VMware Telco Cloud Operations Deployment Guide - VMware … · 2020. 9. 3. · n Be familiar with vCenter, deployment of OVAs, and basic networking n Have access to the vCenter, and

VMware Telco Cloud Operations Deployment Guide

VMware Telco Cloud Operations 1.0

You can find the most up-to-date technical documentation on the VMware website at:

https://docs.vmware.com/

VMware, Inc.3401 Hillview Ave.Palo Alto, CA 94304www.vmware.com

Copyright ©

2020 VMware, Inc. All rights reserved. Copyright and trademark information.


VMware, Inc. 2

https://docs.vmware.com/

http://pubs.vmware.com/copyright-trademark.html

Contents

1 Introduction 5Audience 5

Features for Automated Deployment 5

2 Preparing for Deployment 7Accessing the OVAs and Deploy Tool 7

VMware Telco Cloud Operations System Requirements 7

Additional Requirements 10

Performances and Scalability Results 13

Extra Small (2.5K) Deployment 13

Small (25K) Deployment 18

Medium (50K) Deployment 23

3 Installing Using vCenter 28

4 Automated Installation 44Installer System Requirements 44

Installing VMware OVF Tool 45

Installing jq 48

Installing cURL 55

Installing govc 58

Creating a Public Key 59

Installing Deploy Tool 60

Deploying VMware Telco Cloud Operations 61

Viewing the deploy.settings File 67

Viewing a Deployment Run 68

5 Troubleshooting the Deployment 74

6 Uninstalling VMware Telco Cloud Operations 75Uninstallation Using vCenter 75

Automated Uninstallation 75

7 Post Installation 77Administration UI 77

Integration with VMware Smart Assurance 77

Configuring Role 78

VMware, Inc. 3

8 Security Recommendations 80


VMware, Inc. 4

Introduction 1The VMware Telco Cloud Operations Deployment Guide provides information about deploying the VMware Telco Cloud Operations virtual appliance multi-VM cluster.

To create the multi-VM cluster, you can either perform an automated installation or install using vCenter. Characteristics of VMware Telco Cloud Operations are as follows:

n Deployed as a five VM (node) cluster

n Deployed on ESXi hypervisor

n Uses vCenter to manage ESXi

n Deployment for three footprints base on the number of managed devices

n 2.5K — up to 2,500 managed devices

n 25K — up to 25,000 managed devices

n 50K — up to 50,000 managed devices

This chapter includes the following topics:

n Audience

n Features for Automated Deployment

Audience

This guide assumes the reader has experience with the following:

n VMware vCenter administration

n Linux system administration

n Basic SSH configuration on Linux systems (for example, the ability to create key pair)

For a full list of user and permission requirements see Additonal Requirements in the VMware Telco Cloud Operations System Requirements section.

Features for Automated Deployment

Using the automated installer allows for a shorter deployment time and orchestrates the order of settings for a sucessful and error-free deployment.

VMware, Inc. 5

The following highlights the advantahges of using an automated deployment:

n Deploys both control plane node and worker VMs

n Checks required dependencies on the host that the tool is run on

n Validates deployment configuration provided by the user

n Supports staging OVA for faster deployment

n Avoids repeating steps in the deployment process if the process needs to be rerun by checking for already installed VMs

n Supports deployment specifying the vCenter cluster name or ESXi hosts in a datacenter

n Supports the uninstall of an existing deployment, whether the cluster is fully deployed or partially installed


VMware, Inc. 6

Preparing for Deployment 2Telco Cloud Operations platform is deployed as set of clustered VMs deployed on ESXi servers, under management of a vCenter. The deployment of Telco Cloud Operations is performed from a separate installer system.


n Accessing the OVAs and Deploy Tool

n VMware Telco Cloud Operations System Requirements

n Additional Requirements

n Performances and Scalability Results

Accessing the OVAs and Deploy Tool

You can download Telco Cloud Operations OVA files from My VMware.com to a location accessible for installation.

Before deploying the VMware Telco Cloud Operations obtain the following distribution OVAs.

1 VMware-TCOps-Control-Plane-Node-<VERSION>-<BUILD_ID>.ova (for the control plane node )

2 VMware-TCOps-Worker-<VERSION>-<BUILD_ID>.ova (for the worker nodes)

3 VMware-TCOps-Deploy-Tool-<VERSION>-<BUILD_ID>.tar.gz

(Only required for automated deployment of the above OVAs.)

VMware Telco Cloud Operations System Requirements

A VMware Telco Cloud Operations deployment comprises a set of virtual machines (VMs) deployed on VMware ESXi hypervisors. It is recommended, but not required, that the ESXi infrastructure on which the VMware Telco Cloud Operations is deployed be managed by VMware vCenter.

Role for Each Virtual Machine

VMware, Inc. 7

http://myvmware.com/

Each virtual machine (or node) in the cluster must have one of the following roles:

n control-plane-node — node which hosts the user interface and generally has lower CPU and memory requirements than other nodes

n elasticworker — hosts the main data store for the cluster and generally has larger storage requirements than other nodes

n kafkaworker — node which hosts the main data bus for the cluster

n arangoworker — node which hosts the topology store for the cluster

n domainmanagers — node which hosts the data collectors for the cluster

Hardware Requirements

A VMware Telco Cloud Operations deployment requires that sufficient virtual CPU, memory, and disk space be available to support deployment of the desired VMware Telco Cloud Operations footprint. It is recommended, but not required, that each of the VMware Telco Cloud Operations VMs be deployed on a different ESXi for optimal performance.

The recommendation is that each ESXi be provisioned with additional headroom beyond the minimum required CPU and RAM to host the virtual machines. The recommendations are 1 additional CPU and 6 additional GBs.

Extra Small (2.5K) Footprint

For a Extra Small (2.5K) footprint, a VMware Telco Cloud Operations deployment is comprised of: 5 virtual machines, using a total of 2,420 GB of available disk storage, 16 virtual CPUs, and 108 GB of RAM. The CPU and disk requirements of the 5 virtual machines are summarized as follows:

Node CPU RAM (GB) Disk (GB)

Control Plane Node (control-plane-node)

2 8 364

Worker 1 (elasticworker) 3 24 1,264

Worker 2 (arangoworker) 4 24 264

Worker 3 (kafkaworker) 4 24 264

Worker 4 (domainmanager) 3 16 264

Total 16 108 2,420

Small (25K) Footprint

For a Small (25K) footprint, a VMware Telco Cloud Operations deployment is comprised of : 5 virtual machines, using a total of 12 TB (11,820 GB) of available disk storage, 38 virtual CPUs, and 128 GB of RAM. The CPU and disk requirements of the 5 virtual machines are summarized as follows:


VMware, Inc. 8



2 8 364





Total 38 128 11,820

Medium (50K) Footprint

For a Medium (50K) footprint, a VMware Telco Cloud Operations deployment is comprised of : 5 virtual machines, using a total of 23 TB (22,420 GB) of available disk storage, 70 virtual CPUs, and 212 GB of RAM. The CPU and disk requirements of the 5 virtual machines are summarized as follows:



2 8 364





Total 70 212 22,420

vCenter

It is recommended that the VMware Telco Cloud Operations ESXi(s) and VMs be managed by vCenter. Additional resources may be required to host a vCenter if one is not already available.

Note The VMware Telco Cloud Operations automated deployment tool requires that the target ESXi infrastructure be managed by vCenter.

Software

The following software versions are supported:

n ESXi 6.7 and 7.0

n vCenter 6.7 and 7.0

Network

The following describes networking requirements and recommendations for the VMware Telco Cloud Operations deployment.


VMware, Inc. 9

Networking Description

Network Connectivity Connectivity is between vCenter and ESXi(s)

IP Addresses Use IPv4 addressing. IPv6 addressing is not supported.

Host Topology It is strongly recommended to create a cluster and add all ESXi(s) to it (use vSphere HA and other cluster-wide features.

Deployment to ESXi(s) not in the cluster are supported.

Placement of all ESXi(s) should be either in a cluster or all out of the cluster.

Virtual Machine Deployment (based on topology) 1. By specifying only the cluster name, vSphere determines the ESXi to deploy each VM to.

2. By specifying only the ESXi IP addresses. Two possibilities:

— If ESXi(s) are in a cluster, each VM is deployed to the specified ESXi; however, if DRS is turned on, then vSphere determines the ESXi.

— If ESXi(s) are not in a cluster, the VM is deployed to the specified ESXi.

Storage

It is strongly recommended shared storage is accessible by ESXi(s) (required for vSphere HA and other cluster-wide features). The following is an example for vSAN:

n Directly attached local storage on each ESXi also supported

n Datastores should be configured

Note It is highly desirable the user deploying VMware Telco Cloud Operations be familiar with SSH, be able to SSH to a host after deployment, and is able to run basic shell commands. In Windows, it's recommended to us PuTTY for this purpose.

Additional Requirements

Users and Permissions

The user deploying must:

n Be familiar with vCenter, deployment of OVAs, and basic networking

n Have access to the vCenter, and ESXi(s) to which VMware Telco Cloud Operations will be deployed

n Be able to download OVA files and deploy to vCenter cluster or host resources

n Be able to determine and define storage placement for OVAs

n Be able to define and deploy network connectivity between deployed virtual machines

n Be able to enter OVF Parameters at deploy time


VMware, Inc. 10

n Have the required permissions to deploy OVAs on the target ESXi(s) and start when deployed

Obtain the following information and make note:

Category Setting Comment

Security Administrator user password The desired password for the VMware Telco Cloud Operations VM administrative user. The username for this user is clusteradmin

Administrator user public key Path to an SSH public key file. This can be used to support secure, password-less login to the VM, as the administrative user. Generally this file will be called id_rsa.pub or id_dsa.pub (optional).

When using the VMware Telco Cloud Operations Deploy Tool, this is required.

Root user password The desired password for the VMware Telco Cloud Operations VM root user.

Root user public key Path to an SSH public key file. This can be used to support secure, password-less login to the VM, as the root user. Generally this file will be called id_rsa.pub or id_dsa.pub (optional).

If choosing without-password below, this is required.

Root SSH access policy The desired SSH access policy for the root user; possible values are:

n yes, meaning that the root user is allowed to SSH to the VM

n no, meaning that the root user is not allowed to SSH to the VM

n without-password, meaning that the root user can only SSH to the VM using an SSH key, not password

Hosting Target host for each virtual machine Either the name of the vCenter cluster to which the TCOps VMs will be deployed, or the ESXi host to which each VM will be deployed. As mentioned in theVMware Telco Cloud Operations System Requirements , creating a cluster is strongly recommended.


VMware, Inc. 11

Category Setting Comment

Role for each virtual machine Each virtual machine in the VMware Telco Cloud Operations cluster must have one of the following roles. Roles have been described in VMware Telco Cloud Operations System Requirements.

n control-plane-node

n elasticworker

n kafkaworker

n arangoworker

n domainmanagers

Storage Data store for each virtual machine The datastore to be used to store the virtual disks for each deployed VMware Telco Cloud Operations virtual machine.

Networking IP assignment mechanism (static or DHCP)

VMware Telco Cloud Operations supports DHCP or static IP address assignment. It is strongly recommended that static IP address assignment be used.

In the case of DHCP, the following network settings do not need to be provided since they will be assigned by the DHCP server.

Static IP address for each node Required if static IP address assignment is used. For each node, identify the IP address to be assigned to it. Must be in CIDR format.

Default gateway Required if static IP address assignment is used. Specifies the default gateway for the virtual machines.

DNS server IP address(es) Required if static IP address assignment is used. Comma-separated list of IPv4 addresses of DNS servers to be used by the VMs.

DNS search domain Required if static IP address assignment is used. Comma-separated list of DNS search domains to be used by the VMs.

NTP server address (Optional.) The IP address of a Network Time Protocol (NTP) server.


VMware, Inc. 12

Performances and Scalability Results

The qualification activity validates the performance and scalability numbers of VMware Telco Cloud Operations services for extra small, small, medium footprint with Smart Assurance, MnR, and 10.X deployments, managing legacy networks and new data sources (VeloCloud and NetFlow).

Performance of VMware Telco Cloud Operations services are measured by customers. Customers observed the following conditions:

1 Specfication for Extra Small, Small, and Medium footprints.

2 Performance of the Notification Console.

3 Performance of Topology Maps.

4 Performance of Dashboards and Reports.

5 Performance of Collectors and Gateway.

6 Resource utilization of VMware Telco Cloud Operations Services.

Extra Small (2.5K) Deployment

Topology Size

Deployment Number of Devices Number of Events/Days Number of Metrics/5 min

Extra Small 2500 2500 1M

Test Bed

Topology and Events: Simulation Based on the Smarts Domain Manager repositories

Metrics: Simulation of Raw Metrics and Net Flows

Deployment

Routers Managed P&I

Hosts VMs Edges Total No of Events=Number of Devices * 4 + 5k External Events (INCHARGE-OI)

Number of raw metrics from ( Smarts metric collector and VeloCloud collector)

Number of metrics from M&R Gateway(Flows+Metrics(SNMP, vCenter)

Number of Traffic Flows(Native)

Extra Small

1500 30K 200 500 300 15K 570K 400K 350


VMware, Inc. 13

Test Results for Notifications Console

Sl No. Test Case Expected Result Measured Result

1 Data synchronization of Smarts 10.X notifications with VMware Telco Cloud Operations (All Smarts 10.X notifications and their states should be synchronized with VMware Telco Cloud Operations). Measured with end to end (SAM to VMware Telco Cloud Operations UI without manual refresh).

15 min 12 min 30 sec

2 Time taken for all notifications to show up in Notification Console (Measured to launch first 100 events).

5s 3s

3 Time taken to populate data in a newly added notification view with set of filters. (Add 5 notification views with set of filters.)

3s 3s

4 Time taken to populate data in a newly added notification console with set of filters. (Add 5 notification consoles with set of filters.)

3s 4s

5 Time taken to populate data in a newly added summary view with set of filters. (Add 5 notification summary views with set of filters.)

3s 4s

6 Time taken to expand any root-cause notification to show all impacted notifications. (For XS, S, M RCA with - 16, 24, 25 impacts respectively.)

3s 2s

7 Time taken to launch and show browse details (all tabs should refresh with data) of a selected notification. (For XS, S, M RCA with - 16, 24, 25 Impacts respectively.)

3s 6s

8 Time taken to refresh the notification console with filter set on any column with string data

3s 3s

9 Time taken to Ack, Take Ownership of bulk (100) notifications.

5s 16s

Test Results for Topology Maps


1 Data synchronization of Smarts 10.X topology with VMware Telco Cloud Operations (All Smarts 10.X topology and their relations should be synchronized with VMware Telco Cloud Operations).

5 min 3 min

2 Time taken for Smarts 10.X topology to show up in Topology Browser.

5s 2s

3 Time taken to expand classes with more than 1000 instances in Topology Browser.

5s 4s


VMware, Inc. 14


4 Time taken to show the instances of class with more than 1000 instances in Topology Map drop down box.

5s 2s

5 Time taken to render a Topology map of a selected instance with ~50 connected/associated instances (example: VirtualCenter).

5s 7s

6 Time taken to expand selected map in #5 test case with 2 hop counts (Physical Connectivity Map) Nodes ~ 500, Edges ~ 10k.

5s 4s

7 Time taken to display the details (all tabs should refresh with data) of any topology node in #6 test case.

5s 4s

Test Results for Dashboards & Reports

Sl No.All Test Cases ( Tested with 2 Weeks of Data and Default Time) Expected Result Measured Result

1 Time taken to render Network Summary dashboard (Landing Page)

5s 6s

2 Time taken to refresh Network Summary dashboard

5s 5s

3 Time taken to render Inventory dashboard (Network Inventory)

5s 11s

4 Time taken to refresh Inventory dashboard 5s 10s

5 Time taken to render SDWAN dashboard 5s 5s

6 Time taken to refresh SDWAN dashboard 5s 4s

7 Time taken to render KPI dashboard 5s 1s

8 Time taken to refresh KPI dashboard 5s 1s

9 Time taken to render “vCenter” dashboard 5s 4s

10 Time taken to refresh vCenter dashboard 5s 2s

11 Time taken to render VMware Telco Cloud Operations MnR Gateway Traffic Flow dashboard

5s 4s

12 Time taken to refresh VMware Telco Cloud Operations MnR Gateway Traffic Flow dashboard

5s 2s

13 Time taken to render VMware Telco Cloud Operations MnR Gateway Traffic Flow Flow Top N Summary

5s 3s

14 Time taken to refresh VMware Telco Cloud Operations MnR Gateway Traffic Flow, Flow Top N Summary

5s 2s


VMware, Inc. 15

Sl No.All Test Cases ( Tested with 2 Weeks of Data and Default Time) Expected Result Measured Result

15 Time taken to render VMware Telco Cloud Operations MnR Gateway Traffic Flow Flow Trends

5s 3s

16 Time taken to refresh VMware Telco Cloud Operations MnR Gateway Traffic Flow Flow Trends

5s 2s

17 Time taken to render VMware Telco Cloud Operations Native Netflow dashboard

5s 3s

18 Time taken to refresh VMware Telco Cloud Operations Native Netflow dashboard

5s 2s

Test Results for Collectors and Gateway


1 Number of VeloCloud discovery collectors (6hr polling period).

1 1

2 Number of VeloCloud monitoring collectors (5min polling period).

1 1

3 Number of VeloCloud performance collectors (5min polling period).

1 1

4 Number of NetFlow collectors (5min polling period).

1 1

5 Number of M&R Gateway collectors ( Traffic Flow, vCenter SP, and SNMP Custom Collector ( 1 GW Collector for Metric data and 1 GW Collector for traffice flow Event data).

1 2

7 Polling Period for Smarts Metric collector to collect the data from Domain Managers .

300s 210s

Resource Utilization

Node NameNode CPU %

Node Memory % POD Name (Services)

POD CPU utilization %

POD Memory utilization %

arangoworker 78 34 alerting-rest-9c76b8575-n9whb 0.1 1.6

apiservice-69dbf6c7b5-lx74z 0.1 5.0

arangodb-755f6b74bf-x9zwk 0.3 9.4

catalog-656d6b87c7-cbkgm 0.2 1.4

events-5f65fc5599-txjdd 39.8 0.5

jobmanager-5774f44f9b-5hzmm 0.3 2.7


VMware, Inc. 16

Node NameNode CPU %




k4m-rest-7f4b4db56b-fbxh7 0.2 1.5

omega-enrichment-rest-7758795bbd-ch2bq

0.1 1.1

redis-59498cbf97-d9sw2 0.2 0.3

taskmanager-85f6d7587c-nfv4p 36.0 9.1

tco-node-monitor-zc6qd 0.1 0.1

tco-self-monitoring-7c4cfcb95c-6scr8 0.1 0.1

domainmanagers 75 58 aci-pm-6d45476944-prgd4 1.6 1.4

analytics-service-546bcccb54-fpqgs 0.1 0.4

cisco-aci19125d-dm-699788d564-98z2b 1.4 1.4

cisco-acic6ce72-dm-5669875c87-5txck 25.1 1.0

collector-manager-6979f8c8f4-jjxrg 0.2 0.8

datamgmt 0.2 0.2

gateway-trafficflow-7465488df7-6dw7c 0.6 1.1

gateway-vcenter-custom-945cd9cbd-hn85k

0.8 2.3

kafka-edge-7554ffd95c-pmlfb 1.3 21.1

metrics-velocloud-7459f65b8d-xtsqp 0.6 6.0

metrics-viptela-5fc5c89679-hmdvb 0.9 2.2

smarts-event-data-smarts-sam-5c69bc565-vgd7x

0.2 1.7

smarts-metric-ampmnewus2500-7df46f656b-zmjxx

9.4 2.5

smarts-metric-incharge-am-pm-6bdd649f6-vmhng

0.2 1.3

smarts-topology-data-smarts-sam-5688fc7b4c-mwk2v

0.2 1.3

tco-node-monitor-vhwll 0.2 0.1

velocloud-sdwan336432-dm-c688bc-qmc2j

0.4 3.3

velocloud-sdwanaff28a-dm-78d8f8745d-p65jt

9.2 4.6

viptela-sdwan078fee-dm-79b9b765bd-wvspb

0.2 1.1

viptela-sdwan188886-dm-6dddfdb478-8rk82

20.8 1.0

zookeeper-edge-5c799f7988-8v5ff 0.2 0.7


VMware, Inc. 17

Node NameNode CPU %




elasticworker 8 40 elasticsearch-69469cbfbb-rwlkf 7.7 40.3

tco-node-monitor-wj7xm 0.2 0.1

kafkaworker 28 87 kafka-79fd666d56-c8sxw 12.1 30.9

metric-5cd955dd54-jjhnm 10.6 6.2

metric-gateway-77b5c88dcb-llv7p 1.3 10.7

persistence-664bfb685d-fmvhj 0.3 38.4

tco-node-monitor-78kfx 0.2 0.1

topology-658794bf84-9wq6c 0.1 1.1

vmware-photon-os 15 30 authserver-747c44c757-ftw7q 1.1 2.0

grafana-df7d68496-cb2cf 1.1 0.4

nginx-59c76f6788-phr29 2.1 0.4

omega-patching-rest-566cf497bb-6k7rk 0.2 2.6

tco-node-monitor-9kdd7 0.1 0.1

zookeeper-7c5cc95c97-j67nw 1.2 1.5

Small (25K) Deployment

Topology Size

Deployment Number of Devices Number of Events/Day Number of Metrics/5 mins

Small 25K 25K 10M

Test Bed

Topology and Events: Simulation Based on the Smarts Domain Manager Repositories


Deployment

Routers Managed P&I


No of raw metrics from ( Smarts metric collector and VeloCloud collector)

No of metrics from M&R Gateway(Flows+Metrcis(SNMP, vCenter)

No of Traffic Flows(Native)

Small 15K 300K 2K 5K 3K 105K 5.9M 4M 3500


VMware, Inc. 18


Sl No. Test CaseExpected Result

Measured Result

1 Data synchronization of Smarts 10.X notifications with VMware Telco Cloud Operations.

(All Smarts 10.X notifications and their states should be synchronized with VMware Telco Cloud Operations.)

Measured with end to end (SAM to VMware Telco Cloud Operations UI without manual refresh).

50min 50min

2 Time taken for all notifications to show up in Notification Console (Measured to launch first 100 events).

10s 3s


6s 3s


6s 4s


6s 5s

6 Time taken to expand any root-cause notification to show all impacted notifications. ( For XS, S, M RCA with - 16, 24, 25 impacts respectively.)

6s 3s

7 Time taken to launch and show browse details (all tabs should refresh with data) of a selected notification ( For XS, S, M RCA with - 16, 24, 25 Impacts respectively.)

6s 8s

8 Time taken to refresh the notification console with filter set on any column with string data.

6s 3s

9 Time taken to Ack, Take Ownership of bulk (100) notifications. 10s 30s


Sl No. All Test CasesExpected Result

Measured Result

1 Data synchronization of Smarts 10.X topology with VMware Telco Cloud Operations

(All Smarts 10.X topology and their relations should be synchronized with VMware Telco Cloud Operations.)

5min 3m

2 Time taken for Smarts 10.X topology to show up in Topology Browser. 5s 2s

3 Time taken to expand classes with more than 1000 instances in Topology Browser

5s 4s

4 Time taken to show the instances of class with more than 1000 instances in Topology Map drop down box

5s 2s

5 Time taken to render a Topology map of a selected instance with ~50 connected/associated instances (example: VirtualCenter)

5s 7s


VMware, Inc. 19


Measured Result

6 Time taken to expand selected map in #5 test case with 2 hop counts (Physical Connectivity Map) Nodes ~ 500, Edges ~ 10k

5s 4s


5s 4s

Test Results for Dashboards and Reports

Sl No. All Test Cases ( Tested with 2 Weeks of Data and Default time) Expected Result Measured Result

1 Time taken to render Network Summary dashboard (Landing Page) 25s 15s

2 Time taken to refresh Network Summary dashboard 25s 13s

3 Time taken to render Inventory dashboard (Network Inventory) 25s 30s






9 Time taken to render vCenter dashboard 25s 6s

10 Time taken to refresh vCenter dashboard 25s 2s


25s 5s


25s 2s

13 Time taken to render VMware Telco Cloud Operations MnR Gateway Traffic Flow, Flow Top N Summary

25s 3s


25s 2s

15 Time taken to render VMware Telco Cloud Operations MnR Gateway Traffic Flow, Flow Trends

25s 3s

16 Time taken to refresh VMware Telco Cloud Operations MnR Gateway Traffic Flow, Flow Trends

25s 2s


25s 8s


25s 6s



1 Number of VeloCloud discovery collectors (6hr polling period) 1 1

2 Number of VeloCloud monitoring collectors (5min polling period) 1 1


VMware, Inc. 20


3 Number of VeloCloud performance collectors (5min polling period) 1 1

4 Number of NetFlow collectors (5min polling period) 1 2

5 Number of MnR Gateway collectors ( Traffic Flow, vCenter SP, and SNMP Custom Collector ( 1 GW Collector for Metric data and 1 GW Collector for traffice flow Event data)

2 2

7 Polling Period for Smarts Metric collector to collect the data from Domain Managers

300s 210s


Node NameNode CPU %




arangoworker 40 75 alerting-rest-9c76b8575-mtjrv 0.1 1.3

apiservice-b4898f775-k95xv 0.2 4.2

arangodb-85c7fbd57f-wmqzq 15.3 35.3

catalog-679d9df755-zkgc8 0.1 1.4

jobmanager-574645fcc-llb2d 5.1 3.4

k4m-rest-7f4b4db56b-gvvm8 0.1 1.5

metric-gateway-77b5c88dcb-w4lp8 16.0 19.8

omega-enrichment-rest-7758795bbd-8jrrq 0.1 1.1

redis-59498cbf97-g7v9m 0.1 1.5

tco-node-monitor-png8n 0.1 0.1

domainmanagers 88 80 analytics-service-546bcccb54-27ckf 0.2 0.2

blr-vco-cpumem-69cb57f58c-fgkgb 0.2 2.8

blr-vco-metrics-76667c684b-mgf7j 0.3 7.0

collector-manager-6f4db74fc-vlvxg 0.1 0.8

datamgmt 0.2 0.2

gateway-trafficflow-557475bcdf-dvs4v 0.2 1.2

gateway-vcenter-db9cb549b-nt8v2 3.1 6.8

kafka-edge-75cf55fbb4-rj4cl 0.6 15.5

native-netflow1-56cf5995d4-gxkn4 7.3 0.8

smart-metric-ampmnewus11000-7cbbccccc8-fdvh7

7.5 2.5

smart-metric-ampmnewus14000-5b4668457-whwlx

7.0 2.6

smart-metric-ampmnewus17000-7b447bd968-2mkg9

7.4 2.6


VMware, Inc. 21

Node NameNode CPU %




smart-metric-ampmnewus20000-c96bd88fd-p7tgk

7.4 2.5

smart-metric-ampmnewus2500-bc6cb47c-7zq55

7.5 2.5

smart-metric-ampmnewus8500-84bf7869ff-p94nt

7.1 2.6

smarts-event-data-smarts-sam-5c69bc565-srgsn

0.2 5.7

smarts-metric-incharge-am-pm-5ff795b787-2pc4z

0.1 1.3

smarts-topology-data-smarts-sam-5688fc7b4c-wlb88

0.1 1.7

smarts-topology-data-smarts-sam-5688fc7b4c-xgmxn

0.1 1.7

taskmanager-756fb5d5d8-x6kn7 20.8 5.1

tco-node-monitor-tml7t 0.2 0.1

tco-self-monitoring-7c4cfcb95c-gwp6b 0.2 0.1

usvc-7995ccffbb-rhpwc 0.2 2.4

velocloud-sdwan606968-dm-565599479b-5pbtc

8.1 3.2

viptela-local-785c6bd999-7gk45 0.5 2.7

viptela-local-785c6bd999-ghvn5 0.5 1.6

viptela-sdwan82694f-dm-776cd6cd6f-5mnzx 0.2 1.1

viptela-sdwan82694f-dm-776cd6cd6f-9f5p7 0.2 1.1

zookeeper-edge-5c799f7988-kg977 0.2 0.7

elasticworker 19 56 elasticsearch-5f7fb96b59-9lgsk 17.1 55.2

tco-node-monitor-7ptjc 0.1 0.1

kafkaworker 42 89 events-5f65fc5599-5wdqn 0.9 1.2

kafka-d948765f9-d646m 18.5 45.4

metric-5cd955dd54-87qnn 19.9 5.6

persistence-578d6b6c9b-8x592 0.2 35.7

tco-node-monitor-cdmpq 0.1 0.1

topology-658794bf84-sxk2h 0.2 1.2

vmware-photon-os

19 30 authserver-d855d76dd-h6wg4 0.1 4.1

grafana-ff989bb65-jsp5x 0.2 0.4

nginx-7886ffb748-6wsfk 0.1 0.4


VMware, Inc. 22

Node NameNode CPU %




omega-patching-rest-566cf497bb-7hmq9 0.2 2.3

tco-node-monitor-cnkjx 0.1 0.1

zookeeper-7c5cc95c97-gb2ck 0.2 1.7

Medium (50K) Deployment

Topology Size

Deployment No of Devices No of Events/Day No of Metrics/ 5 mins

Medium 50K 50K 20M

Test Bed

Topology and Events: Simulation Based on the Smarts Domain Manager Repositories


Deployment

Routers Managed P&I


No of raw metrics from ( Smarts metric collector and VeloCloud collector)

No of metrics from M&R Gateway (Flows+Metrcis(SNMP, vCenter)

No of Traffic Flows (Native)

Medium 30K 600K 4K 10K 6.5K 205K 12M 7.7M 7000



Measured Result

1 Data synchronization of Smarts 10.X notifications with VMware Telco Cloud Operations.

(All Smarts 10.X notifications and their states should be synchronized with VMware Telco Cloud Operations.)

Measured with end to end (SAM to VMware Telco Cloud Operations UI without manual refresh).

100min 80min

2 Time taken for all notifications to show up in Notification Console (measured to launch first 100 events).

12s 4s


12s 3s


12s 6s


VMware, Inc. 23


Measured Result


12s 5s

6 Time taken to expand any root-cause notification to show all impacted notifications. ( For XS, S, M RCA with - 16, 24, 25 impacts respectively.)

12s 7s

7 Time taken to launch and show browse details (all tabs should refresh with data) of a selected notification. ( For XS, S, M RCA with - 16, 24, 25 impacts respectively.)

12s 10s

8 Time taken to refresh the notification console with filter set on any column with string data.

12s 6s

9 Time taken to Ack, Take Ownership of bulk (100) notifications. 20s 90s



Measured Result

1 Data synchronization of Smarts 10.X topology with VMware Telco Cloud Operations.

(All Smarts 10.X topology and their relations should be synchronized with VMware Telco Cloud Operations.)

10min 6m

2 Time taken for Smarts 10.X topology to show up in Topology Browser. 20s 3s

3 Time taken to expand classes with more than 1000 instances in Topology Browser

20s 4s

4 Time taken to show the instances of class with more than 1000 instances in Topology Map drop down box

20s 2s

5 Time taken to render a Topology map of a selected instance with ~50 connected/associated instances (example: VirtualCenter)

20s 8s

6 Time taken to expand selected map in #5 test case with 2 hop counts (Physical Connectivity Map) Nodes ~ 500, Edges ~ 10k

20s 4s


20s 4s

Test Results for Dashboards and Reports

Sl No. All Test Cases ( Tested with 2 Weeks of Data and Default time) Expected Desult Measured Result

1 Time taken to render Network Summary dashboard (Landing Page) 30s 36s

2 Time taken to refresh Network Summary dashboard 30s 35s

3 Time taken to render Inventory dashboard (Network Inventory) 30s 18s






VMware, Inc. 24

Sl No. All Test Cases ( Tested with 2 Weeks of Data and Default time) Expected Desult Measured Result


9 Time taken to render vCenter dashboard 30s 53s

10 Time taken to refresh vCenter dashboard 30s 43


30s 5s


30s 3s

13 Time taken to render VMware Telco Cloud Operations MnR Gateway Traffic Flow, Flow Top N Summary

30s 3s


30s 2s

15 Time taken to render VMware Telco Cloud Operations MnR Gateway Traffic Flow, Flow Trends

30s 3s

16 Time taken to refresh VMware Telco Cloud Operations MnR Gateway Traffic Flow, Flow Trends

30s 2s


30s 5s


30s 4s



1 Number of VeloCloud discovery collectors (6hr polling period) 2 2

2 Number of VeloCloud monitoring collectors (5min polling period) 2 2

3 Number of VeloCloud performance collectors (5min polling period) 2 2

4 Number of NetFlow collectors (5min polling period) 4 1

5 Number of MnR Gateway collectors (Traffic Flow, vCenter SP and SNMP Custom Collector ( 1 GW Collector for Metric data and 1 GW Collector for traffice flow Event data)

4 2

7 Polling Period for Smarts Metric collector to collect the data from Domain Managers

300s 220s


Node NameNode CPU %




arangoworker 50 89 alerting-rest-6f9f9db8df-tb2lt 0.1 0.9

apiservice-68c7768d9c-nmzx6 0.1 1.8

arangodb-5d49fc4bfc-mpcrq 0.8 12.8


VMware, Inc. 25

Node NameNode CPU %




catalog-f654dd8dd-997rw 0.1 1.0

events-7c9b864b95-grb6q 0.7 0.6

jobmanager-57788ccddf-rcpvw 0.2 1.7

k4m-rest-77686f9db6-pbgsp 0.1 1.1

metric-67d7ccf967-pxhtf 7.9 10.8

metric-gateway-7488bfd995-b2zxp 21.4 25.3

omega-enrichment-rest-75fbd9c686-mf78b

0.1 0.8

persistence-6fdc7cbfc9-wvjf2 0.2 0.8

redis-5bcfdbb844-k7rnr 1.3 1.4

taskmanager-6d5f98d4cf-7vvr8 12.6 15.1

taskmanager-6d5f98d4cf-wflmm 0.1 11.0

tco-node-monitor-l5pt6 0.1 0.1

topology-54684677f6-t2c9z 0.1 0.8

domainmanagers 70 59 ampmnewus2500-6bbc987fcc-nrw78 3.6 1.5

ampmnewus8500-76bcd5576c-xzqt5 3.6 1.3

analytics-service-6844584495-w7lpn 0.2 0.3

cisco-aci18627f-dm-76859c56fc-jp9mx 21.6 0.6

ciscoaci-7fb9bf649f-vm2jd 1.8 0.6

cisco-acia9fbcb-dm-779bf5966d-4nq7m 0.2 0.8

cisco-viptela-55787b88bd-qz6sh 3.7 0.4

ciscoviptela-7fb4f97548-2xr88 0.2 1.3

collector-manager-5699dc6fc4-8xmw7 0.1 0.4

datamgmt 0.1 0.2

gateway-events-dc79585cf-tn488 0.1 1.9

gateway-vcenter-668c45bd46-pxz44 4.8 6.0

kafka-edge-7cbf75785b-tjkn9 1.0 16.6

localviptela-6fb746b7c8-lcsw8 0.6 1.1

native-netflow-787fc7b96f-b9ptg 18.2 1.2

smarts-event-data-smarts-sam-b4d6cb8d7-c557p

0.2 4.6

smarts-topology-data-smarts-sam-798cb9d4c7-88fjc

0.1 1.0

tco-node-monitor-9pr8v 0.1 0.1

tco-self-monitoring-ddbf4c5d8-jfpg9 0.1 0.2


VMware, Inc. 26

Node NameNode CPU %




vc-8fcbb57bf-ck56r 0.3 0.5

velo-blr-68897ccdb-h6vl4 0.2 1.2

velocloud-sdwan3acab8-dm-75dc6c68f-zmw52

1.4 2.8

velocloud-sdwan4dd026-dm-75fc6548b4-5xrph

3.1 2.0

velocloud-sdwanb139fb-dm-78dfdc94cb-rdnsc

0.2 1.2

velocloud-sdwanbd4568-dm-6c4cf8ff-9hfll

0.2 1.7

velo-metrics-867b4b4fdd-b64jk 0.2 2.7

velo-us-54557dc7d-bxhw7 0.2 1.2

viptela-sdwan2cb5f1-dm-769d778866-mftjp

0.2 0.7

viptela-sdwan2cb5f1-dm-769d778866-z4hl5

0.2 0.6

zookeeper-edge-5c799f7988-jxlqb 0.1 0.4

elasticworker 33 62 elasticsearch-69d5597f9d-mfpgk 30.7 60.3

tco-node-monitor-t6kr8 0.1 0.1

kafkaworker 13 80 kafka-6c985fd754-vdcdm 10.3 75.0

tco-node-monitor-ph565 0.1 0.1

Control-Plane-Node

21 43 authserver-7d4969bd77-9vvkc 0.1 2.1

grafana-df7d68496-j6knz 0.2 0.6

nginx-86cbb9fb4c-wrfng 0.1 0.4

omega-patching-rest-75784bb979-97wsr 0.2 2.3

tco-node-monitor-97hcq 0.1 0.2

zookeeper-7c5cc95c97-bg9jj 0.2 1.4


VMware, Inc. 27

Installing Using vCenter 3Before deploying VMware Telco Cloud Operations, obtain the distribution OVAs.

Two different OVAs are required: control plane node and worker.

n VMware-TCOps-Control-Plane-Node-<VERSION>-<BUILD_ID>.ova (for the control plane node )

n VMware-TCOps-Worker-<VERSION>-<BUILD_ID>.ova (for the worker nodes)

The following steps and screenshots are for vCenter 6.7, other versions of vCenter may differ and maintain general similarities.

Procedure

1 Deploy the control plane node node.

a Log into the vCenter web user interface.

b Select the ESXi or cluster where the control plane node will be deployed.

c From the ACTIONS menu, select Deploy OVF Template. The Deploy OVF Template wizard will appear and lead you to the Select an OVF Template tab.

VMware, Inc. 28

d Select URL and enter the URL from which the OVA can be downloaded, or select Local file and provide a path to the OVA and click NEXT.

e Enter the desired name for the virtual machine and select a folder location as shown in the following screenshot and click Next.


VMware, Inc. 29

f Select the ESXi or cluster to which the control plane node OVA will be deployed and click NEXT.

g Wait for validation.


VMware, Inc. 30

h Confirm the information is correct in the Review details section, and click NEXT.

i Review the end-user license agreement, and check the box to accept. Click NEXT.


VMware, Inc. 31

j Select the desired disk provisioning strategy and data store for the control plane node OVA. Select NEXT.

k Selected the desired network for the control plane node OVA, and click NEXT.


VMware, Inc. 32

l Provide the desired configration settings for the control plane node OVA in the Customize template tab.

1 In the Performance section, select on eof the three available footprints (2.5K, 25K, or 50K) based on the number of managed devices.

2 In the Administrator section, set the desired administrative user password (for username clusteradmin) and confirm. Optional: you can provide the public key string to SSH from the host with the public key.

3 In the Root User section:

n Set the root password and confirm

n Set SSH Login to the desired root SSH login policy (yes, no, or without password)

n If choosing without password set, the public key string to SSH from the host with the public key.

4 In the Management Network section, leave settings blank for DHCP, or enter the static IP (in CIDR format with "/") and default gateway IP.

5 In the Container Networking section, leave the Docker Bridge setting as the default.

6 In the DNS section, leave settings blank for DHCP, or enter the DNS server IP addresses and the default search domain.

7 In the Network Time section, specify NTP hosts if desired (optional).

8 In the Kubernetes section:

n Set the Deployment Mode to control plane node+worker

n Leave the other settings such as Service Domain, Service Network, and Pod Network as the set default

9 In the Kubernetes Bootstrap section:

n Leave the Control Plane Node Address, Token, and CA Certificate Hash blank

n Set the Node name to control-plane-node and click NEXT.


VMware, Inc. 33


VMware, Inc. 34


VMware, Inc. 35

m Review the information in the Ready to complete tab, and click FINISH to proceed with the deployment.

2 Wait for the control plane node node to deploy.


VMware, Inc. 36

3 Customize the control plane node VM.

a Select the control plane node VM.

b From the ACTIONS menu, choose Edit Settings.


VMware, Inc. 37

c Complete the information in the Edit Settings form:

n For the CPU setting, set the desired number of CPUs to allocate to the control plane node according to the deployment sizing guide. For example, 2 CPUs for a 25,000 device capacity server.

n If necessary, for the Memory setting, set the desired amount of RAM to allocate to the control plane node according to the deployment sizing guide. For example, 8 GB for a 25,000 device capacity server.

n If necessary for Hard disk 3 resize the data disk according to the deployment sizing guide.

d Click OK.

4 Power on the control plane node.

5 Verify the control plane node is functional and prepare to set up the cluster.

a Wait for the control plane node to boot. The node will be assigned an IP address.

b Log into your server by way of SSH.

c Log in with username clusteradmin using the administrative password configured in the OVF settings.

d Run the [clusteradmin@w3-rdops-vm01-dhcp-77-4 ~]$ kubectl get nodes command to confirm Kubernetes started correctly. The output is similar to the following:

[clusteradmin@w3-rdops-vm01-dhcp-77-4 ~]$ kubectl get nodes

NAME STATUS ROLES AGE VERSION

w3-rdops-vm01-dhcp-77-4.eng.vmware.com Ready master 2m6s v1.17.3+vmware.2


VMware, Inc. 38

e Visit the URL, https://<control plane node IP>:1081. You can safely accept any certificate errors that occur. When prompted, enter clusteradmin for the username and the password to the one configured for the Administraive user. See Step 1, part l (above).

f Note the following values: Kubernetes Control Plane Node Bootstrap URL, Kubernetes Control Plane Node Bootstrap Token, Kubernetes Control Plane Node Bootstrap CA Certificate Hash.


VMware, Inc. 39

6 Deploy the four worker nodes (for each):

a Deploy the worker OVA. Follow a through k in step 1.

b At the Customize template step of the Deploy OVF Template wizard, provide the desired configuration settings for the worker OVA.

1 In the Administrator section, set the administrative user (clusteradmin) password and confirm. Optionally you may provide the public key string to SSH from the host with the public key.

2 In the Root User section:

n Set the root password and confirm

n Set SSH Login to the desired root SSH login policy (yes, no, or without password)

n If choosing without password set, the public key string to SSH from the host with the public key.

3 In the Management Network section, leave the settings blank for DHCP, or enter the static IP for the worker (must be in CIDR format with "/") and default gateway IP.

4 In the Container Networking section, leave the Docker Bridge default setting.

5 In the DNS section, leave the settings blank for DHCP, or enter the DNS server IP addresses and the default search domain.

6 In the Network Time section, specify the NTP hosts if desired (optional).

7 In the Kubernetes section:

n Set the Deployment Mode to worker

n Leave the defaults for other settings such as Service Domain, Service Network, and Pod Network.

8 In the Kubernetes Bootstrap section:

n Set the Control Plane Node Address to the IP address of the control plane node and specify port 6443. For example, if the control plane node IP address is 129.97.140.10, enter 129.97.140.10:6443

n Set Token and CA Certificate Hash to the values obtained from https://<control plane node ip>:1081

n Set the Node name to one chosen from the drop-down menu: arangoworker, domainmanagers, elasticworker, kafkaworker.

Note There must be one worker node with each name above in the cluster; two nodes cannot have the same name. Each worker must have a node name from list (see Step 6, b, viii).


VMware, Inc. 40

c Complete the Deploy OVF Template wizard by reviewing the details provided at the Ready to complete step. Click FINISH.

d Wait for the worker to deploy.

e Customize the worker VM following the procedure for the control plane node in step 3.


VMware, Inc. 41

f Power on the worker.

g SSH to the control plane node and verify the worker joins the cluster using the kubectl get nodes command.



arangoworker Ready <none> 4m4s v1.17.3+vmware.2

domainmanagers Ready <none> 25s v1.17.3+vmware.2

elasticworker Ready <none> 4m2s v1.17.3+vmware.2

kafkaworker Ready <none> 4m2s v1.17.3+vmware.2

w3-rdops-vm01-dhcp-77-4.eng.vmware.com Ready master 38m v1.17.3+vmware.2

7 Monitor progress by running kubectl get nodes and kubectl get pods -n vmware-smarts. Output from kubectl get nodes will appear similar to the following when the cluster is fully formed.



arangoworker Ready <none> 20m v1.17.3+vmware.2

domainmanagers Ready <none> 16m v1.17.3+vmware.2

elasticworker Ready <none> 20m v1.17.3+vmware.2

kafkaworker Ready <none> 20m v1.17.3+vmware.2

w3-rdops-vm01-dhcp-77-4.eng.vmware.com Ready master 54m v1.17.3+vmware.2

The output from kubectl get pods -n vmware-smarts will appear similar to the following when the services are fully deployed:

[clusteradmin@w3-rdops-vm01-dhcp-77-4 ~]$ kubectl get pods -n vmware-smarts

NAME READY STATUS RESTARTS AGE

alerting-rest-9c76b8575-k9klw 1/1 Running 0 15m

analytics-service-546bcccb54-bdnmb 1/1 Running 0 13m

apiservice-69dbf6c7b5-nldhc 1/1 Running 0 15m

arangodb-85c7fbd57f-cmkrg 1/1 Running 0 14m

authserver-747c44c757-r2xwc 1/1 Running 0 15m

catalog-555cd599b8-pkx6l 1/1 Running 1 15m

collector-manager-5f8c784b85-kjwbc 1/1 Running 0 15m

datamgmt 1/1 Running 0 15m

elasticsearch-5f7fb96b59-q75tj 1/1 Running 0 14m

events-5f65fc5599-5h4zw 1/1 Running 0 15m

grafana-df7d68496-g5hgt 1/1 Running 0 14m

jobmanager-648bd4947d-jlnqq 1/1 Running 0 15m

k4m-rest-7f4b4db56b-6jgwk 1/1 Running 0 15m

kafka-d948765f9-8nfw2 1/1 Running 0 14m

kafka-edge-5f54ffcb9f-fc7sq 1/1 Running 1 13m

metric-5cd955dd54-vl6q5 1/1 Running 2 15m

metric-gateway-77b5c88dcb-fr2zm 1/1 Running 1 15m

nginx-8df5d6555-g75cm 1/1 Running 0 15m

omega-enrichment-rest-7758795bbd-4fvph 1/1 Running 0 15m

omega-patching-rest-566cf497bb-pxlsm 1/1 Running 0 13m

persistence-664bfb685d-kzvfd 1/1 Running 1 15m

redis-59498cbf97-vzx9f 1/1 Running 0 15m

taskmanager-85f6d7587c-jdxdp 1/1 Running 0 15m


VMware, Inc. 42

tco-node-monitor-2w67b 1/1 Running 0 13m

tco-node-monitor-9ncvw 1/1 Running 0 13m

tco-node-monitor-cq9jm 1/1 Running 0 13m

tco-node-monitor-qfl98 1/1 Running 0 13m

tco-node-monitor-z6xvw 1/1 Running 0 13m

tco-self-monitoring-7c4cfcb95c-t8dvq 1/1 Running 0 13m

topology-658794bf84-wzx84 1/1 Running 1 15m

zookeeper-7c5cc95c97-nngkl 1/1 Running 0 15m

zookeeper-edge-5c799f7988-2lwkb 1/1 Running 0 13m

When the state of all the pods show as Running under STATUS and 1/1 under READY, the system is ready for use.

8 Login to the Administrative UI at https://<control plane node IP>:1081 and configure authentication for the VMware Telco Cloud Operationsps system. Follow the procedure descripted in the VMware Telco Cloud Operations documentation.


VMware, Inc. 43

Automated Installation 4The VMwareTelco Cloud Operations deploy tool automates the installation of the VMware Telco Cloud Operations product by deploying all the virtual machines (VMs) that constitute a deployment footprint, powering on, and ensuring the virtual machines are connected to form a cluster. The tool employs VMware OVF Tool for virtual machine deployment and automates various aspects of the deployment process. The tool is capable of uninstalling an existing deployment.

Features:

n Installs complete cluster through the control pane node and workers (similar to manual deployment).

n Deploys all three footprints (extra small — 2.5K, small — 25K, and medium — 50K) with required customization.

n Checks required dependencies on the installer system (host) before running the deploy tool.

n Validates deployment configuration provided by the user.

n OVAs can be staged from installer system for faster deployment or direct deployed from repository (Artifactory).

n Avoids repeating steps in the deployment process if the process needs to be rerun by checking for already installed virtual machines.

n Supports the uninstall of existing an deployment, whether it is a full or partially installed cluster.


n Installer System Requirements

n Installing Deploy Tool

n Deploying VMware Telco Cloud Operations

Installer System Requirements

The automated installation requires VMware Telco Cloud Operations Deploy Tool. The Deploy Tool must be installed on a separate installer system (host). The installer system also has specific dependencies.

VMware, Inc. 44

Requirements

The automated deployment uses the VMware Telco Cloud Operations Deploy Tool, and needs the same hardware, software, networking, storage, and additional requirements as the manual deployment.

Additional Requirements

1 Installer system (Linux host)

n CentOS (version 7)

n Hard disk — capacity to stage both OVAs (at least 13 GB)

n Network connectivity to vCenter

n Ability to download dependencies from the Internet

2 VMware Telco Cloud Operations Deploy Tool

n Obtain this file: VMware-TCOps-Deploy-Tool-<VERSION>-<BUILD_ID>.tar.gz

n Verify the file has the same version and build_id as the OVAs

3 OVFTool (version 4.3.0) — The VMware Telco Cloud Operations Deploy Tool uses OVFTool internally

4 jq (version 1.5 or 1.6)

5 cURL (version 7.29.0 or 7.38.0)

6 govc (version 0.23.0)

Overview of Steps for Automated Deployment:

1 Install the VMware Telco Cloud Operations Deploy Tool on an installer system.

2 Install the dependencies on the installer system (OVFTool, jq, cURL, govc).

3 Create public key for SSH access.

4 Configure the deployment.settings file.

5 Launch the VMware Telco Cloud Operations Deploy Tool.

Installing VMware OVF Tool

The Telco Cloud Operations deploy tool is compatible with VMware OVF Tool, version 4.3.0.

Prerequisites

Customers should contact their VMware representative for the binary VMware OVF Tool.


VMware, Inc. 45

Procedure

1 Download the VMware OVF Tool and copy it to your host under your home directory (or other location).

$ wget http://build-squid.eng.vmware.com/build/mts/release/bora-13912821/publish/VMware-

ovftool-4.3.0-13912821-lin.x86_64.zip

--2020-06-21 18:15:45-- http://build-squid.eng.vmware.com/build/mts/release/bora-13912821/

publish/VMware-ovftool-4.3.0-13912821-lin.x86_64.zip

Resolving build-squid.eng.vmware.com (build-squid.eng.vmware.com)... fd01:3:4:2809:0:1:16:187,

fd01:3:4:2809:0:1:16:186, fd01:3:4:2809:0:1:16:183, ...

Connecting to build-squid.eng.vmware.com (build-squid.eng.vmware.com)|

fd01:3:4:2809:0:1:16:187|:80... connected.

HTTP request sent, awaiting response... 200 OK

Length: 20872902 (20M) [application/zip]

Saving to: ‘VMware-ovftool-4.3.0-13912821-lin.x86_64.zip’

100%

[=================================================================================================

======>] 20,872,902 47.9MB/s in 0.4s

2020-06-21 18:15:46 (47.9 MB/s) - ‘VMware-ovftool-4.3.0-13912821-lin.x86_64.zip’ saved

[20872902/20872902]

2 Unzip the VMware OVF Tool.

$ unzip VMware-ovftool-4.3.0-13912821-lin.x86_64.zip

Archive: VMware-ovftool-4.3.0-13912821-lin.x86_64.zip

creating: ovftool/

creating: ovftool/.installer/

creating: ovftool/.installer/4.3.0/

extracting: ovftool/.installer/4.3.0/__init__.py

creating: ovftool/.installer/4.3.0/include/

inflating: ovftool/.installer/4.3.0/include/initscript.py

inflating: ovftool/.installer/4.3.0/include/systemType.py

inflating: ovftool/.installer/4.3.0/include/update.py

inflating: ovftool/.installer/4.3.0/include/versions.py

inflating: ovftool/.installer/4.3.0/vmware-ovftool.py

inflating: ovftool/README.txt

creating: ovftool/certs/

inflating: ovftool/certs/cacert.pem

creating: ovftool/env/

inflating: ovftool/env/defloc.vlcl

creating: ovftool/env/en/

inflating: ovftool/env/en/action.vmsg

inflating: ovftool/env/en/alarm.vmsg

inflating: ovftool/env/en/auth.vmsg

inflating: ovftool/env/en/cluster.vmsg

inflating: ovftool/env/en/default.vmsg

inflating: ovftool/env/en/enum.vmsg

inflating: ovftool/env/en/evc.vmsg

inflating: ovftool/env/en/event.vmsg

inflating: ovftool/env/en/eventaux.vmsg


VMware, Inc. 46

inflating: ovftool/env/en/fault.vmsg

inflating: ovftool/env/en/gos.vmsg

inflating: ovftool/env/en/host.vmsg

inflating: ovftool/env/en/locmsg.vmsg

inflating: ovftool/env/en/option.vmsg

inflating: ovftool/env/en/ovftool-warning.vmsg

inflating: ovftool/env/en/ovftool.vmsg

inflating: ovftool/env/en/perf.vmsg

inflating: ovftool/env/en/question.vmsg

inflating: ovftool/env/en/stask.vmsg

inflating: ovftool/env/en/task.vmsg

inflating: ovftool/env/en/vm.vmsg

inflating: ovftool/env/iso2psx.vlcl

inflating: ovftool/env/iso2win.vlcl

inflating: ovftool/env/isodata.vlcl

inflating: ovftool/env/loc2iso.vlcl

inflating: ovftool/env/ovftool-hw10-config-option.xml











inflating: ovftool/icudt44l.dat

inflating: ovftool/libcares.so.2

inflating: ovftool/libcrypto.so.1.0.2

inflating: ovftool/libcurl.so.4

inflating: ovftool/libexpat.so

inflating: ovftool/libgcc_s.so.1

inflating: ovftool/libgoogleurl.so.59

inflating: ovftool/libicudata.so.58

inflating: ovftool/libicuuc.so.58

inflating: ovftool/libssl.so.1.0.2

inflating: ovftool/libssoclient.so

inflating: ovftool/libstdc++.so.6

inflating: ovftool/libvim-types.so

inflating: ovftool/libvmacore.so

inflating: ovftool/libvmomi.so

inflating: ovftool/libxerces-c-3.1.so

inflating: ovftool/libz.so.1

inflating: ovftool/manifest.xml

inflating: ovftool/open_source_licenses.txt

inflating: ovftool/ovftool

inflating: ovftool/ovftool.bin

creating: ovftool/schemas/

creating: ovftool/schemas/DMTF/

inflating: ovftool/schemas/DMTF/CIM_ResourceAllocationSettingData.xsd

inflating: ovftool/schemas/DMTF/CIM_VirtualSystemSettingData.xsd

inflating: ovftool/schemas/DMTF/common.xsd

inflating: ovftool/schemas/DMTF/dsp8023.xsd

inflating: ovftool/schemas/DMTF/dsp8027.xsd


VMware, Inc. 47

inflating: ovftool/schemas/DMTF/xml.xsd

creating: ovftool/schemas/vmware/

inflating: ovftool/schemas/vmware/ovf-vmware.xsd

inflating: ovftool/schemas/vmware/ovfenv-vmware.xsd

inflating: ovftool/vmware-eula.rtf

inflating: ovftool/vmware.eula

3 Add the following line to your .bashrc file:

export PATH=$PATH:/home/worker/ovftool

Notice the added .bashrc file line at the bottom.

$ cat .bashrc

# .bashrc

# Source global definitions

if [ -f /etc/bashrc ]; then

. /etc/bashrc

fi

# Uncomment the following line if you don't like systemctl's auto-paging feature:

# export SYSTEMD_PAGER=

# User specific aliases and functions

export PATH=$PATH:/home/worker/ovftool

4 Run the .bashrc file:

$ source .bashrc

5 Verify the VMware OVF Tool is installed.

$ ovftool --version

VMware ovftool 4.3.0 (build-13912821)

What to do next

Install jq.

Installing jq

The Telco Cloud Operations deploy tool is compatible with jq version 1.5 or 1.6. There are two ways to install jq. The preferred way to is to use yum. The alternative is using wget. Both ways are documented.

Yum Installation (Recommended)


VMware, Inc. 48

Procedure

1 Run the following command and enter y when prompted. (You will see Complete! upon sucessful installation.)

$ yum install jq

Loaded plugins: changelog, fastestmirror, langpacks, priorities, product-id, search-disabled-

repos, subscription-manager

You need to be root to perform this command.

[worker@butler-worker deploy-tool]$ sudo yum install jq



This system is not registered with an entitlement server. You can use subscription-manager to

register.

Determining fastest mirrors

epel/x86_64/

metalink

| 18 kB 00:00:00

* base: centos-distro.1gservers.com

* epel: mirror.sfo12.us.leaseweb.net

* extras: mirrors.sonic.net

* updates: linux.mirrors.es.net

CentOS-Base-

Internal

| 3.6 kB 00:00:00

CentOS-Extras-

Internal

| 3.4 kB 00:00:00

CentOS-Updates-

Internal

| 3.0 kB 00:00:00

base

| 3.6 kB 00:00:00

docker-ce-

edge

| 3.5 kB 00:00:00

docker-ce-

stable

| 3.5 kB 00:00:00

epel

| 4.7 kB 00:00:00

extras

| 2.9 kB 00:00:00

updates

| 2.9 kB 00:00:00

(1/15): CentOS-Base-Internal/

group_gz |

155 kB 00:00:00

(2/15): CentOS-Extras-Internal/

primary_db | 166

kB 00:00:00

(3/15): base/7/x86_64/

group_gz

| 153 kB 00:00:00

(4/15): CentOS-Base-Internal/


VMware, Inc. 49

primary_db |

5.3 MB 00:00:01

(5/15): docker-ce-edge/x86_64/

updateinfo |

55 B 00:00:00

(6/15): CentOS-Updates-Internal/

primary_db | 9.8

MB 00:00:01

(7/15): docker-ce-edge/x86_64/

primary_db | 48

kB 00:00:01

(8/15): docker-ce-stable/x86_64/

primary_db | 44

kB 00:00:00

(9/15): epel/x86_64/

group_gz

| 95 kB 00:00:00

(10/15): docker-ce-stable/x86_64/

updateinfo | 55

B 00:00:00

(11/15): epel/x86_64/

updateinfo

| 1.0 MB 00:00:00

(12/15): extras/7/x86_64/

primary_db

| 194 kB 00:00:00

(13/15): base/7/x86_64/

primary_db

| 6.1 MB 00:00:02

(14/15): updates/7/x86_64/

primary_db |

2.1 MB 00:00:01

(15/15): epel/x86_64/

primary_db

| 6.8 MB 00:00:02

Resolving Dependencies

--> Running transaction check

---> Package jq.x86_64 0:1.6-2.el7 will be installed

--> Processing Dependency: libonig.so.5()(64bit) for package: jq-1.6-2.el7.x86_64


---> Package oniguruma.x86_64 0:6.8.2-1.el7 will be installed

--> Finished Dependency Resolution

Dependencies Resolved

==================================================================================================

===============================================

Package Arch

Version Repository Size

==================================================================================================

===============================================

Installing:

jq x86_64


VMware, Inc. 50

1.6-2.el7 epel 167 k

Installing for dependencies:

oniguruma x86_64

6.8.2-1.el7 epel 181 k

Transaction Summary

==================================================================================================

===============================================

Install 1 Package (+1 Dependent package)

Total download size: 348 k

Installed size: 1.0 M

Is this ok [y/d/N]: y

Downloading packages:

(1/2):

jq-1.6-2.el7.x86_64.rpm

| 167 kB 00:00:00

(2/2):

oniguruma-6.8.2-1.el7.x86_64.rpm

| 181 kB 00:00:00

--------------------------------------------------------------------------------------------------

-----------------------------------------------

Total

654 kB/s | 348 kB 00:00:00

Running transaction check

Running transaction test

Transaction test succeeded

Running transaction

Installing :

oniguruma-6.8.2-1.el7.x86_64

1/2

Installing :

jq-1.6-2.el7.x86_64

2/2

Verifying :

oniguruma-6.8.2-1.el7.x86_64

1/2

Verifying :

jq-1.6-2.el7.x86_64

2/2

Installed:

jq.x86_64

0:1.6-2.el7

Dependency Installed:

oniguruma.x86_64

0:6.8.2-1.el7


VMware, Inc. 51

Complete!

2 Verify the installation by running:

$ jq --version

jq-1.6

If the command does not work, you may have to install the EPEL repository, then run the following command. Enter y when prompted.

$ sudo yum install epel-release




register.

Loading mirror speeds from cached hostfile







---> Package epel-release.noarch 0:7-11 will be updated

---> Package epel-release.noarch 0:7-12 will be an update



==================================================================================================

===============================================

Package Arch


==================================================================================================

===============================================

Updating:

epel-release noarch

7-12 epel 15 k

Transaction Summary

==================================================================================================

===============================================

Upgrade 1 Package




Delta RPMs disabled because /usr/bin/applydeltarpm not installed.


VMware, Inc. 52

epel-

release-7-12.noarch.rpm

| 15 kB 00:00:04




Running transaction

Updating : epel-

release-7-12.noarch

1/2

Cleanup : epel-

release-7-11.noarch

2/2

Verifying : epel-

release-7-12.noarch

1/2

Verifying : epel-

release-7-11.noarch

2/2

Updated:

epel-release.noarch

0:7-12

Complete!

$ sudo yum install jq




register.








---> Package jq.x86_64 0:1.6-2.el7 will be installed



==================================================================================================

===============================================

Package Arch


==================================================================================================

===============================================

Installing:


VMware, Inc. 53

jq x86_64

1.6-2.el7 epel 167 k

Transaction Summary

==================================================================================================

===============================================

Install 1 Package


Installed size: 381 k



jq-1.6-2.el7.x86_64.rpm

| 167 kB 00:00:00




Running transaction

Installing :

jq-1.6-2.el7.x86_64

1/1

Verifying :

jq-1.6-2.el7.x86_64

1/1

Installed:

jq.x86_64

0:1.6-2.el7

Complete!

wget Installation (Alternative)

3 Download the package from the link and run the following command:

https://github.com/stedolan/jq/releases/download/jq-1.6/jq-linux64

$ wget -O jq https://github.com/stedolan/jq/releases/download/jq-1.6/jq-linux64

--2020-06-21 15:54:38-- https://github.com/stedolan/jq/releases/download/jq-1.6/jq-linux64

Resolving github.com (github.com)... 192.30.255.112

Connecting to github.com (github.com)|192.30.255.112|:443... connected.

HTTP request sent, awaiting response... 302 Found

Location: https://github-production-release-asset-2e65be.s3.amazonaws.com/5101141/6387d980-

de1f-11e8-8d3e-4455415aa408?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAIWNJYAX4CSVEH53A

%2F20200621%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20200621T225318Z&X-Amz-Expires=300&X-Amz-

Signature=7a70537f9b23cde0c04104fb2017ceaa4490d95bf440ac9cbd851e8e892e2651&X-Amz-

SignedHeaders=host&actor_id=0&repo_id=5101141&response-content-disposition=attachment%3B

%20filename%3Djq-linux64&response-content-type=application%2Foctet-stream [following]

--2020-06-21 15:54:38-- https://github-production-release-asset-2e65be.s3.amazonaws.com/

5101141/6387d980-de1f-11e8-8d3e-4455415aa408?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-


VMware, Inc. 54

https://github.com/stedolan/jq/releases/download/jq-1.6/jq-linux64

Credential=AKIAIWNJYAX4CSVEH53A%2F20200621%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-

Date=20200621T225318Z&X-Amz-Expires=300&X-Amz-

Signature=7a70537f9b23cde0c04104fb2017ceaa4490d95bf440ac9cbd851e8e892e2651&X-Amz-

SignedHeaders=host&actor_id=0&repo_id=5101141&response-content-disposition=attachment%3B

%20filename%3Djq-linux64&response-content-type=application%2Foctet-stream

Resolving github-production-release-asset-2e65be.s3.amazonaws.com (github-production-release-

asset-2e65be.s3.amazonaws.com)... 52.216.130.115

Connecting to github-production-release-asset-2e65be.s3.amazonaws.com (github-production-release-

asset-2e65be.s3.amazonaws.com)|52.216.130.115|:443... connected.

HTTP request sent, awaiting response... 200 OK

Length: 3953824 (3.8M) [application/octet-stream]

Saving to: ‘jq’

100%

[=================================================================================================

======>] 3,953,824 6.02MB/s in 0.6s

2020-06-21 15:54:39 (6.02 MB/s) - ‘jq’ saved [3953824/3953824]

4 Run the following commands to install wget:

$ chmod +x ./jq

$ sudo cp jq /usr/bin

5 Verify the installation:

$ jq --version

jq-1.6

What to do next

Install cURL

Installing cURL

cURL is computer software that provides a library and command-line tool for transferring data using various network protocols. The Telco Cloud Operations deploy tool is compatable with cURL version 7.29.0 and 7.38.0

Procedure

1 Install cURL by using yum. Enter y when prompted. The following sample output shows cURL updated to a newer version:

$ sudo yum install curl




register.



VMware, Inc. 55







---> Package curl.x86_64 0:7.29.0-46.el7 will be updated

---> Package curl.x86_64 0:7.29.0-57.el7 will be an update

--> Processing Dependency: libcurl = 7.29.0-57.el7 for package: curl-7.29.0-57.el7.x86_64


---> Package libcurl.x86_64 0:7.29.0-46.el7 will be updated

---> Package libcurl.x86_64 0:7.29.0-57.el7 will be an update

--> Processing Dependency: nss-pem(x86-64) >= 1.0.3-5 for package: libcurl-7.29.0-57.el7.x86_64

--> Processing Dependency: libssh2(x86-64) >= 1.8.0 for package: libcurl-7.29.0-57.el7.x86_64


---> Package libssh2.x86_64 0:1.4.3-10.el7_2.1 will be updated

---> Package libssh2.x86_64 0:1.8.0-3.el7 will be an update

---> Package nss-pem.x86_64 0:1.0.3-4.el7 will be updated

---> Package nss-pem.x86_64 0:1.0.3-7.el7 will be an update



==================================================================================================

===============================================

Package Arch


==================================================================================================

===============================================

Updating:

curl x86_64

7.29.0-57.el7 base 270 k

Updating for dependencies:

libcurl x86_64

7.29.0-57.el7 base 223 k

libssh2 x86_64

1.8.0-3.el7 base 88 k

nss-pem x86_64

1.0.3-7.el7 base 74 k

Transaction Summary

==================================================================================================

===============================================

Upgrade 1 Package (+3 Dependent packages)




Delta RPMs disabled because /usr/bin/applydeltarpm not installed.

(1/4):

curl-7.29.0-57.el7.x86_64.rpm


VMware, Inc. 56

| 270 kB 00:00:02

(2/4):

libcurl-7.29.0-57.el7.x86_64.rpm

| 223 kB 00:00:02

(3/4):

libssh2-1.8.0-3.el7.x86_64.rpm

| 88 kB 00:00:00

(4/4): nss-

pem-1.0.3-7.el7.x86_64.rpm

| 74 kB 00:00:00

--------------------------------------------------------------------------------------------------

-----------------------------------------------

Total

205 kB/s | 655 kB 00:00:03




Running transaction

Updating : nss-

pem-1.0.3-7.el7.x86_64

1/8

Updating :

libssh2-1.8.0-3.el7.x86_64

2/8

Updating :

libcurl-7.29.0-57.el7.x86_64

3/8

Updating :

curl-7.29.0-57.el7.x86_64

4/8

Cleanup :

curl-7.29.0-46.el7.x86_64

5/8

Cleanup :

libcurl-7.29.0-46.el7.x86_64

6/8

Cleanup :

libssh2-1.4.3-10.el7_2.1.x86_64

7/8

Cleanup : nss-

pem-1.0.3-4.el7.x86_64

8/8

Verifying :

curl-7.29.0-57.el7.x86_64

1/8

Verifying :

libssh2-1.8.0-3.el7.x86_64

2/8

Verifying : nss-

pem-1.0.3-7.el7.x86_64

3/8

Verifying :

libcurl-7.29.0-57.el7.x86_64

4/8

Verifying :


VMware, Inc. 57

curl-7.29.0-46.el7.x86_64

5/8

Verifying :

libssh2-1.4.3-10.el7_2.1.x86_64

6/8

Verifying : nss-

pem-1.0.3-4.el7.x86_64

7/8

Verifying :

libcurl-7.29.0-46.el7.x86_64

8/8

Updated:

curl.x86_64

0:7.29.0-57.el7

Dependency Updated:

libcurl.x86_64 0:7.29.0-57.el7 libssh2.x86_64 0:1.8.0-3.el7

nss-pem.x86_64 0:1.0.3-7.el7

Complete!

2 Verify the installation.

$ curl --version

curl 7.29.0 (x86_64-redhat-linux-gnu) libcurl/7.29.0 NSS/3.44 zlib/1.2.7 libidn/1.28 libssh2/1.8.0

Protocols: dict file ftp ftps gopher http https imap imaps ldap ldaps pop3 pop3s rtsp scp sftp

smtp smtps telnet tftp

Features: AsynchDNS GSS-Negotiate IDN IPv6 Largefile NTLM NTLM_WB SSL libz unix-sockets

What to do next

Install govc.

Installing govc

Govc is an open source command-line utility for performing administrative actions on a VMware vCenter or vSphere. The Telco Cloud Operations deploy tool uses govc version 0.23.0 for some operations on the target vCenter.

Procedure

u Install govc by running the command script included in the deploy-tool package as a user with permission to run commands as root (sudo).

$ ./install-govc


VMware, Inc. 58

Creating a Public Key

You will need to create a public key on the installer system for SSH login into Telco Cloud Operations virtual machines.

Complete the following steps to create public key.

Procedure

1 Run the ssh-keygen command. See the following code block as an example.

$ ssh-keygen

Generating public/private rsa key pair.

Enter file in which to save the key (/home/user_name/.ssh/id_rsa):

Created directory '/home/user_name/.ssh'.

Enter passphrase (empty for no passphrase):

Enter same passphrase again:

Your identification has been saved in /home/user_name/.ssh/id_rsa.

Your public key has been saved in /home/user_name/.ssh/id_rsa.pub.

The key fingerprint is:

SHA256:ZqXNqWYTWFL1jIEsYjjWhW42q/dY1q2KDhnwKQoxiW8 [email protected]

The key's randomart image is:

+---[RSA 2048]----+

| o o...oo |

|..+ = ..o = |

|*. + .... o o |

| * .= + = . |

|o Eo o. S + |

|oo o. + + |

|. o. o * . |

| ...= o o |

| o+.o.. |

+----[SHA256]-----+

2 Accept all the defaults.

3 Press Enter when prompted for a passphrase.

This creates a public key pair for both public and private keys.

The public and private keys are created in the user home directory in a .ssh folder. The public key extension is .pub.

$ ls -al .ssh

total 8

drwx------ 2 worker worker 38 Jun 23 05:52 .

drwxrwxrwx. 9 worker worker 273 Jun 23 05:52 ..

-rw------- 1 worker worker 1679 Jun 23 05:52 id_rsa

-rw-r--r-- 1 worker worker 417 Jun 23 05:52 id_rsa.pub


VMware, Inc. 59

Installing Deploy Tool

Follow these steps to install deploy tool. The deploy tool is used for automated installation of VMware Telco Cloud Operations.

1 The Telco Cloud Operations deploy tool is distributed as a tar.gz file named VMware-TCOps-Deploy-Tool-<VERSION>-<BUILD_ID>.tar.gz. Copy the file on your system and extract its contents.

$ tar -xzvf VMware-TCOps-Deploy-Tool-<VERSION>-<BUILD_ID>.tar.gz

2 A folder called deploy-tool is created and its contents are the files:

n deploy-cluster(command file)

n deploy.settings (settings file)

n install-govc (command)

n tco-release (details about this artifact)

n uninstall (command file)

n utils.sh (utilities script)

3 Set permissions on the following files:

$ chmod +x deploy-cluster install-govc uninstall utils.sh


VMware, Inc. 60

Deploying VMware Telco Cloud Operations

The VMware Telco Cloud Operations Deploy Tool is used to automate the installation of VMware Telco Cloud Operations cluster. Use the following procedure to configure and run the Deploy Tool.

1 Configure the deploy.settings file by providing values for the parameters listed in it. These parameters are used by the deploy-cluster command in the next step.

Note n All paramaters are required unless uniquely specificed (optional parameters are marked).

n Place double quotes around any value with spaces.

n Do not include leading or trailing spaces with any values.

n There is fixed mapping between the worker node parameters and virtual machine roles (see the following table). Roles are described in the Installer System Requirementssection.

Parameter Starts With Role

WORKER1_ elasticworker

WORKER2_ arangoworker

WORKER3_ kafkaworker

WORKER4_ domainmanagers

The following steps refer to deploy.settings with sample values. For an example, see the Viewing the deploy.settings File page.

a OVA Source:

You can skip this step if the OVAs are already present on the installer system. Otherwise, configure the source locations of the VMware Telco Cloud Operations OVAs through the URL for each file so the installer can download the OVAs onto the installer system.

For example, the source could be Artifactory. It is assumed URLs are accessible without requiring authentication. The files will be placed in the deploy-tool folder.

Optional: Set CONTROL_PLANE_NODE_OVA_URL to the URL from which the control plane node OVA should be obtained.

Optional: Set WORKER_OVA_URL to the URL from which the worker OVA should be obtained.

b OVA Staging:

Configure the file system location of the OVA files on the installer system. Provide complete (absolute) path to the files, including the file names.

n Set STAGED_CONTROL_PLANE_NODE_OVA_LOCATOR to the local filesystem path on the installation system where the control plane node OVA exists


VMware, Inc. 61

n Set STAGED_WORKER_OVA_LOCATOR to the local filesystem path on the installation system where the worker OVA exists

Note When setting the OVA Source parameters verify the file part of the URL path and corresponding file name in the OVA locator (above) is identical.

c Footprint

Configure the footprint size for the VMware Telco Cloud Operations deployment.

n Set FOOTPRINT to one of 2.5K, 25K, or 50K, depending on the size of the VMware Telco Cloud Operations deployment. Default is set to 2.5K.

d Administrator Credentials

Configure the adminstrator credentials and access settings. By default an administrator user account, named clusteradmin, is created on each Telco Cloud Operations virtual machine.

n Set ADMIN_PASSWORD to the desired password for the administrator user. Default is set in deploy.settings

n Set ADMIN_PUBLIC_KEYS_PATH to the local filesystem path to an SSH public key that can be used for password-less login as the admin user to the VMs. Typically this should be the path to the file .ssh/id_rsa.pub in the installing user's home directory. If no SSH key already exists, one can be created using the ssh-keygen utility. For more information, see Creating a Public Key, in the VMware Telco Cloud Operations Deployment Guide.

a Verify the absolute path is provided.

b Verify the file is accessible (for example, has the correct permissions). If not, copy the file to a directory where it can be read.

Run the file by running the following cat command:

cat absolute_path/public_key_filename

e Root Credentials

n Set ROOT_PASSWORD to the desired password for the root user. Default is set in deploy.settings

n Set PERMIT_ROOT_LOGIN to the desired SSH login policy for the root user — set to no to disable root SSH login, set to yes to allow root login with password or public key, or without-password to allow root login with public key only (disallowing password login). The default policy is without-password.


VMware, Inc. 62

n Set ROOT_PUBLIC_KEYS_PATH to the local filesystem path to an SSH public key that can be used for password-less login as the root user to the VMware Telco Cloud Operations virtual machines

Note This is required when PERMIT_ROOT_LOGIN is set to without-password, otherwise it is optional.

This may be the same path as ADMIN_PUBLIC_KEYS_PATH (same public key) to allow password-less login as both the administrator user and root, or you may use a separate public key. If no SSH key already exists, one can be created using the ssh-keygen utility. For more information, see Creating a Public Key, in the VMware Telco Cloud Operations Deployment Guide.

a Verify the absolute path is provided.

b Verify the file is accessible (for example, has the correct permissions). If not, copy the file to a directory where it can be read.

c Verify the file by running the following cat command:

cat absolute_path/public_key_filename

f vCenter Details

Configure the location and credentials to access vCenter.

n Set VCENTER_IP to the IPv4 address of vCenter

n Set VCENTER_USERNAME and VCENTER_PASSWORD to the username and password to access vCenter

n Set VCENTER_DATA_CENTER_NAME to the name of the vCenter data center (DC) to where the VMware Telco Cloud Operations cluster will be deployed

g Cluster Name

Set VCENTER_CLUSTER_NAME to the name of the cluster into which the VMware Telco Cloud Operations system should be deployed.

Note This parameter is required if you don't explicitly specify all the ESXi hosts to deploy the VMs on. Otherwise it is optional. See the following ESXi configuration details.

h ESXi Details


VMware, Inc. 63

Configure the destination hosts for the VMware Telco Cloud Operations deployment.

Note This parameter is required if you want to deploy the VMs on specific ESXi hosts. It is optional if you want to let vSphere choose the ESXi host, in which case, you must provide the VCENTER_CLUSTER_NAME value. There are three options as follows:

1 If deploying into a vCenter cluster, configure the destination for the control plane node and worker VMs as follows:

n Set VCENTER_CLUSTER_NAME to the name of the cluster into which the VMware Telco Cloud Operations system should be deployed.

n Leave CONTROL_PLANE_NODE_ESXI_IP, WORKER1_ESXI_IP, WORKER2_ESXI_IP, WORKER3_ESXI_IP, and WORKER4_ESXI_IP blank. vSphere chooses the hosts in the cluster to deploy the VMs.

2 If deploying to individual ESXi(s) not in a vCenter cluster, configure the destination for the control plane node and worker VMs as follows:

n Leave VCENTER_CLUSTER_NAME blank.

n Set CONTROL_PLANE_NODE_ESXI_IP, WORKER1_ESXI_IP, WORKER2_ESXI_IP, WORKER3_ESXI_IP, and WORKER4_ESXI_IP to the IPv4 addresses of the ESXi hosts where the control plane node and workers should be deployed.

Each VM will be deployed to the ESXi specified by you.

3 If deploying to individual ESXi(s) within a vCenter cluster, configure all the following parameters.

Note Verify all the ESXi hosts are in the same cluster.

n Set VCENTER_CLUSTER_NAME to the name of the cluster into which the VMware Telco Cloud Operations system should be deployed.

n Set CONTROL_PLANE_NODE_ESXI_IP, WORKER1_ESXI_IP, WORKER2_ESXI_IP, WORKER3_ESXI_IP, and WORKER4_ESXI_IP to the IPv4 addresses of the ESXi hosts where the control plane node and workers should be deployed.

Each VM will be deployed to the ESXi in the cluster specified by you.

Note If DRS is enabled in vSphere, then vSphere determines the ESXi for each VM even if it has been specified and deploys on that ESXi.

i Virtual Machine Names


VMware, Inc. 64

Configure virtual machine names for the control plane node and workers.

n Set CONTROL_PLANE_NODE_VM_NAME, WORKER1_VM_NAME, WORKER2_VM_NAME, WORKER3_VM_NAME, and WORKER4_VM_NAME to unique names for each virtual machine.

Note Each numbered worker is set to a specific role as mentioned earlier in this guide.

j Datastores

Configure the data stores to which the VMs will be deployed as follows:

n Set CONTROL_PLANE_NODE_DATASTORE, WORKER1_DATASTORE, WORKER2_DATASTORE, WORKER3_DATASTORE, and WORKER4_DATASTORE to the name of the datastore to which each VMware Telco Cloud Operations virtual machine will be deployed. In the case where deployment is to a vCenter cluster, or to a system with a VSAN, or other shared storage, it is possible that the datastore name will be identical for all 5 VMware Telco Cloud Operations virtual machines.

k Port Group

Configure which vCenter port group to use.

n Set PORT_GROUP to the desired port group name (this is usually set to VM Network).

l Networking

Configure networking parameters.

1 If using DHCP:

n Leave CONTROL_PLANE_NODE_VM_STATIC_IP, WORKER1_VM_STATIC_IP, WORKER2_VM_STATIC_IP, WORKER3_VM_STATIC_IP, WORKER4_VM_STATIC_IP, DEFAULT_GATEWAY, DNS_SERVERS, and DNS_SEARCH blank.

2 If using static IP address assignment:

n Set CONTROL_PLANE_NODE_VM_STATIC_IP, WORKER1_VM_STATIC_IP, WORKER2_VM_STATIC_IP, WORKER3_VM_STATIC_IP, WORKER4_VM_STATIC_IP to the desired IP address of each virtual machine in CIDR format (for example, 129.97.140.10/24).

Note Ensure IP addresses are in CIDR format.

n Set DEFAULT_GATEWAY to the IPv4 address of the default gateway.

n Set DNS_SERVERS to a comma-separated list of DNS servers.

n Set DNS_SEARCH to a comma-separated list of DNS search domains.

3 In either case (static or DHCP address assignment):

n Set NTP_SERVER to the IP address of an NTP server, or leave blank to not use an NTP service.


VMware, Inc. 65

2 Run the deploy-cluster script to begin deployment.

$ ./deploy-cluster

3 The tool begins by validating all input parameters and checking dependencies. If something is missing the user is notified on the terminal. Otherwise the tool begins the steps in the deployment process. Progress is displayed on the terminal, including any errors conditions. See Viewing a Deployment Run as an example.

4 If there are errors during deployment, the tool informs the user, then exits the deployment. Adjust the deploy.settings files and rerun the deploy-cluster command. Virtual machines already deployed will NOT be deployed again.

5 The tool indicates when deployment is complete. See Viewing a Deployment Run as an example.

Before exiting, the tool checks the status and health of the cluster and the services running on each node. It waits for up to 10 minutes for all services to start. If all the services are available, the tool informs the user to visit the Administration UI for next steps. If not, the tool informs the user to refer to the VMware Telco Cloud Operations Troubleshooting Guide.

6 Deployment completion is indicated on the terminal along with the status of the connected cluster.

Deployment Details

For every deployed virtual machine, details such as the artifact name, version and build id are written to file tco-release which is under /etc. Files can be viewed as follows:

On a control plane node virtual machine:

$ more /etc/tco-release

--- About this Artifact ---

File: VMware-TCOps-Control-Plane-Node-<VERSION>-<BUILD_ID>.ova

Company: VMware

Product: TCOps

Artifact: Control-Plane-Node

Version: <VERSION>

Build Id: <BUILD_ID>

On a worker virtual machine:

$ more /etc/tco-release

--- About this Artifact ---

File: VMware-TCOps-Worker-<VERSION>-<BUILD_ID>.ova

Company: VMware

Product: TCOps

Artifact: Worker

Version: <VERSION>

Build Id: <BUILD_ID>


VMware, Inc. 66

Viewing the deploy.settings File

The following is an example of the deploy.settings file with sample values.

# Copyright © 2020 VMware, Inc. All rights reserved. #

###########################################################

#

# NOTE : The User Guide has instructions to configure the

# parameters provided below.

# Please read the instructions completely and configure

# the settings below.

#

###########################################################

# ========== OVA Source ========== #

CONTROL_PLANE_NODE_OVA_URL=https://repository/VMware-TCOps-Control-Plane-Node-<VERSION>-<BUILD_ID>.ova

WORKER_OVA_URL=https://repository/VMware-TCOps-Worker-<VERSION>-<BUILD_ID>.ova

# ========== OVA Staging ========== #

STAGED_CONTROL_PLANE_NODE_OVA_LOCATOR=/home/user-name/deploy-tool/VMware-TCOps-Control-Plane-Node-

<VERSION>-<BUILD_ID>.ova

STAGED_WORKER_OVA_LOCATOR=/home/user-name/deploy-tool/VMware-TCOps-Worker-<VERSION>-<BUILD_ID>.ova

# ========== Which footprint to deploy ========== #

FOOTPRINT=2.5k

# ========== Administrator Credentials ========== #

ADMIN_PASSWORD=VMware1!

ADMIN_PUBLIC_KEYS_PATH=/home/user-name/.ssh/id_rsa.pub

# ========== root Credentials ========== #

ROOT_PASSWORD=ChangeMe123!!

PERMIT_ROOT_LOGIN=without-password

ROOT_PUBLIC_KEYS_PATH=/home/user-name/.ssh/id_rsa.pub

# ========== vCenter Details ========== #

VCENTER_IP=xx.xx.xx.xxx

VCENTER_USERNAME=vc-user-name

VCENTER_PASSWORD=vc-password

VCENTER_DATA_CENTER_NAME=data-center-name

# ========== Cluster Name ========== #

VCENTER_CLUSTER_NAME=cluster-name

# ========== ESXi Details ========== #

CONTROL_PLANE_NODE_ESXI_IP=xx.xx.xx.xxx

WORKER1_ESXI_IP=xx.xx.xx.xxx




# ========== Virtual Machine Names ========== #

CONTROL_PLANE_NODE_VM_NAME=control-plane-node-vm-name

WORKER1_VM_NAME=worker1-vm-name


VMware, Inc. 67




# ========== Datastores ========== #

CONTROL_PLANE_NODE_DATASTORE=datastore-name

WORKER1_DATASTORE=datastore-name




# ========== Port Group ========== #

PORT_GROUP=port-group-name

# ========== Static IP Details ========== #

CONTROL_PLANE_NODE_VM_STATIC_IP=10.xx.xxx.xxx/xx

WORKER1_VM_STATIC_IP=xx.xx.xx.xxx/xx




# ========== Default Gateway ========== #

DEFAULT_GATEWAY=xx.xx.xxx.xxx

# ========== DNS Servers ========== #

DNS_SERVERS=xx.xx.xxx.xxx,xx.xx.xxx.xxx

# ========== Search Domain ========== #

DNS_SEARCH=name.com

# ========== NTP Server ========== #

NTP_SERVERS=xx.xx.xxx.xxx

Viewing a Deployment Run

The following is an example of what a deployment looks like.

$ ./deploy-cluster

############################################################

# #

# #

# VMware Telco Cloud Operations #

# Deploy Tool #

# 1.0.0 #

# #

# #

# Copyright © 2020 VMware, Inc. All rights reserved. #

# This product is protected by copyright and intellectual #

# property laws in the United States and other countries #

# as well as by international treaties. VMware products #

# are covered by one or more patents listed at #

# http://www.vmware.com/go/patents. #


VMware, Inc. 68

############################################################

--- Check Requirements ---

Checking for required commands...

ovftool 4.3.0 found

curl 7.29.0 found

jq 1.6 found

govc 0.23.0 found

--- Input Validation ---

Validating input parameters ...

Validation complete.

--- Staging Control Plane Node OVA ---

OVA /home/worker/deploy/deploy-tool/VMware-TCOps-Control-Plane-Node-<VERSION>-<BUILD_ID>.ova already

present on staging server

--- Staging Worker OVA ---

OVA /home/worker/deploy/deploy-tool/VMware-TCOps-Worker-<VERSION>-<BUILD_ID>.ova already present on

staging server

-- vCenter Login --

Logging in to vCenter

Logged in to vCenter

--- Deploy Control Plane Node ---

Deploying the control plane node to:

vCenter : xx.xx.x.xx

Datacenter : TCO-Datacenter

Cluster : TCO-Cluster

Node name : control-plane-node

VM name : control-plane-node

Datastore : vsanDatastore

Port Group : VM Network

Static IP : (DHCP if no static ip provided)

vCPU : 2

RAM : 8192

Disk : 100

Opening OVA source: /home/worker/deploy/deploy-tool/VMware-TCOps-Control-Plane-Node-<VERSION>-

<BUILD_ID>.ova

The manifest validates

Opening VI target: vi://administrator%[email protected]:443/TCO-Datacenter/host/TCO-Cluster

Deploying to VI: vi://administrator%[email protected]:443/TCO-Datacenter/host/TCO-Cluster


VMware, Inc. 69

Transfer Completed

Completed successfully

Powering on control-plane-node

Fetching ID for control-plane-node ...

control-plane-node ID is : vm-202

control-plane-node powered on.

-- Control Plane Node VM Details --

Fetching ID for control-plane-node ...

control-plane-node ID is : vm-202

Fetching IP address for control-plane-node with ID vm-202 ...









control-plane-node IP address is : xx.xx.xx.xx

Control plane node VM details:

Node Name: control-plane-node

VM Name: control-plane-node

VM ID: vm-202

VM IP: xx.xx.xx.xx

-- Waiting for Control Plane Node --

Checking if control-plane-node (VM Name: control-plane-node) [xx.xx.xx.xx] is accessible ...

Warning: Permanently added 'xx.xx.xx.xx' (ECDSA) to the list of known hosts.

xx.xx.xx.xx is accessible via SSH

control-plane-node status:

control-plane-node status:

control-plane-node status: NotReady




control-plane-node status: Ready

--- Cluster Join Details ---

Fetching join information from control-plane-node

Waiting for control-plane-node endpoint https://xx.xx.xx.xx:1081 ...

HTTP status code: 000

CURL exit code: 0

Response Received:

curl: (7) Failed connect to xx.xx.xx.xx:1081; Connection refused

000

- Trying again : Waiting for control-plane-node node endpoint https://xx.xx.xx.xx:1081 ...

Join token: d9l4vu.3ct170szsmnj11ny


VMware, Inc. 70

CA hash: sha256:11857f163e574f44e3bf0d68d860b34598fb76f1fe82aa7e11477fe69dcb9b59

--- Deploy Worker ---

Deploying worker to:


VM name : worker1

Node name : elasticworker



vCPU : 8

RAM : 24576

Disk : 10240

Opening OVA source: /home/worker/deploy/deploy-tool/VMware-TCOps-Worker-<VERSION>-<BUILD_ID>.ova




Transfer Completed


Resizing worker1 data disk to 10240 GB

Powering on worker1

Fetching ID for worker1 ...

worker1 ID is : vm-203

worker1 powered on.




VM name : worker2

Node name : arangoworker



vCPU : 8

RAM : 24576

Disk : 100





Transfer Completed


Powering on worker2



worker2 powered on.




VM name : worker3

Node name : kafkaworker




VMware, Inc. 71

vCPU : 8

RAM : 24576

Disk : 300





Transfer Completed



Powering on worker3



worker3 powered on.




VM name : worker4

Node name : domainmanagers



vCPU : 4

RAM : 28672

Disk : 300





Transfer Completed



Powering on worker4



worker4 powered on.

--- Waiting for node elasticworker ---

Node elasticworker status: Ready

--- Waiting for node arangoworker ---

Node arangoworker status: Ready

--- Waiting for node kafkaworker ---

Node kafkaworker status: Ready

--- Waiting for node domainmanagers ---

Node domainmanagers status:




VMware, Inc. 72











Node domainmanagers status: NotReady

Node domainmanagers status: NotReady

Node domainmanagers status: Ready

-- Cluster Node Status --


arangoworker Ready <none> 9m49s v1.17.3+vmware.2

domainmanagers Ready <none> 26s v1.17.3+vmware.2

elasticworker Ready <none> 12m v1.17.3+vmware.2

kafkaworker Ready <none> 5m43s v1.17.3+vmware.2

hostname Ready master 18m v1.17.3+vmware.2

--- Service Status ---

Waiting for all services to start (may take up to 10

minutes) .............................................................................................

......

All services have started.

-- Deployment Complete --

Next Steps:

1. Login to the Administration UI at https://xx.xx.xx.xx:1081 to configure authentication.

username : clusteradmin

password : ADMIN_PASSWORD value in deploy.settings

2. Please refer to the VMware Telco Cloud Operations documentation for further details.


VMware, Inc. 73

Troubleshooting the Deployment 5During deployment, few system-level services run automatically on each node (VM). These services ensure that the node might join the VMware Telco Cloud Operations cluster and start all the application services. After deployment, if VMware Telco Cloud Operations does not appear to function, the first step is to verify the logs for these services on the node (control plane node or worker node). For more information, see the VMware Telco Cloud Operations Troubleshooting Guide.

VMware, Inc. 74

Uninstalling VMware Telco Cloud Operations 6You can uninstall the VMware Telco Operations manually or through an automated uninstall.


n Uninstallation Using vCenter

n Automated Uninstallation

Uninstallation Using vCenter

To manually uninstall the VMware Telco Cloud Operations deployment use the following steps.

Procedure

1 Log in to vCenter.

2 Select the virtual machine from the left-side tree.

3 Click on Actions in the center pane (or right-click on the virtual machine).

a Select Power Off.

b Wait for the virtual machine to power off.

4 Select the virtual machine that was powered off.

a Click on Actions in the center pane (or right-click on the virtual machine).

b Select Delete From Inventory to remove the virtual machine.

5 Repeat for all of the virtual machines.

Automated Uninstallation

On the installer system navigate to the VMware Telco Cloud Operations Deploy Tool folder. Run the uninstall command to power off and delete the deployed virtual machines. The command provides options to uninstall either the complete footprint (all VMs) or one (or more) VMs specificed by name.

VMware, Inc. 75

Prerequisites

The uninstall command uses the deploy.settings file to access the vCenter and delete the deployed VMs using the VM names. Ensure the deploy.settings file has the SAME parameter values that were used when the VMs were deployed.

Before uninstallation, the command checks if the VM exists, and only powers off the VM, and then deletes it from the VCenter inventory. Progress is displayed on the terminal. If a VM cannot be deleted, the command will alert the user.

1 To get help on the command:

$ ./uninstall option

where

option = -h OR --help

2 To uninstall ALL the VMs, the names of the VMs to be deleted are obtained from the deploy.settings file.

$ ./uninstall option

where

option = -a OR --all

3 To uninstall one or more VMs:

$ ./uninstall vm1_name vm2_name ....

4 Force option — To avoid the confirmation prompts before deletion of VMs, use the force option -for --force. This flag can appear either before or after the other arguments as shown in the following arguments:

$ ./uninstall -f -a

$ ./uninstall --all --force

$ ./uninstall --force vm1 vm2

$ ./uninstall vm1 vm2 vm3 -f

and so forth.

Known Issues:

Redeploying the VMware Telco Cloud Operations cluster with the same static IP addresses

It may be necessary to redeploy the entire cluster while testing or learning about its capabilities. If you use the same static IP addresses when redeploying, you should run the $ ssh-keygen -R control_plane_node_ip_address command to remove the previous control plane node key from your known_hosts file and then begin the deployment procedure. Otherwise, you will see a security warning about a possible man-in-the-middle attack because you now have a new key from the control plane node for the same IP address.


VMware, Inc. 76

Post Installation 7Review the following post installation topics and, if necessary, perform the tasks that are applicable to your setup.


n Administration UI

Administration UI

The Administration User Interface is a web-based console that is available to administrator users (user configured during the deployment of the Telco Cloud Operations Kubernetes cluster). The Administration UI is mainly to configure remote SAM server connection parameters and profile mapping for the Telco Cloud Operations Enterprise user role .

Integration with VMware Smart Assurance

This section helps you configure external SAM in VMware Telco Cloud Operations. After all the configurations and authentication, you are able to access the Operation UI.

VMware Telco Cloud Operations services consume all SAM server connection parameters during their respective functional flows. The usages of Administration UI are as follows:

n Configure remote SAM server connection parameters.

n Consumed by Authentication server service to merge user authentication.

n Consumed by Event Service to retrieve SAM profile filters for notification log.

n Consumed by data collectors to retrieve events, topology etc from SAM.

Procedure

1 Point your web browser to the control plane node node IP port on the Telco Cloud Operations deployment.

A typical default URL for logging into a user interface from the same system it is installed on is:

https://<control plane node IP>:1081

2 Enter the username as clusteradmin.

VMware, Inc. 77

3 Enter the password. The password is the one set for the administrator user.

4 Select SAM Config, in the left pane.

The SAM Configuration page appears.

5 On the SAM Configuration page, enter all the details:

Parameter Description/Value

Provider Type Provide a provider type as SAM.

Broker Provide broker IP:broker port.

EDAA Provide EDAA IP:EDAA Port.

Domain Manager Select a domain manager name from the drop-down.

Domain Username Provide a domain user name.

Domain Password Provide a domain password.

6 To save the configuration, click Save Config.

Configuring Role

The configuring role section helps you in mapping the default SAM user profile for the VMware Telco Cloud Operations Enterprise User role.

VMware Telco Cloud Operations services consume all SAM server connection parameters during their respective functional flows. Uses of Administration UI are the following:

n Configure SAM admin profile mapping for the VMware Telco Cloud Operations Enterprise User role.

n Consumed by VMware Telco Cloud Operations Authorization server.

Follow these steps for configuring role:


VMware, Inc. 78

Procedure

1 Point your web browser to the control plane node IP port on the Telco Cloud Operations deployment.

A typical default URL for logging into the user interface from the same system it is:

https://<control plane node IP>:1081

2 Enter the user name as clusteradmin when prompted.

3 Use the password set for administrator user.

4 Click Role Config, in the left pane.

The Role Configuration page appears.

5 On the Role Configuration page, enter all the details:

Parameter Description

Domain Name Provide a domain name. For example: INCHARGE-SA-PRES.

Profile Name Provide a profile name. For example: ICS-PROFILE-admin-profile.

Note Select the admin profile associated with the admin user in SAM.

6 Click Save Config.

Note Refer to the VMware Telco Cloud Operations Smart Assurance Integration Guide to start collecting data from the VMware Telco Cloud Operations Smarts PM Gateway and Telco Cloud Operations Smarts FM Gateway.


VMware, Inc. 79

Security Recommendations 8VMware Telco Cloud Operations requires a secure and trusted environment. Reference the following use case recommendations as a guide for securing your environment.

Recommendation 1: When Smarts EDAA is Configured in a Non-Trusted Environment.

The Smarts collector leverages customer request notifications from Smarts. VMware Telco Cloud Operations uses a secure Java API to collect the data. When the collected data is used (for example, filing a help ticket), the customer takes action on the collected data and sends an unsecured request through REST to Smarts. The unsecured request exposes the Smarts Domain Manager and SAM to a non-trusted environment.

Use one or more of the following recommended steps to construct a secure and trusted production environment for VMware Telco Cloud Operations.

n Create a software or a hardware firewall

n Create a software or a hardware-based Layer 2 encryption

n Create a software or a hardware VLAN isolation

n Create a software or a hardware Layer 3 router

The following example references the commands to configure the firewall on the Smarts Domain Manager nodes. The commands are compatible with a CentOS 7 system and use iptables commands where the Smarts EDAA service is running. Any alternative ways to configure the firewall can be used on CentOS 7 or other OS platforms.

Example

1 Backup iptables of the host where the Smarts EDAA service is running.

sudo iptables-save > IPtablesbackup.txt

2 Block all the traffic for Smarts EDAA service globally.

sudo iptables -I INPUT -p tcp --dport EDAA-PORT-NUMBER -j DROP

VMware, Inc. 80

3 Add iptable rules for all VMware Telco Cloud Operations cluster nodes for Smarts EDAA access.

sudo iptables -I INPUT -p tcp -s <CONTROL-PLANE-NODE-IP-ADDRESS> --dport <SMARTS-EDAA-PORT-

NUMBER> -j ACCEPT

sudo iptables -I INPUT -p tcp -s <ES-NODE-IP-ADDRESS> --dport <SMARTS-EDAA-PORT-NUMBER> -j ACCEPT

sudo iptables -I INPUT -p tcp -s <ARONGO-NODE-IP-ADDRESS> --dport <SMARTS-EDAA-PORT-NUMBER> -j

ACCEPT

sudo iptables -I INPUT -p tcp -s <KAFKA-NODE-IP-ADDRESS> --dport <SMARTS-EDAA-PORT-NUMBER> -j

ACCEPT

sudo iptables -I INPUT -p tcp -s <DOMAIN-MGR-NODE-IP-ADDRESS> --dport <SMARTS-EDAA-PORT-NUMBER> -

j ACCEPT

4 Save iptables.

sudo iptables save

5 Verify the service is accessible only to the VMware Telco Cloud Operations nodes.

6 Restore the iptable backup if the service works as expected and repeat steps 1 through 5.

iptables-restore < IPtablesbackup.txt

Recommendation 2: When Edge Kafka is Configured in a Non-Trusted Environment.

VMware Telco Cloud Operations leverages Edge Kafka for external data exchange between Smarts/MnR and VMware Telco Cloud Operations services. Currently, SSL/TLS is not enabled for Kafka and exposes Edge Kafka in a non-trusted environment.






Note Edge Kafka is running on the VMware Telco Cloud Operations Domain Manager node as 9092. It’s recommended to allow this port only between the Smarts Domain Manager/MnR nodes to the VMware Telco Cloud Operations Domain Manager node. Refer to the following example command to allow Edge Kafka port 9092 only to Smarts Domain Mangers and MnR nodes.

Example






VMware, Inc. 81



NUMBER> -j ACCEPT



ACCEPT


ACCEPT


j ACCEPT

4 Save iptables.

sudo iptables save




Recommendation 3: When External Access for Debugging Exposes VMware Telco Cloud Operations Data in a Non-Trusted Environment.

VMware Telco Cloud Operations allows external access to the Elasticsearch, ArangoDB, analytics service ports for debugging purposes. The external access exposes VMware Telco Cloud Operations data in a non-trusted environment.






Analytics services, ArangoDB, and Elasticsearch use exposed ports. It’s recommended to allow the following ports only for use between the VMware Telco Cloud Operations Domain nodes:

Telco Cloud Operations Services Port

Analytics Services 7000

ArrangoDB 8529

Elasticsearch 9200

Recommendation 4: When the Connection to the Smarts Broker is Not Authenticated and Exposed to a Non-Trusted Environment.


VMware, Inc. 82

VMware Telco Cloud Operations connects to the Smarts broker to locate Smarts Domain Managers. The VMware Telco Cloud Operations connection to Smarts Domain Managers are authenticated. The connection to the Smarts broker is not authenticated and is exposed to a non-trusted environment.






Example

To allow Smarts broker access only to the VMware Telco Cloud Operations nodes use the following commands:







NUMBER> -j ACCEPT



ACCEPT


ACCEPT


j ACCEPT

4 Save iptables.

sudo iptables save





VMware, Inc. 83

Documents

VMware Telco Cloud Operations Deployment Guide - VMware … · 2020. 9. 3. · n Be familiar with vCenter, deployment of OVAs, and basic networking n Have access to the vCenter, and