Isolating your infrastructure from Internet access is often a best practice, but it impacts the default operational mode of VMware Telco Cloud Automation. The Airgap solution eliminates the requirement for internet connectivity.

In the non-airgapped design, VMware Telco Cloud Automation uses external repositories for Harbor and the PhotonOS packages to implement the VM and Node Config operators, new kernel builds, or additional packages to the nodes. Internet access is required to pull these additional components.

The Airgap server is a Photon OS VM that is deployed and configured for use by Telco Cloud Automation. The airgap server is registered as a partner system within the platform and is used in internet-restricted or airgapped environments.

The airgap server allows the VMware Tanzu Kubernetes Grid clusters to pull the required Kernels, Binaries, and OCI images from a local environment.

Note:

While the Airgap server removes the requirement for Internet access to build and manage Kubernetes clusters, the Airgap server creation requires Internet access to build and pull all the external images to be stored locally.

The Airgap server can be built on an Internet-accessible zone (direct or through proxy) and then migrated to the Internet-restricted environment and reconfigured before use.

The airgap server operates in two modes:

  • Restricted: This mode uses a proxy server between the Airgap server and the internet. In this mode, the Airgap server is deployed in the same segment as the Telco Cloud Automation VMs in a one-armed mode design.

  • Airgapped: In this mode, the airgap server is created and migrated/moved to the airgapped environment. The airgap server has no external connectivity requirements. You can upgrade the airgap server by a new Airgap deployment or an upgrade patch.

The Airgap server consists of the following main components along with a set of scripts for easy installation and configuration.

  • NGINX is used to request files from the local datastore or harbor environment.

  • Harbor is the container registry that hosts the OCI images required by VMware Telco Cloud Automation and VMware Tanzu Kubernetes Grid.

  • Reposyc synchronizes the airgapped repository with the upstream repository located on the internet.

  • BOM Files are used by the VMware Telco Cloud automation platform

Design Recommendation

Design Justification

Design Implication

Where required, leverage the airgapped solution to eliminate direct Internet connectivity requirements.

  • Provides a secure environment for the Tanzu Kubernetes Grid deployment as external access is restricted.

  • Speeds up the Tanzu Kubernetes Grid deployment process by accessing the local infrastructure, without Internet connectivity.

Requires the airgap server to be deployed, maintained, and upgraded over time.