SevOne Data Platform Deployment on Amazon Web Services

Edit online

ABOUT

Edit online

Amazon Web Services (AWS) is a collection of several popular cloud-based services hosted by Amazon. Introducing AWS to SevOne Data Platform has its benefits:

  • Ability to deploy in AWS
  • Similar to how SevOne monitors Customer Premises Equipment (CPE), routers, switches, servers, and firewalls today, it will continue to provide the same capability with AWS
  • Monitoring data sources with AWS may eliminate data transport costs
Important: Starting SevOne NMS 6.7.0, MySQL has moved to MariaDB 10.6.12.

In order to properly deploy SevOne NMS / SevOne Data Insight / SD-WAN (Versa / Viptela solution) on AWS, it is important to understand the following concepts.

General Concepts  
CIDR Subnets CIDR subnets are used for IP assignment in Amazon AWS.
SSH SSH is used to connect to SevOne NMS command line or to connect to SevOne Data Insight / SD-WAN (Versa / Viptela solution) launch the web console to configure network settings using nmtui.
SSH Keys SSH keys are used for initial connection to AWS instances. SSH keys are used by the SevOne NMS for communication with peers and are overwritten with the SevOne-fix-ssh-keys command. It is important to set and document the root password after deploying an instance on Amazon AWS to ensure you can connect to it again after setting the root password and peering the NMS.
VPN VPN connectivity is recommended to secure data in-transit between AWS and premises.
SevOne Concepts  
RHEL (RedHat Enterprise Linux) The OS driving the SevOne appliance.
SevOne NMS The SevOne NMS appliance.
SevOne Data Insight The SevOne Data Insight appliance.
AWS Concepts related to SevOne  
AMI for NMS,

The OVA image (for example, vPAS20K_RHEL_v<7.x.x>-ami.ova) can be downloaded from IBM Passport Advantage (https://www.ibm.com/software/passportadvantage/pao_download_software.html) via Passport Advantage Online. However, if you are on a legacy / flexible SevOne contract and do not have access to IBM Passport Advantage but have an active Support contract, please contact SevOne Support.


Once you have downloaded the package, unpack the fix / upgrade packs to obtain the required files.

From *_RHEL_v<7.x.x>-ami.ova, you may create your own AMI.

for Data Insight,

Download the OVA image from IBM Passport Advantage (https://www.ibm.com/software/passportadvantage/pao_download_software.html) via Passport Advantage Online. However, if you are on a legacy / flexible SevOne contract and do not have access to IBM Passport Advantage but have an active Support contract, please contact SevOne Support.


Once you have downloaded the package, unpack the fix / upgrade packs to obtain the required files.

From sdi-v<6.x.x>-build.<xx>.ova, you may create your own AMI.

for SD-WAN (Versa / Viptela) Solution,

Download the OVA image from IBM Passport Advantage (https://www.ibm.com/software/passportadvantage/pao_download_software.html) via Passport Advantage Online. However, if you are on a legacy / flexible SevOne contract and do not have access to IBM Passport Advantage but have an active Support contract, please contact SevOne Support.


Once you have downloaded the package, unpack the fix / upgrade packs to obtain the required files.

From sevone_solutions_sdwan_<versa/viptela>-v<6.x.x>-build.<xx>.ova, you may create your own AMI.

Important: For details on how to create your AMI from the OVA image, please refer to https://docs.aws.amazon.com/vm-import/latest/userguide/vmimport-image-import.html.
  • Prerequisite AWS Identity and Access Management (IAM) permissions must beapplied. NOTE: This is only required the first time you import. For the subsequent imports, this process does not need to be repeated.
  • You must copy the OVA image to a bucket in Amazon S3.
  • Once the import process begins, wait until it is completed and AMI ID is returned.
Availability Zone Regions have Availability Zones (this is similar to one data center).
AWS Console The web GUI for AWS.
AWS CLI The CLI for AWS.
EBS The underlying filesystem attachment. SevOne NMS uses a minimum size of >= 600 GiB with GP2 disks to guarantee a minimum level of IOPS performance. Larger instances are configured with multiple and/or larger disks for further improvement of performance. SevOne Data Insight / SD-WAN (Versa / Viptela solution) require 250 GiB.
EC2 EC2 is an abbreviation for an instance on AWS.
Instance Type The amount and type of RAM/vCPU an instance is allocated.
Key Pairs Used to connect to instances when launched to connect and set a root password.
Launch Permission Controls access to AMI deployment and copying.
NACLs Network ACLs work in a similar way to ACLs on routers.
Name See Tags below
Placement Groups Allows AWS instances to be placed in close proximity (in network hops and physical distance) from one another to ensure maximum network throughput for HA applications.
Region The AWS region for deployment. This is analogous to multiple data centers in a large geographic area.
Security Groups Similar to firewall policy in AWS.
Subnets Subnets exist within an individual Availability Zone and consists of CIDR networks.
Tags Allow identifiers in key/value pairs to be used to identify an instance in AWS. For example, Name is a tag.
VPC VPC is the virtual network definition tool for AWS.
Important: AWS's shared tenancy model is commonly used within AWS and SevOne uses this model to deploy SevOne NMS and/or SevOne Data Insight / SD-WAN (Versa / Viptela solution). With this model, multiple customers can share the same pieces of the hardware without these instances interacting with each other.

Under the shared model, AWS has a physical host with a hypervisor running on it to handle the virtualization of the CPU, memory, storage, etc. AWS fits shared EC2 instances onto the appropriate physical host and isolates it from interacting with other customers, even though the same physical resources are being shared.

By default, AWS employs shared tenancy, but it can be turned off for customers who have certain regulatory, compliance, or licensing restrictions that require a dedicated deployment model.

Note: In this guide if there is,
  • [any reference to master] OR
  • [[if a CLI command contains master] AND/OR
  • [its output contains master]],

    it means leader.

And, if there is any reference to slave, it means follower.

PREREQUISITES

Edit online
Note:
  • You may deploy SevOne NMS / SevOne Data Insight / SD-WAN (Versa / Viptela solution) on your own AWS instance as an Amazon Machine Image (AMI), an AWS compatible virtual machine.
    Important: AMI must be created from the OVA image downloaded from IBM Passport Advantage (https://www.ibm.com/software/passportadvantage/pao_download_software.html) via Passport Advantage Online. However, if you are on a legacy / flexible SevOne contract and do not have access to IBM Passport Advantage but have an active Support contract, please contact IBM SevOne Support.

    Once you have downloaded the package, unpack the fix / upgrade packs to obtain the required files.

  • GP2 (General purpose SSD) is the default EBS volume type for Amazon EC2 instances. Using GP2 storage is recommended.
  • SevOne NMS, SevOne Data Insight, and SD-WAN (Versa / Viptela solution) are available to be deployed on AWS, however the current release of Universal Collector and xStats have not been tested yet.
  • SevOne is delivering the same experience on SevOne Appliances and VMs (Virtual Machines). For a Virtual Appliance, a License Key is required.
  • Hybrid Deployment
    • Hybrid cluster setup with a mix of some peers (Cluster Leader, peers, or DNCs) in AWS and some on-premise is tested and supported.
    • Hybrid peer deployment (leader or follower on-premise and its partner in AWS) is not supported with the exception using HSA pairing as a temporary measure to migrate data from on-premise to AWS.
    • Hybrid peer migration may take several days depending on latency.
    • Hybrid setup must only be used for migration of data from the on-premise peer to an HSA in AWS. Upon completion of migration, the HSA in AWS must be promoted to Leader of the pair and the remaining peer on-premise, must be decommissioned.
  • Customers are responsible to configure the security zones in AWS.
  • The network connectivity and port requirements are the same for the NMS / Data Insight / SD-WAN (Versa / Viptela solution) deployed in AWS. For details, please refer to SevOne Best Practices Guide - Cluster, Peer, and HSA or SevOne NMS Port Number Requirements Guide.

AWS INSTANCE TYPES FOR SEVONE APPLIANCES

Edit online
Attention: To migrate from AWS instance type r4.<x> to r6i.<x>, you must first perform the steps below.
  1. SSH to your virtual machine as root.
  2. Enter the NMS container. 
    
nms
  3. Prepare your virtual machine for r6i instance type change and shutdown. 
    
echo 'add_drivers+=" nvme "' > /etc/dracut.conf.d/nvme.conf && dracut -f -v && SevOne-shutdown shutdown
  4. Change the AWS instance type from r4 to r6i as described in https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-instance-resize.html.
  5. Start the AWS instance as described in https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/Stop_Start.html.
  6. Run the following command to ensure that there are no errors and you may ignore any references to uuids-check. You must be in the NMS container to execute the following command. 
    
SevOne-act check checkout
Note: Please refer to Amazon EC2 Instance Types - AWS for details on AWS Instance Types in the table below.
SevOne Instance License Count AWS Instance Type Data Disk (GIB)
vPAS5k Up to 5k objects r6i.large n/a
vPAS10k Up to 10k objects r6i.xlarge n/a
vPAS20k Up to 20k objects r6i.xlarge n/a
vPAS60k Up to 60k objects r6i.2xlarge 1,250
vPAS100k Up to 100k objects r6i.2xlarge
r6i.4xlarge (recommended)		 2,000
vPAS200k Up to 200k objects r6i.8xlarge 4,000
vDNC100 Up to 100 interfaces r6i.2xlarge n/a
vDNC300 Up to 300 interfaces r6i.4xlarge 800
vDNC1000 Up to 1000 interfaces r6i.8xlarge 1,500
vDNC1500 Up to 1500 interfaces r6i.8xlarge 3,000
Note: The average Input / Output Operations Per Second (IOPS) is 19,000KBs.

DEPLOYMENT

Edit online

Execute the steps below.

  1. Please download the OVA images from IBM Passport Advantage (https://www.ibm.com/software/passportadvantage/pao_download_software.html) via Passport Advantage Online. However, if you are on a legacy / flexible SevOne contract and do not have access to IBM Passport Advantage but have an active Support contract, please contact IBM SevOne Support.
  2. Click on the Image Id link to login to your AWS account to select an Amazon Machine Image instance type for the SevOne Appliances.
    Important: Please make sure you have the login/password for your AWS account prior to proceeding further.
  3. To deploy, please refer to https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/LaunchingAndUsingInstances.html for instructions. For example,
    • Choose the desired r6i instance type to configure the instance details.
      Note: Configuring instance details vary depending on your needs. It is important to select any Placement Group options now as this may not be changed later. It is important to select the Network options so that your instance can poll or receive streaming data from the sources that it needs.
    • Add storage. Please refer to section AWS Instance Types for SevOne Appliances above to select your desired storage.
      Important:
      The root disk should be 600 GiB for SevOne NMS Appliances and 250 GiB for SevOne Data Insight and SD-WAN (Versa / Viptela solution).

      Additional storage is required for:
      • SevOne NMS appliances PAS60K or above
      • DNC models DNC300 or above
    • Add the tags. Tags are useful to identify machine instances so they can be easily found.
    • Configure the security group. This is customer-specific. It is best to pre-configure the security group.
    • Review your configuration and launch AWS.
    • Select an existing key pair or create a new one.
      Note: You will not be able to access the new instance via SSH without the private key.

➤   For SevOne NMS

Edit online
  1. SSH to the Virtual Machine as root without a password and using the Key Pair selected during the Virtual Machine creation. To convert key pairs to popular SSH clients, please refer to https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-%20key-pairs.html
  2. Set a root password.
    passwd root
  3. Using a text editor of your choice, create /opt/aws_setup.sh file. This file is not available automatically and you must create it. 
    
touch /opt/aws_setup.sh
  4. Edit /opt/aws_setup.sh file. 
    
vi /opt/aws_setup.sh
  5. Add the following script to configure the data disk and run the script manually with bash.
    Important: If an empty data disk is attached to a virtual machine on first boot, it will be automatically formatted, mounted, and configured. However, if the user has already booted and now wants to attach a /data disk, run the script below.

    Example: aws_setup.sh 
    
# This script is only valid during initial deployment, and should not be used 
# to migrate data on an existing environment with a significant amount of 
# collected historical data
set -e

MIN_SIZE=$((150 * 1024 * 1024 * 1024))
DATA_SIZE=$(df -B1 /data 2>/dev/null | awk 'NR==2 {print $3}')
if [[ "$DATA_SIZE" =~ ^[0-9]+$ ]] && (( DATA_SIZE > MIN_SIZE )); then
	MIN_SIZE=$DATA_SIZE
fi
DISK_NAME=$(lsblk -o NAME,FSTYPE,SIZE -Jb | jq -r --argjson minSize "$MIN_SIZE" '[.blockdevices[] | select((.children|length==0) and (.size|tonumber >= $minSize) and (.fstype|not))] | max_by(.size|tonumber) | select(.) | .name')

if [ -z "$DISK_NAME" ]; then
	echo "No appropriate blank disks found" >&2
	exit 1
fi

systemctl stop nms
mkdir -p /data_temp /data
mv /data/* /data_temp

mkfs.xfs /dev/$DISK_NAME
cat > /etc/systemd/system/data.mount <<__DATA_MOUNT__
[Unit]
Description=Mount unit for /data
Before=nms_deployment.service prometheus_deployment.service collectors_deployment.service

[Mount]
What=/dev/$DISK_NAME
Where=/data
Type=xfs
DirectoryMode=0755

[Install]
WantedBy=multi-user.target
__DATA_MOUNT__

systemctl daemon-reload
systemctl enable data.mount
systemctl restart data.mount
mv /data_temp/* /data
systemctl start nms
rmdir /data_temp

➤   For SevOne Data Insight

Edit online

Please refer to SevOne Data Insight Pre-Installation Guide for additional details.

➤   For SD-WAN (Versa / Viptela Solution)

Edit online

Please refer to SevOne Data Insight Pre-Installation Guide for additional details.

SEVONE APPLIANCE CONFIGURATION

Edit online

Please refer to SevOne NMS Appliance Configuration Guide for details on how to set the correct application configuration for the customer's license type and count.

SEVONE APPLIANCE LOGIN & LICENSE

Edit online

Please refer to SevOne NMS documentation for details as they apply to the Virtual Appliance running on the cloud as well.

ADD PEER TO CLUSTER

Edit online

Please refer to SevOne NMS documentation for details as they apply to the Virtual Appliance running on the cloud as well.

VERIFY SEVONE NMS

Edit online

Logon to the SevOne NMS via SSH and execute the following command.

podman exec -it nms-nms-nms /bin/bash
SevOne-act check checkout

Currently, the command returns several errors as shown in the example below. Please disregard these errors until after SevOne NMS is updated to include checks for Amazon's AWS AMI deployed instances.

Example

podman exec -it nms-nms-nms /bin/bash
SevOne-act check checkout

[ FAIL ] Rpm summary - 16 errors found, Run 'SevOne-act check rpm' for more information
[ FAIL ] Lsof summary - 2 errors found, Run 'SevOne-act check lsof' for more information
[ FAIL ] UuidsCheck summary - 1 error found, Run 'SevOne-act check uuids-check' for more information

CHANGE IP ADDRESS

Edit online

At the time of writing, SevOne-change-ip commands are unable to respect the AWS network configuration and should not be used to change IP addresses.