunDaoImpl extends GenericDaoBase<PreallocatedLunVO, Lo
         SearchCriteria<Long> sc = UsedSizeSearch.create();
         sc.setParameters("target", targetIqn);
         
-        List<Long> results = searchIncludingRemoved(sc, null);
+        List<Long> results = customSearchIncludingRemoved(sc, null);
         if (results.size() == 0) {
             return 0;
         }
@@ -210,7 +210,7 @@ public class PreallocatedLunDaoImpl extends GenericDaoBase<PreallocatedLunVO, Lo
     public List<String> findDistinctTagsForTarget(String targetIqn) {
         SearchCriteria<String> sc = DetailsSearch.create();
         sc.setJoinParameters("target", "targetiqn", targetIqn);
-        return _detailsDao.searchIncludingRemoved(sc, null);
+        return _detailsDao.customSearchIncludingRemoved(sc, null);
     }
 
     @Override @DB
diff --git a/server/src/com/cloud/storage/secondary/SecondaryStorageManagerImpl.java b/server/src/com/cloud/storage/secondary/SecondaryStorageManagerImpl.java
index b2f7dc294fe..4c25ac5c832 100644
--- a/server/src/com/cloud/storage/secondary/SecondaryStorageManagerImpl.java
+++ b/server/src/com/cloud/storage/secondary/SecondaryStorageManagerImpl.java
@@ -119,6 +119,7 @@ import com.cloud.utils.db.Transaction;
 import com.cloud.utils.events.SubscriptionMgr;
 import com.cloud.utils.exception.CloudRuntimeException;
 import com.cloud.utils.exception.ExecutionException;
+import com.cloud.utils.net.Ip;
 import com.cloud.utils.net.NetUtils;
 import com.cloud.utils.net.NfsUtils;
 import com.cloud.vm.NicProfile;
@@ -503,7 +504,7 @@ public class SecondaryStorageManagerImpl implements SecondaryStorageVmManager, V
 		if (_IpAllocator != null && _IpAllocator.exteralIpAddressAllocatorEnabled()) {
 			 _IpAllocator.releasePublicIpAddress(ipAddress, dcId, podId);
 		} else {
-			_ipAddressDao.unassignIpAddress(ipAddress);
+			_ipAddressDao.unassignIpAddress(new Ip(ipAddress));
 		}
 	}
 
diff --git a/server/src/com/cloud/storage/snapshot/SnapshotManagerImpl.java b/server/src/com/cloud/storage/snapshot/SnapshotManagerImpl.java
index 70ba04d7301..ac2f40571b8 100755
--- a/server/src/com/cloud/storage/snapshot/SnapshotManagerImpl.java
+++ b/server/src/com/cloud/storage/snapshot/SnapshotManagerImpl.java
@@ -538,7 +538,7 @@ public class SnapshotManagerImpl implements SnapshotManager, SnapshotService, Ma
         
     }
     private Long getSnapshotUserId(){
-        Long userId = UserContext.current().getUserId();
+        Long userId = UserContext.current().getCallerUserId();
         if(userId == null ) {
             return User.UID_SYSTEM;
         }
@@ -598,7 +598,7 @@ public class SnapshotManagerImpl implements SnapshotManager, SnapshotService, Ma
     private Long checkAccountPermissions(long targetAccountId, long targetDomainId, String targetDesc, long targetId) throws ServerApiException {
     	Long accountId = null;
 
-    	Account account = UserContext.current().getAccount();
+    	Account account = UserContext.current().getCaller();
     	if (account != null) {
     		if (!isAdmin(account.getType())) {
     			if (account.getId() != targetAccountId) {
@@ -788,7 +788,7 @@ public class SnapshotManagerImpl implements SnapshotManager, SnapshotService, Ma
             checkAccountPermissions(volume.getAccountId(), volume.getDomainId(), "volume", volumeId);
         }
 
-        Account account = UserContext.current().getAccount();
+        Account account = UserContext.current().getCaller();
         Long domainId = cmd.getDomainId();
         String accountName = cmd.getAccountName();
         Long accountId = null;
@@ -1112,7 +1112,7 @@ public class SnapshotManagerImpl implements SnapshotManager, SnapshotService, Ma
     public List<SnapshotScheduleVO> findRecurringSnapshotSchedule(ListRecurringSnapshotScheduleCmd cmd) throws InvalidParameterValueException, PermissionDeniedException {
         Long volumeId = cmd.getVolumeId();
         Long policyId = cmd.getSnapshotPolicyId();
-        Account account = UserContext.current().getAccount();
+        Account account = UserContext.current().getCaller();
 
         //Verify parameters
         VolumeVO volume = _volsDao.findById(volumeId);
diff --git a/server/src/com/cloud/template/TemplateManagerImpl.java b/server/src/com/cloud/template/TemplateManagerImpl.java
index c47530039e3..e014689c93d 100755
--- a/server/src/com/cloud/template/TemplateManagerImpl.java
+++ b/server/src/com/cloud/template/TemplateManagerImpl.java
@@ -165,8 +165,8 @@ public class TemplateManagerImpl implements TemplateManager, Manager, TemplateSe
     
     @Override
     public VirtualMachineTemplate registerIso(RegisterIsoCmd cmd) throws ResourceAllocationException{
-        Account ctxAccount = UserContext.current().getAccount();
-        Long userId = UserContext.current().getUserId();
+        Account ctxAccount = UserContext.current().getCaller();
+        Long userId = UserContext.current().getCallerUserId();
         String name = cmd.getIsoName();
         String displayText = cmd.getDisplayText();
         String url = cmd.getUrl();
@@ -258,8 +258,8 @@ public class TemplateManagerImpl implements TemplateManager, Manager, TemplateSe
     @Override
     public VirtualMachineTemplate registerTemplate(RegisterTemplateCmd cmd) throws URISyntaxException, ResourceAllocationException{
     	
-        Account ctxAccount = UserContext.current().getAccount();
-        Long userId = UserContext.current().getUserId();
+        Account ctxAccount = UserContext.current().getCaller();
+        Long userId = UserContext.current().getCallerUserId();
         String name = cmd.getTemplateName();
         String displayText = cmd.getDisplayText(); 
         Integer bits = cmd.getBits();
@@ -464,7 +464,7 @@ public class TemplateManagerImpl implements TemplateManager, Manager, TemplateSe
 
     @Override
     public Long extract(ExtractIsoCmd cmd) {
-        Account account = UserContext.current().getAccount();
+        Account account = UserContext.current().getCaller();
         Long templateId = cmd.getId();
         Long zoneId = cmd.getZoneId();
         String url = cmd.getUrl();
@@ -477,7 +477,7 @@ public class TemplateManagerImpl implements TemplateManager, Manager, TemplateSe
 
     @Override
     public Long extract(ExtractTemplateCmd cmd) {
-        Account account = UserContext.current().getAccount();
+        Account account = UserContext.current().getCaller();
         Long templateId = cmd.getId();
         Long zoneId = cmd.getZoneId();
         String url = cmd.getUrl();
@@ -546,7 +546,7 @@ public class TemplateManagerImpl implements TemplateManager, Manager, TemplateSe
             extractMode = mode.equals(Upload.Mode.FTP_UPLOAD.toString()) ? Upload.Mode.FTP_UPLOAD : Upload.Mode.HTTP_DOWNLOAD;
         }
         
-        long userId = UserContext.current().getUserId();
+        long userId = UserContext.current().getCallerUserId();
         long accountId = template.getAccountId();
         String event = isISO ? EventTypes.EVENT_ISO_EXTRACT : EventTypes.EVENT_TEMPLATE_EXTRACT;
         if (extractMode == Upload.Mode.FTP_UPLOAD){
@@ -819,10 +819,10 @@ public class TemplateManagerImpl implements TemplateManager, Manager, TemplateSe
     @Override
     public VirtualMachineTemplate copyIso(CopyIsoCmd cmd) throws StorageUnavailableException {
     	Long isoId = cmd.getId();
-    	Long userId = UserContext.current().getUserId();
+    	Long userId = UserContext.current().getCallerUserId();
     	Long sourceZoneId = cmd.getSourceZoneId();
     	Long destZoneId = cmd.getDestinationZoneId();
-    	Account account = UserContext.current().getAccount();
+    	Account account = UserContext.current().getCaller();
     	
         //Verify parameters
         VMTemplateVO iso = _tmpltDao.findById(isoId);
@@ -853,10 +853,10 @@ public class TemplateManagerImpl implements TemplateManager, Manager, TemplateSe
     @Override
     public VirtualMachineTemplate copyTemplate(CopyTemplateCmd cmd) throws StorageUnavailableException {
     	Long templateId = cmd.getId();
-    	Long userId = UserContext.current().getUserId();
+    	Long userId = UserContext.current().getCallerUserId();
     	Long sourceZoneId = cmd.getSourceZoneId();
     	Long destZoneId = cmd.getDestinationZoneId();
-    	Account account = UserContext.current().getAccount();
+    	Account account = UserContext.current().getCaller();
         
         //Verify parameters
         VMTemplateVO template = _tmpltDao.findById(templateId);
@@ -1177,8 +1177,8 @@ public class TemplateManagerImpl implements TemplateManager, Manager, TemplateSe
 
 	@Override
 	public boolean detachIso(DetachIsoCmd cmd)  {
-        Account account = UserContext.current().getAccount();
-        Long userId = UserContext.current().getUserId();
+        Account account = UserContext.current().getCaller();
+        Long userId = UserContext.current().getCallerUserId();
         Long vmId = cmd.getVirtualMachineId();
         
         // Verify input parameters
@@ -1211,8 +1211,8 @@ public class TemplateManagerImpl implements TemplateManager, Manager, TemplateSe
 	
 	@Override
 	public boolean attachIso(AttachIsoCmd cmd) {
-        Account account = UserContext.current().getAccount();
-        Long userId = UserContext.current().getUserId();
+        Account account = UserContext.current().getCaller();
+        Long userId = UserContext.current().getCallerUserId();
         Long vmId = cmd.getVirtualMachineId();
         Long isoId = cmd.getId();
         
@@ -1324,8 +1324,8 @@ public class TemplateManagerImpl implements TemplateManager, Manager, TemplateSe
 	@Override
     public boolean deleteTemplate(DeleteTemplateCmd cmd) {
         Long templateId = cmd.getId();
-        Long userId = UserContext.current().getUserId();
-        Account account = UserContext.current().getAccount();
+        Long userId = UserContext.current().getCallerUserId();
+        Account account = UserContext.current().getCaller();
         Long zoneId = cmd.getZoneId();
         
         VMTemplateVO template = _tmpltDao.findById(templateId.longValue());
@@ -1357,8 +1357,8 @@ public class TemplateManagerImpl implements TemplateManager, Manager, TemplateSe
 	@Override
     public boolean deleteIso(DeleteIsoCmd cmd) {
         Long templateId = cmd.getId();
-        Long userId = UserContext.current().getUserId();
-        Account account = UserContext.current().getAccount();
+        Long userId = UserContext.current().getCallerUserId();
+        Account account = UserContext.current().getCaller();
         Long zoneId = cmd.getZoneId();
         
         VMTemplateVO template = _tmpltDao.findById(templateId.longValue());
diff --git a/server/src/com/cloud/user/AccountManagerImpl.java b/server/src/com/cloud/user/AccountManagerImpl.java
index f4f3b61b671..21e867480fb 100755
--- a/server/src/com/cloud/user/AccountManagerImpl.java
+++ b/server/src/com/cloud/user/AccountManagerImpl.java
@@ -79,6 +79,7 @@ import com.cloud.storage.dao.VMTemplateDao;
 import com.cloud.storage.dao.VolumeDao;
 import com.cloud.storage.snapshot.SnapshotManager;
 import com.cloud.template.TemplateManager;
+import com.cloud.user.Account.State;
 import com.cloud.user.dao.AccountDao;
 import com.cloud.user.dao.UserAccountDao;
 import com.cloud.user.dao.UserDao;
@@ -428,7 +429,7 @@ public class AccountManagerImpl implements AccountManager, AccountService {
         String accountName = cmd.getAccountName();
         Long domainId = cmd.getDomainId();
         Long accountId = null;
-        Account account = UserContext.current().getAccount();
+        Account account = UserContext.current().getCaller();
 
         if ((account == null) ||
             (account.getType() == Account.ACCOUNT_TYPE_ADMIN) ||
@@ -494,7 +495,7 @@ public class AccountManagerImpl implements AccountManager, AccountService {
 
     @Override
     public ResourceLimitVO updateResourceLimit(UpdateResourceLimitCmd cmd)  {
-        Account account = UserContext.current().getAccount();
+        Account account = UserContext.current().getCaller();
     	String accountName = cmd.getAccountName();
     	Long domainId = cmd.getDomainId();
     	Long max = cmd.getMax();
@@ -715,7 +716,7 @@ public class AccountManagerImpl implements AccountManager, AccountService {
         }
     }
     
-    private boolean doSetUserStatus(long userId, String state) {
+    private boolean doSetUserStatus(long userId, State state) {
         UserVO userForUpdate = _userDao.createForUpdate();
         userForUpdate.setState(state);
         return _userDao.update(Long.valueOf(userId), userForUpdate);
@@ -724,7 +725,7 @@ public class AccountManagerImpl implements AccountManager, AccountService {
     public boolean enableAccount(long accountId) {
         boolean success = false;
         AccountVO acctForUpdate = _accountDao.createForUpdate();
-        acctForUpdate.setState(Account.ACCOUNT_STATE_ENABLED);
+        acctForUpdate.setState(State.Enabled);
         success = _accountDao.update(Long.valueOf(accountId), acctForUpdate);
         return success;
     }
@@ -733,11 +734,11 @@ public class AccountManagerImpl implements AccountManager, AccountService {
         boolean success = false;
         Account account = _accountDao.findById(accountId);
         if (account != null) {
-            if (account.getState().equals(Account.ACCOUNT_STATE_LOCKED)) {
+            if (account.getState().equals(State.Locked)) {
                 return true; // already locked, no-op
-            } else if (account.getState().equals(Account.ACCOUNT_STATE_ENABLED)) {
+            } else if (account.getState().equals(State.Enabled)) {
                 AccountVO acctForUpdate = _accountDao.createForUpdate();
-                acctForUpdate.setState(Account.ACCOUNT_STATE_LOCKED);
+                acctForUpdate.setState(State.Locked);
                 success = _accountDao.update(Long.valueOf(accountId), acctForUpdate);
             } else {
                 if (s_logger.isInfoEnabled()) {
@@ -938,11 +939,11 @@ public class AccountManagerImpl implements AccountManager, AccountService {
         }
 
         AccountVO account = _accountDao.findById(accountId);
-        if ((account == null) || account.getState().equals(Account.ACCOUNT_STATE_DISABLED)) {
+        if ((account == null) || account.getState().equals(State.Disabled)) {
             success = true;
         } else {
             AccountVO acctForUpdate = _accountDao.createForUpdate();
-            acctForUpdate.setState(Account.ACCOUNT_STATE_DISABLED);
+            acctForUpdate.setState(State.Disabled);
             success = _accountDao.update(Long.valueOf(accountId), acctForUpdate);
 
             success = (success && doDisableAccount(accountId));
@@ -988,7 +989,7 @@ public class AccountManagerImpl implements AccountManager, AccountService {
         String accountName = cmd.getAccountName();
         short userType = cmd.getAccountType().shortValue();
         String networkDomain = cmd.getNetworkdomain();
-        Long userId = UserContext.current().getUserId();
+        Long userId = UserContext.current().getCallerUserId();
         
         try {
             if (accountName == null) {
@@ -1026,7 +1027,7 @@ public class AccountManagerImpl implements AccountManager, AccountService {
                 newAccount.setAccountName(accountName);
                 newAccount.setDomainId(domainId);
                 newAccount.setType(userType);
-                newAccount.setState("enabled");
+                newAccount.setState(State.Enabled);
                 newAccount.setNetworkDomain(networkDomain);
                 newAccount = _accountDao.persist(newAccount);
                 accountId = newAccount.getId();
@@ -1039,7 +1040,7 @@ public class AccountManagerImpl implements AccountManager, AccountService {
             UserVO user = new UserVO();
             user.setUsername(username);
             user.setPassword(password);
-            user.setState("enabled");
+            user.setState(State.Enabled);
             user.setFirstname(firstName);
             user.setLastname(lastName);
             user.setAccountId(accountId.longValue());
@@ -1083,7 +1084,7 @@ public class AccountManagerImpl implements AccountManager, AccountService {
     	String email = cmd.getEmail();
     	String timeZone = cmd.getTimezone();
     	Long accountId = null;
-    	Long userId = UserContext.current().getUserId();
+    	Long userId = UserContext.current().getCallerUserId();
     	
     	Account account = _accountDao.findActiveAccount(accountName, domainId);
     	
@@ -1100,7 +1101,7 @@ public class AccountManagerImpl implements AccountManager, AccountService {
         UserVO user = new UserVO();
         user.setUsername(userName);
         user.setPassword(password);
-        user.setState("enabled");
+        user.setState(State.Enabled);
         user.setFirstname(firstName);
         user.setLastname(lastName);
         user.setAccountId(accountId.longValue());
@@ -1213,7 +1214,7 @@ public class AccountManagerImpl implements AccountManager, AccountService {
     @Override
     public UserAccount disableUser(DisableUserCmd cmd) throws InvalidParameterValueException, PermissionDeniedException{
         Long userId = cmd.getId();
-        Account adminAccount = UserContext.current().getAccount();
+        Account adminAccount = UserContext.current().getCaller();
         
         //Check if user exists in the system
         User user = _userDao.findById(userId);
@@ -1231,7 +1232,7 @@ public class AccountManagerImpl implements AccountManager, AccountService {
             throw new PermissionDeniedException("Failed to disable user " + userId + ", permission denied.");
         }
 
-        boolean success = doSetUserStatus(userId, Account.ACCOUNT_STATE_DISABLED);
+        boolean success = doSetUserStatus(userId, State.Disabled);
         if (success) {
         	//user successfully disabled
         	return _userAccountDao.findById(userId);
@@ -1243,7 +1244,7 @@ public class AccountManagerImpl implements AccountManager, AccountService {
     @Override
     public UserAccount enableUser(EnableUserCmd cmd) throws InvalidParameterValueException, PermissionDeniedException{
         Long userId = cmd.getId();
-        Account adminAccount = UserContext.current().getAccount();
+        Account adminAccount = UserContext.current().getCaller();
         boolean success = false;
         
         //Check if user exists in the system
@@ -1262,7 +1263,7 @@ public class AccountManagerImpl implements AccountManager, AccountService {
             throw new PermissionDeniedException("Failed to enable user " + userId + ", permission denied.");
         }
         
-        success = doSetUserStatus(userId, Account.ACCOUNT_STATE_ENABLED);
+        success = doSetUserStatus(userId, State.Enabled);
 
         // make sure the account is enabled too
         success = (success && enableAccount(user.getAccountId()));
@@ -1278,7 +1279,7 @@ public class AccountManagerImpl implements AccountManager, AccountService {
     public UserAccount lockUser(LockUserCmd cmd) {
         boolean success = false;
         
-        Account adminAccount = UserContext.current().getAccount();
+        Account adminAccount = UserContext.current().getCaller();
         Long id = cmd.getId();
 
         // Check if user with id exists in the system
@@ -1301,16 +1302,16 @@ public class AccountManagerImpl implements AccountManager, AccountService {
 
         // make sure the account is enabled too
         // if the user is either locked already or disabled already, don't change state...only lock currently enabled users
-        if (user.getState().equals(Account.ACCOUNT_STATE_LOCKED)) {
+        if (user.getState().equals(State.Locked)) {
             // already locked...no-op
             return _userAccountDao.findById(id);
-        } else if (user.getState().equals(Account.ACCOUNT_STATE_ENABLED)) {
-            success = doSetUserStatus(user.getId(), Account.ACCOUNT_STATE_LOCKED);
+        } else if (user.getState().equals(State.Enabled)) {
+            success = doSetUserStatus(user.getId(), State.Locked);
 
             boolean lockAccount = true;
             List<UserVO> allUsersByAccount = _userDao.listByAccount(user.getAccountId());
             for (UserVO oneUser : allUsersByAccount) {
-                if (oneUser.getState().equals(Account.ACCOUNT_STATE_ENABLED)) {
+                if (oneUser.getState().equals(State.Enabled)) {
                     lockAccount = false;
                     break;
                 }
@@ -1376,7 +1377,7 @@ public class AccountManagerImpl implements AccountManager, AccountService {
         }
         
         //Check if user performing the action is allowed to modify this account
-        Account adminAccount = UserContext.current().getAccount();
+        Account adminAccount = UserContext.current().getCaller();
         if ((adminAccount != null) && !_domainDao.isChildDomain(adminAccount.getDomainId(), account.getDomainId())) {
           throw new PermissionDeniedException("Invalid account " + accountName + " in domain " + domainId + " given, permission denied");
         }
@@ -1391,7 +1392,7 @@ public class AccountManagerImpl implements AccountManager, AccountService {
     
     @Override
     public AccountVO lockAccount(DisableAccountCmd cmd) {
-        Account adminAccount = UserContext.current().getAccount();
+        Account adminAccount = UserContext.current().getCaller();
         Long domainId = cmd.getDomainId();
         String accountName = cmd.getAccountName();
 
@@ -1421,7 +1422,7 @@ public class AccountManagerImpl implements AccountManager, AccountService {
         String accountName = cmd.getAccountName();
         Long domainId = cmd.getDomainId();
 
-        Account adminAccount = UserContext.current().getAccount();
+        Account adminAccount = UserContext.current().getCaller();
         if ((adminAccount != null) && !_domainDao.isChildDomain(adminAccount.getDomainId(), domainId)) {
             throw new PermissionDeniedException("Failed to disable account " + accountName + " in domain " + domainId + ", permission denied.");
         }
@@ -1458,7 +1459,7 @@ public class AccountManagerImpl implements AccountManager, AccountService {
         }
         
         //Check if user performing the action is allowed to modify this account
-        Account adminAccount = UserContext.current().getAccount();
+        Account adminAccount = UserContext.current().getCaller();
         if ((adminAccount != null) && (adminAccount.getType() != Account.ACCOUNT_TYPE_ADMIN) && _domainDao.isChildDomain(adminAccount.getDomainId(), account.getDomainId())) {
           throw new PermissionDeniedException("Invalid account " + accountName + " in domain " + domainId + " given, permission denied");
         }
@@ -1489,8 +1490,9 @@ public class AccountManagerImpl implements AccountManager, AccountService {
 		
 		UserVO user = _userDao.findById(id);
 		
-		if(user == null)
-			throw new InvalidParameterValueException("The specified user doesn't exist in the system");
+		if(user == null) {
+            throw new InvalidParameterValueException("The specified user doesn't exist in the system");
+        }
 		
         if ((user != null) && (user.getAccountId() == Account.ACCOUNT_ID_SYSTEM)) {
             throw new InvalidParameterValueException("Account id : " + user.getAccountId() + " is a system account, delete for user associated with this account is not allowed");
diff --git a/server/src/com/cloud/user/dao/AccountDaoImpl.java b/server/src/com/cloud/user/dao/AccountDaoImpl.java
index 5715ac58515..ab8b3c33683 100644
--- a/server/src/com/cloud/user/dao/AccountDaoImpl.java
+++ b/server/src/com/cloud/user/dao/AccountDaoImpl.java
@@ -28,6 +28,7 @@ import javax.ejb.Local;
 import org.apache.log4j.Logger;
 
 import com.cloud.user.Account;
+import com.cloud.user.Account.State;
 import com.cloud.user.AccountVO;
 import com.cloud.user.User;
 import com.cloud.user.UserVO;
@@ -77,6 +78,7 @@ public class AccountDaoImpl extends GenericDaoBase<AccountVO, Long> implements A
     	return searchIncludingRemoved(sc, null, null, false);
     }
     
+    @Override
     public Pair<User, Account> findUserAccountByApiKey(String apiKey) {
         Transaction txn = Transaction.currentTxn();
         PreparedStatement pstmt = null;
@@ -92,13 +94,13 @@ public class AccountDaoImpl extends GenericDaoBase<AccountVO, Long> implements A
                 u.setUsername(rs.getString(2));
                 u.setAccountId(rs.getLong(3));
                 u.setSecretKey(rs.getString(4));
-                u.setState(rs.getString(5));
+                u.setState(State.valueOf(rs.getString(5)));
 
                 AccountVO a = new AccountVO(rs.getLong(6));
                 a.setAccountName(rs.getString(7));
                 a.setType(rs.getShort(8));
                 a.setDomainId(rs.getLong(9));
-                a.setState(rs.getString(10));
+                a.setState(State.valueOf(rs.getString(10)));
 
                 userAcctPair = new Pair<User, Account>(u, a);
             }
@@ -129,13 +131,17 @@ public class AccountDaoImpl extends GenericDaoBase<AccountVO, Long> implements A
         return findOneIncludingRemovedBy(sc);
     }
     
+    @Override
     public Account findActiveAccountByName(String accountName) {
     	SearchCriteria<AccountVO> sc = AccountNameSearch.create("accountName", accountName);
         return findOneBy(sc);
     }
 
+    @Override
     public List<AccountVO> findActiveAccounts(Long maxAccountId, Filter filter) {
-        if (maxAccountId == null) return null;
+        if (maxAccountId == null) {
+            return null;
+        }
 
         SearchCriteria<AccountVO> sc = createSearchCriteria();
         sc.addAnd("id", SearchCriteria.Op.LTEQ, maxAccountId);
@@ -143,8 +149,11 @@ public class AccountDaoImpl extends GenericDaoBase<AccountVO, Long> implements A
         return listBy(sc, filter);
     }
 
+    @Override
     public List<AccountVO> findRecentlyDeletedAccounts(Long maxAccountId, Date earliestRemovedDate, Filter filter) {
-        if (earliestRemovedDate == null) return null;
+        if (earliestRemovedDate == null) {
+            return null;
+        }
         SearchCriteria<AccountVO> sc = createSearchCriteria();
         if (maxAccountId != null) {
             sc.addAnd("id", SearchCriteria.Op.LTEQ, maxAccountId);
@@ -155,8 +164,11 @@ public class AccountDaoImpl extends GenericDaoBase<AccountVO, Long> implements A
         return listIncludingRemovedBy(sc, filter);
     }
 
+    @Override
     public List<AccountVO> findNewAccounts(Long minAccountId, Filter filter) {
-        if (minAccountId == null) return null;
+        if (minAccountId == null) {
+            return null;
+        }
 
         SearchCriteria<AccountVO> sc = createSearchCriteria();
         sc.addAnd("id", SearchCriteria.Op.GT, minAccountId);
diff --git a/server/src/com/cloud/user/dao/UserDaoImpl.java b/server/src/com/cloud/user/dao/UserDaoImpl.java
index 4b4a53b11a8..04b16128c0d 100644
--- a/server/src/com/cloud/user/dao/UserDaoImpl.java
+++ b/server/src/com/cloud/user/dao/UserDaoImpl.java
@@ -78,7 +78,8 @@ public class UserDaoImpl extends GenericDaoBase<UserVO, Long> implements UserDao
 	    return findOneBy(sc);
 	}
 	
-	public List<UserVO> listByAccount(long accountId) {
+	@Override
+    public List<UserVO> listByAccount(long accountId) {
 	    SearchCriteria<UserVO> sc = AccountIdSearch.create();
 	    sc.setParameters("account", accountId);
 	    return listBy(sc, null);
@@ -116,7 +117,7 @@ public class UserDaoImpl extends GenericDaoBase<UserVO, Long> implements UserDao
     public void update(long id, String username, String password, String firstname, String lastname, String email, Long accountId, String timezone, String apiKey, String secretKey)
     {
         UserVO dbUser = getUser(username);
-        if ((dbUser == null) || (dbUser.getId().longValue() == id)) {
+        if ((dbUser == null) || (dbUser.getId() == id)) {
             UserVO ub = createForUpdate();
             ub.setUsername(username);
             ub.setPassword(password);
diff --git a/server/src/com/cloud/vm/UserVmManagerImpl.java b/server/src/com/cloud/vm/UserVmManagerImpl.java
index 78a1c9d713f..663dc8659ce 100755
--- a/server/src/com/cloud/vm/UserVmManagerImpl.java
+++ b/server/src/com/cloud/vm/UserVmManagerImpl.java
@@ -194,6 +194,7 @@ import com.cloud.utils.db.SearchCriteria;
 import com.cloud.utils.db.Transaction;
 import com.cloud.utils.exception.CloudRuntimeException;
 import com.cloud.utils.exception.ExecutionException;
+import com.cloud.utils.net.Ip;
 import com.cloud.utils.net.NetUtils;
 import com.cloud.vm.VirtualMachine.Type;
 import com.cloud.vm.dao.DomainRouterDao;
@@ -288,8 +289,8 @@ public class UserVmManagerImpl implements UserVmManager, UserVmService, Manager
 
     @Override
     public UserVm resetVMPassword(ResetVMPasswordCmd cmd, String password){
-        Account account = UserContext.current().getAccount();
-    	Long userId = UserContext.current().getUserId();
+        Account account = UserContext.current().getCaller();
+    	Long userId = UserContext.current().getCallerUserId();
     	Long vmId = cmd.getId();
     	UserVmVO userVm = _vmDao.findById(cmd.getId());
     	
@@ -316,7 +317,7 @@ public class UserVmManagerImpl implements UserVmManager, UserVmService, Manager
 
     private boolean resetVMPasswordInternal(ResetVMPasswordCmd cmd, String password) {    	
         Long vmId = cmd.getId();
-        Long userId = UserContext.current().getUserId();
+        Long userId = UserContext.current().getCallerUserId();
         UserVmVO vmInstance = _vmDao.findById(vmId);
 
         if (password == null || password.equals("")) {
@@ -387,7 +388,7 @@ public class UserVmManagerImpl implements UserVmManager, UserVmService, Manager
     	Long vmId = command.getVirtualMachineId();
     	Long volumeId = command.getId();
     	Long deviceId = command.getDeviceId();
-    	Account account = UserContext.current().getAccount();
+    	Account account = UserContext.current().getCaller();
     	
     	// Check that the volume ID is valid
     	VolumeVO volume = _volsDao.findById(volumeId);
@@ -612,7 +613,7 @@ public class UserVmManagerImpl implements UserVmManager, UserVmService, Manager
     
     @Override
     public Volume detachVolumeFromVM(DetachVolumeCmd cmmd) {    	
-    	Account account = UserContext.current().getAccount();
+    	Account account = UserContext.current().getCaller();
     	if ((cmmd.getId() == null && cmmd.getDeviceId() == null && cmmd.getVirtualMachineId() == null) ||
     	    (cmmd.getId() != null && (cmmd.getDeviceId() != null || cmmd.getVirtualMachineId() != null)) ||
     	    (cmmd.getId() == null && (cmmd.getDeviceId()==null || cmmd.getVirtualMachineId() == null))) {
@@ -807,8 +808,8 @@ public class UserVmManagerImpl implements UserVmManager, UserVmService, Manager
     public UserVm upgradeVirtualMachine(UpgradeVMCmd cmd) throws ServerApiException, InvalidParameterValueException {
         Long virtualMachineId = cmd.getId();
         Long serviceOfferingId = cmd.getServiceOfferingId();
-        Account account = UserContext.current().getAccount();
-        Long userId = UserContext.current().getUserId();
+        Account account = UserContext.current().getCaller();
+        Long userId = UserContext.current().getCallerUserId();
 
         // Verify input parameters
         UserVmVO vmInstance = _vmDao.findById(virtualMachineId);
@@ -984,9 +985,9 @@ public class UserVmManagerImpl implements UserVmManager, UserVmService, Manager
     	ServiceOffering offering = _offeringDao.findById(userVm.getServiceOfferingId());
     	
     	if (offering.getGuestIpType() != NetworkOffering.GuestIpType.Virtual) {  		
-    		IPAddressVO guestIP = (userVm.getGuestIpAddress() == null) ? null : _ipAddressDao.findById(userVm.getGuestIpAddress());
+    		IPAddressVO guestIP = (userVm.getGuestIpAddress() == null) ? null : _ipAddressDao.findById(new Ip(userVm.getGuestIpAddress()));
     		if (guestIP != null && guestIP.getAllocatedTime() != null) {
-    			_ipAddressDao.unassignIpAddress(userVm.getGuestIpAddress());
+    			_ipAddressDao.unassignIpAddress(new Ip(userVm.getGuestIpAddress()));
             	s_logger.debug("Released guest IP address=" + userVm.getGuestIpAddress() + " vmName=" + userVm.getName() +  " dcId=" + userVm.getDataCenterId());
 
             	EventUtils.saveEvent(User.UID_SYSTEM, userVm.getAccountId(), EventTypes.EVENT_NET_IP_RELEASE, "released a public ip: " + userVm.getGuestIpAddress());
@@ -1053,7 +1054,7 @@ public class UserVmManagerImpl implements UserVmManager, UserVmService, Manager
     public UserVm recoverVirtualMachine(RecoverVMCmd cmd) throws ResourceAllocationException, CloudRuntimeException {
     	
         Long vmId = cmd.getId();
-        Account accountHandle = UserContext.current().getAccount();
+        Account accountHandle = UserContext.current().getCaller();
    
         //if account is removed, return error
         if(accountHandle!=null && accountHandle.getRemoved() != null) {
@@ -1586,12 +1587,12 @@ public class UserVmManagerImpl implements UserVmManager, UserVmService, Manager
 
     @Override
     public VMTemplateVO createPrivateTemplateRecord(CreateTemplateCmd cmd) throws InvalidParameterValueException, PermissionDeniedException {
-        Long userId = UserContext.current().getUserId();
+        Long userId = UserContext.current().getCallerUserId();
         if (userId == null) {
             userId = User.UID_SYSTEM;
         }
 
-        Account account = UserContext.current().getAccount();
+        Account account = UserContext.current().getCaller();
         boolean isAdmin = ((account == null) || isAdmin(account.getType()));
         
     	VMTemplateVO privateTemplate = null;
@@ -1719,7 +1720,7 @@ public class UserVmManagerImpl implements UserVmManager, UserVmService, Manager
 
     @Override @DB
     public VMTemplateVO createPrivateTemplate(CreateTemplateCmd command) throws CloudRuntimeException {
-        Long userId = UserContext.current().getUserId();
+        Long userId = UserContext.current().getCallerUserId();
         if (userId == null) {
             userId = User.UID_SYSTEM;
         }
@@ -1925,8 +1926,8 @@ public class UserVmManagerImpl implements UserVmManager, UserVmService, Manager
         String group = cmd.getGroup();
         Boolean ha = cmd.getHaEnable();
         Long id = cmd.getId();
-        Account account = UserContext.current().getAccount();
-        Long userId = UserContext.current().getUserId();
+        Account account = UserContext.current().getCaller();
+        Long userId = UserContext.current().getCallerUserId();
     
         //Input validation
         UserVmVO vmInstance = null;
@@ -1998,8 +1999,8 @@ public class UserVmManagerImpl implements UserVmManager, UserVmService, Manager
 
 	@Override
 	public UserVm rebootVirtualMachine(RebootVMCmd cmd) {
-        Account account = UserContext.current().getAccount();
-        Long userId = UserContext.current().getUserId();
+        Account account = UserContext.current().getCaller();
+        Long userId = UserContext.current().getCallerUserId();
         Long vmId = cmd.getId();
         
         //Verify input parameters
@@ -2026,7 +2027,7 @@ public class UserVmManagerImpl implements UserVmManager, UserVmService, Manager
 
     @Override @DB
     public InstanceGroupVO createVmGroup(CreateVMGroupCmd cmd) throws InvalidParameterValueException, PermissionDeniedException {
-        Account account = UserContext.current().getAccount();
+        Account account = UserContext.current().getCaller();
         Long domainId = cmd.getDomainId();
         String accountName = cmd.getAccountName();
         Long accountId = null;
@@ -2099,7 +2100,7 @@ public class UserVmManagerImpl implements UserVmManager, UserVmService, Manager
 
     @Override
     public boolean deleteVmGroup(DeleteVMGroupCmd cmd) throws InvalidParameterValueException, PermissionDeniedException {
-        Account account = UserContext.current().getAccount();
+        Account account = UserContext.current().getCaller();
         Long groupId = cmd.getId();
 
         // Verify input parameters
@@ -2231,7 +2232,7 @@ public class UserVmManagerImpl implements UserVmManager, UserVmService, Manager
     
 	@Override @DB
     public UserVm createVirtualMachine(DeployVMCmd cmd) throws InsufficientCapacityException, ResourceUnavailableException, ConcurrentOperationException {
-        Account caller = UserContext.current().getAccount();
+        Account caller = UserContext.current().getCaller();
         
         String accountName = cmd.getAccountName();
         Long domainId = cmd.getDomainId();
@@ -2444,7 +2445,7 @@ public class UserVmManagerImpl implements UserVmManager, UserVmService, Manager
         }
         vm.setPassword(password);
         
-	    long userId = UserContext.current().getUserId();
+	    long userId = UserContext.current().getCallerUserId();
 	    UserVO caller = _userDao.findById(userId);
 	    
 	    AccountVO owner = _accountDao.findById(vm.getAccountId());
@@ -2535,8 +2536,8 @@ public class UserVmManagerImpl implements UserVmManager, UserVmService, Manager
     public UserVm stopVirtualMachine(long vmId) throws ConcurrentOperationException {
         
         //Input validation
-        Account caller = UserContext.current().getAccount();
-        Long userId = UserContext.current().getUserId();
+        Account caller = UserContext.current().getCaller();
+        Long userId = UserContext.current().getCallerUserId();
         
         //if account is removed, return error
         if (caller != null && caller.getRemoved() != null) {
@@ -2572,8 +2573,8 @@ public class UserVmManagerImpl implements UserVmManager, UserVmService, Manager
     @Override
     public UserVm startVirtualMachine(long vmId) throws ConcurrentOperationException, ResourceUnavailableException, InsufficientCapacityException {
         //Input validation
-        Account account = UserContext.current().getAccount();
-        Long userId = UserContext.current().getUserId();
+        Account account = UserContext.current().getCaller();
+        Long userId = UserContext.current().getCallerUserId();
         
         //if account is removed, return error
         if(account!=null && account.getRemoved() != null) {
@@ -2594,8 +2595,8 @@ public class UserVmManagerImpl implements UserVmManager, UserVmService, Manager
     
     @Override
     public UserVm destroyVm(long vmId) throws ResourceUnavailableException, ConcurrentOperationException {
-        Account account = UserContext.current().getAccount();
-        Long userId = UserContext.current().getUserId();
+        Account account = UserContext.current().getCaller();
+        Long userId = UserContext.current().getCallerUserId();
         
         //Verify input parameters
         UserVmVO vm = _vmDao.findById(vmId);
diff --git a/server/src/com/cloud/vm/dao/NicDao.java b/server/src/com/cloud/vm/dao/NicDao.java
index 010ddcf3d25..f60f9bc8747 100644
--- a/server/src/com/cloud/vm/dao/NicDao.java
+++ b/server/src/com/cloud/vm/dao/NicDao.java
@@ -17,4 +17,6 @@ public interface NicDao extends GenericDao<NicVO, Long> {
     
     List<Long> listNetworksWithNoActiveNics(); 
     NicVO findByInstanceIdAndNetworkId(long networkId, long instanceId);
+
+    void removeNicsForInstance(long instanceId);
 }
diff --git a/server/src/com/cloud/vm/dao/NicDaoImpl.java b/server/src/com/cloud/vm/dao/NicDaoImpl.java
index 94afc182c5d..bcdc0cbb3f2 100644
--- a/server/src/com/cloud/vm/dao/NicDaoImpl.java
+++ b/server/src/com/cloud/vm/dao/NicDaoImpl.java
@@ -7,7 +7,6 @@ import java.util.List;
 
 import javax.ejb.Local;
 
-import com.cloud.domain.DomainVO;
 import com.cloud.utils.db.GenericDaoBase;
 import com.cloud.utils.db.GenericSearchBuilder;
 import com.cloud.utils.db.SearchBuilder;
@@ -47,6 +46,13 @@ public class NicDaoImpl extends GenericDaoBase<NicVO, Long> implements NicDao {
         GarbageCollectSearch.done();
     }
     
+    @Override
+    public void removeNicsForInstance(long instanceId) {
+        SearchCriteria<NicVO> sc = InstanceSearch.create();
+        sc.setParameters("instance", instanceId);
+        remove(sc);
+    }
+    
     @Override
     public List<NicVO> listBy(long instanceId) {
         SearchCriteria<NicVO> sc = InstanceSearch.create();
@@ -75,6 +81,7 @@ public class NicDaoImpl extends GenericDaoBase<NicVO, Long> implements NicDao {
         return customSearch(sc, null);
     }
     
+    @Override
     public NicVO findByInstanceIdAndNetworkId(long networkId, long instanceId) {
         SearchCriteria<NicVO> sc = createSearchCriteria();
         sc.addAnd("networkId", SearchCriteria.Op.EQ, networkId);
diff --git a/setup/db/create-index-fk.sql b/setup/db/create-index-fk.sql
index 4770fd7bcf2..eaecba73c2a 100755
--- a/setup/db/create-index-fk.sql
+++ b/setup/db/create-index-fk.sql
@@ -246,13 +246,4 @@ ALTER TABLE `cloud`.`instance_group` ADD CONSTRAINT `fk_instance_group__account_
 ALTER TABLE `cloud`.`instance_group_vm_map` ADD CONSTRAINT `fk_instance_group_vm_map___group_id` FOREIGN KEY `fk_instance_group_vm_map___group_id` (`group_id`) REFERENCES `instance_group` (`id`) ON DELETE CASCADE;
 ALTER TABLE `cloud`.`instance_group_vm_map` ADD CONSTRAINT `fk_instance_group_vm_map___instance_id` FOREIGN KEY `fk_instance_group_vm_map___instance_id` (`instance_id`) REFERENCES `user_vm` (`id`) ON DELETE CASCADE;
 
-ALTER TABLE `cloud`.`remote_access_vpn` ADD CONSTRAINT `fk_remote_access_vpn___account_id` FOREIGN KEY `fk_remote_access_vpn__account_id` (`account_id`) REFERENCES `account` (`id`) ON DELETE CASCADE;
-ALTER TABLE `cloud`.`remote_access_vpn` ADD CONSTRAINT `fk_remote_access_vpn__zone_id` FOREIGN KEY `fk_remote_access_vpn__zone_id` (`zone_id`) REFERENCES `data_center` (`id`);
-ALTER TABLE `cloud`.`remote_access_vpn` ADD CONSTRAINT `fk_remote_access_vpn__server_addr` FOREIGN KEY `fk_remote_access_vpn__server_addr` (`vpn_server_addr`) REFERENCES `user_ip_address` (`public_ip_address`);
-ALTER TABLE `cloud`.`remote_access_vpn` ADD INDEX `i_remote_access_vpn_addr`(`vpn_server_addr`);
-
-ALTER TABLE `cloud`.`vpn_users` ADD CONSTRAINT `fk_vpn_users___account_id` FOREIGN KEY `fk_vpn_users__account_id` (`account_id`) REFERENCES `account` (`id`) ON DELETE CASCADE;
-ALTER TABLE `cloud`.`vpn_users` ADD INDEX `i_vpn_users_username`(`username`);
-ALTER TABLE `cloud`.`vpn_users` ADD UNIQUE `i_vpn_users__account_id__username`(`account_id`, `username`); 
-
 ALTER TABLE `cloud`.`vlan` ADD CONSTRAINT `fk_vlan__network_id` FOREIGN KEY `fk_vlan__network_id` (`network_id`) REFERENCES `networks` (`id`) ON DELETE CASCADE;
diff --git a/setup/db/create-schema.sql b/setup/db/create-schema.sql
index f38d4272cc0..6aa49804dbd 100755
--- a/setup/db/create-schema.sql
+++ b/setup/db/create-schema.sql
@@ -466,7 +466,7 @@ CREATE TABLE `cloud`.`op_dc_vnet_alloc` (
 
 CREATE TABLE `cloud`.`firewall_rules` (
   `id` bigint unsigned NOT NULL auto_increment COMMENT 'id',
-  `ip_address` bigint unsigned NOT NULL COMMENT 'ip_address',
+  `ip_address` bigint unsigned NOT NULL COMMENT 'ip address',
   `start_port` int(10) NOT NULL default -1 COMMENT 'starting port of a port range',
   `end_port` int(10) NOT NULL default -1 COMMENT 'end port of a port range',
   `state` char(32) NOT NULL COMMENT 'current state of this rule',
@@ -637,7 +637,7 @@ CREATE TABLE  `cloud`.`event` (
 CREATE TABLE  `cloud`.`user_ip_address` (
   `account_id` bigint unsigned NULL,
   `domain_id` bigint unsigned NULL,
-  `public_ip_address` varchar(15) unique NOT NULL,
+  `public_ip_address` bigint unsigned unique NOT NULL,
   `data_center_id` bigint unsigned NOT NULL COMMENT 'zone that it belongs to',
   `source_nat` int(1) unsigned NOT NULL default '0',
   `allocated` datetime NULL COMMENT 'Date this ip was allocated to someone',
@@ -1045,22 +1045,32 @@ CREATE TABLE `cloud`.`load_balancer` (
 ) ENGINE=InnoDB DEFAULT CHARSET=utf8;
 
 CREATE TABLE `cloud`.`remote_access_vpn` (
-  `id` bigint unsigned NOT NULL auto_increment,
+  `vpn_server_addr` bigint unsigned UNIQUE NOT NULL,
   `account_id` bigint unsigned NOT NULL,
-  `zone_id` bigint unsigned NOT NULL,
-  `vpn_server_addr` varchar(15) UNIQUE NOT NULL,
+  `network_id` bigint unsigned NOT NULL,
+  `domain_id` bigint unsigned NOT NULL,
   `local_ip` varchar(15) NOT NULL,
   `ip_range` varchar(32) NOT NULL,
   `ipsec_psk` varchar(256) NOT NULL,
-  PRIMARY KEY  (`id`)
+  PRIMARY KEY  (`vpn_server_addr`),
+  CONSTRAINT `fk_remote_access_vpn__account_id` FOREIGN KEY `fk_remote_access_vpn__account_id`(`account_id`) REFERENCES `account` (`id`) ON DELETE CASCADE,
+  CONSTRAINT `fk_remote_access_vpn__domain_id` FOREIGN KEY `fk_remote_access_vpn__domain_id`(
+  CONSTRAINT `fk_remote_access_vpn__network_id` FOREIGN KEY `fk_remote_access_vpn__network_id` (`network_id`) REFERENCES `networks` (`id`) ON DELETE CASCADE;
+#  CONSTRAINT `fk_remote_access_vpn__server_addr` FOREIGN KEY `fk_remote_access_vpn__server_addr` (`vpn_server_addr`) REFERENCES `user_ip_address` (`public_ip_address`) ON DELETE CASCADE,
 ) ENGINE=InnoDB DEFAULT CHARSET=utf8;
 
 CREATE TABLE `cloud`.`vpn_users` (
   `id` bigint unsigned NOT NULL auto_increment,
-  `account_id` bigint unsigned NOT NULL,
+  `owner_id` bigint unsigned NOT NULL,
+  `domain_id` bigint unsigned NOT NULL,
   `username` varchar(255) NOT NULL,
   `password` varchar(255) NOT NULL,
-  PRIMARY KEY  (`id`)
+  `state` char(32) NOT NULL COMMENT 'What state is this vpn user in',
+  PRIMARY KEY  (`id`),
+  CONSTRAINT `fk_vpn_users__owner_id` FOREIGN KEY (`owner_id`) REFERENCES `account`(`id`) ON DELETE CASCADE,
+  CONSTRAINT `fk_vpn_users__domain_id` FOREIGN KEY (`domain_id`) REFERENCES `domain`(`id`) ON DELETE CASCADE,
+  INDEX `i_vpn_users_username`(`username`),
+  UNIQUE `i_vpn_users__account_id__username`(`account_id`, `username`) 
 ) ENGINE=InnoDB DEFAULT CHARSET=utf8;
 
 CREATE TABLE  `cloud`.`storage_pool` (
diff --git a/utils/src/com/cloud/utils/SerialVersionUID.java b/utils/src/com/cloud/utils/SerialVersionUID.java
index 0a7038569c2..e3085c1d7bd 100755
--- a/utils/src/com/cloud/utils/SerialVersionUID.java
+++ b/utils/src/com/cloud/utils/SerialVersionUID.java
@@ -35,6 +35,7 @@ public interface SerialVersionUID {
     public static final long AccountLimitException = Base | 0x5;
     public static final long InsufficientVirtualNetworkCapacityException = Base | 0x7;
     public static final long NetworkUnavailableException = Base | 0x8;
+    public static final long Ip = Base | 0x9;
     public static final long UnsupportedVersionException = Base | 0xb;
     public static final long DataCenterIpAddressPK = Base | 0xc;
     public static final long UnableToExecuteException = Base | 0xd;
diff --git a/utils/src/com/cloud/utils/db/GenericDao.java b/utils/src/com/cloud/utils/db/GenericDao.java
index 78ed3a0feac..f4da5abac6a 100755
--- a/utils/src/com/cloud/utils/db/GenericDao.java
+++ b/utils/src/com/cloud/utils/db/GenericDao.java
@@ -158,7 +158,7 @@ public interface GenericDao<T, ID extends Serializable> {
      * @param filter
      * @return list of entity beans.
      */
-    public <M> List<M> searchIncludingRemoved(SearchCriteria<M> sc, Filter filter);
+    public <M> List<M> customSearchIncludingRemoved(SearchCriteria<M> sc, Filter filter);
     
     /**
      * Retrieves the entire table.
diff --git a/utils/src/com/cloud/utils/db/GenericDaoBase.java b/utils/src/com/cloud/utils/db/GenericDaoBase.java
index c9b3dbc8e64..c3b0a907064 100755
--- a/utils/src/com/cloud/utils/db/GenericDaoBase.java
+++ b/utils/src/com/cloud/utils/db/GenericDaoBase.java
@@ -379,7 +379,7 @@ public abstract class GenericDaoBase<T, ID extends Serializable> implements Gene
     }
     
     @Override @SuppressWarnings("unchecked") @DB
-    public <M> List<M> searchIncludingRemoved(SearchCriteria<M> sc, final Filter filter) {
+    public <M> List<M> customSearchIncludingRemoved(SearchCriteria<M> sc, final Filter filter) {
         String clause = sc != null ? sc.getWhereClause() : null;
         if (clause != null && clause.length() == 0) {
             clause = null;
@@ -456,7 +456,7 @@ public abstract class GenericDaoBase<T, ID extends Serializable> implements Gene
             sc.addAnd(_removed.second().field.getName(), SearchCriteria.Op.NULL);
         }
         
-        return searchIncludingRemoved(sc, filter);
+        return customSearchIncludingRemoved(sc, filter);
     }
     
     @DB(txn=false)
diff --git a/utils/src/com/cloud/utils/net/Ip.java b/utils/src/com/cloud/utils/net/Ip.java
index 1c3844d1ce7..9e5c60b18bc 100644
--- a/utils/src/com/cloud/utils/net/Ip.java
+++ b/utils/src/com/cloud/utils/net/Ip.java
@@ -17,13 +17,19 @@
  */
 package com.cloud.utils.net;
 
+import java.io.Serializable;
+
 import com.cloud.utils.NumbersUtil;
+import com.cloud.utils.SerialVersionUID;
 
 /**
  * Simple Ip implementation class that works with both ip4 and ip6.
  *
  */
-public class Ip {
+public class Ip implements Serializable, Comparable<Ip> {
+    
+    private static final long serialVersionUID = SerialVersionUID.Ip;
+    
     long ip;
     
     public Ip(long ip) {
@@ -75,4 +81,9 @@ public class Ip {
             return false;
         }
     }
+    
+    @Override
+    public int compareTo(Ip that) {
+        return (int)(this.ip - that.ip);
+    }
 }
diff --git a/utils/src/com/cloud/utils/net/NetUtils.java b/utils/src/com/cloud/utils/net/NetUtils.java
index c6c1e0c3c63..4646f42cd36 100755
--- a/utils/src/com/cloud/utils/net/NetUtils.java
+++ b/utils/src/com/cloud/utils/net/NetUtils.java
@@ -39,13 +39,14 @@ import org.apache.log4j.xml.DOMConfigurator;
 
 import com.cloud.utils.IteratorUtil;
 import com.cloud.utils.NumbersUtil;
+import com.cloud.utils.Pair;
 
 public class NetUtils {
     protected final static Logger s_logger = Logger.getLogger(NetUtils.class);
     public final static String HTTP_PORT = "80";
-    public final static String VPN_PORT = "500";
-    public final static String VPN_NATT_PORT = "4500";
-    public final static String VPN_L2TP_PORT = "1701";
+    public final static int VPN_PORT = 500;
+    public final static int VPN_NATT_PORT = 4500;
+    public final static int VPN_L2TP_PORT = 1701;
 
     
     public final static String UDP_PROTO = "udp";
@@ -618,6 +619,11 @@ public class NetUtils {
     	
     }
     
+    public static Pair<String, Integer> getCidr(String cidr) {
+        String[] tokens = cidr.split("/");
+        return new Pair<String, Integer>(tokens[0], Integer.parseInt(tokens[1]));
+    }
+    
     public static boolean isNetworkAWithinNetworkB(String cidrA, String cidrB) {
     	Long[] cidrALong = cidrToLong(cidrA);
     	Long[] cidrBLong = cidrToLong(cidrB);