Planning for the environment
You can use a PLANNING FOR YOUR IBM HYPER PROTECT VIRTUAL SERVERS WORKSHEET or the tables listed on this topic to get an overall understanding of what information you will need to run the offering, and where to get such information.
Before you begin
- Ensure that you have the required hardware, software, network devices, and ports ready as listed on the System requirements.
Management server
The following table shows the required information for the x86 or Linux on IBM Z/LinuxONE (i.e., s390x architecture) management server.
Table 1. Management server checklist
| Resource | The actual value | Example | Where to get | |
|---|---|---|---|---|
| 1 | Architecture | x86 or s390x Linux | s390x | System administrator |
| 2 | Memory | 8 GB | System administrator | |
| 3 | vcpu/cores | 2 | System administrator | |
| 4 | Disk size | 50 GB | System administrator | |
| 5 | Host name | management_server |
hostname |
|
| 6 | Password for the user | root_user_password or sudo_user_password |
System administrator | |
| 7 | Internal IP address | 192.168.40.251 |
Network administrator | |
| 8 | Remote docker registry server | docker.io |
Cloud administrator | |
| 9 | Remote docker registry user name to register the base images | docker_base_user |
Cloud administrator | |
| 10 | Remote docker registry user password to register the base images | docker_base_passw0rd |
Cloud administrator |
To configure multiple aliases to one network interface controller (NIC) on the management server, see IP-Aliasing.
Secure Service Container partitions
The following table shows the required information you will need when configuring Secure Service Container storage.
Table 2. Secure Service Container partition checklist
| Resource | The actual value | Example | Where to get | |
|---|---|---|---|---|
| 1 | Partition IP address | 10.152.151.105 |
System administrator | |
| 2 | Master ID | ssc_master_user |
System administrator | |
| 3 | Master password | ssc_master_password |
System administrator | |
| 4 | Storage disks for quotagroups resizing | 3600507630affc427000000000002000 (FCP) or 0.0.78CA (FICON DASD) |
System administrator |
Note: If you plan to use multiple Secure Service Container partitions, make sure you have a checklist for each partition.
A Hyper Protect Virtual Server instance with SSH daemon
The following table shows the required information you will need to create a Hyper Protect Virtual Server with SSH daemon on the Secure Service Container Partition.
Table 5. A Hyper Protect Virtual Server container checklist
| Resource | The actual value | Example | Where to get | |
|---|---|---|---|---|
| 1 | Partition IP address | 10.152.151.105 |
System administrator | |
| 2 | External network name | encf900 |
Cloud administrator | |
| 3 | Container external IP address | 10.20.4.20 |
cloud administrator | |
| 4 | Internal network name | encf900_internal_network |
Cloud administrator | |
| 5 | Internal IP address | 192.168.40.23 |
Cloud administrator | |
| 6 | Parent device | encf900 |
Appliance administrator | |
| 7 | Gateway | 192.168.40.1 |
Cloud administrator | |
| 8 | Subnet | 192.168.40.0/24 |
Cloud administrator | |
| 9 | Repository name | HpvsopBaseSSH |
Cloud administrator | |
| 10 | Image tag | 1.2.7.2 |
Cloud administrator | |
| 11 | Virtual CPU number (vcpu) | 2 |
Cloud administrator | |
| 12 | Memory size (MB) | 2048 |
Cloud administrator | |
| 13 | Quotagroup name | qg_hpvsopbasessh | Cloud administrator | |
| 14 | Quotagroup size (GB) | 20G |
Cloud administrator |
For more information, see Creating a Hyper Protect Virtual Server instance. You can also build your application into a s390x-compatible container image, and deploy it into a Hyper Protect Virtual Server instance. For more information, see Deploying your applications securely.
A Secure Build virtual server
The following table shows the required information you will need to create a Secure Build virtual server on the Secure Service Container partition.
Table 3. A Secure Build container checklist
| Resource | The actual value | Example | Where to get | |
|---|---|---|---|---|
| 1 | Partition IP address | 10.152.151.105 |
System administrator | |
| 2 | Secure Build container name | securebuildserver |
Cloud administrator | |
| 3 | Virtual CPU number (vcpu) | 2 |
System administrator | |
| 4 | Memory (MB) | 2048 |
System administrator | |
| 5 | Storage for the Secure Build server application (GB) | 10 |
System administrator | |
| 6 | Storage for the Docker images built by Secure Build (GB) | 16 |
System administrator | |
| 7 | Storage for logs configuration data for the Secure Build Container (GB) | 2 |
System administrator | |
| 8 | Quotagroup of Secure Build server | securebuild_qg |
Cloud administrator | |
| 9 | Connection method (port-mapping/IP) | IP |
System administrator | |
| 10 | Internal network name (Only needed if an IP address is being used.) | encf900 |
Cloud administrator | |
| 11 | External IP address | 10.20.4.12 |
System administrator | |
| 12 | Repository ID of the Secure Build server image | SecureDockerBuild |
Cloud administrator | |
| 13 | Tag of the Secure Build server image | 1.2.7.2 |
Cloud administrator | |
| 14 | Repository ID for your apps | MyDockerAppImage |
Cloud administrator | |
| 15 | Source code repository URL | github.com:MyOrg/my-docker-app.git |
App developers or ISV | |
| 16 | Source code branch | master |
App developers or ISV | |
| 17 | Private key for Source code repository | /root/git_key |
App developers or ISV | |
| 18 | Remote docker registry server | docker.io |
Cloud administrator | |
| 19 | Remote docker repository name for built images | docker_writable_user/MyDockerAppImage |
Cloud administrator | |
| 20 | Remote docker registry user name to push the images | docker_writable_user |
Cloud administrator | |
| 21 | Remote docker registry user password to push the images | docker_writeable_passw0rd |
Cloud administrator |
For more information, see Building your application with the Secure Build virtual server Build.
Monitoring
The following table shows the required information you will need to set up the monitoring infrastructure for IBM Hyper Protect Virtual Servers.
Table 6. Monitoring infrastructure checklist
| Resource | The actual value | Example | Where to get | |
|---|---|---|---|---|
| 1 | Partition IP address | 10.152.151.105 |
System administrator | |
| 2 | Domain suffix | first |
System administrator | |
| 3 | DNS name | example.com |
System administrator | |
| 4 | Connecting port on partition (port-mapping) | 8443 and 25826 |
System administrator | |
| 5 | Private key for the monitoring infrastructure | server.key |
openssl utility |
|
| 6 | Certificate for the monitoring infrastructure | server-certificate.crt |
openssl utility |
|
| 7 | Certificates for the monitoring client | myrootCA.crt |
openssl utility |
For more information, see Working with Monitoring virtual servers.
Grep11
The following table shows the required information you will need to set up the GREP11 container for IBM Hyper Protect Virtual Servers.
Table 7. A GREP11 container checklist
| Resource | The actual value | Example | Where to get | |
|---|---|---|---|---|
| 1 | Partition IP address | 10.152.151.105 |
System administrator | |
| 2 | Crypto domain name | 07.0007 |
System administrator | |
| 3 | External IP address | 10.20.4.12 |
System administrator | |
| 8 | TLS key and certificate | server.pem, server-key.pem |
openssl utility |
|
| 9 | CA certificate for mutual_TLS (Optional) | ca.pem |
openssl utility |
For more information, see Working with GREP11 virtual servers.
Next
You can download the IBM Hyper Protect Virtual Servers installation package by following the instructions on the Downloading the installation package topic.