diff --git a/terraform/demo4-scale-out-lb/demo4-scale-out-lb.tf b/terraform/demo4-scale-out-lb/demo4-scale-out-lb.tf
new file mode 100644
index 0000000..6e3a9e4
--- /dev/null
+++ b/terraform/demo4-scale-out-lb/demo4-scale-out-lb.tf
@@ -0,0 +1,353 @@
+# Define CloudComp group number
+variable "group_number" {
+  type = string
+  default = "30"
+}
+
+# Define OpenStack credentials, project config etc.
+locals {
+  auth_url      = "https://private-cloud.informatik.hs-fulda.de:5000/v3"
+  user_name     = "CloudComp${var.group_number}"
+  user_password = "demo"
+  tenant_name   = "CloudComp${var.group_number}"
+  network_name  = "CloudComp${var.group_number}-net"
+  image_name    = "Ubuntu 18.04 - Bionic Beaver - 64-bit - Cloud Based Image"
+  flavor_name   = "m1.small"
+  region_name   = "RegionOne"
+}
+
+# Define OpenStack provider
+terraform {
+required_version = ">= 0.14.0"
+  required_providers {
+    openstack = {
+      source  = "terraform-provider-openstack/openstack"
+      version = ">= 1.40.0"
+    }
+  }
+}
+
+# Configure the OpenStack Provider
+provider "openstack" {
+  user_name   = local.user_name
+  tenant_name = local.tenant_name
+  password    = local.user_password
+  auth_url    = local.auth_url
+  region      = local.region_name
+  use_octavia = true
+}
+
+# import keypair
+resource "openstack_compute_keypair_v2" "terraform-keypair" {
+  name       = "my-terraform-pubkey"
+  #public_key = file("~/.ssh/id_rsa.pub")
+}
+
+# create api security group
+resource "openstack_networking_secgroup_v2" "terraform-secgroup-api" {
+  name        = "my-terraform-secgroup-api"
+  description = "for API services only"
+}
+
+resource "openstack_networking_secgroup_rule_v2" "terraform-secgroup-api-rule-http" {
+  direction         = "ingress"
+  ethertype         = "IPv4"
+  protocol          = "tcp"
+  port_range_min    = 80
+  port_range_max    = 80
+  #remote_ip_prefix  = "0.0.0.0/0"
+  security_group_id = openstack_networking_secgroup_v2.terraform-secgroup-api.id
+}
+
+resource "openstack_networking_secgroup_rule_v2" "terraform-secgroup-api-rule-ssh" {
+  direction         = "ingress"
+  ethertype         = "IPv4"
+  protocol          = "tcp"
+  port_range_min    = 22
+  port_range_max    = 22
+  #remote_ip_prefix  = "0.0.0.0/0"
+  security_group_id = openstack_networking_secgroup_v2.terraform-secgroup-api.id
+}
+
+# create worker security group
+resource "openstack_networking_secgroup_v2" "terraform-secgroup-worker" {
+  name        = "my-terraform-secgroup-worker"
+  description = "for services that run on a worker node"
+}
+
+resource "openstack_networking_secgroup_rule_v2" "terraform-secgroup-worker-rule-ssh" {
+  direction         = "ingress"
+  ethertype         = "IPv4"
+  protocol          = "tcp"
+  port_range_min    = 22
+  port_range_max    = 22
+  #remote_ip_prefix  = "0.0.0.0/0"
+  security_group_id = openstack_networking_secgroup_v2.terraform-secgroup-worker.id
+}
+
+resource "openstack_networking_secgroup_v2" "terraform-secgroup-control" {
+  name        = "my-terraform-secgroup-control"
+  description = "for services that run on a control node"
+}
+
+resource "openstack_networking_secgroup_rule_v2" "terraform-secgroup-control-rule-ssh" {
+  direction         = "ingress"
+  ethertype         = "IPv4"
+  protocol          = "tcp"
+  port_range_min    = 22
+  port_range_max    = 22
+  #remote_ip_prefix  = "0.0.0.0/0"
+  security_group_id = openstack_networking_secgroup_v2.terraform-secgroup-control.id
+}
+
+resource "openstack_networking_secgroup_rule_v2" "terraform-secgroup-control-rule-http" {
+  direction         = "ingress"
+  ethertype         = "IPv4"
+  protocol          = "tcp"
+  port_range_min    = 80
+  port_range_max    = 80
+  #remote_ip_prefix  = "0.0.0.0/0"
+  security_group_id = openstack_networking_secgroup_v2.terraform-secgroup-control.id
+}
+
+resource "openstack_networking_secgroup_rule_v2" "terraform-secgroup-control-rule-rabbitmq" {
+  direction         = "ingress"
+  ethertype         = "IPv4"
+  protocol          = "tcp"
+  port_range_min    = 5672
+  port_range_max    = 5672
+  remote_group_id   = openstack_networking_secgroup_v2.terraform-secgroup-worker.id
+  security_group_id = openstack_networking_secgroup_v2.terraform-secgroup-control.id
+}
+
+# create services security group
+resource "openstack_networking_secgroup_v2" "terraform-secgroup-services" {
+  name        = "my-terraform-secgroup-services"
+  description = "for DB and AMQP services only"
+}
+
+resource "openstack_networking_secgroup_rule_v2" "terraform-secgroup-services-rule-ssh" {
+  direction         = "ingress"
+  ethertype         = "IPv4"
+  protocol          = "tcp"
+  port_range_min    = 22
+  port_range_max    = 22
+  #remote_ip_prefix  = "0.0.0.0/0"
+  security_group_id = openstack_networking_secgroup_v2.terraform-secgroup-services.id
+}
+
+resource "openstack_networking_secgroup_rule_v2" "terraform-secgroup-services-rule-http" {
+  direction         = "ingress"
+  ethertype         = "IPv4"
+  protocol          = "tcp"
+  port_range_min    = 80
+  port_range_max    = 80
+  #remote_ip_prefix  = "0.0.0.0/0"
+  security_group_id = openstack_networking_secgroup_v2.terraform-secgroup-services.id
+}
+
+resource "openstack_networking_secgroup_rule_v2" "terraform-secgroup-services-rule-mysql-api" {
+  direction         = "ingress"
+  ethertype         = "IPv4"
+  protocol          = "tcp"
+  port_range_min    = 3306
+  port_range_max    = 3306
+  remote_group_id   = openstack_networking_secgroup_v2.terraform-secgroup-api.id
+  security_group_id = openstack_networking_secgroup_v2.terraform-secgroup-services.id
+}
+
+resource "openstack_networking_secgroup_rule_v2" "terraform-secgroup-services-rule-rabbitmq-worker" {
+  direction         = "ingress"
+  ethertype         = "IPv4"
+  protocol          = "tcp"
+  port_range_min    = 5672
+  port_range_max    = 5672
+  remote_group_id   = openstack_networking_secgroup_v2.terraform-secgroup-worker.id
+  security_group_id = openstack_networking_secgroup_v2.terraform-secgroup-services.id
+}
+
+resource "openstack_networking_secgroup_rule_v2" "terraform-secgroup-services-rule-rabbitmq-api" {
+  direction         = "ingress"
+  ethertype         = "IPv4"
+  protocol          = "tcp"
+  port_range_min    = 5672
+  port_range_max    = 5672
+  remote_group_id   = openstack_networking_secgroup_v2.terraform-secgroup-api.id
+  security_group_id = openstack_networking_secgroup_v2.terraform-secgroup-services.id
+}
+
+
+###########################################################################
+#
+# create app-services instance
+#
+###########################################################################
+resource "openstack_compute_instance_v2" "terraform-instance-app-services" {
+  name              = "my-terraform-app-services"
+  image_name        = local.image_name
+  flavor_name       = local.flavor_name
+  key_pair          = openstack_compute_keypair_v2.terraform-keypair.name
+  security_groups   = [openstack_networking_secgroup_v2.terraform-secgroup-services.name]
+
+  network {
+    name = local.network_name
+  }
+
+  user_data = <<-EOF
+    #!/usr/bin/env bash
+    curl -L -s https://gogs.informatik.hs-fulda.de/srieger/cloud-computing-msc-ai-examples/raw/master/faafo/contrib/install.sh | bash -s -- \
+      -i database -i messaging
+    rabbitmqctl add_user faafo guest
+    rabbitmqctl set_user_tags faafo administrator
+    rabbitmqctl set_permissions -p / faafo ".*" ".*" ".*"
+  EOF
+}
+
+###########################################################################
+#
+# create app-api instances
+#
+###########################################################################
+resource "openstack_compute_instance_v2" "terraform-instance-app-api-1" {
+  name              = "my-terraform-app-api-1"
+  image_name        = local.image_name
+  flavor_name       = local.flavor_name
+  key_pair          = openstack_compute_keypair_v2.terraform-keypair.name
+  security_groups   = [openstack_networking_secgroup_v2.terraform-secgroup-api.name]
+
+  network {
+    name = local.network_name
+  }
+
+  user_data = <<-EOF
+    #!/usr/bin/env bash
+    curl -L -s https://gogs.informatik.hs-fulda.de/srieger/cloud-computing-msc-ai-examples/raw/master/faafo/contrib/install.sh | bash -s -- \
+        -i faafo -r api -m 'amqp://faafo:guest@${openstack_compute_instance_v2.terraform-instance-app-services.access_ip_v4}:5672/' \
+        -d 'mysql+pymysql://faafo:password@${openstack_compute_instance_v2.terraform-instance-app-services.access_ip_v4}:3306/faafo'
+  EOF
+}
+
+resource "openstack_compute_instance_v2" "terraform-instance-app-api-2" {
+  name            = "my-terraform-app-api-2"
+  image_name      = local.image_name
+  flavor_name     = local.flavor_name
+  key_pair        = openstack_compute_keypair_v2.terraform-keypair.name
+  security_groups = [openstack_networking_secgroup_v2.terraform-secgroup-api.id]
+
+  network {
+    name = local.network_name
+  }
+
+  user_data = <<-EOF
+    #!/usr/bin/env bash
+    curl -L -s https://gogs.informatik.hs-fulda.de/srieger/cloud-computing-msc-ai-examples/raw/master/faafo/contrib/install.sh | bash -s -- \
+        -i faafo -r api -m 'amqp://faafo:guest@${openstack_compute_instance_v2.terraform-instance-app-services.access_ip_v4}:5672/' \
+        -d 'mysql+pymysql://faafo:password@${openstack_compute_instance_v2.terraform-instance-app-services.access_ip_v4}:3306/faafo'
+  EOF
+}
+
+###########################################################################
+#
+# create worker instances
+#
+###########################################################################
+resource "openstack_compute_instance_v2" "terraform-instance-app-worker-1" {
+  name            = "my-terraform-app-worker-1"
+  image_name      = local.image_name
+  flavor_name     = local.flavor_name
+  key_pair        = openstack_compute_keypair_v2.terraform-keypair.name
+  security_groups = [openstack_networking_secgroup_v2.terraform-secgroup-worker.id]
+
+  network {
+    name = local.network_name
+  }
+
+  user_data = <<-EOF
+    #!/usr/bin/env bash
+    curl -L -s https://gogs.informatik.hs-fulda.de/srieger/cloud-computing-msc-ai-examples/raw/master/faafo/contrib/install.sh | bash -s -- \
+        -i faafo -r worker -e 'http://${openstack_compute_instance_v2.terraform-instance-app-api-1.access_ip_v4}' -m 'amqp://faafo:guest@${openstack_compute_instance_v2.terraform-instance-app-services.access_ip_v4}:5672/'
+  EOF
+}
+
+resource "openstack_compute_instance_v2" "terraform-instance-app-worker-2" {
+  name            = "my-terraform-app-worker-2"
+  image_name      = local.image_name
+  flavor_name     = local.flavor_name
+  key_pair        = openstack_compute_keypair_v2.terraform-keypair.name
+  security_groups = [openstack_networking_secgroup_v2.terraform-secgroup-worker.id]
+
+  network {
+    name = local.network_name
+  }
+
+  user_data = <<-EOF
+    #!/usr/bin/env bash
+    curl -L -s https://gogs.informatik.hs-fulda.de/srieger/cloud-computing-msc-ai-examples/raw/master/faafo/contrib/install.sh | bash -s -- \
+        -i faafo -r worker -e 'http://${openstack_compute_instance_v2.terraform-instance-app-api-1.access_ip_v4}' -m 'amqp://faafo:guest@${openstack_compute_instance_v2.terraform-instance-app-services.access_ip_v4}:5672/'
+  EOF
+}
+
+###########################################################################
+#
+# create load balancer
+#
+###########################################################################
+data "openstack_networking_network_v2" "network_1" {
+  name = local.network_name
+}
+
+resource "openstack_lb_loadbalancer_v2" "lb_1" {
+  vip_subnet_id = data.openstack_networking_network_v2.network_1.subnets[0]
+}
+
+resource "openstack_lb_listener_v2" "listener_1" {
+  protocol        = "HTTP"
+  protocol_port   = 80
+  loadbalancer_id = openstack_lb_loadbalancer_v2.lb_1.id
+  connection_limit = 1024
+}
+
+resource "openstack_lb_pool_v2" "pool_1" {
+  protocol    = "HTTP"
+  lb_method   = "ROUND_ROBIN"
+  listener_id = openstack_lb_listener_v2.listener_1.id
+}
+
+resource "openstack_lb_members_v2" "members_1" {
+  pool_id = openstack_lb_pool_v2.pool_1.id
+
+  member {
+    address       = openstack_compute_instance_v2.terraform-instance-app-api-1.access_ip_v4
+    protocol_port = 80
+  }
+
+  member {
+    address       = openstack_compute_instance_v2.terraform-instance-app-api-2.access_ip_v4
+    protocol_port = 80
+  }
+}
+
+resource "openstack_lb_monitor_v2" "monitor_1" {
+  pool_id        = openstack_lb_pool_v2.pool_1.id
+  type           = "HTTP"
+  delay          = 5
+  timeout        = 5
+  max_retries    = 3
+  http_method    = "GET"
+  url_path       = "/"
+  expected_codes = 200
+}
+
+###########################################################################
+#
+# assign floating ip to load balancer
+#
+###########################################################################
+resource "openstack_networking_floatingip_v2" "fip_1" {
+  pool    = "public1"
+  port_id = openstack_lb_loadbalancer_v2.lb_1.vip_port_id
+}
+
+output "loadbalancer_vip_addr" {
+  value = openstack_networking_floatingip_v2.fip_1
+}
diff --git a/terraform/demo4-scale-out-lb/get-terraform.sh b/terraform/demo4-scale-out-lb/get-terraform.sh
new file mode 100644
index 0000000..46e7ae5
--- /dev/null
+++ b/terraform/demo4-scale-out-lb/get-terraform.sh
@@ -0,0 +1,3 @@
+#!/bin/bash
+wget https://releases.hashicorp.com/terraform/0.14.10/terraform_0.14.10_linux_amd64.zip -O terraform_0.14.10_linux_amd64.zip
+unzip -o terraform_0.14.10_linux_amd64.zip
diff --git a/terraform/demo4-scale-out-lb/run-terraform.sh b/terraform/demo4-scale-out-lb/run-terraform.sh
new file mode 100644
index 0000000..2ebad6f
--- /dev/null
+++ b/terraform/demo4-scale-out-lb/run-terraform.sh
@@ -0,0 +1,5 @@
+#!/bin/bash
+./terraform init
+./terraform plan
+./terraform apply
+./terraform destroy