b.CLOUD F.A.Q. VERSIONE 1.1 PAGINA 1 DI 13
Transcript
b.CLOUD F.A.Q. VERSIONE 1.1 PAGINA 1 DI 13
b.CLOUD F.A.Q. VERSIONE 1.1 PAGINA 1 DI 13 b.CLOUD F.A.Q. VERSIONE 1.1 PAGINA 2 DI 13 1. TARGET AUDIENCE ......................................................................................................................... 3 2. GENERAL B.CLOUD QUESTIONS ..................................................................................................... 3 2.1 HOW DO I PROVIDE INTERNET ACCESS TO MY VMS? ................................................................................ 3 2.1.1 CREATING A SNAT RULE .................................................................................................................... 3 2.1.2 CREATE A FIREWALL RULE ................................................................................................................... 4 2.2 HOW DO I FIND OUT WHAT EXTERNAL IP ADDRESSES I CAN USE? ................................................................ 6 2.3 WHAT ARE THE DEFAULT USERNAMES AND PASSWORDS FOR IMAGES THAT ARE DEPLOYED FROM THE BRENNERCOM CATALOGUE? ............................................................................................................................ 6 2.4 HOW DO I IMPORT A VIRTUAL MACHINE INTO THE BRENNERCOM B.CLOUD ENVIRONMENT? ........................ 7 2.5 CAN I HOT-ADD RESOURCES TO VIRTUAL MACHINES WHILST THEY ARE RUNNING? ......................................... 7 2.6 WINDOWS SERVER LICENSING............................................................................................................. 7 3. CLOUD EDGE IPSEC QUESTIONS ..................................................................................................... 8 3.1 3.2 3.3 3.4 3.5 3.6 4. VAPP QUESTIONS .......................................................................................................................... 8 4.1 4.2 4.3 4.4 4.5 4.6 4.7 4.8 5. WHAT NETWORKING OPTIONS ARE THERE FOR A VAPP? .......................................................................... 8 WHAT IS AN ISOLATED NETWORK? ...................................................................................................... 8 WHAT IS A USE CASE OF AN ISOLATED NETWORK? .................................................................................. 8 WHAT IS A BRIDGED NETWORK? ........................................................................................................ 9 WHAT IS A USE CASE OF A BRIDGED NETWORK? .................................................................................... 9 WHAT IS AN NAT ROUTED NETWORK?................................................................................................ 9 WHAT IS A USE CASE OF AN NAT ROUTED NETWORK? ............................................................................ 9 I CANNOT STOP OR DELETE AN EMPTY VAPP, HOW DO I DO THIS? ............................................................... 9 B.CLOUD NETWORKING QUESTIONS .............................................................................................. 9 5.1 5.2 5.3 5.4 5.5 6. WHAT DIFFIE-HELLMAN GROUP IS USED?.............................................................................................. 8 WHAT IS THE SA LIFETIME? ................................................................................................................ 8 WHAT PORTS NEED TO BE OPENED IF A FIREWALL IS IN THE MIDDLE? ........................................................... 8 WHAT DO I PUT AS THE PEER ID? ........................................................................................................ 8 WHAT DO I PUT AS THE LOCAL ID? ..................................................................................................... 8 IS PERFECT FORWARDED SECRECY (PFS) ENABLED? ................................................................................ 8 WHAT DO THE IP MODES OF A VNIC MEAN? ....................................................................................... 9 DOES THE BRENNERCOM B.CLOUD SERVICE SUPPORT IPV6? ................................................................. 9 CAN I EMBED A VLAN IN TO THE BRENNERCOM B.CLOUD SERVICE? ...................................................... 10 WHO DOES MANAGE THE B.CLOUD INFRASTRUCTURE? ....................................................................... 10 WHAT IS THE AVAILABILITY SLA FOR THE B.CLOUD SERVICE? ............................................................... 11 B.CLOUD BACKUP SERVICE ........................................................................................................... 12 6.1 6.2 6.3 6.4 6.5 6.6 6.7 6.8 6.9 6.10 HOW DO I BACKUP A VM? .............................................................................................................. 12 DOES AN AGENT NEED TO BE INSTALLED TO PERFORM A BACKUP?............................................................. 12 ARE BACKUPS IMAGED-BASED?......................................................................................................... 12 WHAT ARE THE RETENTION PERIOD OPTIONS?..................................................................................... 13 HOW FREQUENT ARE THE BACKUPS? ................................................................................................. 13 ARE THE BACKUPS “FULL” OR “INCREMENTAL”? .................................................................................. 13 HOW IS THE SERVICE BILLED? ........................................................................................................... 13 WHAT IS THE BACKUP TECHNOLOGY USED? ........................................................................................ 13 WHAT HAPPENS TO MY BACKUPS WHEN I LEAVE THE BRENNERCOM B.CLOUD SERVICE? ............................ 13 CAN I RUN AN AD-HOC OR ONE-OFF BACKUP? ..................................................................................... 13 b.CLOUD F.A.Q. VERSIONE 1.1 PAGINA 3 DI 13 This document is designed primarily for technical users who are intending to deploy Brennercom b.CLOUD, or who are designing a solution around it. There are two steps you need to carry out in order to provide internet access to your VMS: 1) Create a SNAT rule 2) Create firewall rules to allow HTTP\HTTPS traffic to flow. 1) Right click the Edge Gateway and select “Edge Gateway Services”: 2) Click in “NAT” b.CLOUD F.A.Q. VERSIONE 1.1 PAGINA 4 DI 13 3) Click on the SNAT button 4) The SNAT rule must be applied on the external network, enter the source network (ex. 192.168.0.0/24), enter the an external IP address from one that has been allocated to you. 5) Press “OK”. 1) Right click the Edge Gateway and select “Edge Gateway Services”. b.CLOUD F.A.Q. 2) Click in “Firewall” 3) Click “Add” 4) Create the firewall rule and click “OK” VERSIONE 1.1 PAGINA 5 DI 13 b.CLOUD F.A.Q. VERSIONE 1.1 1) Right click the Edge Gateway and select “Edge Gateway Services 2) Click “Properties…” 3) Select “Sub-Allocate IP Pools” 4) You will see the available external IP range available for you to use. PAGINA 6 DI 13 The default passwords inside the templates are: OS Default Password Windows 2008 Twin2008! Windows 2012 Twin2012! Linux Tlin2008! Logins must be changed at first logon. Customers could always use Guest Customization to set the passwords when the template is deployed. This process randomly sets the password and is shown in the VM Properties “Guest Customization” tab. b.CLOUD F.A.Q. VERSIONE 1.1 PAGINA 7 DI 13 If you want to import Virtual Machines (VMs) into a b.CLOUD Virtual Datacenter you have 2 options: 1. Log into the b.CLOUD interface and upload VMs manually through the interface, this is done one by one. This is a good option if you are an end user that doesn’t have b.CLOUD Connector (vCC) setup. You would do this by carrying out the following actions: 2. a. Export the VM as an OVF b. Create a “Catalogue” in your b.CLOUD Environment c. Upload the OVF to the b.CLOUD Catalogue you have created d. Deploy the OVF template from the b.CLOUD Catalogue. You can setup b.CLOUD Connector (vCC) in your existing vSphere environment and use that to move VMs from the vCenter Client interface into b.CLOUD Director. The benefit is you’re using your existing tool set (vCenter Client) to perform this operation. You can find a user guide for b.CLOUD Connector here: http://pubs.vmware.com/hybridcloud27/index.jsp?__utma=207178772.1919393676.1455715565.1455715565.1455715565 .1&__utmb=207178772.2.10.1455715565&__utmc=207178772&__utmx=&__utmz=207178772.1455715565.1.1.utmcsr=%28direct%29|utmccn=%28direct%29 |utmcmd=%28none%29&__utmv=-&__utmk=45863975 You can currently hot-add CPU and Memory to a running virtual machine in b.CLOUD Director. To use this functionality you must have enabled the settings in the Virtual Machines property window inside b.CLOUD Director and have a guest Operating System that supports this functionality. You can also modify the disk size of a Virtual Machine whilst it is running but this must be done through the b.CLOUD API or the PowerCLI interface, this cannot be done through the b.CLOUD Director GUI. Windows Server Operating System licensed templates are deployable from the Brennercom Catalogue for you to deploy. Note: If you like to not use the templates, please open a Service request and a support engineer will activate your OS licenses. b.CLOUD F.A.Q. VERSIONE 1.1 PAGINA 8 DI 13 b.CLOUD 5.1 uses DH Group 2. Phase 1 – 28800 seconds Phase 2 – 3600 seconds If a firewall is between the tunnel endpoints, you must configure it to allow the following IP protocols and UDP ports: o IP protocol ID 50 (ESP) o IP protocol ID 51 (AH) o UDP port 500 (IKE) o UDP port 4500 Enter the Peer IP as the Peer ID, these must match. Enter the external IP address of the b.CLOUD Edge Gateway. Yes, enabled by default on b.CLOUD. There are three network options in b.CLOUD Director: Isolated Bridged, and Nat Routed. Isolated networks are completely separate networks. By themselves, there is no connection or communication to other networks. Isolated networks are great for back-end communication, such as database traffic. In a web application, b.CLOUD F.A.Q. VERSIONE 1.1 PAGINA 9 DI 13 for instance, you could give your web servers a second interface on the isolated network that database server resides on. A bridged network is directly connected to a b.CLOUD Org network. In b.CLOUD Web UI the connection is showed as “Direct” and it is displayed as the Org Network you are directly connected to. Bridged, or direct connected, networks are commonly used for VMs that need to be accessed from anywhere within your Organization, such as DNS or directory services. Connecting a vApp network to a b.CLOUD Org network results in a NAT Routed network. This automatically invokes the creation of a vShield Edge appliance to connect the two different networks. The appliance has an internal and an external interface. The internal interfaces is on the vApp network, and the external on the org network. NAT Routed networks are required for firewall, NAT, and static routing services provided by vShield Edge. Typical usage includes securely publishing applications to the organization or Internet. You cannot delete or stop a running or partially running empty vApp. To get around this issue you will need to create a blank or empty VM in the vApp. Once done, you will be able to stop and delete the vApp. There are three types of IP Modes available when you configure a vNIC on a VM: Static IP Pool is the pool of IP addresses that you have configured when you created the network you are connecting to. This is the private IP Pool range you had to configure when creating a vApp Network or an Internal Organization Network. From a VM perspective, this is considered a Static IP Address. The first IP available in the Static IP Pool is “plugged” into the VM as a static address at Guest Customization time. DHCP: The vNIC will search for a DHCP lease on the network it connects to. Static Manual: You have to manually enter the IP address into the b.CLOUD Director interface and make sure it is the same you have entered into the Guest OS of the VM you are working on. Brennercom b.CLOUD Service does not currently support IPv6. b.CLOUD F.A.Q. VERSIONE 1.1 PAGINA 10 DI 13 b.CLOUD itself supports IPsec VPN for site-to-site connectivity. If you want to use IP VPN or LANLink to connect to the b.CLOUD environment you can do as well - you will need to obtain a solution design from the Brennercom Solution Design Centre for your b.CLOUD service. Following professional profiles manage the b.CLOUD infrastructure. They are all located in Bolzano except for “CLOUD CONSULTANTS”. 1st LEVEL SUPPORT & CUSTOMER CONTACT PROFILE DESCRIPTION MAIN DUTIES This is the Brennercom entity always in touch with the customer. Service Desk can be addressed for every technical issue (ex. configuration changes, service degradation, service re-design, etc…). Service Desk also handles simple technical tasks associated with the maintenance of b.CLOUD infrastructure. 2nd LEVEL SUPPORT PROFILE DESCRIPTION MAIN DUTIES He/she supports the design and the development / refactoring / repackaging and testing of software that has to run on a cloud environment and has to be integrated with the cloud service providers operational tools. PROFILE DESCRIPTION MAIN DUTIES He/she plans and conducts technical tasks associated with the implementation and maintenance of b.CLOUD infrastructure. PROFILE DESCRIPTION MAIN DUTIES He/she supports the design of cloud solution considering elements like availability and latency, performing if needed the implementation and optimization of network hardware, software and communication links. He/she secures network system by establishing and enforcing policies, defining and monitoring access. Operational support and maintenance as well as knowledge of network monitoring tools may also be required. b.CLOUD F.A.Q. VERSIONE 1.1 PAGINA 11 DI 13 PRE-SALES & TECHNOLOGY CONSULTING PROFILE DESCRIPTION He/she conducts technical studies and evaluations of business requirements and recommends to IT management appropriate cloud technology options. MAIN DUTIES He/she performs the collection and evaluations of requirements to understand outcome objectives; translate those objectives to a cloud strategy; and recommend cloud technology options to IT management that map to tangible infrastructure solutions. PROFILE DESCRIPTION He/she leads the development and implementation of cloud-based projects to ensure that systems are scalable, reliable, secure, manageable, and achieve business and IT performance and budgetary objectives. MAIN DUTIES He/she supports the selection of best b.CLOUD solutions for any particular situation including whether or not a hybrid environment makes sense. He/she leads migration projects to move companies into the b.CLOUD. PROFILE DESCRIPTION MAIN DUTIES He/she designs or evaluates the security models to be implemented into the customer environment. He/she understands how to enable security solutions in order to keep business processes effective and efficient and data moving to and between private, public, or b.CLOUD. SERVICE LEVEL KASKO BASIC GOLD PLATINUM 08.00 - 17.00 07.00 - 19.00 00.00 - 24.00 Sabato n.d. 08.00 - 17.00 00.00 - 24.00 Domenica n.d. n.d. 00.00 - 24.00 Festività naz./reg. n.d. n.d. 00.00 - 24.00 immediata immediata immediata 08.00 - 17.00 n.d. n.d. n.d. 07.00 - 19.00 08.00 - 17.00 n.d. n.d. 00.00 - 24.00 00.00 - 24.00 00.00 - 24.00 00.00 - 24.00 ogni 2 ore alla risoluzione ogni ora alla risoluzione ogni 30 minuti online su portale Orario di risposta (finestra di disponibilità) Lunedì - venerdì Presa in carico della segnalazione Finestra di intervento Lunedì - venerdì Sabato Domenica Festività naz./reg. Information management (email) Aggiornamento stato ticket Chiusura ticket b.CLOUD F.A.Q. SERVICE LEVEL KASKO Giorno prefissato Finestra di manutenzione VERSIONE 1.1 BASE PAGINA 12 DI 13 GOLD PLATINUM notte martedì su mercoledì notte martedì su mercoledì notte martedì su mercoledì notte sabato su domenica notte sabato su domenica notte sabato su domenica dalle 22.00 alle 06.00 dalle 23.00 alle 05.00 dalle 24.00 alle 05.00 1 - business day 2 - business day 7 - business day email sì sì sì SMS no sì sì Phone call no no sì BASE GOLD Preavviso Strumento di comunicazione SERVICE LEVEL KASKO PLATINUM Finestra di attivazione Lunedì - venerdì 08.00 - 17.00 08.00 - 17.00 08.00 - 17.00 < 5 - business day < 3 - business day < next - business day < next - business day < next - business day - Tempo massimo di attivazione per prodotto Da ordine Express delivery Please refer to the proper b.BACKUP documentation. Brennercom’s backup service is agent-less for image level backup and restores. Instead, file level backup or restores requires an agent installed on top of the OS. Yes they are, in case of b.SERVER and b.DATACENTER. The backup typically runs overnight (local time in the relevant datacenter). It is not possible to decide a specific time for your backup(s). PLATINUM b.CLOUD F.A.Q. VERSIONE 1.1 PAGINA 13 DI 13 7 day, 31 days, 92 days, 184 days, 366days. Backups are daily or on-demand. Brennercom uses an innovative backup technology. This allows creating full backups faster than traditional backup software. It only sends the changed data blocks of the virtual machines to the backup devices. However, every backup is a Full Backup. Brennercom billing is performed monthly; the price depends on the b.CLOUD service. EMC Avamar technology supports the b.BACKUP product family. Any existing backup is destroyed as soon as your b.CLOUD service is closed. For further information please see the cloud agreements (condizioni particolari di contratto). The Service Desk can perform an ad-hoc backup. Anyway you can run a one-off backup through the management portal.