b.CLOUD F.A.Q. VERSIONE 1.1 PAGINA 1 DI 13

Commenti

Transcript

b.CLOUD F.A.Q. VERSIONE 1.1 PAGINA 1 DI 13
b.CLOUD F.A.Q.
VERSIONE 1.1
PAGINA 1 DI 13
b.CLOUD F.A.Q.
VERSIONE 1.1
PAGINA 2 DI 13
1.
TARGET AUDIENCE ......................................................................................................................... 3
2.
GENERAL B.CLOUD QUESTIONS ..................................................................................................... 3
2.1
HOW DO I PROVIDE INTERNET ACCESS TO MY VMS? ................................................................................ 3
2.1.1 CREATING A SNAT RULE .................................................................................................................... 3
2.1.2 CREATE A FIREWALL RULE ................................................................................................................... 4
2.2
HOW DO I FIND OUT WHAT EXTERNAL IP ADDRESSES I CAN USE? ................................................................ 6
2.3
WHAT ARE THE DEFAULT USERNAMES AND PASSWORDS FOR IMAGES THAT ARE DEPLOYED FROM THE
BRENNERCOM CATALOGUE? ............................................................................................................................ 6
2.4
HOW DO I IMPORT A VIRTUAL MACHINE INTO THE BRENNERCOM B.CLOUD ENVIRONMENT? ........................ 7
2.5
CAN I HOT-ADD RESOURCES TO VIRTUAL MACHINES WHILST THEY ARE RUNNING? ......................................... 7
2.6
WINDOWS SERVER LICENSING............................................................................................................. 7
3.
CLOUD EDGE IPSEC QUESTIONS ..................................................................................................... 8
3.1
3.2
3.3
3.4
3.5
3.6
4.
VAPP QUESTIONS .......................................................................................................................... 8
4.1
4.2
4.3
4.4
4.5
4.6
4.7
4.8
5.
WHAT NETWORKING OPTIONS ARE THERE FOR A VAPP? .......................................................................... 8
WHAT IS AN ISOLATED NETWORK? ...................................................................................................... 8
WHAT IS A USE CASE OF AN ISOLATED NETWORK? .................................................................................. 8
WHAT IS A BRIDGED NETWORK? ........................................................................................................ 9
WHAT IS A USE CASE OF A BRIDGED NETWORK? .................................................................................... 9
WHAT IS AN NAT ROUTED NETWORK?................................................................................................ 9
WHAT IS A USE CASE OF AN NAT ROUTED NETWORK? ............................................................................ 9
I CANNOT STOP OR DELETE AN EMPTY VAPP, HOW DO I DO THIS? ............................................................... 9
B.CLOUD NETWORKING QUESTIONS .............................................................................................. 9
5.1
5.2
5.3
5.4
5.5
6.
WHAT DIFFIE-HELLMAN GROUP IS USED?.............................................................................................. 8
WHAT IS THE SA LIFETIME? ................................................................................................................ 8
WHAT PORTS NEED TO BE OPENED IF A FIREWALL IS IN THE MIDDLE? ........................................................... 8
WHAT DO I PUT AS THE PEER ID? ........................................................................................................ 8
WHAT DO I PUT AS THE LOCAL ID? ..................................................................................................... 8
IS PERFECT FORWARDED SECRECY (PFS) ENABLED? ................................................................................ 8
WHAT DO THE IP MODES OF A VNIC MEAN? ....................................................................................... 9
DOES THE BRENNERCOM B.CLOUD SERVICE SUPPORT IPV6? ................................................................. 9
CAN I EMBED A VLAN IN TO THE BRENNERCOM B.CLOUD SERVICE? ...................................................... 10
WHO DOES MANAGE THE B.CLOUD INFRASTRUCTURE? ....................................................................... 10
WHAT IS THE AVAILABILITY SLA FOR THE B.CLOUD SERVICE? ............................................................... 11
B.CLOUD BACKUP SERVICE ........................................................................................................... 12
6.1
6.2
6.3
6.4
6.5
6.6
6.7
6.8
6.9
6.10
HOW DO I BACKUP A VM? .............................................................................................................. 12
DOES AN AGENT NEED TO BE INSTALLED TO PERFORM A BACKUP?............................................................. 12
ARE BACKUPS IMAGED-BASED?......................................................................................................... 12
WHAT ARE THE RETENTION PERIOD OPTIONS?..................................................................................... 13
HOW FREQUENT ARE THE BACKUPS? ................................................................................................. 13
ARE THE BACKUPS “FULL” OR “INCREMENTAL”? .................................................................................. 13
HOW IS THE SERVICE BILLED? ........................................................................................................... 13
WHAT IS THE BACKUP TECHNOLOGY USED? ........................................................................................ 13
WHAT HAPPENS TO MY BACKUPS WHEN I LEAVE THE BRENNERCOM B.CLOUD SERVICE? ............................ 13
CAN I RUN AN AD-HOC OR ONE-OFF BACKUP? ..................................................................................... 13
b.CLOUD F.A.Q.
VERSIONE 1.1
PAGINA 3 DI 13
This document is designed primarily for technical users who are intending to deploy Brennercom b.CLOUD, or who are
designing a solution around it.
There are two steps you need to carry out in order to provide internet access to your VMS:
1)
Create a SNAT rule
2)
Create firewall rules to allow HTTP\HTTPS traffic to flow.
1) Right click the Edge Gateway and select “Edge Gateway Services”:
2) Click in “NAT”
b.CLOUD F.A.Q.
VERSIONE 1.1
PAGINA 4 DI 13
3) Click on the SNAT button
4) The SNAT rule must be applied on the external network, enter the source network
(ex. 192.168.0.0/24), enter the an external IP address from one that has been allocated to you.
5) Press “OK”.
1) Right click the Edge Gateway and select “Edge Gateway Services”.
b.CLOUD F.A.Q.
2) Click in “Firewall”
3) Click “Add”
4) Create the firewall rule and click “OK”
VERSIONE 1.1
PAGINA 5 DI 13
b.CLOUD F.A.Q.
VERSIONE 1.1
1)
Right click the Edge Gateway and select “Edge Gateway Services
2)
Click “Properties…”
3)
Select “Sub-Allocate IP Pools”
4)
You will see the available external IP range available for you to use.
PAGINA 6 DI 13
The default passwords inside the templates are:
OS
Default Password
Windows 2008
Twin2008!
Windows 2012
Twin2012!
Linux
Tlin2008!
Logins must be changed at first logon. Customers could always use Guest Customization to set the passwords when the
template is deployed.
This process randomly sets the password and is shown in the VM Properties “Guest Customization” tab.
b.CLOUD F.A.Q.
VERSIONE 1.1
PAGINA 7 DI 13
If you want to import Virtual Machines (VMs) into a b.CLOUD Virtual Datacenter you have 2 options:
1.
Log into the b.CLOUD interface and upload VMs manually through the interface, this is done one
by one. This is a good option if you are an end user that doesn’t have b.CLOUD Connector (vCC)
setup. You would do this by carrying out the following actions:
2.
a.
Export the VM as an OVF
b.
Create a “Catalogue” in your b.CLOUD Environment
c.
Upload the OVF to the b.CLOUD Catalogue you have created
d.
Deploy the OVF template from the b.CLOUD Catalogue.
You can setup b.CLOUD Connector (vCC) in your existing vSphere environment and use that to
move VMs from the vCenter Client interface into b.CLOUD Director.
The benefit is you’re using your existing tool set (vCenter Client) to perform this operation. You
can find a user guide for b.CLOUD Connector here:
http://pubs.vmware.com/hybridcloud27/index.jsp?__utma=207178772.1919393676.1455715565.1455715565.1455715565
.1&__utmb=207178772.2.10.1455715565&__utmc=207178772&__utmx=&__utmz=207178772.1455715565.1.1.utmcsr=%28direct%29|utmccn=%28direct%29
|utmcmd=%28none%29&__utmv=-&__utmk=45863975
You can currently hot-add CPU and Memory to a running virtual machine in b.CLOUD Director. To use
this functionality you must have enabled the settings in the Virtual Machines property window inside
b.CLOUD Director and have a guest Operating System that supports this functionality.
You can also modify the disk size of a Virtual Machine whilst it is running but this must be done through the
b.CLOUD API or the PowerCLI interface, this cannot be done through the b.CLOUD Director GUI.
Windows Server Operating System licensed templates are deployable from the Brennercom
Catalogue for you to deploy.
Note: If you like to not use the templates, please open a Service request and a support engineer will
activate your OS licenses.
b.CLOUD F.A.Q.
VERSIONE 1.1
PAGINA 8 DI 13
b.CLOUD 5.1 uses DH Group 2.
Phase 1 – 28800 seconds
Phase 2 – 3600 seconds
If a firewall is between the tunnel endpoints, you must configure it to allow the following IP protocols and
UDP ports:



o
IP protocol ID 50 (ESP)
o
IP protocol ID 51 (AH)
o
UDP port 500 (IKE)
o
UDP port 4500


Enter the Peer IP as the Peer ID, these must match.
Enter the external IP address of the b.CLOUD Edge Gateway.
Yes, enabled by default on b.CLOUD.
There are three network options in b.CLOUD Director: Isolated Bridged, and Nat Routed.
Isolated networks are completely separate networks. By themselves, there is no connection or
communication to other networks.
Isolated networks are great for back-end communication, such as database traffic. In a web application,
b.CLOUD F.A.Q.
VERSIONE 1.1
PAGINA 9 DI 13
for instance, you could give your web servers a second interface on the isolated network that database
server resides on.
A bridged network is directly connected to a b.CLOUD Org network. In b.CLOUD Web UI the connection is
showed as “Direct” and it is displayed as the Org Network you are directly connected to.
Bridged, or direct connected, networks are commonly used for VMs that need to be accessed from
anywhere within your Organization, such as DNS or directory services.
Connecting a vApp network to a b.CLOUD Org network results in a NAT Routed network. This
automatically invokes the creation of a vShield Edge appliance to connect the two different networks. The
appliance has an internal and an external interface. The internal interfaces is on the vApp network, and
the external on the org network.
NAT Routed networks are required for firewall, NAT, and static routing services provided by vShield Edge.
Typical usage includes securely publishing applications to the organization or Internet.
You cannot delete or stop a running or partially running empty vApp. To get around this issue you will
need to create a blank or empty VM in the vApp. Once done, you will be able to stop and delete the vApp.
There are three types of IP Modes available when you configure a vNIC on a VM:
Static IP Pool is the pool of IP addresses that you have configured when you created the network you are
connecting to. This is the private IP Pool range you had to configure when creating a vApp Network or an
Internal Organization Network. From a VM perspective, this is considered a Static IP Address. The first IP
available in the Static IP Pool is “plugged” into the VM as a static address at Guest Customization time.
DHCP: The vNIC will search for a DHCP lease on the network it connects to.
Static Manual: You have to manually enter the IP address into the b.CLOUD Director interface and
make sure it is the same you have entered into the Guest OS of the VM you are working on.
Brennercom b.CLOUD Service does not currently support IPv6.
b.CLOUD F.A.Q.
VERSIONE 1.1
PAGINA 10 DI 13
b.CLOUD itself supports IPsec VPN for site-to-site connectivity. If you want to use IP VPN or LANLink to
connect to the b.CLOUD environment you can do as well - you will need to obtain a solution design from
the Brennercom Solution Design Centre for your b.CLOUD service.
Following professional profiles manage the b.CLOUD infrastructure. They are all located in Bolzano except
for “CLOUD CONSULTANTS”.
 1st LEVEL SUPPORT & CUSTOMER CONTACT
PROFILE
DESCRIPTION
MAIN DUTIES
This is the Brennercom entity always in touch with the customer. Service Desk
can be addressed for every technical issue (ex. configuration changes, service
degradation, service re-design, etc…). Service Desk also handles simple technical
tasks associated with the maintenance of b.CLOUD infrastructure.
 2nd LEVEL SUPPORT
PROFILE
DESCRIPTION
MAIN DUTIES
He/she supports the design and the development / refactoring / repackaging
and testing of software that has to run on a cloud environment and has to be
integrated with the cloud service providers operational tools.
PROFILE
DESCRIPTION
MAIN DUTIES
He/she plans and conducts technical tasks associated with the implementation
and maintenance of b.CLOUD infrastructure.
PROFILE
DESCRIPTION
MAIN DUTIES
He/she supports the design of cloud solution considering elements like
availability and latency, performing if needed the implementation and
optimization of network hardware, software and communication links.
He/she secures network system by establishing and enforcing policies, defining
and monitoring access.
Operational support and maintenance as well as knowledge of network
monitoring tools may also be required.
b.CLOUD F.A.Q.
VERSIONE 1.1
PAGINA 11 DI 13
 PRE-SALES & TECHNOLOGY CONSULTING
PROFILE
DESCRIPTION
He/she conducts technical studies and evaluations of business requirements
and recommends to IT management appropriate cloud technology options.
MAIN DUTIES
He/she performs the collection and evaluations of requirements to understand
outcome objectives; translate those objectives to a cloud strategy; and
recommend cloud technology options to IT management that map to tangible
infrastructure solutions.
PROFILE
DESCRIPTION
He/she leads the development and implementation of cloud-based projects to
ensure that systems are scalable, reliable, secure, manageable, and achieve
business and IT performance and budgetary objectives.
MAIN DUTIES
He/she supports the selection of best b.CLOUD solutions for any particular
situation including whether or not a hybrid environment makes sense.
He/she leads migration projects to move companies into the b.CLOUD.
PROFILE
DESCRIPTION
MAIN DUTIES
He/she designs or evaluates the security models to be implemented into the
customer environment. He/she understands how to enable security solutions in
order to keep business processes effective and efficient and data moving to and
between private, public, or b.CLOUD.
SERVICE LEVEL KASKO
BASIC
GOLD
PLATINUM
08.00 - 17.00
07.00 - 19.00
00.00 - 24.00
Sabato
n.d.
08.00 - 17.00
00.00 - 24.00
Domenica
n.d.
n.d.
00.00 - 24.00
Festività naz./reg.
n.d.
n.d.
00.00 - 24.00
immediata
immediata
immediata
08.00 - 17.00
n.d.
n.d.
n.d.
07.00 - 19.00
08.00 - 17.00
n.d.
n.d.
00.00 - 24.00
00.00 - 24.00
00.00 - 24.00
00.00 - 24.00
ogni 2 ore
alla
risoluzione
ogni ora
alla risoluzione
ogni 30 minuti
online su portale
Orario di risposta (finestra di disponibilità)
Lunedì - venerdì
Presa in carico della segnalazione
Finestra di intervento
Lunedì - venerdì
Sabato
Domenica
Festività naz./reg.
Information management (email)
Aggiornamento stato ticket
Chiusura ticket
b.CLOUD F.A.Q.
SERVICE LEVEL KASKO
Giorno prefissato
Finestra di manutenzione
VERSIONE 1.1
BASE
PAGINA 12 DI 13
GOLD
PLATINUM
notte martedì
su mercoledì
notte martedì
su mercoledì
notte martedì
su mercoledì
notte sabato
su domenica
notte sabato
su domenica
notte sabato
su domenica
dalle 22.00 alle 06.00 dalle 23.00 alle 05.00
dalle 24.00 alle 05.00
1 - business day
2 - business day
7 - business day
email
sì
sì
sì
SMS
no
sì
sì
Phone call
no
no
sì
BASE
GOLD
Preavviso
Strumento di comunicazione
SERVICE LEVEL KASKO
PLATINUM
Finestra di attivazione
Lunedì - venerdì
08.00 - 17.00
08.00 - 17.00
08.00 - 17.00
< 5 - business day
< 3 - business day
< next - business day
< next - business day
< next - business day
-
Tempo massimo di attivazione per
prodotto
Da ordine
Express delivery
Please refer to the proper b.BACKUP documentation.
Brennercom’s backup service is agent-less for image level backup and restores. Instead, file level backup
or restores requires an agent installed on top of the OS.
Yes they are, in case of b.SERVER and b.DATACENTER. The backup typically runs overnight (local time in
the relevant datacenter). It is not possible to decide a specific time for your backup(s).
PLATINUM
b.CLOUD F.A.Q.
VERSIONE 1.1
PAGINA 13 DI 13
7 day, 31 days, 92 days, 184 days, 366days.
Backups are daily or on-demand.
Brennercom uses an innovative backup technology. This allows creating full backups faster than
traditional backup software. It only sends the changed data blocks of the virtual machines to the backup
devices. However, every backup is a Full Backup.
Brennercom billing is performed monthly; the price depends on the b.CLOUD service.
EMC Avamar technology supports the b.BACKUP product family.
Any existing backup is destroyed as soon as your b.CLOUD service is closed.
For further information please see the cloud agreements (condizioni particolari di contratto).
The Service Desk can perform an ad-hoc backup. Anyway you can run a one-off backup through the
management portal.