diff --git a/docs/en-US/acquire-new-ip-for-vpc.xml b/docs/en-US/acquire-new-ip-for-vpc.xml
new file mode 100644
index 00000000000..785e80bb874
--- /dev/null
+++ b/docs/en-US/acquire-new-ip-for-vpc.xml
@@ -0,0 +1,73 @@
+
+
+%BOOK_ENTITIES;
+]>
+
+
+ Acquiring a New IP Address for a VPC
+ When you acquire an IP address, all IP addresses are allocated to VPC, not to the guest
+ networks within the VPC. The IPs are associated to the guest network only when the first
+ port-forwarding, load balancing, or Static NAT rule is created for the IP or the network. IP
+ can't be associated to more than one network at a time.
+
+
+ Log in to the &PRODUCT; UI as an administrator or end user.
+
+
+ In the left navigation, choose Network.
+
+
+ In the Select view, select VPC.
+ All the VPCs that you have created for the account is listed in the page.
+
+
+ Click the Configure button of the VPC to which you want to deploy the VMs.
+ The VPC page is displayed where all the tiers you created are listed in a
+ diagram.
+
+
+ Click the Settings icon.
+ The following options are displayed.
+
+
+ IP Addresses
+
+
+ Gateways
+
+
+ Site-to-Site VPN
+
+
+ Network ACLs
+
+
+
+
+ Select IP Addresses.
+ The IP Addresses page is displayed.
+
+
+ Click Acquire New IP, and click Yes in the confirmation dialog.
+ You are prompted for confirmation because, typically, IP addresses are a limited
+ resource. Within a few moments, the new IP address should appear with the state Allocated.
+ You can now use the IP address in port forwarding, load balancing, and static NAT
+ rules.
+
+
+
\ No newline at end of file
diff --git a/docs/en-US/add-loadbalancer-rule-vpc.xml b/docs/en-US/add-loadbalancer-rule-vpc.xml
new file mode 100644
index 00000000000..bba3e5ad134
--- /dev/null
+++ b/docs/en-US/add-loadbalancer-rule-vpc.xml
@@ -0,0 +1,123 @@
+
+
+%BOOK_ENTITIES;
+]>
+
+
+
+ Adding Load Balancing Rules on a VPC
+ A &PRODUCT; user or administrator may create load balancing rules that balance traffic
+ received at a public IP to one or more VMs that belong to a network tier that provides load
+ balancing service in a VPC. A user creates a rule, specifies an algorithm, and assigns the rule
+ to a set of VMs within a VPC.
+
+
+ Log in to the &PRODUCT; UI as an administrator or end user.
+
+
+ In the left navigation, choose Network.
+
+
+ In the Select view, select VPC.
+ All the VPCs that you have created for the account is listed in the page.
+
+
+ Click the Configure button of the VPC to which you want to configure load balancing
+ rules.
+ The VPC page is displayed where all the tiers you created are listed in a
+ diagram.
+
+
+ Click the Settings icon.
+ The following options are displayed.
+
+
+ IP Addresses
+
+
+ Gateways
+
+
+ Site-to-Site VPN
+
+
+ Network ACLs
+
+
+
+
+ Select IP Addresses.
+ The IP Addresses page is displayed.
+
+
+ Click the IP address for which you want to create the rule, then click the Configuration
+ tab.
+
+
+ In the Load Balancing node of the diagram, click View All.
+
+
+ Select the tier to which you want to apply the rule.
+
+ In a VPC, the load balancing service is supported only on a single tier.
+
+
+
+ Specify the following:
+
+
+ Name: A name for the load balancer rule.
+
+
+ Public Port: The port that receives the incoming
+ traffic to be balanced.
+
+
+ Private Port: The port that the VMs will use to
+ receive the traffic.
+
+
+ Algorithm. Choose the load balancing algorithm you
+ want &PRODUCT; to use. &PRODUCT; supports the following well-known algorithms:
+
+
+ Round-robin
+
+
+ Least connections
+
+
+ Source
+
+
+
+
+ Stickiness. (Optional) Click Configure and choose
+ the algorithm for the stickiness policy. See Sticky Session Policies for Load Balancer
+ Rules.
+
+
+ Add VMs: Click Add VMs, then select two or more VMs
+ that will divide the load of incoming traffic, and click Apply.
+
+
+
+
+ The new load balancing rule appears in the list. You can repeat these steps to add more load
+ balancing rules for this IP address.
+
\ No newline at end of file
diff --git a/docs/en-US/add-portforward-rule-vpc.xml b/docs/en-US/add-portforward-rule-vpc.xml
new file mode 100644
index 00000000000..c3dbc39bb19
--- /dev/null
+++ b/docs/en-US/add-portforward-rule-vpc.xml
@@ -0,0 +1,103 @@
+
+
+%BOOK_ENTITIES;
+]>
+
+
+ Adding a Port Forwarding Rule on a VPC
+
+
+ Log in to the &PRODUCT; UI as an administrator or end user.
+
+
+ In the left navigation, choose Network.
+
+
+ In the Select view, select VPC.
+ All the VPCs that you have created for the account is listed in the page.
+
+
+ Click the Configure button of the VPC to which you want to deploy the VMs.
+ The VPC page is displayed where all the tiers you created are listed in a
+ diagram.
+
+
+ Click the Settings icon.
+ The following options are displayed.
+
+
+ IP Addresses
+
+
+ Gateways
+
+
+ Site-to-Site VPN
+
+
+ Network ACLs
+
+
+
+
+ Choose an existing IP address or acquire a new IP address. Click the name of the IP
+ address in the list.
+ The IP Addresses page is displayed.
+
+
+ Click the IP address for which you want to create the rule, then click the Configuration
+ tab.
+
+
+ In the Port Forwarding node of the diagram, click View All.
+
+
+ Select the tier to which you want to apply the rule.
+
+
+ Specify the following:
+
+
+ Public Port: The port to which public traffic will
+ be addressed on the IP address you acquired in the previous step.
+
+
+ Private Port: The port on which the instance is
+ listening for forwarded public traffic.
+
+
+ Protocol: The communication protocol in use between
+ the two ports.
+
+
+ TCP
+
+
+ UDP
+
+
+
+
+ Add VM: Click Add VM. Select the name of the
+ instance to which this rule applies, and click Apply.
+ You can test the rule by opening an ssh session to the instance.
+
+
+
+
+
diff --git a/docs/en-US/castor-with-cs.xml b/docs/en-US/castor-with-cs.xml
new file mode 100644
index 00000000000..6385452b1ee
--- /dev/null
+++ b/docs/en-US/castor-with-cs.xml
@@ -0,0 +1,87 @@
+
+
+%BOOK_ENTITIES;
+]>
+
+
+ Using the CAStor Back-end Storage with &PRODUCT;
+ This section describes how to use a CAStor cluster as the back-end storage system for a
+ &PRODUCT; S3 front-end. The CAStor back-end storage for &PRODUCT; extends the existing storage
+ classes and allows the storage configuration attribute to point to a CAStor cluster.
+ This feature makes use of the &PRODUCT; server's local disk to spool files before writing
+ them to CAStor when handling the PUT operations. However, a file must be successfully written
+ into the CAStor cluster prior to the return of a success code to the S3 client to ensure that
+ the transaction outcome is correctly reported.
+
+ The S3 multipart file upload is not supported in this release. You are prompted with
+ proper error message if a multipart upload is attempted.
+
+ To configure CAStor:
+
+
+ Install &PRODUCT; 4.0 by following the instructions given in the INSTALL.txt
+ file.
+
+ You can use the S3 storage system in &PRODUCT; without setting up and installing the
+ compute components.
+
+
+
+ Enable the S3 API by setting "enable.s3.api = true" in the Global parameter section in
+ the UI and register a user.
+ For more information, see S3 API in
+ &PRODUCT;.
+
+
+ Edit the cloud-bridge.properties file and modify the "storage.root" parameter.
+
+
+ Set "storage.root" to the key word "castor".
+
+
+ Specify a CAStor tenant domain to which content is written. If the domain is not
+ specified, the CAStor default domain, specified by the "cluster" parameter in CAStor's
+ node.cfg file, will be used.
+
+
+ Specify a list of node IP addresses, or set "zeroconf" and the cluster
+ name. When using a static IP list with a large cluster, it is not necessary to include
+ every node, only a few is required to initialize the client software.
+ For example:
+ storage.root=castor domain=cloudstack 10.1.1.51 10.1.1.52 10.1.1.53
+ In this example, the configuration file directs &PRODUCT; to write the S3 files to
+ CAStor instead of to a file system, where the CAStor domain name is cloudstack, and the
+ CAStor node IP addresses are those listed.
+
+
+ (Optional) The last value is a port number on which to communicate with the CAStor
+ cluster. If not specified, the default is 80.
+ #Static IP list with optional port
+storage.root=castor domain=cloudstack 10.1.1.51 10.1.1.52 10.1.1.53 80
+#Zeroconf locator for cluster named "castor.example.com"
+storage.root=castor domain=cloudstack zeroconf=castor.example.com
+
+
+
+
+ Create the tenant domain within the CAStor storage cluster. If you omit this step before
+ attempting to store content, you will get HTTP 412 errors in the awsapi.log.
+
+
+
diff --git a/docs/en-US/configure-vpc.xml b/docs/en-US/configure-vpc.xml
new file mode 100644
index 00000000000..45237d21cbb
--- /dev/null
+++ b/docs/en-US/configure-vpc.xml
@@ -0,0 +1,36 @@
+
+
+%BOOK_ENTITIES;
+]>
+
+
diff --git a/docs/en-US/inter-vlan-routing.xml b/docs/en-US/inter-vlan-routing.xml
new file mode 100644
index 00000000000..49a833cdb5d
--- /dev/null
+++ b/docs/en-US/inter-vlan-routing.xml
@@ -0,0 +1,107 @@
+
+
+%BOOK_ENTITIES;
+]>
+
+
+ About Inter-VLAN Routing
+ Inter-VLAN Routing is the capability to route network traffic between VLANs. This feature
+ enables you to build Virtual Private Clouds (VPC), an isolated segment of your cloud, that can
+ hold multi-tier applications. These tiers are deployed on different VLANs that can communicate
+ with each other. You provision VLANs to the tiers your create, and VMs can be deployed on
+ different tiers. The VLANs are connected to a virtual router, which facilitates communication
+ between the VMs. In effect, you can segment VMs by means of VLANs into different networks that
+ can host multi-tier applications, such as Web, Application, or Database. Such segmentation by
+ means of VLANs logically separate application VMs for higher security and lower broadcasts,
+ while remaining physically connected to the same device.
+ This feature is supported on XenServer and VMware hypervisors.
+ The major advantages are:
+
+
+ The administrator can deploy a set of VLANs and allow users to deploy VMs on these
+ VLANs. A guest VLAN is randomly alloted to an account from a pre-specified set of guest
+ VLANs. All the VMs of a certain tier of an account reside on the guest VLAN allotted to that
+ account.
+
+ A VLAN allocated for an account cannot be shared between multiple accounts.
+
+
+
+ The administrator can allow users create their own VPC and deploy the application. In
+ this scenario, the VMs that belong to the account are deployed on the VLANs allotted to that
+ account.
+
+
+ Both administrators and users can create multiple VPCs. The guest network NIC is plugged
+ to the VPC virtual router when the first VM is deployed in a tier.
+
+
+ The administrator can create the following gateways to send to or receive traffic from
+ the VMs:
+
+
+ VPN Gateway: For more information, see .
+
+
+ Public Gateway: The public gateway for a VPC is
+ added to the virtual router when the virtual router is created for VPC. The public
+ gateway is not exposed to the end users. You are not allowed to list it, nor allowed to
+ create any static routes.
+
+
+ Private Gateway: For more information, see .
+
+
+
+
+ Both administrators and users can create various possible destinations-gateway
+ combinations. However, only one gateway of each type can be used in a deployment.
+ For example:
+
+
+ VLANs and Public Gateway: For example, an
+ application is deployed in the cloud, and the Web application VMs communicate with the
+ Internet.
+
+
+ VLANs, VPN Gateway, and Public Gateway: For
+ example, an application is deployed in the cloud; the Web application VMs communicate
+ with the Internet; and the database VMs communicate with the on-premise devices.
+
+
+
+
+ The administrator can define Access Control List (ACL) on the virtual router to filter
+ the traffic among the VLANs or between the Internet and a VLAN. You can define ACL based on
+ CIDR, port range, protocol, type code (if ICMP protocol is selected) and Ingress/Egress
+ type.
+
+
+ The following figure shows the possible deployment scenarios of a Inter-VLAN setup:
+
+
+
+
+
+ mutltier.png: a multi-tier setup.
+
+
+ To set up a multi-tier Inter-VLAN deployment, see .
+