Citrix Systems 4.2 14.5. Hardware Firewall

Chapter 14. Network Setup

164

2. VLAN 201 is used to route untagged private IP addresses for pod 1, and pod 1 is connected to

this layer-2 switch.

interface range ethernet all

switchport mode general

switchport general allowed vlan add 300-999 tagged

exit

The statements configure all Ethernet ports to function as follows:

• All ports are configured the same way.

• All VLANs (300-999) are passed through all the ports of the layer-2 switch.

14.4.2. Cisco 3750

The following steps show how a Cisco 3750 is configured for pod-level layer-2 switching.

1. Setting VTP mode to transparent allows us to utilize VLAN IDs above 1000. Since we only use

VLANs up to 999, vtp transparent mode is not strictly required.

vtp mode transparent

vlan 300-999

exit

2. Configure all ports to dot1q and set 201 as the native VLAN.

interface range GigabitEthernet 1/0/1-24

switchport trunk encapsulation dot1q

switchport mode trunk

switchport trunk native vlan 201

exit

By default, Cisco passes all VLANs. Cisco switches complain of the native VLAN IDs are different

when 2 ports are connected together. That’s why you must specify VLAN 201 as the native VLAN on

the layer-2 switch.

14.5. Hardware Firewall

All deployments should have a firewall protecting the management server; see Generic Firewall

Provisions. Optionally, some deployments may also have a Juniper SRX firewall that will be the default

gateway for the guest networks; see Section 14.5.2, “External Guest Firewall Integration for Juniper

SRX (Optional)”.

14.5.1. Generic Firewall Provisions

The hardware firewall is required to serve two purposes:

• Protect the Management Servers. NAT and port forwarding should be configured to direct traffic

from the public Internet to the Management Servers.

• Route management network traffic between multiple zones. Site-to-site VPN should be configured

between multiple zones.

Contents

Main Page Page Page Page Page Page Page Getting More Information and Help 1.1. Additional Documentation Available 1.2. Citrix Knowledge Center 1.3. Contacting Support Page Concepts 2.1. What Is CloudPlatform? 2.2. What Can CloudPlatform Do? 2.3. Deployment Architecture Overview 2.3.1. Management Server Overview 2.3.2. Cloud Infrastructure Overview 2.3.3. Networking Overview Page Page Cloud Infrastructure Concepts 3.1. About Regions 3.2. About Zones Page 3.3. About Pods 3.4. About Clusters 3.5. About Hosts 3.6. About Primary Storage 3.7. About Secondary Storage 3.8. About Physical Networks 3.8.1. Basic Zone Network Traffic Types 3.8.2. Basic Zone Guest IP Addresses 3.8.3. Advanced Zone Network Traffic Types 3.8.4. Advanced Zone Guest IP Addresses 3.8.5. Advanced Zone Public IP Addresses 3.8.6. System Reserved IP Addresses Page Upgrade Instructions 4.1. Upgrade from 3.0.x to 4.2 Page Page Page Page Page Page Page XenServer or KVM: ESXi 4.2. Upgrade from 2.2.x to 4.2 Page Page Page Page Page Page Page XenServer or KVM: ESXi 4.3. Upgrade from 2.1.x to 4.2 4.4. Upgrading and Hotfixing XenServer Hypervisor Hosts 4.4.1. Upgrading to a New XenServer Version Page 4.4.2. Applying Hotfixes to a XenServer Cluster Page Page Page Installation 5.1. Who Should Read This 5.2. Overview of Installation Steps 5.3. Minimum System Requirements 5.3.1. Management Server, Database, and Storage System Requirements 5.3.2. Host/Hypervisor System Requirements 5.3.3. Hypervisor Compatibility Matrix 5.3.3.1. CloudPlatform 4.x 5.3.3.2. CloudPlatform 3.x 5.3.3.3. CloudPlatform 2.x 5.4. Management Server Installation 5.4.1. Management Server Installation Overview 5.4.2. Prepare the Operating System Page 5.4.3. Install the Management Server on the First Host 5.4.4. Install and Configure the Database 5.4.4.1. Install the Database on the Management Server Node Page 5.4.4.2. Install the Database on a Separate Node Page 5.4.5. About Password and Key Encryption 5.4.6. Changing the Default Password Encryption 5.4.7. Prepare NFS Shares 5.4.7.1. Using a Separate NFS Server 5.4.7.2. Using the Management Server As the NFS Server Page 5.4.8. Prepare and Start Additional Management Servers 5.4.9. Management Server Load Balancing 5.4.10. Prepare the System VM Template 5.4.11. Installation Complete! Next Steps 5.5. Setting Configuration Parameters 5.5.1. About Configuration Parameters Page 5.5.2. Setting Global Configuration Parameters 5.5.3. Setting Local Configuration Parameters 5.5.4. Granular Global Configuration Parameters Page Page Page Page User Interface 6.1. Supported Browsers 6.2. Log In to the UI Username Password 6.2.2. Root Administrator's UI Overview 6.2.3. Logging In as the Root Administrator 6.2.4. Changing the Root Password 6.3. Using SSH Keys for Authentication 6.3.1. Creating an Instance from a Template that Supports SSH Keys 6.3.2. Creating the SSH Keypair 6.3.3. Creating an Instance 6.3.4. Logging In Using the SSH Keypair 6.3.5. Resetting SSH Keys Page Steps to Provisioning Your Cloud Infrastructure 7.1. Overview of Provisioning Steps 7.2. Adding Regions (optional) 7.2.1. The First Region: The Default Region 7.2.2. Adding a Region 7.2.3. Adding Third and Subsequent Regions 7.2.4. Deleting a Region 7.3. Adding a Zone 7.3.1. Create a Secondary Storage Mount Point for the New Zone 7.3.2. Steps to Add a New Zone 7.3.2.1. Basic Zone Configuration Page Page 7.3.2.2. Advanced Zone Configuration Page Page Page Page 7.4. Adding a Pod 7.5. Adding a Cluster 7.5.1. Add Cluster: KVM or XenServer 7.5.2. Add Cluster: OVM 7.5.3. Add Cluster: vSphere 7.5.3.1. VMware Cluster Size Limit 7.5.3.2. Adding a vSphere Cluster Page Page 7.6. Adding a Host 7.6.1. Adding a Host (XenServer, KVM, or OVM) 7.6.1.1. Requirements for XenServer, KVM, and OVM Hosts 7.6.1.1.1. XenServer Host Additional Requirements 7.6.1.1.2. KVM Host Additional Requirements 7.6.1.2. Adding a XenServer, KVM, or OVM Host 7.6.2. Adding a Host (vSphere) 7.7. Adding Primary Storage 7.8. Adding Secondary Storage 7.8.1. Adding an NFS Secondary Staging Store for Each Zone 7.9. Initialize and Test Page Page Installing XenServer for CloudPlatform 8.1. System Requirements for XenServer Hosts 8.2. XenServer Installation Steps 8.3. Configure XenServer dom0 Memory 8.4. Username and Password 8.5. Time Synchronization 8.6. Licensing 8.6.1. Getting and Deploying a License 8.7. Install CloudPlatform XenServer Support Package (CSP) 8.8. Primary Storage Setup for XenServer 8.9. iSCSI Multipath Setup for XenServer (Optional) 8.10. Physical Networking Setup for XenServer 8.10.1. Configuring Public Network with a Dedicated NIC for XenServer (Optional) 8.10.2. Configuring Multiple Guest Networks for XenServer 8.10.3. Separate Storage Network for XenServer (Optional) 8.10.4. NIC Bonding for XenServer (Optional) 8.10.4.1. Management Network Bonding 8.10.4.2. Creating a Private Bond on the First Host in the Cluster 8.10.4.3. Public Network Bonding 8.10.4.4. Creating a Public Bond on the First Host in the Cluster 8.10.4.5. Adding More Hosts to the Cluster 8.10.4.6. Complete the Bonding Setup Across the Cluster Page Installing KVM for CloudPlatform 9.1. System Requirements for KVM Hypervisor Hosts 9.1.1. Supported Operating Systems for KVM Hosts 9.1.2. System Requirements for KVM Hosts 9.2. Install and configure the Agent 9.3. Installing the CloudPlatform Agent on a KVM Host 9.4. Physical Network Configuration for KVM 9.5. Time Synchronization for KVM Hosts 9.6. Primary Storage Setup for KVM (Optional) Page Page Installing VMware for CloudPlatform 10.1. System Requirements for vSphere Hosts 10.1.1. Software requirements Apply All Necessary Hotfixes 10.1.2. Hardware requirements 10.1.3. vCenter Server requirements: 10.1.4. Other requirements: 10.2. Preparation Checklist for VMware 10.2.1. vCenter Checklist 10.2.2. Networking Checklist for VMware 10.3. vSphere Installation Steps 10.4. ESXi Host setup 10.5. Physical Host Networking 10.5.1. Configure Virtual Switch 10.5.1.1. Separating Traffic 10.5.2. Configure vCenter Management Network 10.5.3. Configure NIC Bonding for vSphere 10.6. Configuring a vSphere Cluster with Nexus 1000v Virtual Switch 10.6.1. About Cisco Nexus 1000v Distributed Virtual Switch 10.6.2. Prerequisites and Guidelines 10.6.3. Nexus 1000v Virtual Switch Preconfiguration 10.6.3.1. Preparation Checklist 10.6.3.1.1. vCenter Credentials Checklist 10.6.3.1.2. Network Configuration Checklist 10.6.3.1.3. VSM Configuration Checklist 10.6.3.2. Creating a Port Profile 10.6.3.3. Assigning Physical NIC Adapters 10.6.3.4. Adding VLAN Ranges 10.6.4. Enabling Nexus Virtual Switch in CloudPlatform 10.6.5. Configuring Nexus 1000v Virtual Switch in CloudPlatform 10.6.6. Removing Nexus Virtual Switch 10.6.7. Configuring a VMware Datacenter with VMware Distributed Virtual Switch 10.6.7.1. About VMware Distributed Virtual Switch 10.6.7.2. Prerequisites and Guidelines 10.6.7.3. Preparation Checklist Page 10.6.7.4. Enabling Virtual Distributed Switch in CloudPlatform 10.6.7.5. Configuring Distributed Virtual Switch in CloudPlatform 10.7. Storage Preparation for vSphere (iSCSI only) 10.7.1. Enable iSCSI initiator for ESXi hosts 10.7.2. Add iSCSI target 10.7.3. Create an iSCSI datastore 10.7.4. Multipathing for vSphere (Optional) 10.8. Add Hosts or Configure Clusters (vSphere) Page Bare Metal Installation 11.1. Bare Metal Host System Requirements 11.2. About Bare Metal Kickstart Installation 11.2.1. Limitations of Kickstart Baremetal Installation 11.3. Provisioning a Bare Metal Host with Kickstart 11.3.1. Download the Software 11.3.2. Set Up IPMI 11.3.3. Enable PXE on the Bare Metal Host 11.3.4. Install the PXE and DHCP Servers 11.3.5. Set Up a File Server Page 11.3.6. Create a Bare Metal Image 11.3.7. Create a Bare Metal Compute Offering 11.3.8. Create a Bare Metal Network Offering 11.3.9. Set Up the Security Group Agent (Optional) Page 11.3.10. (Optional) Set Bare Metal Configuration Parameters 11.3.11. Add a Bare Metal Zone 11.3.12. Add a Bare Metal Cluster 11.3.13. Add a Bare Metal Host 11.3.14. Add the PXE Server and DHCP Server to Your Deployment 11.3.15. Create a Bare Metal Template 11.3.16. Provision a Bare Metal Instance 11.3.17. Test Bare Metal Installation 11.3.18. Example CentOS 6.x Kickstart File Chapter 11. Bare Metal Installation 148 11.3.19. Example Fedora 17 Kickstart File Example Ubuntu 12.04 Kickstart File 149 11.3.20. Example Ubuntu 12.04 Kickstart File Chapter 11. Bare Metal Installation 150 11.4. Using Cisco UCS as Bare Metal Host CloudPlatform 11.4.1. Registering a UCS Manager 11.4.2. Associating a Profile with a UCS Blade 11.4.3. Disassociating a Profile from a UCS Blade Page Installing Oracle VM (OVM) for CloudPlatform 12.1. System Requirements for OVM Hosts 12.2. OVM Installation Overview 12.3. Installing OVM on the Host(s) 12.4. Primary Storage Setup for OVM 12.5. Set Up Host(s) for System VMs Choosing a Deployment Architecture 13.1. Small-Scale Deployment 13.2. Large-Scale Redundant Setup 13.3. Separate Storage Network 13.4. Multi-Node Management Server 13.5. Multi-Site Deployment Page Network Setup 14.1. Basic and Advanced Networking Basic Advanced 14.2. VLAN Allocation Example 14.3. Example Hardware Configuration 14.3.1. Dell 62xx 14.3.2. Cisco 3750 14.4. Layer-2 Switch Example Configurations 14.4.1. Dell 62xx 14.4.2. Cisco 3750 14.5. Hardware Firewall 14.5.1. Generic Firewall Provisions 14.5.2. External Guest Firewall Integration for Juniper SRX Page 14.5.3. External Guest Firewall Integration for Cisco VNMC 14.5.3.1. Using Cisco ASA 1000v Firewall, Cisco Nexus 1000v dvSwitch, and Cisco VNMC in a Deployment 14.5.3.1.1. Guidelines 14.5.3.1.2. Prerequisites 14.5.3.1.3. Using Cisco ASA 1000v Services 14.5.3.2. Adding a VNMC Instance 14.5.3.3. Adding an ASA 1000v Instance 14.5.3.4. Creating a Network Offering Using Cisco ASA 1000v 14.5.3.5. Reusing ASA 1000v Appliance in new Guest Networks 14.6. External Guest Load Balancer Integration (Optional) 14.7. Topology Requirements 14.7.1. Security Requirements 14.7.2. Runtime Internal Communications Requirements 14.7.3. Storage Network Topology Requirements 14.7.4. External Firewall Topology Requirements 14.8. Guest Network Usage Integration for Traffic Sentinel 14.9. Setting Zone VLAN and Running VM Maximums Page Amazon Web Service Interface 15.1. Amazon Web Services EC2 Compatible Interface Limitations: 15.2. System Requirements 15.3. Enabling the AWS API Compatible Interface 15.4. AWS API User Setup Steps (SOAP Only) 15.4.1. AWS API User Registration 15.4.2. AWS API Command-Line Tools Setup 15.5. Supported AWS API Calls Page Page Page Additional Installation Options 16.1. Installing the Usage Server (Optional) 16.1.1. Requirements for Installing the Usage Server 16.1.2. Steps to Install the Usage Server 16.2. SSL (Optional) 16.3. Database Replication (Optional) Page 16.3.1. Failover