VMware Telco Cloud Automation uses the air-gapped server to pull and download the required images and packages by providing a single HTTPS service. You do not require internet access if the air-gapped server is well set up and serves the VMware Telco Cloud Automation system.

The sources of VMware Telco Cloud Automation-dependent container images and Photon OS repositories maintained by VMware are located at certain websites on the Internet. In general, you must set up the air-gapped server to synchronize the images and packages from specific sites on the Internet and set up the HTTPS service for the local VMware Telco Cloud Automation system. Therefore, Internet access is required only when synchronizing the images and packages.

The first step to set up an air-gapped server is to deploy the Photon OS OVA. You can deploy the OVA in the one-arm mode or the two-arms mode.

One-Arm Mode

In the one-arm mode, you connect the air-gapped server VNIC to a network that can access the Internet and set up the air-gapped server resources by following the steps listed in this guide. After synchronizing the images and packages, you disconnect the VNIC and wire it to the Internet for serving the VMware Telco Cloud Automation system.

Note: When upgrading to a future release, you must move the air-gapped server back to the location where it can access the Internet. This way, it can synchronize the images and packages of the new VMware Telco Cloud Automation release.

Deploy the air-gapped server in the one-arm mode if the local network in your environment uses a proxy server for accessing the Internet. Set the proxy to the air-gapped server for connecting to the Internet.

Two-Arms Mode

In the two-arms mode, you need not rewire the VNIC but leave one dedicated VNIC that accesses the Internet for synchronizing images and packages. However, the Internet-facing VNIC is usually unused after resource synchronization.

Note: When upgrading to a future release, you need not move and rewire the air-gapped server. To synchronize new VMware Telco Cloud Automation-dependent resources, follow this guide.

The following illustration is a sample topology of an air-gapped server deployed in the two-arms mode. In this topology, the air-gapped server (a virtual machine on an ESXi host) is responsible for storing Photon OS packages, and Kubernetes repositories. In this setup, the air-gapped server has two NICs. The first NIC or arm connects the upper link of ESXi host to the public network, usually the corporate network that has Internet access. The second arm connects to the internet-restricted air-gapped environment. Other components such as vCenter Server, ESXi, and VMware Telco Cloud Automation servers can only communicate within the isolated network. The Kubernetes cluster deployment process also takes place within the isolated network.

Airgap Server Components

Internally, the air-gapped server contains the following components:

• Nginx daemon - Dispatches the file requests for fetching resources from the local datastore or the Harbor server. It also provides a single HTTPS registry and Photon OS repository service to the local VMware Telco Cloud Automation system.
• Harbor - Holds the required container images for the VMware Telco Cloud Automation system to run. Harbor is an open source project that provides container image registry service. It maintains all the dependent container images that are pulled from the Internet and serves the local Kubernetes cluster container image pulling process.
• Reposync - A tool to synchronize the Photon OS packages from the Internet.
• BOM Files - Describes the container images that are BOM-dependent by the VMware Telco Cloud Automation system.