Sun xVM Ops Center 1.1 Site Preparation

Sun xVM Ops Center 1.1 Site Preparation

Task Flow Diagram

The following diagram provides a high-level overview of the tasks required to prepare a site for xVM Ops Center 1.1 installation and configuration.
Site Preparation Task Flow

This image shows the site preparation task flow.

Summary of Major Tasks

Summaries of each of the above tasks are provided in the following list.

  • Determine system requirements
    This task involves the following actions:
  • Map network
    This task involves the following actions:
    • Determine the IP addressing scheme for the management, provisioning, and data networks.
    • Determine whether you will use a single-switch configuration in which all connections are on a single switch, or a two-switch configuration, in which the management network is isolated on one switch and the data and provisioning networks are on the second switch.
    • Determine the VLAN assignments.
      References:
      Reference Configurations
      Recommended Switch Configuration
  • Connect the hardware based on the information and decisions that you made in the preceding steps.
  • Prepare the agents.
    This task involves the following actions:
    • Assign an IP address to the management port of each agent.
      References:
      For ILOM, ALOM, and SP-based agents, refer to the server documentation for information about assigning IP addresses to the server's management port. You can also locate the server documentation at http://sunsolve.sun.com/handbook_pub/Systems/.
      Install and configure the Solaris or Linux operating system on the satellite and proxy server.

Architecture

Sun xVM Ops Center is a highly scalable data center automation tool that provides discovery, provisioning, updates, and management of physical and virtualized assets in the Solaris Operating System on the x86 and SPARC technologies. A single console provides an integrated view of all the available systems, to simplify data center complexity.
Architecture

Diagram showing the architecture of Sun xVM Ops Center

The basic architecture, as shown above, consists of:

  • Satellite server
  • Proxy
  • Managed systems (Agents)

The satellite server and proxy provide console access to your managed systems and to a knowledge base of information, such as Solaris Operating System (Solaris OS) patches. You can install the satellite server and proxy software on the same system (co-located) or on separate systems.

The managed systems are the systems on which you can perform tasks, such as provisioning and patching. These systems are installed with the xVM Ops Center agent software.

Hardware Requirements

The following systems are supported by Sun xVM Ops Center:

  • Sun Blade X6250 Server Module
  • Sun Blade T6320 Server Module
  • Sun Blade X6220 Server Module
  • Sun Blade X8440
  • Sun Blade X8420
  • Sun Blade 6000
  • Sun Blade 6048
  • Sun Blade 8000
  • Sun Fire T1000
  • Sun Fire T2000
  • Sun Fire X2100
  • Sun Fire X2100 M2
  • Sun Fire X2200 M2
  • Sun Fire X4150
  • Sun Fire V125
  • Sun Fire V215
  • Sun Fire V245
  • Sun Fire V445
  • Sun Fire V210
  • Sun Fire V240
  • Sun Fire V440
  • Sun Fire V490
  • Sun Fire V890
  • Sun Fire V20z
  • Sun Fire V40z
  • Sun Fire X4450
  • Sun Fire X4600
  • Sun Fire X4600 M2
  • Sun Fire X4100
  • Sun Fire X4200
  • Sun Fire X4500
  • Sun Fire X4100 M2
  • Sun Fire X4200 M2
  • Sun Fire T5120
  • Sun Fire T5220
  • Sun Netra 240
  • Sun Netra 440
  • Sun Netra X4200 M2

For information on the systems supported for OS provisioning, see http://wikis.sun.com/display/xvmOC1dot1/Supported+Systems+for+OS+Provisioning.

For information on the systems supported for firmware provisioning, see http://wikis.sun.com/display/xvmOC1dot1/Supported+Systems+for+Firmware+Provisioning.

Software Requirements

Satellite Server Requirements

Sun xVM Ops Center server requires 4 GB RAM and 60 GB hard disk space. The server layer requires Solaris 10 11/06, Solaris 10 08/07, Solaris 10 05/08 (x64 or SPARC), or Red Hat Enterprise Linux (RHEL) 5.0. The satellite server can be installed only in the global zone.

For information on the complete satellite server requirements, see http://wikis.sun.com/display/xvmOC1dot1/Sun+xVM+Ops+Center+Server+Requirements.

Proxy Requirements

Sun xVM Ops Center server requires 2 GB RAM and 60 GB hard disk space. The proxy layer requires Solaris 10 (x64 or SPARC), or Red Hat Enterprise Linux (RHEL) 5.0. The proxy server can be installed only in the global zone.

For information on the complete proxy requirements, see http://wikis.sun.com/display/xvmOC1dot1/Sun+xVM+Ops+Center+Proxy+Requirements.

Agent Requirements

Sun xVM Ops Center agent requires 512 MB RAM and 2 GB hard disk space.

For information on the complete agent requirements, see http://wikis.sun.com/display/xvmOC1dot1/Sun+xVM+Ops+Center+Agent+Requirements.

Network Port Requirements and Protocols

Sun xVM Ops Center has several communication requirements. The diagram below shows the port requirements and data flow.
Sun xVM Ops Center Port Requirements

Diagram showing the port requirements of Sun xVM Ops Center

For information on the list of ports and protocols, see http://wikis.sun.com/display/xvmOC1dot1/Network+Port+Requirements+and+Protocols. In addition, depending on the environment being managed, the satellite server might need to access a number of Vendor Download Sites to download patches or other knowledge.

Satellite Server Considerations

  • You need root access to all relevant systems to install satellite, agent, and proxy.
  • Verify that you have HTTP/HTTPS/FTP (freeware) outbound access from the satellite server.
  • During the installation of xVM Ops Center, special users and groups are created. Verify that this is compliant with the customer policy.
    Users: svctag, allstart, scndb, scn, scncon, uce-sds
    Groups: jet, scndb, uce-sds
  • You need to have a valid Sun Online Account (SOA) with a contract that allows you to download patches through http://sunsolve.sun.com.
    To verify an entitled SOA, log in to http://sunsolve.sun.com using the SOA to download a patch as a test.
    Verify that you also have a valid Red Hat Network account or Novell account, or both, if needed.
  • The Solaris SUNWCall cluster (entire distribution) is recommended, since it contains all the required packages.
    Verify the installed Solaris Cluster:
    cat /var/sadm/system/admin/CLUSTER
  • Verify that the following packages are available on the satellite before installing xVM Ops Center on Solaris 10.
    • SUNWgcc
    • SUNWgccruntime
    • SUNWapch2r
    • SUNWapch2s
    • SUNWapch2d
    • SUNWapch2u
    • SUNWant
    • SUNWwgetr
    • SUNWwgetu
    • SUNWperl-xml-parser
    • SUNWswmt
    • SUNWbash
    • SUNWgtar
    • SUNWgzip
    • SUNWesu
    • SUNWxcu4
    • SUNWpython
    • SFWrpm
  • Verify that the following packages are available on the satellite before installing xVM Ops Center on Linux.
    • python-2.4.3-19.el5
    • expect-5.43.0-5.1
    • perl-DBD-Pg-1.49-1.fc6
    • xinetd-2.3.14-10.el5
    • tftp-server-0.42-3.1
    • dhcp-3.0.5-3.el5
    • gettext-0.14.6-4.el5
    • perl-XML-Parser-2.34-6.1.2.2.1
    • ncompress-4.2.4
  • Verify whether the satellite server is resolvable through DNS. If this is not resolved, the etc/hosts file needs to be updated on each agent.

    Proxy Server Considerations

  • If a firewall exists between the satellite server and the proxy server, port 443 must be opened from the proxy server toward the satellite server.
  • Verify that the following packages are available on the proxy server before installing xVM Ops Center on Solaris 10.
    • SUNWgcc
    • SUNWgccruntime
    • SUNWapch2r
    • SUNWapch2s
    • SUNWapch2d
    • SUNWapch2u
    • SUNWant
    • SUNWwgetr
    • SUNWwgetu
    • SUNWperl-xml-parser
    • SUNWswmt
    • SUNWbash
    • SUNWgtar
    • SUNWgzip
    • SUNWesu
    • SUNWxcu4
    • SUNWpython
    • SFWrpm

      Agent Considerations

  • During the installation of xVM Ops Center, special user svctag is created. Verify that this is compliant with the customer policy.
  • Verify that the following packages, files, and devices are available on the agents before installing xVM Ops Center on Solaris 10.
    • SUNWbash
    • SUNWswmt
    • SUNWgzip
    • /dev/random device
    • /dev/urandom device
  • Verify that the following packages or files are available on the agents before installing xVM Ops Center on Linux.
    /bin/tar (tar-...rpm)
    /usr/bin/unzip (unzip-...rpm)
    /usr/bin/file (file-...rpm)
    /usr/bin/md5sum (coreutils-....rpm)
    /bin/egrep (grep-...rpm)
  • Verify that the following patches with the given version or later are available on the agents before installing xVM Ops Center on Solaris 10.
    Solaris 8 SPARC patches - 110165-05, 112097-06
    Solaris 10 SPARC patches - 124630-03, 122660-07
    Solaris 10 x86 patches - 124631-03, 122661-07
  • Verify whether the satellite server is resolvable through DNS. If this is not resolved, the etc/hosts file needs to be updated on each agent.
  • Verify that umask is set to 022. Using another umask can cause problems during installation.
    umask 
    0022
  • Verify that SMF services cryptosvc and gss are enabled.
    svcs cryptosvc gss 
    STATE          STIME    FMRI
online         Jul_01   svc:/system/cryptosvc:default
online         Jul_01   svc:/network/rpc/gss:default
  • Verify the availability of OS installation CDs.

    Recommended Switch Configuration

  • 1 * 8 or 16 port Virtual LAN (VLAN) capable managed switch
  • Create a separate VLAN for corporate network and create a separate VLAN for management and provisioning networks
  • Disable spanning-tree protocols on the switch

Ethernet connectivity recommendations:

  • The management network should be a 10/100 connection.
  • The provisioning and data networks should be a 10/100/1000 (1 Gbyte) connection.

Reference Configurations

This section provides the reference configurations and connectivity information for xVM Ops Center.

Other configurations are possible, such as using separate switches for each network. You can implement your network using any combination of VLANs and switches. Each network, whether management, provisioning, or data, should be assigned to separate VLANs.

Separate Management, Provisioning, and Data Networks


Separate Management, Provisioning, and Data Networks

"Diagram: Separate Management

When designing a separate network, the following guidelines apply:

  • Configuring separate management, provisioning, and data networks is the best practice.
  • Separate networks provide the highest security and the lowest number of points of failure.
  • Additional NICs are needed to support this configuration.

The following list summarizes the connectivity requirements for the separate management, provisioning, and data networks configuration.

  • Satellite/Proxy server
    The satellite/proxy server should provide connectivity to the management network, provisioning network, and corporate network as follows:
    • ETH0 connects the satellite/proxy to the corporate network to provide external access. The ETH0 IP address, netmask, and gateway should be configured to meet your corporate environment connectivity requirements.
    • ETH1 connects the satellite/proxy to the provisioning network and should be on the same network as the ETH0 connections of the agents. No devices other than the satellite/proxy and the agents should reside on the provisioning network. ETH1 should be a 1-Gbit NIC interface.
    • ETH2 connects the satellite/proxy to the management network and should be on the same network as the management port connections of the agents. The ETH2 IP address, netmask, and gateway should be configured to enable connectivity to the agent's management port IP addresses. ETH2 should be a 100-megabit NIC interface.
    • The DHCP service allocates IP addresses to the agents for loading operating systems.
  • Agents
    Each agent should provide connectivity to the management network, provisioning network, and data network as follows:
    • The management port connects the agent to the management network and should be on the same network as the ETH2 connection of the satellite/proxy server. The management port should be a 100-megabit connection.
    • ETH0 connects the agent to the provisioning network and must be on the same network as the ETH1 connection of the satellite/proxy server. ETH0 should be a 1-Gbyte connection.
    • ETH1 connects the agent to the data network through the switch to provide external corporate network access to the agent. ETH1 should be a 1-Gbyte connection.

Combined Management and Provisioning Network and a Separate Data Network


Combined Management and Provisioning Network and a Separate Data Network

Diagram: Combined Management and Provisioning Network and a Separate Data Network

For this configuration, an additional NIC does not need to be installed on the satellite/proxy. The combined management and provisioning network reduces system and network security.

The following list summarizes the connectivity requirements for the combined management and provisioning network and the separate data network configuration.

  • Satellite/Proxy server
    The satellite/proxy server should provide connectivity to the management and provisioning network as follows:
    • ETH0 connects the satellite/proxy to the corporate network to provide external access. The ETH0 IP address, netmask, and gateway should be configured to meet your corporate environment connectivity requirements.
    • ETH1 connects the satellite/proxy to the management and provisioning network and should be on the same network as the MGMT and ETH0 connections of the agents. No devices other than the satellite/proxy and the agents should reside on the management and provisioning network. The ETH1 IP address, netmask, and gateway should be configured to enable connectivity to the agent's management port IP addresses. ETH1 should be a 1-Gbit NIC interface.
    • The DHCP service allocates IP addresses to the agents for loading operating systems.
  • Agents
    Each agent should provide connectivity to the management and provisioning network and the separate data network as follows:
    • The management port connects the agent to the management and provisioning network and should be on the same network as the ETH1 connection of the satellite/proxy. The management port should be a 100-megabit connection.
    • ETH0 connects the agent to the management and provisioning network and must be on the same network as the ETH1 connection of the satellite/proxy. ETH0 should be a 1-Gbyte connection.
    • ETH1 connects the agent to the data network through the switch to provide external corporate network access to the agent. ETH1 should be a 1-Gbyte connection.

Combined Provisioning and Data Network and a Separate Management Network

Combined Provisioning and Data Network and a Separate Management Network
Diagram: Combined Provisioning and Data Network and a Separate Management Network

The following list summarizes the connectivity requirements for the combined data and provisioning network and the separate management network configuration.

  • Satellite/Proxy server
    The satellite/proxy server should provide connectivity to the provisioning and data network and to the separate management network as follows:
    • ETH0 connects the satellite/proxy to the corporate network to provide external access. The ETH0 IP address, netmask, and gateway should be configured to meet your corporate environment connectivity requirements.
    • ETH1 connects the satellite/proxy to the provisioning and data network and should be on the same network as the ETH0 connections of the agents. No devices other than the satellite/proxy and the agents should reside on the data and provisioning network. ETH1 should be a 1–Gbit NIC interface.
    • ETH2 connects the satellite/proxy to the management network and should be on the same network as the management port connections of the agents. The ETH2 IP address, netmask, and gateway should be configured to enable connectivity to the agent's management port IP addresses. ETH2 should be a 100-megabit NIC interface.
    • The DHCP service allocates IP addresses to the agents for loading operating systems.
  • Agents
    Each agent should provide connectivity to the management network and to the combined data and provisioning network as follows:
    • The management port connects the agent to the management network and should be on the same network as the ETH2 connection of the satellite/proxy. The management port should be a 100-megabit connection.
    • ETH0 connects the agent to the data and provisioning network to provide external corporate network access to the agent. ETH0 connection must be on the same network as the ETH1 connection of the satellite/proxy. ETH0 should be a 1-Gbyte connection.

Combined Provisioning, Data, and Management Network

Combined Provisioning, Data, and Management Network
"Diagram: Combined Provisioning

For this configuration, an additional NIC does not need to be installed on the satellite/proxy. The combined management, provisioning, and data networks greatly reduces system and network security.

The following list summarizes the connectivity requirements for the combined management, provisioning, and data networks configuration.

  • Satellite/Proxy server
    The satellite/proxy server should provide connectivity to the combined management, provisioning, and data network and to the corporate network as follows.
    • ETH0 connects the satellite/proxy to the corporate network to provide external access. The ETH0 IP address, netmask, and gateway should be configured to meet your corporate environment connectivity requirements.
    • ETH1 connects the satellite/proxy to the combined management, provisioning, and data network and should be on the same network as the MGMT and ETH0 connections of the agents. No devices other than the satellite/proxy server and the agents should reside on the combined network. ETH1 should be a 1-Gbit NIC interface.
    • The DHCP service allocates IP addresses to the agents for loading operating systems.
  • Agents
    Each agent should provide connectivity to the management network, provisioning network and data network as follows:
    • The management port connects the agent to the management, provisioning, and data network and should be on the same network as the ETH1 connection of the satellite/proxy server. The management port should be a 100-megabit connection.
    • ETH0 connects the agent to the management, provisioning, and data network, and must be on the same network as the ETH1 connection of the satellite/proxy server. ETH0 also connects the agent to the data network through the switch to provide external corporate network access to the agent. ETH0 should be a 1-Gbyte connection.
Enter labels to add to this page:
Please wait 
Looking for a label? Just start typing.

Sign up or Log in to add a comment or watch this page.


The individuals who post here are part of the extended Sun Microsystems community and they might not be employed or in any way formally affiliated with Sun Microsystems. The opinions expressed here are their own, are not necessarily reviewed in advance by anyone but the individual authors, and neither Sun nor any other party necessarily agrees with them.

Copyright 1994-2009 Sun Microsystems, Inc.
Powered by Atlassian Confluence Sun Guidelines on Public Discourse Privacy Policy Terms of Use Trademarks Site Map Employment Investor Relations Contact