SevOne Data Platform Deployment on Amazon Web Services
About
Amazon Web Services (AWS) is a collection of several popular cloud-based services hosted by Amazon. Introducing AWS to SevOne Data Platform has its benefits:
- Ability to deploy in AWS
- Similar to how SevOne monitors Customer Premises Equipment (CPE), routers, switches, servers, and firewalls today, it will continue to provide the same capability with AWS
- Monitoring data sources with AWS may eliminate data transport costs
In order to properly deploy SevOne NMS / SevOne Data Insight / SD-WAN (Versa / Viptela solution) on AWS, it is important to understand the following concepts.
General Concepts | |
---|---|
CIDR Subnets | CIDR subnets are used for IP assignment in Amazon AWS. |
SSH | SSH is used to connect to SevOne NMS command line or to connect to SevOne Data Insight / SD-WAN (Versa / Viptela solution) launch the web console to configure network settings using nmtui. |
SSH Keys | SSH keys are used for initial connection to AWS instances. SSH keys are used by the SevOne NMS for communication with peers and are overwritten with the SevOne-fix-ssh-keys command. It is important to set and document the root password after deploying an instance on Amazon AWS to ensure you can connect to it again after setting the root password and peering the NMS. |
VPN | VPN connectivity is recommended to secure data in-transit between AWS and premises. |
SevOne Concepts | |
---|---|
RHEL (Red Hat Enterprise Linux) | The OS driving the SevOne appliance. |
SevOne NMS | The SevOne NMS appliance. |
SevOne Data Insight | The SevOne Data Insight appliance. |
AWS Concepts related to SevOne | |
---|---|
AMI | for NMS, The OVA image (for example, vPAS20K_RHEL_v<7.x.x>-ami.ova) can be downloaded from IBM Passport Advantage (https://www.ibm.com/software/passportadvantage/pao_download_software.html) via Passport Advantage Online. However, if you are on a legacy / flexible SevOne contract and do not have access to IBM Passport Advantage but have an active Support contract, please contact SevOne Support. From *_RHEL_v<7.x.x>-ami.ova, you may create your own AMI. for Data Insight, Download the OVA image from IBM Passport Advantage (https://www.ibm.com/software/passportadvantage/pao_download_software.html) via Passport Advantage Online. However, if you are on a legacy / flexible SevOne contract and do not have access to IBM Passport Advantage but have an active Support contract, please contact SevOne Support. From sdi-v<6.x.x>-build.<xx>.ova, you may create your own AMI. for SD-WAN (Versa / Viptela) Solution, Download the OVA image from IBM Passport Advantage (https://www.ibm.com/software/passportadvantage/pao_download_software.html) via Passport Advantage Online. However, if you are on a legacy / flexible SevOne contract and do not have access to IBM Passport Advantage but have an active Support contract, please contact SevOne Support. From sevone_solutions_sdwan_<versa/viptela>-v<6.x.x>-build.<xx>.ova, you may create your own AMI. Important: For details on how to create your AMI from the OVA
image, please refer to https://docs.aws.amazon.com/vm-import/latest/userguide/vmimport-image-import.html.
|
Availability Zone | Regions have Availability Zones (this is similar to one data center). |
AWS Console | The web GUI for AWS. |
AWS CLI | The CLI for AWS. |
EBS | The underlying filesystem attachment. SevOne NMS uses a minimum size of >= 600 GiB with GP2 disks to guarantee a minimum level of IOPS performance. Larger instances are configured with multiple and/or larger disks for further improvement of performance. SevOne Data Insight / SD-WAN (Versa / Viptela solution) require 250 GiB. |
EC2 | EC2 is an abbreviation for an instance on AWS. |
Instance Type | The amount and type of RAM/vCPU an instance is allocated. |
Key Pairs | Used to connect to instances when launched to connect and set a root password. |
Launch Permission | Controls access to AMI deployment and copying. |
NACLs | Network ACLs work in a similar way to ACLs on routers. |
Name | See Tags below |
Placement Groups | Allows AWS instances to be placed in close proximity (in network hops and physical distance) from one another to ensure maximum network throughput for HA applications. |
Region | The AWS region for deployment. This is analogous to multiple data centers in a large geographic area. |
Security Groups | Similar to firewall policy in AWS. |
Subnets | Subnets exist within an individual Availability Zone and consists of CIDR networks. |
Tags | Allow identifiers in key/value pairs to be used to identify an instance in AWS. For example, Name is a tag. |
VPC | VPC is the virtual network definition tool for AWS. |
Under the shared model, AWS has a physical host with a hypervisor running on it to handle the virtualization of the CPU, memory, storage, etc. AWS fits shared EC2 instances onto the appropriate physical host and isolates it from interacting with other customers, even though the same physical resources are being shared.
By default, AWS employs shared tenancy, but it can be turned off for customers who have certain regulatory, compliance, or licensing restrictions that require a dedicated deployment model.
- [any reference to master] OR
- [[if a CLI command contains master] AND/OR
- [its output contains master]],
it means leader.
And, if there is any reference to slave, it means follower.
Prerequisites
- Key Pair - A key pair is required for initial connection to the AWS EC2 instance after deployment from AMI. For additional details, please refer to https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-key-pairs.html
- VPN Configuration - Recommended to access the system via the VPN. For additional details, please refer to https://aws.amazon.com/premiumsupport/knowledge-center/create-connection-vpc/
- Creating Security Groups - Recommended to disallow access outside of the VPN. For additional details, please refer to https://docs.aws.amazon.com/efs/latest/ug/accessing-fs-create-security-groups.html
- You may deploy SevOne NMS / SevOne Data Insight / SD-WAN (Versa / Viptela solution) on your own
AWS instance as an Amazon Machine Image (AMI), an AWS compatible virtual machine.Important: AMI must be created from the OVA image downloaded from IBM Passport Advantage (https://www.ibm.com/software/passportadvantage/pao_download_software.html) via Passport Advantage Online. However, if you are on a legacy / flexible SevOne contract and do not have access to IBM Passport Advantage but have an active Support contract, please contact IBM SevOne Support.
- GP2 (General purpose SSD) is the default EBS volume type for Amazon EC2 instances. Using GP2 storage is recommended.
- SevOne NMS, SevOne Data Insight, and SD-WAN (Versa / Viptela solution) are available to be deployed on AWS, however the current release of Universal Collector and xStats have not been tested yet.
- SevOne is delivering the same experience on SevOne Appliances and VMs (Virtual Machines). For a Virtual Appliance, a License Key is required.
- Hybrid Deployment
- Hybrid cluster setup with a mix of some peers (Cluster Leader, peers, or DNCs) in AWS and some on-premise is tested and supported.
- Hybrid peer deployment (leader or follower on-premise and its partner in AWS) is not supported with the exception using HSA pairing as a temporary measure to migrate data from on-premise to AWS.
- Hybrid peer migration may take several days depending on latency.
- Hybrid setup must only be used for migration of data from the on-premise peer to an HSA in AWS. Upon completion of migration, the HSA in AWS must be promoted to Leader of the pair and the remaining peer on-premise, must be decommissioned.
- Customers are responsible to configure the security zones in AWS.
- The network connectivity and port requirements are the same for the NMS / Data Insight / SD-WAN (Versa / Viptela solution) deployed in AWS. For details, please refer to SevOne Best Practices Guide - Cluster, Peer, and HSA or SevOne NMS Port Number Requirements Guide.
AWS Instance Types for SevOne Appliances
SevOne Instance | License Count | AWS Instance Type | Data Disk (GIB) |
---|---|---|---|
vPAS5k | Up to 5k objects | r6i.large | n/a |
vPAS10k | Up to 10k objects | r6i.xlarge | n/a |
vPAS20k | Up to 20k objects | r6i.xlarge | n/a |
vPAS60k | Up to 60k objects | r6i.2xlarge | 1,250 |
vPAS100k | Up to 100k objects | r6i.2xlarge r6i.4xlarge (recommended) |
2,000 |
vPAS200k | Up to 200k objects | r6i.8xlarge | 4,000 |
vDNC100 | Up to 100 interfaces | r6i.2xlarge | 400 |
vDNC300 | Up to 300 interfaces | r6i.4xlarge | 800 |
vDNC1000 | Up to 1000 interfaces | r6i.8xlarge | 1,500 |
vDNC1500 | Up to 1500 interfaces | r6i.8xlarge | 3,000 |
Deployment
Execute the steps below.
- Please download the OVA images from IBM Passport Advantage (https://www.ibm.com/software/passportadvantage/pao_download_software.html) via Passport Advantage Online. However, if you are on a legacy / flexible SevOne contract and do not have access to IBM Passport Advantage but have an active Support contract, please contact IBM SevOne Support.
- Click on the Image Id link to login to your AWS account to select an Amazon Machine Image
instance type for the SevOne Appliances.Important: Please make sure you have the login/password for your AWS account prior to proceeding further.
- Choose the desired Instance Type.
- Click on Next: Configure Instance Details.
- Configuring instance details vary depending on your needs. It is important to select any Placement Group options now as this may not be changed later. It is important to select the Network options so that your instance can poll or receive streaming data from the sources that it needs.
- Click on Next: Add Storage.
- Please refer to AWS Instance Types for SevOne Appliances section above to enter your desired
values.Warning: Do not modify the drop-down for Device on data disks. The disk setup script /opt/aws_setup.sh expects the data disk is /dev/xvdb and this will only happen if the Device is left as /dev/sdb here in the disk configuration.Important: The root disk should be 600 GiB for SevOne NMS Appliances and 250 GiB for SevOne Data Insight and SD-WAN (Versa / Viptela solution).
For SevOne NMS appliances PAS100K and above and for all DNC models, please add the additional storage volume (disk). - Click on Next: Add Tags.Tags are useful to identify machine instances so they can be easily found.
- Click on Next: Configure Security Group. This is customer-specific. It is best to pre-configure a security groups.
- Click on Review and Launch.
- Please review your configuration and click on Launch.
- Select an existing Key Pair or create a new one.Note: You will not be able to access the new instance via SSH without the private key.
Enable Login
For SevOne NMS
- SSH to the Virtual Machine as root without a password and using the Key Pair selected during the Virtual Machine creation. To convert key pairs to popular SSH clients, please refer to https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-%20key-pairs.html
- Set a root password.
$ passwd root
- Configure the data disk by running the /opt/aws_setup.sh script with bash. The script is
included in SevOne NMS and when missing, it must be created. Please see the example
/opt/aws_setup.sh file below for SevOne
NMS.
$ bash /opt/aws_setup.sh
Example: /opt/aws_setup.sh for SevOne NMS
#!/bin/bash #aws_setup.sh by awstest@sevone.com 2021-03-30 #runs on AWS VMs to attach an additional data disk for specified models #everything else okstring="[ \033[32mOK\033[0m ]" warnstring="[\033[33mWARN\033[0m]" infostring="[\033[36mINFO\033[0m]" failstring="[\033[31mFAIL\033[0m]" echo -e "$infostring Checking AWS disk configuration" if dmesg | egrep -q 'xvdb'; then echo -e "$okstring Disk xvdb was found" if mount | egrep -q '^/dev/xvdb1 on /data'; then echo -e "$okstring /dev/xvdb1 is mounted on /data" else if lsblk -o +UUID | egrep -q 'xvdb1'; then echo -e "$okstring /dev/xvdb1 is formatted" else echo -e "$okstring AWS disk configuration is starting" echo -e "$infostring parted is creating the data disk partition" parted -a optimal --script /dev/xvdb mklabel gpt mkpart primary 0% 100% sleep 5 echo -e "$infostring mkfs is formatting the data disk partition as xfs" mkfs.xfs /dev/xvdb1 sync sleep 5 echo -e "$infostring configuring mount points" dataUUID="$(lsblk -o +UUID | awk '/xvdb1/ {print $NF}')" echo "UUID=${dataUUID} /data xfs defaults 0 0" | tee -a /etc/fstab echo -e "$infostring stopping mysql services" supervisorctl stop mysqld mysqld2 echo -e "$infostring moving data from old folder to new disk" mv /data /data_temp mkdir -p /data mount -a mv /data_temp/* /data chown -R mysql:mysql /data echo -e "$infostring removing old data folder" rm -rf /data_temp echo -e "$infostring starting mysql services" supervisorctl start mysqld mysqld2 echo -e "$infostring filling ballast" mkdir /data/.SevOne-ballast SevOne-ballast fill-all data echo -e "$okstring AWS disk configuration complete" df -hT / /data fi fi else echo -e "$infostring Disk xvdb was not found" fi
For SevOne Data Insight
Please refer to SevOne Data Insight Pre-Installation Guide for additional details.
For SD-WAN (Versa / Viptela Solution)
Please refer to SevOne Data Insight Pre-Installation Guide for additional details.
SevOne Appliance Configuration
Please refer to SevOne NMS Appliance Configuration Guide for details on how to set the correct application configuration for the customer's license type and count.
SevOne Appliance Login & License
Please refer to SevOne NMS documentation for details as they apply to the Virtual Appliance running on the cloud as well.
Add Peer to Cluster
Please refer to SevOne NMS documentation for details as they apply to the Virtual Appliance running on the cloud as well.
Verify SevOne NMS
Logon to the SevOne NMS via SSH and execute the following command.
$ podman exec -it nms-nms-nms /bin/bash
$ SevOne-act check checkout
Currently, the command returns several errors as shown in the example below. Please disregard these errors until after SevOne NMS is updated to include checks for Amazon's AWS AMI deployed instances.
Example
$ podman exec -it nms-nms-nms /bin/bash
$ SevOne-act check checkout
[ FAIL ] Rpm summary - 16 errors found, Run 'SevOne-act check rpm' for more information
[ FAIL ] Lsof summary - 2 errors found, Run 'SevOne-act check lsof' for more information
[ FAIL ] UuidsCheck summary - 1 error found, Run 'SevOne-act check uuids-check' for more information
Change IP Address
At the time of writing, SevOne-change-ip commands are unable to respect the AWS network configuration and should not be used to change IP addresses.