Configuring the appliance network
You can configure the network devices for the Secure Service Container for IBM Cloud Private appliance by using the Secure Service Container user interface. The cluster nodes on the Secure Service Container partitions communicate through the Ethernet-type or VLAN-type connections over the network devices bound to Open Systems Adapter-Express (OSA-Express) devices.
If you have both worker and proxy nodes on one Secure Service Container partition, you must configure two network devices with one for internal communication among the cluster nodes, and another for external access through the proxy node. You can configure one network device to each of the OSA-Express device on the Secure Service Container partitions, or multiple network devices on one OSA-Express device.
This procedure is intended for users with role appliance administrator.
Before you begin
- Check that you have the connection information to each Secure Service Container partition. For more information, see Creating Secure Service Container partitions.
- Check that you install the Secure Service Container for IBM Cloud Private appliance by following the instructions on Installing the Secure Service Container for IBM Cloud Private appliance.
Complete the following steps to configure the network devices.
Connect to the Secure Service Container partition through the browser of your choice. For example,
On the Login page, enter the master use ID and password values that you supplied in the image profile (standard mode system) or the partition definition (DPM-enabled system), and click Login.
In the navigation pane, click the Network icon to display the network connections page.
Select one of the network devices to get the channel path identifier (CHPID) of the OSA-Express device. For example,
encf900is the network device name, and
AAis the CHPID.
Configure another network device on the Secure Service Container partition.
For an ethernet-type connection:
- Click the plus (+) icon to add a new connection, and then select Ethernet as the connection type.
- Select a new network device from the drop-down list. Ensure that the CHPID in the Device Details section is different from the one in step 4. For example, the network device name is
encf700, and the CHPID is
- Use the default value for the Port field, and set the connection state to Active.
- Use Automatic for both IPV4 and IPV6 addresses fields.
For a VLAN-type connection, ensure that your OSA device is tagged with an VLAN ID (for example,
1121) and the OSA device is connected with the trunk port of the switch.
- Click the plus (+) icon to add a new connection, and then select VLAN as the connection type.
- Select a parent device (also known as a tagged OSA device) from the drop-down list. If the parent device is not available, click the plus (+) icon to create a parent device. For example, the parent device name is
- Enter the VLAN ID by which the OSA device is tagged. For example,
- Use the auto-generated connection name. For example,
- If the DHCP is not configured in your network, select the Manual checkbox on the IPv4 tab and assign an appropriate IP address according to your network.
- Set the connection state on the General tab to Active.
- Click the ADD button to save the changes.
Figure 2. two OSA-Express devices
- Repeat all the steps on each Secure Service Container partition that will be used to host the cluster nodes.
- Decide the network device name that will be used for internal communications among the cluster nodes, or by the proxy node for external access. You will use those values for the
parentparameter in the
ssc4icp-config.yamlfile. For more information, see Configuring the cluster resources.
For more information, see the following topic in Secure Service Container User's Guide:
- Chapter 14, "Using the Secure Service Container user interface", section "Viewing and managing network connections"
You can now follow the instructions in the Configuring the network for worker and proxy nodes topic to plan how the cluster nodes will communicate among each other and how the external requests can access the services inside the cluster.