Planning for Secure Service Container for IBM Cloud Private

Before you start with the Secure Service Container for IBM Cloud Private, you can use a worksheet to get an overall understanding on what information you will need to run the Secure Service Container for IBM Cloud Private ,and where to get such information.

The example values in the checklist are based on the following network topology for the Secure Service Container for IBM Cloud Private. You can use different values in the checklist according to your actual network configuration.

Network topology example

Figure 1. Network topology example for Secure Service Container for IBM Cloud Private

Secure Service Container partition

The following table shows the required information you will need when Configuring Secure Service Container storage.

Table 1. Secure Service Container partition checklist

Resource The actual value Example Where to get
Partition IP address 10.152.151.105 System administrator
Master ID ssc_master_user System administrator
Master password ssc_master_password System administrator
Storage disks for data pool resizing 3600507630affc427000000000002000 (FCP) or 0.0.78CA (FICON DASD) System administrator

Note: If you plan to use multiple Secure Service Container partitions, make sure you have a checklist for each partition.

An IBM Cloud Private cluster

An IBM Cloud Private cluster must have at least three types of cluster node: master, worker, and proxy. The master node is hosted on the x86 server, and the worker and proxy nodes are on the Secure Service Container partitions.

The cluster nodes communicates with each other by using internal IP addresses. For more information, see Configuring the network for worker and proxy nodes.

Cluster information

The following table shows the basic information that you need to know or use when Installing IBM Cloud Private cluster.

Table 2. Cluster basic information checklist

Resource The actual value Example Where to get
Cluster name DemoCluster Cloud administrator
Number of worker node 2 Cloud administrator
Number of proxy node 1 Cloud administrator

Master node

The following table shows the required information for a master node.

Table 3. Master node checklist

Resource The actual value Example Where to get
Architecture x86 x86 Cloud administrator
Primary Network interface Controller (NIC) eth1 ifconfig -a
External IP address for NIC 10.152.151.100 ifconfig -a (inet addr parameter in the result)
Password for the user root root_user_password System administrator
Internal IP address 192.168.0.251 Network administrator
NIC for internal network eth0 Network administrator
Subnet mask for internal IP 192.168.0.0/24 Network administrator
Gateway for internal IP 192.168.0.1 Network administrator

Proxy node

The following table shows the required information for a proxy node.

Table 4. Proxy node checklist

Resource The actual value Example Where to get
Architecture s390x (Secure Service Container) s390x (Secure Service Container) Cloud administrator
Number of nodes 1 Cloud administrator
Number of CPU 3 Cloud administrator
Memory size 1 GB Cloud administrator
Storage for root file system 60 GB See root_storage for configuring the cluster resources
Storage for cluster runtime 140 GB See icp_storage for configuring the cluster resources
Port range 16000 Cloud administrator
Parent device for external access encf900 Appliance administrator
External IP address 172.16.0.4 Network administrator
Subnet mask for external IP 172.16.0.0/24 Network administrator
Gateway for external IP 172.16.0.1 Network administrator
Password for the user root root_user_password System administrator
Parent device for internal access
  • encf700 (Ethernet-type connection)
  • vxlan0f300.1121 (VLAN-type connection)
Appliance administrator
Internal IP address 192.168.0.254 Network administrator (See Configuring the network for worker and proxy nodes)
Subnet mask for internal IP 192.168.0.0/24 Network administrator
Gateway for internal IP 192.168.0.1 Network administrator

Worker nodes

The following table shows the required information for two worker nodes on one Secure Service Container partition.

Table 5. Worker nodes checklist

Resource The actual value Example Where to get
Architecture s390x (Secure Service Container) s390x (Secure Service Container) Cloud administrator
Number of nodes 2 Cloud administrator
Number of CPU 4 Cloud administrator
Memory size 4 GB Cloud administrator
Storage for root file system 60 GB See root_storage for configuring the cluster resources
Storage for cluster runtime 140 GB See icp_storage for configuring the cluster resources
Port range 15000 Cloud administrator
Parent device for internal access
  • encf700 (Ethernet-type connection)
  • vxlan0f300.1121 (VLAN-type connection)
Appliance administrator
Internal IP address 192.168.0.252, 192.168.0.253 Network administrator (See Configuring the network for worker and proxy nodes)
Subnet mask for internal IP 192.168.0.0/24 Network administrator
Gateway for internal IP 192.168.0.1 Network administrator

Tasks roadmap for different user roles

To install the cluster by using the Secure Service Container for IBM Cloud Private, you need to work with at least three different user roles. You can click each step on the following clickable diagram to read detailed instructions.

Click a box to get more details on the process.

System administrator on Hardware Management Console (HMC) Appliance administrator on Secure Service Container Installer) Hybrid cloud administrator on the x86 server Create Secure Service Container partitions Activate Secure Service Container partitions Install the Secure Service Container for IBM Cloud Private software appliance Configure the storage for the appliance Configure the network connections for the appliance Install the Secure Service Container for IBM Cloud Private CLI tool Configure the cluster resources Create the cluster nodes Configure the network for the master node Deploy IBM Cloud Private

Figure 1. Secure Service Container for IBM Cloud Private tasks by user roles