Before you can perform the installation, you first need to complete the tasks listed below.
Contact your customer service representative for help with any of these prerequisites.
- Build the network infrastructure required to support multi-tenancy, typically accomplished with:
VLAN tagging for network separation at layer 2.
VRFs to isolate tenants and allow for a separate routing table per tenant.
The configured VLANs must be the same across all management hosts. In vCenter, there is an additional option of using distributed virtual switches (DVS). By integrating either the VMware vSphere Distributed Switch or the Cisco Nexus 1000V with vCenter, separation can be accomplished using distributed switch port groups. The port group must be configured to use ephemeral port binding.
- Allocate at least two ESXi hosts or at least one cluster for DaaS management appliances.
Install a vCenter management server meeting the version requirements. All ESXi hosts should have the compute (RAM, CPU, local disk) required to meet expected Tenant Appliance density.
- Provide an account to access the hypervisor manager API.
On the vCenter, configure an account which can be used to manage the virtual resources via the vSphere API. This account must have appropriate privileges.
- Assign one subnet to the service provider network. This subnet also needs to have access to the API of the hypervisors.
- Assign service provider network.
Assign a VLAN, a VXLAN, or a Distributed Virtual Port Group (DVPG) to the service provider network. This VLAN or DVPG must map to a virtual network assigned to all management hosts.
- Assign a network to be used for DaaS platform management traffic.
Assign one VLAN (non-routable subnet), one VXLAN, or one Distributed Virtual Port Group (DVPG) as the Link Local Network.
- Allocate link-local addresses.
For a typical data center, it is recommended that you use a /22 network (for example, 169.254.16.0/22). However, a demo environment or small data center can use a /24 network. You should not use anything smaller than /24.
A link-local address is an IP address used only for communications within a link (segment of a local network) or a point-to-point connection to which a host is connected. Routers do not forward packets with link-local addresses. The address block 169.254.1.0 through 169.254.254.255 is reserved for link-local addressing in Internet Protocol Version 4. You cannot choose addresses outside this range. Refer to Internet Engineering Task Force (IETF) RFC 3927 for more information.
- Allocate storage for management appliances.
By default, the System will clone out management appliances on local disk (via a local datastore). This is considered a best practice.
- DNS Configuration
There must be a DNS server available from the Service Provider (SP) network which can be used to resolve the name of the domain so that the Service Center can authenticate. Confirm all vSphere servers are defined in the DNS and that the hosts and storage systems are configured locally with the matching DNS name as well.
- IP Address Allocation
Allocate five IP addresses in the SP network: two for the Service Provider appliances plus one for the shared floating IP and two for the Resource Manager appliances. If the Service Provider wants to access the Service Center using a hostname instead of an IP address, setup a DNS record to point to the floating IP address of the Service Provider appliance pair.
- NTP Configuration
There must be at least one NTP server available from the SP network to allow for time synchronization.
- Active Directory Configuration
There must be an Active Directory accessible on the SP network for authentication. Have available the information listed in the table below to configure the domain for the Service Provider. It is highly recommended that you confirm the values using an AD tool such as Microsoft Active Directory Explorer, which can be downloaded from the Microsoft web site.
Primary DNS Server IP and name
(You only need to specify one Domain Name Server - the rest should be automatically identified)
Service Account Used to parse your AD structure through a standard LDAP query - may be read only
(UserMustChangePassword = false, Password Never Expires)
(Do not include the context in the service account name)
Service Account Password
Super Admin (Service Center Access)
(do not include the context)
Admin Level1 (Optional)
- SSL Certificate
Provide an SSL Certificate in Apache2 format to install for a valid certificate. For more details, see Apply Service Provider Certificate Files to Service Provider Appliances.