Adding IP groups
IP groups supply IP addresses when the deployment process requests them.
Before you begin
For an overview of IP groups and how they are used with Cloud Pak System, see IP groups overview.
.local
domain, for example: machine1.mycompany.local
. Ensure that
the host names for your IP addresses are in a domain other than .local
. The system
does not support host names in the .local
domain. - If the DNS host name of the Windows operating system consists of 15 characters or less, the DNS host name is used as the computer name.
- If the DNS host name of the Windows operating system consists of more than 15 characters, the computer name is set to the first 15 characters of the DNS host name. When this rule is used, duplicate computer names can occur since multiple DNS host names can share the same first 15 characters. For example, for DNS host names ipas-lpar-184-027 and ipas-lpar-184-028, the resulting computer names would be the same; ipas-lpar-184-0. To ensure that any derived computer name is unique, it is good practice to limit DNS host names to 15 characters or less.
- DNS servers specified in the IP group must be domain-aware. Refer to Microsoft documentation for details.
- If possible, align your DNS hierarchy with the AD domain hierarchy to avoid potentially confusing DNS names.
- DNS host names should be 15 characters or less in length. This avoids potential unexpected results in joining a virtual system instance to the domain.
About this task
You can use the console, the command line interface, or the REST API to complete this task. For the command line and REST API information, see the Related information section.
IP Group for Compute Nodes
Most IP Groups are used to supply IP addresses for virtual machines. You can also create one IP Group that supplies IP addresses for compute nodes. This type of IP Group was formerly referred to as the MKS Console IP Group because of its original purpose in providing access to the MKS (mouse, keyboard, screen) service used to access the console of virtual machines. In addition to providing MKS console access, attaching IP addresses to compute nodes also makes them accessible to external users.
Also note that these IP addresses should not be publicly accessible. If malicious users repeatedly attempt to log in to the ESXi hosts using incorrect credentials, the accounts can be locked. The locking will interfere with your ability to externally access the compute node and also for Cloud Pak System to manage the compute node.
Consider the following when you enable a Virtual Manager external IP address and ICMP (ping) is enabled between the subnet of that address and the subnet of the IP Group for compute nodes. When an IP address from the IP Group for compute nodes is attached to a compute node, Cloud Pak System will attempt to register the compute node with the virtual manager using that address. This requires ports 443 (TCP) and 902 (TCP/UDP) to be open between the two subnets. If ICMP is disabled between the subnets, IP addresses can still be attached to compute nodes to allow MKS (mouse, keyboard, screen) console access, but the compute nodes will remain registered with the virtual manager using their internal IPv6 addresses.
The IP addresses for the IP Group for compute nodes should be in the same subnet as deployed instances (workloads). If deployed instances are in a different subnet than the IP addresses, the two subnets must be able to communicate with each other. If there is a firewall between the subnets, ports 443, 902, and 903 must be open for the IP addresses that you defined in the IP Group.