Network configuration for HPE OneSphere Connect

Last updated 11 September, 2018

VMware vCenter environment

Before you connect HPE OneSphere with your on-premises VMware vCenter environment using HPE OneSphere Connect, verify that your private cloud environment is configured as follows.

  • A VMware vCenter environment is available to connect to HPE OneSphere.

  • One or more vSphere clusters is located in the vCenter environment.

  • vSphere clusters are configured for Distributed Resource Scheduler (DRS) with the Fully Automated option.

  • vSphere Distributed Switch (vDS)-based networking is configured for the vSphere clusters. Connect the vDS to all hosts in datacenters managed by HPE OneSphere. Create one HPE OneSphere private zone for each datacenter in the vCenter.

    NOTE:

    A vSphere environment configured with vDS is strongly recommended. However, a hybrid vDS and vSphere Standard Switch (vSS) configuration is also supported. In a hybrid configuration, VM networking for VM deployments is configured on vDS. The network segment configuration for the HPE OneSphere Controller and VMkernel services (for example management and vMotion) and other networks can be configured on vDS or vSS.

  • Outbound HTTPS network access is configured in the cluster for communication with the HPE OneSphere management service.

  • NTP lookup (*.centos.pool.ntp.org) and time synchronization are available over the internet connection through the configured proxy server.

For information about creating the initial private cloud provider and running HPE OneSphere Connect, see Connecting to HPE OneSphere for the first time.

HPE OneSphere Connect deployment environment

After you download the HPE OneSphere Connect application from the HPE OneSphere user interface, you can run the Connect application on any machine (also known as a jump server) running a supported Windows or Mac operating system where the following network configuration is available.

For more information, see HPE OneSphere Connect jump server deployment scenarios. For supported operating systems for HPE OneSphere Connect, see the HPE OneSphere Support Matrix.

Jump server requirements

Verify that the machine to which you downloaded the HPE OneSphere Connect application (the jump server) can:

  • Access the Internet (including the HPE OneSphere management service) on the default HTTP (80) and HTTPS (443) ports. Access can be direct or configured through a proxy.

    HPE OneSphere Connect uses the operating system's proxy information to connect the HPE OneSphere Controller to the HPE OneSphere management service.

  • Connect to VMware vCenter and ESXi host URLs in the private datacenter directly or through a virtual private network (VPN), depending on the network topology used.

In addition, Hewlett Packard Enterprise recommends that you launch HPE OneSphere Connect from a jump server that is a vCenter managed Windows VM, and that is on a network or network segment:

  • where the vCenter is located

  • where the HPE OneSphere Controller will be connected

  • configured for full DNS forward and reverse lookup

  • configured with NTP server functionality is reachable over the configured proxy

See Connecting HPE OneSphere for the first time for information about the HPE OneSphere Controller.

Firewall rules, proxy, NTP, and DNS configuration for HPE OneSphere Connect

Prerequisites

The administrator configured networks as described in HPE OneSphere Connect deployment environment.

Procedure
  1. Configure firewall rules to allow outbound HTTP and HTTPS connections from the jump server on which you are running HPE OneSphere Connect to the HPE OneSphere management service domain and subdomains (*.hpeonesphere.com) on the default HTTP (80) and HTTPS (443) ports.
  2. Configure firewall rules to allow communication from HPE OneSphere Connect to the on-premises datacenter.

    The HPE OneSphere Connect application must be able to connect to VMware vCenter HTTPS URLs. You may need to allow all communication on HTTP port 80, and HTTPS port 443 from the machine running HPE OneSphere Connect.

  3. Check the proxy settings on the jump server on which you are running HPE OneSphere Connect.

    HPE OneSphere Connect connects to the VMware vCenter to obtain cluster details.

    Do one of the following:

    • Remove the proxy configuration from the jump server if you can access the internet without a proxy.

    • Exclude the local DNS or the local IP addresses (including the vCenter IP address and ESXi host IP address) in your proxy configuration.

      If you use local IP addresses that are non-routable (that do not go through the proxy), you do not need to change the proxy configuration on the jump server.

  4. Verify that Network Time Protocol (NTP) is configured on the ESXi hosts in the vCenter environment.

    NTP synchronizes the time on the host from an external NTP server. This synchronization enables provider metrics to be correctly calculated, among other benefits.

  5. Verify that NTP lookup and time synchronization are available over the internet connection through the configured proxy server.
  6. Verify that DNS is correctly configured.

    The DNS name provided during initial configuration of HPE OneSphere Connect is used as the FQDN for the HPE OneSphere Controller. This VM is deployed as part of initial setup of connecting a VMware private cloud environment to the HPE OneSphere management service.

    • Ensure that DNS is configured for both forward and reverse lookups.

    • Ensure there is internet connectivity from the jump server to NTP servers, for example 0.centos.pool.ntp.org.

HPE OneSphere Connect jump server deployment scenarios

The HPE OneSphere Connect application connects HPE OneSphere to your private cloud VMware environment. The following are four possible "jump server" scenarios for running HPE OneSphere Connect.

You can run HPE OneSphere Connect:

  • On your notebook computer or PC running in a corporate environment

  • On a virtual machine inside your datacenter

  • On a remote machine (in a remote office) connected to a corporate network through a VPN channel

  • On a multi-homed system with direct connectivity to a lab environment

The following sections describe these deployment scenarios and the requirements for using them.

 NOTE:

If you have issues connecting your environment, see Engaging HPE Pointnext Cloud CoE Support.

Scenario 1: Run HPE OneSphere Connect on your notebook or PC in a corporate network environment

This scenario is useful when the corporate network can:


  • Reach the HPE OneSphere management service over the Internet through a corporate internet proxy.


  • Allow connectivity to a private Datacenter either through an established VPN or L3 Routing.

The notebook computer or PC can connect to the HPE OneSphere management service using a corporate proxy or a Datacenter proxy using an auto-configuration proxy script.

 1 On your notebook or PC in a corporate network environment

  

Scenario 2: Run HPE OneSphere Connect on a virtual machine inside your datacenter

This scenario is useful when:

  • The corporate network is not connected to the Datacenter Management network, therefore infrastructure elements such as vCenter and ESXi hosts cannot connect to the Internet.

  • HPE OneSphere Connect must run on a virtual machine that has connectivity to the Internet and a private Datacenter network.

2a On a virtual machine inside your datacenter

To make this scenario work, deploy a multi-homed virtual machine to host the HPE OneSphere Connect application in the Datacenter. These settings must be configured in vCenter.


  1. Boot or install a Microsoft Windows client or server OS.


  2. Attach the virtual machine to a port group that has connectivity to an External network. (Configuring a proxy and firewall is optional. If a proxy and firewall are already configured, they can remain unchanged from the way the Datacenter is configured.)


  3. Attach the virtual machine to a port group that has connectivity to the Datacenter Management network.


  4. If the networks do not have DHCP configured, configure an IP address for a Windows virtual machine on the External network and the Datacenter Management network. (This step is not necessary if the networks are already backed by a DHCP server.)

A slight variation on this scenario occurs when the Internet can be reached from Datacenter Management network through the use of an Internet Proxy on the Datacenter Management network.

To make this scenario work, deploy a multi-homed virtual machine as described in the steps above. Then, on the virtual machine, set the HTTP and HTTPS proxy to the proxy IP address for the Datacenter Management network.

2b On a virtual machine inside your datacenter, with an Internet Proxy

Scenario 3: Run HPE OneSphere Connect on a remote machine (in a remote office) connected to a corporate network through a VPN channel

This scenario is useful when you are remotely managing a datacenter from a branch office. In this case, connectivity to the datacenter is typically established through an existing corporate VPN channel. The Internet connection can be direct and not necessarily through the VPN tunnel.

Scenario 4: Run HPE OneSphere Connect on a multi-homed system with direct connectivity to a lab environment

This scenario is similar to Scenario 1: On your notebook or PC in a corporate network environment, except that the connection to the private datacenter network is through a direct connection. This is a rare scenario.