Overview
Service Orchestration is the coordination and arrangement of multiple services exposed as a single aggregate service. Developers utilize Service Orchestration to,
Support the automation of business processes by loosely coupling services across different applications and enterprises.
Creating second-generation, composite applications.
In other words, service orchestration is the combination of service interactions to,
Create higher-level business services.
This topic describes the requirements for HyperCloud™ Platform (HCP) to manage & provision Virtual Machine(VMs) to multiple cloud providers:
VMware vSphere Provider Requirements
VMware vSphere was formerly known as VMware Infrastructure. This is the brand name for VMware's suite of server virtualization products that:
Includes its ESXi hypervisor and vCenter management software.
Undergoes periodic revisions and updates to add features; modifications to the application program interface (API), and changes to the ESXi shell.
The following are the minimum requirements for managing VMware vSphere using HCP:
General:
VMware vCenter Server is mandatory. [1]
Compute & Storage:
HyperCloud uses the concept of an Availability Zone which maps to:
One or more vSphere datacenters.
One or more vSphere clusters with one or more shared storages (VSAN, iSCSI, NFS, or FCP).
Virtual Networking:
One or more distributed switches managing the vSphere Cluster Networking.
One or more routable (DHCP) VLANs backed distributed port groups for VMs preconfigured in vCenter Server.
Distributed Switch physical uplinks must be configured to trunk all VM VLANs.
Authentication:
Use a service account (example: hc_vcenter_svc@vsphere.local) for connecting the HyperCloud to vCenter Server with the following permissions:
Datastore > Browse |
---|
VM Templates:
VM Templates must be pre-created and marked as templates in the VMware vCenter Server. [2]
Information
[1] SaaS-based HyperCloud deployment requires access to VMware vCenter via Public NAT.
Refer to Firewall for further assistance.
[2] Refer to Appendix-A and Appendix-B for VM Preparation guidelines.
Microsoft Hyper-V Provider Requirements
Microsoft Hyper-V is a virtualization software that, well, virtualizes the software. It can not only virtualize the operating systems but also the entire hardware components, such as hard drives and network switches. Unlike Fusion and Virtualbox, Hyper-V is not limited to the user’s device; you can use it for server virtualization as well.
The following are minimum requirements for managing Microsoft Hyper-V using HCP:
General:
Hyper-V Nodes must be set up in a Fail Over Cluster. [1]
Compute & Storage:
HyperCloud manages Hyper-V nodes using a Host agent (proxy).
This agent must be installed on all Hyper-V Server.
Update the value of < HCP_Proxy_Password > using the following command with Run As Administrator privileges:
PowerShell.exe -ExecutionPolicy Bypass -Command "get https://repo.skygrid.cloud/repo/6.x/6.5.2/LATEST/proxy/HyperVProxy_Install_Windows_v1.3.ps1 OutFile ProxyInstaller.ps1; & .\ProxyInstaller.ps1 4434 <HCP_Proxy_Password>"
Hyper-V Node must be configured with Clustered Storage Volumes.
One Cluster Shared Volume (CSV) for VM Templates (vhdx) Storage.
One Cluster Shared Volume (CSV) for deploying VMs using HyperCloud Portal.
HyperCloud uses the concept of an Availability Zone which maps to,
One Hyper-V Failover Cluster Manager
One Cluster Shared Volume for VM Template Storage.
Example: C:\CSVs\Hypercloud_TemplatesOne Cluster Shared Volume for deploying VMs.
Example: C:\CSVs\Hypercloud_Production.
Virtual Networking:
Hyper-V vmSwitch and its NIC must be configured to trunk all or required VLANs.
DHCP IP Addressing must be configured for the VLAN selected during VM Provisioning.
VM VLANs must be routable and be able to reach the HyperCloud portal on port 5671. [2]
Authentication:
Create a dedicated Windows AD service account (Example: svc_hcp@domain.com) with the following permissions:
must belong to the Active Directory Domain.
must not be a member of Domain Admins Group.
must be a member of local administrators on each Hyper-V Server.
must be allowed Logon as a service right on each Hyper-V Server.
VM Templates:
VM Templates must be provided as VHDX files and placed in the Share CSV. This path will be configured in the Availability Zone. [3]
Information
[1] HCP does not support Microsoft System Center Virtual Machine Manager.
[2] See Firewall Requirements.
[3] Refer Appendix-A and Appendix-B for VM Template preparation guidelines
Open Virtualization Manager (Ovirt) KVM Provider Requirements
Following are the minimum requirements for managing Ovirt KVM using HyperCloud:
General:
Ovirt Manager is mandatory.
Compute & Storage: HyperCloud uses the concept of an Availability Zone which maps to:
One data center (local or Shared).
One storage domain (data) for VMs.
One storage domain for VM Templates (local or Shared).
Virtual Networking:
At least one VLAN backed network pre-created in Ovirt Manager.
VM Networks backed by VLANs must have the DHCP IP Addressing enabled.
Ovirt virtual switch physical uplinks must be configured to trunk all VM VLANs.
VM Templates:
VM Templates must be pre-created in the same datacenter as the cluster. [1]
Information: [1] Refer Appendix-A and Appendix-B for VM Template preparation guidelines.
VMware vCloud Director Provider
Following are minimum requirements for managing VMware vCloud Director using HCP:
General:
VMware vCloud Director must be accessible to HCP using FQDN.
VMware vCloud Director must be configured with VMware NSX.
Network Pools must be backed by VxLAN. [1]
For connecting HCP to vCloud Director Organization only, ensure that Org Admin User is configured with the Organization Administrator role.
Compute & Storage (Organization vDC):
Minimum one organization with one organization VDC.
Organization vDC must use Storage Policy. Network Pool must be backed by VxLAN i.e. greater than 1000 if deploying large number of VMs.
Virtual Networking:
Each Organization vDC must have at least one Edge Gateway connected to the provider network.
Provider network must be configured and have a set of IP Pool for NATing HCP deployed VMs. [2]
Each Organization must have at least one Organization Networks preconfigured.
vApp Networks will be created by HCP using the Network Pool backed by VxLAN. [3]
VM templates
VM Templates must be pre-created and added to vCD Public or Organization Catalog. [4]
Information:
[1] HCP VM deployment translates to one vApp in vCloud Director. It therefore creates vApp networks when one VM is deployed via HCP.
[2] HCP will assign and configure NAT on Edge Gateway using IPs from provider Network, if configured in HCP IP Pool.
[3] HCP deploys one vApp per VM and hence creates vApp networks for each VM.
[4] Multi-Tier vApp templates are not supported. This feature is available using HCP Blueprints.
Refer Appendix-A and Appendix-B for VM Template preparation guidelines.
Firewall Requirements
A firewall is a network security device that monitors incoming and outgoing network traffic, and permits or blocks data packets based on a set of security rules. Its purpose is to establish a barrier between your internal network and the incoming traffic from external sources such as the internet in order to block malicious traffic like viruses and hackers.
All applicable firewalls must be configured with the following ports:
Caution
HyperGrid will provide the Kubernetes Load Balancer IP address mentioned below.
Service | Source | Destination | Protocol/Ports |
Authentication | HyperCloud AMPQ IP | AD/LDAP Services | TCP: 389,636 |
SAML IDP | TCP: 443 | ||
Service Orchestration | HyperCloud AMPQ IP | Microsoft Failover Cluster 1 | TCP: 4434 1 |
VMware vCenter Server 1 | TCP: 443 1 | ||
Ovirt Manager (KVM) 1 | TCP: 443 1 | ||
VMware vCloud Director 1 | TCP: 443 1 | ||
Service Orchestration | HyperCloud AMPQ IP | Linux/Windows VMs | TCP: 22 2 |
Notification | HyperCloud AMPQ IP | SMTP Relay Mail Server | TCP: 25,465, 587 |
Agent | Linux/Windows VMs | HyperCloud™ URL & AMPQ IP | TCP: 443, 5671 |
Linux/Windows VMs | TCP: 443 |
Notes:
(1)Ensure Private Cloud Providers have a public NAT only to SaaS HyperCloudTM Portal IP Addresses provided by HyperGrid.
(2)Only needed if HyperCloudTM will install the HyperCloudTM Agent via SSH.
Ignore if Agent is pre-installed or installed on demand via cloud-init (Recommended) for VMware/Hyper-V/KVM Templates