Isolating your infrastructure from Internet access is often a best practice, but it impacts the default operational mode of VMware Telco Cloud Automation. The Airgap solution eliminates the requirement for internet connectivity.
In the non-airgapped design, VMware Telco Cloud Automation uses external repositories for Harbor and the PhotonOS packages to implement the VM and Node Config operators, new kernel builds, or additional packages to the nodes. Internet access is required to pull these additional components.
The Airgap server is a Photon OS VM that is deployed and configured for use by VMware Telco Cloud Automation. The airgap server is then registered as a partner system within the platform and is used in the internet-restricted or airgapped environments.
The airgap server allows the VMware Tanzu Kubernetes clusters to pull the required Kernels, Binaries, and OCI images from a local environment.
While the Airgap server removes the requirement for Internet access to build and manage Tanzu Kubernetes clusters, the Airgap server creation requires Internet access to build and pull the external images to be stored locally.
The Airgap server can be built in an Internet-accessible zone (direct or through proxy) and then migrated to an Internet-restricted environment and reconfigured before use.
The airgap server operates in two modes:
Restricted mode: This mode uses a proxy server between the Airgap server and the internet. In this mode, the Airgap server is deployed in the same segment as the Telco Cloud Automation VMs in a one-armed mode design.
Airgapped mode: In this mode, the airgap server is created and migrated/moved to the airgapped environment. The airgap server has no external connectivity requirements. You can upgrade the airgap server by a new Airgap deployment or an upgrade patch.
The airgap server consists of the following main components along with a set of scripts for easy installation and configuration:
NGINX is used to request files from the local datastore or harbor environment.
Harbor is the container registry that hosts the OCI images required by VMware Telco Cloud Automation and VMware Tanzu Kubernetes Grid.
Reposyc synchronizes the airgapped repository with the upstream repository located on the internet.
BOM Files are used by the Telco Cloud Automation platform.
Design Recommendation |
Design Justification |
Design Implication |
---|---|---|
Where required, leverage the airgapped solution to eliminate direct Internet connectivity. |
|
Requires the airgap server to be deployed, maintained, and upgraded over time. |