Overview
Service Orchestration is the coordination and arrangement of multiple services exposed as a single aggregate service. Developers utilize Service Orchestration to,
Support the automation of business processes by loosely coupling services across different applications and enterprises.
Creating second-generation, composite applications.
In other words, service orchestration is the combination of service interactions to:
Create higher-level business services.
This topic describes the requirements for HyperCloud™ Platform (HCP) to manage & provision Virtual Machine(VMs) to multiple cloud providers:
VMware vSphere Provider Requirements
VMware vSphere was formerly known as VMware Infrastructure. This is the brand name for VMware's suite of server virtualization products that:
Includes its ESXi hypervisor and vCenter management software.
Undergoes periodic revisions and updates to add features; modifications to the application program interface (API), and changes to the ESXi shell.
The following are the minimum requirements for managing VMware vSphere using HCP:
General:
VMware vCenter Server is mandatory. [1]
Compute & Storage:
HyperCloud uses the concept of an Availability Zone which maps to:
One or more vSphere datacenters.
One or more vSphere clusters with one or more shared storages (VSAN, iSCSI, NFS, or FCP).
Virtual Networking:
One or more distributed switches managing the vSphere Cluster Networking.
One or more routable (DHCP) VLANs backed distributed port groups for VMs preconfigured in vCenter Server.
Distributed Switch physical uplinks must be configured to trunk all VM VLANs.
Authentication:
Use a service account (example: hc_vcenter_svc@vsphere.local) for connecting the HyperCloud to vCenter Server with the following permissions:
Datastore > Browse Datastore > Allocate Space Virtual Machine > Configuration > <Select All Permissions> Virtual Machine > Inventory > <Select All Permissions> Interaction > <Select All Permissions> Provisioning > Customize Provisioning > Deploy Template Provisioning > Read Customization specifications Network > Assign Network Resource > Assign Virtual Machine to Resource Pool
VM Templates:
VM Templates must be pre-created and marked as templates in the VMware vCenter Server. [2]
Information
[1] SaaS-based HyperCloud deployment requires access to VMware vCenter via Public NAT.
Refer to Firewall for further assistance.
[2] Refer to the VM Preparation guidelines.
Microsoft Hyper-V Provider Requirements
Microsoft Hyper-V is virtualization software that, well, virtualizes the software. It can not only virtualize the operating systems but also the entire hardware components, such as hard drives and network switches. Unlike Fusion and Virtualbox, Hyper-V is not limited to the user’s device; you can use it for server virtualization as well.
The following are minimum requirements for managing Microsoft Hyper-V using HCP:
General:
Hyper-V Nodes must be set up in a Fail Over Cluster. [1]
Compute & Storage:
HyperCloud manages Hyper-V nodes using a Host agent (proxy).
This agent must be installed on all Hyper-V Server.
Update the value of < HCP_Proxy_Password > using the following command with Run As Administrator privileges:
PowerShell.exe -ExecutionPolicy Bypass -Command "get https://repo.skygrid.cloud/repo/6.x/6.5.2/LATEST/proxy/HyperVProxy_Install_Windows_v1.3.ps1 OutFile ProxyInstaller.ps1; & .\ProxyInstaller.ps1 4434 <HCP_Proxy_Password>"
Hyper-V Node must be configured with Clustered Storage Volumes.
One Cluster Shared Volume (CSV) for VM Templates (vhdx) Storage.
One Cluster Shared Volume (CSV) for deploying VMs using HyperCloud Portal.
HyperCloud uses the concept of an Availability Zone which maps to,
One Hyper-V Failover Cluster Manager
One Cluster Shared Volume for VM Template Storage.
Example: C:\CSVs\Hypercloud_TemplatesOne Cluster Shared Volume for deploying VMs.
Example: C:\CSVs\Hypercloud_Production.
Virtual Networking:
Hyper-V vmSwitch and its NIC must be configured to trunk all or required VLANs.
DHCP IP Addressing must be configured for the VLAN selected during VM Provisioning.
VM VLANs must be routable and be able to reach the HyperCloud portal on port 5671. [2]
Authentication:
Create a dedicated Windows AD service account
Example: svc_hcp@domain.com with the following permissions:must belong to the Active Directory Domain.
must not be a member of Domain Admins Group.
must be a member of local administrators on each Hyper-V Server.
must be allowed Logon as a service right on each Hyper-V Server.
VM Templates:
VM Templates must be provided as VHDX files and placed in the Share CSV. This path will be configured in the Availability Zone. [3]
Information
[1] HCP does not support Microsoft System Center Virtual Machine Manager.
[2] See Firewall Requirements.
[3] Refer to the VM Template Preparation guidelines.
Open Virtualization Manager (Ovirt) KVM Provider Requirements
Following are the minimum requirements for managing Ovirt KVM using HyperCloud:
General:
Ovirt Manager is mandatory.
Compute & Storage: HyperCloud uses the concept of an Availability Zone which maps to:
One data center (local or Shared).
One storage domain (data) for VMs.
One storage domain for VM Templates (local or Shared).
Virtual Networking:
At least one VLAN backed network pre-created in Ovirt Manager.
VM Networks backed by VLANs must have the DHCP IP Addressing enabled.
Ovirt virtual switch physical uplinks must be configured to trunk all VM VLANs.
VM Templates:
VM Templates must be pre-created in the same datacenter as the cluster. [1]
Information:
[1] Refer VM Template Preparation guidelines.
VMware vCloud Director Provider
Following are minimum requirements for managing VMware vCloud Director using HCP:
General:
VMware vCloud Director must be accessible to HCP using FQDN.
VMware vCloud Director must be configured with VMware NSX.
Network Pools must be backed by VxLAN. [1]
For connecting HCP to vCloud Director Organization only, ensure that Org Admin User is configured with the Organization Administrator role.
Compute & Storage (Organization vDC):
Minimum one organization with one organization VDC.
Organization vDC must use Storage Policy. Network Pool must be backed by VxLAN i.e. greater than 1000 if deploying a large number of VMs.
Virtual Networking:
Each Organization vDC must have at least one Edge Gateway connected to the provider network.
The provider network must be configured and have a set of IP Pool for NATing HCP deployed VMs. [2]
Each Organization must have at least one Organization Networks preconfigured.
vApp Networks will be created by HCP using the Network Pool backed by VxLAN. [3]
VM templates
VM Templates must be pre-created and added to vCD Public or Organization Catalog. [4]
Information:
[1] HCP VM deployment translates to one vApp in vCloud Director. It, therefore, creates vApp networks when one VM is deployed via HCP.
[2] HCP will assign and configure NAT on Edge Gateway using IPs from provider Network if configured in HCP IP Pool.
[3] HCP deploys one vApp per VM and hence creates vApp networks for each VM.
[4] Multi-Tier vApp templates are not supported. This feature is available using HCP Blueprints.
Refer to VM Template Preparation guidelines.
Firewall Requirements
A firewall is a network security device that monitors incoming and outgoing network traffic and permits or blocks data packets based on a set of security rules. Its purpose is to establish a barrier between your internal network and the incoming traffic from external sources such as the internet in order to block malicious traffic like viruses and hackers.
All applicable firewalls must be configured with the following ports:
Caution
HyperGrid will provide the Kubernetes Load Balancer IP address mentioned below.
Service | Source | Destination | Protocol/Ports |
Authentication | HyperCloud AMPQ IP | AD/LDAP Services | TCP: 389,636 |
SAML IDP | TCP: 443 | ||
Service Orchestration | HyperCloud AMPQ IP | Microsoft Failover Cluster 1 | TCP: 4434 1 |
VMware vCenter Server 1 | TCP: 443 1 | ||
Ovirt Manager (KVM) 1 | TCP: 443 1 | ||
VMware vCloud Director 1 | TCP: 443 1 | ||
Service Orchestration | HyperCloud AMPQ IP | Linux/Windows VMs | TCP: 22 2 |
Notification | HyperCloud AMPQ IP | SMTP Relay Mail Server | TCP: 25,465, 587 |
Agent | Linux/Windows VMs | HyperCloud™ URL & AMPQ IP | TCP: 443, 5671 |
Linux/Windows VMs | TCP: 443 |
Notes:
(1) Ensure Private Cloud Providers have a public NAT only to SaaS HyperCloudTM Portal IP Addresses provided by HyperGrid.
(2) Only needed if HyperCloudTM will install the HyperCloudTM Agent via SSH.
Ignore if Agent is pre-installed or installed on demand via cloud-init (Recommended) for VMware/Hyper-V/KVM Templates
VM Template Preparation
VM Template Preparation (non-cloud-init)
Before You Begin
Ensure VM (Template) has network connectivity to https://repo.skygrid.cloud/repo/ & Linux Repository.
VMware vSphere
Guest Customization:
Create VMware Guest Customization with the exact same name as the VM Template Name.
Example: When HCP deploys a VM from the Template VMT-Win2k16x64 it will use the Guest Customization with the name VMT-Win2k16x64 if available to customize the provisioned VM.(1)
Guest Customization Configuration:
Computer Name: Select use the Virtual Machine Name.
Network Type: DHCP
Windows Guest Customization:
Login Automatically as Administrator: 1
Run Once: Add the following in the Run once Command:
c:\WINDOWS\system32\WindowsPowerShell\v1.0\powershell.exe -ExecutionPolicy bypass -Command "Invoke-WebRequest https://repo.skygrid.cloud/snapshot/6.5.2/LATEST/agents/hcp_agent_install_windows.ps1 OutFile c:\hcp_agent_install_windows.ps1" c:\WINDOWS\system32\WindowsPowerShell\v1.0\powershell.exe -ExecutionPolicy bypass -Command "c:\hcp_agent_install_windows.ps1 https://repo.skygrid.cloud/snapshot/6.3.1/LATEST/ AUTO_INSERT < HyperCloud_Platform_PROD_FQDN>_https://<HyperCloud_Platform_PROD_FQDN > 5671 docker.skip (2) |
VM Tools:
The latest VMware Tools must be installed on the VM Template or Guest Customization will fail.
Information
Refer VMware Supported OS for Guest Customization for supported Guest OS.
Microsoft Hyper-V Requirements:
Hyper-V Templates must be placed in a Cluster Shared Volume in the form of VHDX files.
Ensure Hyper-V Integration Tools & service is installed and configured. (3)
Information
Refer Hyper-V Integration Services and Supported Linux and FreeBSD virtual-machines.
Open Virtualization (Ovirt) KVM Requirements:
Ovirt Guest Agent & tools must be installed as described in Ovirt Guest Agent and Tools.
Ensure VM Templates are in the same datacenter used in HyperCloud to configure the Availability Zone.
VMware vCloud Director:
Ensure VM Tools is installed on vApp Templates. (4)
Ensure vApp Templates contain only one Tier (Single VM). It must be added to at least one Organization Catalog. (5)
Guest OS must belong to the list of the supported OS in VMware Supported OS for Guest Customization.
When creating a Template from an existing vApp, set vApp network = none.
VM Template Preparation (Pre-Install HyperCloud Agent) (Recommended):
This topic describes preinstalling the agent on VM Templates so HyperCloud does not need to install the agent on VMs deployed from the VM Template. (6)Linux VM Templates (CentOS/Ubuntu/RHEL):
Update the values for HCP_FQDN & run the following command on the Linux VM Template.
/bin/yum -y install curl | /usr/bin/apt-get update && /usr/bin/apt-get -y install curl; curl -Ls https://repo.skygrid.cloud/repo/6.x/6.5.2/LATEST/agents/hcp_linux_agent.sh | bash -s https://repo.skygrid.cloud/repo/LATEST AUTO_INSERT <HCP_FQDN>_https://<HCP_FQDN> 5671 docker.skip |
|---|
Windows VM Templates:
Update HCP_FQDN & run the following in CMD Prompt
PowerShell.exe -ExecutionPolicy Bypass -Command "Invoke-WebRequest https://repo.skygrid.cloud/repo/6.x/6.5.2/LATEST/agents/hcp_agent_install_windows.ps1 OutFile hcp_agent_install_windows.ps1 ; & .\hcp_agent_install_windows.ps1 https:// repo.skygrid.cloud/repo/LATEST AUTO_INSERT <HCP_FQDN>_https://<HCP_FQDN> 5671 docker.skip"(7) |
Caution
(1) If the same vCenter Server will be used by more than one HCP, then clone the same VM Template for each HCP.
Example: use a Prefix, VMT-HCP-PROD-Win2k16x64, and VMT-HCP-QA-Win2k16x64 which will be used by the PROD and QA HCP respectively.
Clone the Guest Customization too and ensure the name matches the VM Template name.
(2) Update the HyperCloud_Platform_PROD_FQDN to HyperCloud_Platform_QA_FQDN for customizing VMs deployed from other HyperCloud_Platform(s).
(3) For Linux VMs, remove the older version of the kernel and reboot the system.
(4) Only vApp Templates created in vCloud or imported from vCenter are supported. ISO and OVA formats are not supported.
(5) Use HyperCloud Blueprints to create a multi-tier deployment.
(6) Use this only if the VMs deployed using HyperCloud do not have internet access.
(7) For Hyper-V & KVM, run the following before shutting down the VM Template:
sysprep.exe /oobe /generalize /shutdown /mode:vm # /unattend: Use an unattend.xml if available.
VM Template Preparation (cloud-init)
Before You Begin
Ensure that the VM (Template) has network connectivity to https://repo.skygrid.cloud.
Ensure that VM has internet access to Linux repositories.
VMware vSphere Requirements:
VM Tools:
VMware Tools must be installed on the VM Template or customization will fail.
Refer VM Template Preparation (Installing Cloud-Init)
Microsoft Hyper-V Requirements:
Hyper-V Templates must be placed in a Cluster Shared Volume in the form of VHDX files.
Refer VM Template Preparation (Installing Cloud-init) below,
Open Virtualization (Ovirt) KVM Requirements
Ovirt Guest Agent & tools must be installed as described in Ovirt Guest Agent & tools. (1)
VMware vCloud Director: Not Supported
VM Template Preparation (Installing Cloud-init):
Linux VM Templates (CentOS/Ubuntu): Update the following values:
#CentOS
#----------
sudo yum update -y
sudo yum install -y cloud-init
# Update /etc./cloud/cloud.cfg
# to allow root and password authentication run the following command
sudo sed -i 's/ssh_pwauth: false/ssh_pwauth: true/g' /etc./cloud/cloud.cfg
sudo sed -i 's/disable_root: true/disable_root: false/g' /etc./cloud/cloud.cfg
#vim:syntax=yaml
datasource_list: ["NoCloud", "ConfigDrive"]
CentOS 6.x and below*#---------------------------
#remove udev rules for network adapters
rm /etc./udev/rules.d/70-persistent-net.rules
#Ubuntusudo apt-get update
sudo apt-get upgrade -y
sudo apt-get install cloud-init -y#Edit 90_dpkg.cfg to remove items in datasource_list except the following
datasource_list: [ NoCloud, ConfigDrive, None ]
Windows VM Templates (Window 2016):
Windows VM requires cloudbase-init for Guest Customization. Run the following command to install Cloudbase-init. (3)
Update the following 3 files as shown below before running sysprep via CloudBase-Init Installer
C:\Program Files\Cloudbase Solutions\Cloudbase-Init\conf\cloudbase-init.conf |
[DEFAULT] |
C:\Program Files\Cloudbase Solutions\Cloudbase-Init\confcloudbase-init-unattend.conf |
[DEFAULT] |
C:\Program Files\Cloudbase Solutions\Cloudbase-Init\confunattend.xml | |
<?xml version="1.0" encoding="utf-8"?> | exit 2"</Path> |
|---|
Once all 3 files are edited, return to the Cloudbase-Init installer and select Sysprep and click Finish. This will generalize the system and shut down the VM. Mark the VM as a template based on the Hypervisor of your choice.
Caution
(1) For older Linux distributions remove the /etc./udev/rules.d/70-persistent-net.rules file before shutting down the VM.
(2) Remove the NIC on the VM prior to converting the VM to Template.
Refer to VM Template Preparation (Installing Cloud-Init).
(3) Before installing cloudbase-init in the VM Template, take a snapshot of the VM.
(4) Ensure the Administrator default password is configured. In this Example: HyperGrid123.