- Introduction to WorkXpress
- Building Your Application
- Examples and Best Practices
- Technical Manual
This shows you the differences between two versions of the page.
| Both sides previous revision Previous revision Next revision | Previous revision | ||
|
private cloud setup [2017/04/03 13:54] kstennett [Can I limit access by IP address ?] |
private cloud setup [2017/10/30 15:50] (current) aliffick [Step One: Use the WorkXpress Platform to create a new Cloud Server] |
||
|---|---|---|---|
| Line 7: | Line 7: | ||
| * You will need to install, and have a working knowledge of an OVF compliant hypervisor to manage your private cloud infrastructure. We recommend VMware's ESXi product. Installing ESXi is beyond the scope of this document. For details and to download ESXi, please visit their [[https://my.vmware.com/web/vmware/info/slug/datacenter_cloud_infrastructure/vmware_vsphere_hypervisor_esxi/5_5|product]] page. For support, please visit the [[http://communities.vmware.com/community/vmtn/vsphere/esxi|ESXi community]]. | * You will need to install, and have a working knowledge of an OVF compliant hypervisor to manage your private cloud infrastructure. We recommend VMware's ESXi product. Installing ESXi is beyond the scope of this document. For details and to download ESXi, please visit their [[https://my.vmware.com/web/vmware/info/slug/datacenter_cloud_infrastructure/vmware_vsphere_hypervisor_esxi/5_5|product]] page. For support, please visit the [[http://communities.vmware.com/community/vmtn/vsphere/esxi|ESXi community]]. | ||
| * You will need a publically routable IP address from your ISP with TCP ports 80 (www), 443 (Secure www), 22 (for secure administrative access), 36602 (application monitoring), UDP port 10161 (custom snmp port for performance monitoring and graphing functionality), ICMP echo-requests available for incoming traffic, and TCP ports 80 (www), 443 (Secure www), 465 (smtp-ssl), 10008 (application updates), UDP 123 (NTP), and UDP 53 (DNS) available for outgoing traffic. | * You will need a publically routable IP address from your ISP with TCP ports 80 (www), 443 (Secure www), 22 (for secure administrative access), 36602 (application monitoring), UDP port 10161 (custom snmp port for performance monitoring and graphing functionality), ICMP echo-requests available for incoming traffic, and TCP ports 80 (www), 443 (Secure www), 465 (smtp-ssl), 10008 (application updates), UDP 123 (NTP), and UDP 53 (DNS) available for outgoing traffic. | ||
| - | * You will need at least 2 Processors, 6GB of RAM, and 15GB of available storage for your private cloud. | + | * You will need at least 2 Processors (or cores), 6GB of RAM, and 42GB of available storage for your private cloud. 4 CPU cores or more, and 8GB or more of RAM is recommended for more than one installation. |
| * You will need an elementary knowledge of TCP/IP networking in order to properly configure your virtual appliance's network connection. | * You will need an elementary knowledge of TCP/IP networking in order to properly configure your virtual appliance's network connection. | ||
| * You will need a basic understanding of the Domain Name System (DNS). | * You will need a basic understanding of the Domain Name System (DNS). | ||
| Line 22: | Line 22: | ||
| If you still feel that you need to filter at your network edge you can use the follow as guidelines for filtering: | If you still feel that you need to filter at your network edge you can use the follow as guidelines for filtering: | ||
| - | * Inbound access to TCP port 80 (HTTP) and TCP port 443 (HTTPS) is required for access to your application by your users. Those ports are also used by platform to manage your applications. If your application will only be accessed by users internal to your network, you can limit access to those ports to platform. Those requests will be from 69.16.193.85. | + | * Inbound access to TCP port 80 (HTTP) and TCP port 443 (HTTPS) is required for access to your application by your users. Those ports are also used by platform to manage your applications. If your application will only be accessed by users internal to your network, you can limit access to those ports to platform. Those requests will be from 104.196.195.208. |
| - | * Inbound access to TCP port 22 (SSH) is required for administration. Those requests will be from 50.73.31.59 and 54.175.210.196. | + | * Inbound access to TCP port 22 (SSH) is required for administration. Those requests will be from 50.73.31.59, 104.196.106.51, and 54.175.210.196. |
| * Inbound access to UDP port 10161, TCP port 36602 and icmp echo-requests is required for application monitoring. Those requests will be from 54.175.210.196. | * Inbound access to UDP port 10161, TCP port 36602 and icmp echo-requests is required for application monitoring. Those requests will be from 54.175.210.196. | ||
| * Outbound access to TCP port 80 (HTTP) and TCP port 443 (HTTPS) is required for your application to connect to platform and also for any calls to third party APIs that your application may use. It is not practical to filter this access by IP address, due to the nature of using third party APIs. | * Outbound access to TCP port 80 (HTTP) and TCP port 443 (HTTPS) is required for your application to connect to platform and also for any calls to third party APIs that your application may use. It is not practical to filter this access by IP address, due to the nature of using third party APIs. | ||
| * Outbound access to UDP port 53 (DNS) is required to resolve domain names to IP addresses. This can be limited to the IP address of the DNS server that you supply during private cloud setup and 8.8.8.8. This is a DNS server that is configured as a backup. | * Outbound access to UDP port 53 (DNS) is required to resolve domain names to IP addresses. This can be limited to the IP address of the DNS server that you supply during private cloud setup and 8.8.8.8. This is a DNS server that is configured as a backup. | ||
| * Outbound access to TCP port 465 (SMTP over SSL) is required to allow the system to send emails for monitoring. It is not practical to filter this access by IP address. | * Outbound access to TCP port 465 (SMTP over SSL) is required to allow the system to send emails for monitoring. It is not practical to filter this access by IP address. | ||
| - | * Outbound access to TCP port 10008 is required for application updates. This can be limited to 50.73.31.59. | + | * Outbound access to TCP port 10008 is required for application updates. This can be limited to 50.73.31.59 and 104.196.106.51. |
| * Outbound access to UDP port 123 is required so that the cloud server can keep its system time up-to-date. This can be limited to (ALL) 16 IP addresses for time.nist.gov (found at http://tf.nist.gov/tf-cgi/servers.cgi) and the server ntp.ubuntu.com. | * Outbound access to UDP port 123 is required so that the cloud server can keep its system time up-to-date. This can be limited to (ALL) 16 IP addresses for time.nist.gov (found at http://tf.nist.gov/tf-cgi/servers.cgi) and the server ntp.ubuntu.com. | ||
| ===== I'm ready, lets begin! ===== | ===== I'm ready, lets begin! ===== | ||
| Line 34: | Line 34: | ||
| ==== Step One: Use the WorkXpress Platform to create a new Cloud Server ==== | ==== Step One: Use the WorkXpress Platform to create a new Cloud Server ==== | ||
| - | Log in to the [[https://platform.workxpress.com|WorkXpress Platform]]. Once logged in, click the "Clouds" tab to see a list of Clouds you own, and clouds you're hosting applications on. Next, click the orange "Create a New Cloud" button in the top right corner of the list of clouds. | + | Log in to the [[https://platform.workxpress.com|WorkXpress Platform]]. Once logged in, scroll down to the “Clouds” list, this displays the clouds you own, and clouds you're hosting applications on. Next, click the grey “Add Cloud” button in the top right corner of the list of clouds. |
| - | {{ ::privatecloud:cloud_setup_1.png?nolink |}} | + | {{ ::privatecloud:create_cloud.png?nolink |}} |
| - | Fill in the Cloud Server Name, and the fields for what email addresses to use for warning and critical notifications as well as sales and support email addresses for your company. When you're finished, click "Create Cloud". The screen will reload to show you the synchronization code that will allow your virtual appliance to host WorkXpress applications. | ||
| - | {{ ::privatecloud:cloud_setup_2.png?nolink |}} | + | Fill in the Cloud Server Name, and the fields for what email addresses to use for warning and critical notifications as well as sales and support email addresses for your company. When you're finished, scroll to the bottom of the popup. Take not of the the “synchronization code” that will allow your virtual appliance to host WorkXpress applications. |
| + | |||
| + | {{ ::privatecloud:sync_code.png?nolink |}} | ||
| //Note: Please record this code because you will require it to complete the installation procedure.// | //Note: Please record this code because you will require it to complete the installation procedure.// | ||
| - | Close this window and continue to step two. | + | Click the blue “Add Cloud” button and continue to step two. |
| ==== Step Two: Obtain and install the WorkXpress OVF virtual appliance in your infrastructure ==== | ==== Step Two: Obtain and install the WorkXpress OVF virtual appliance in your infrastructure ==== | ||
| Line 75: | Line 76: | ||
| * UDP 53: dns | * UDP 53: dns | ||
| - | Click Next, review your settings, and click Finish to start the import. This process may take quite some time to finish, depending on your internet connection speed, because the image file is just over 1 GB in | + | Click Next, review your settings, and click Finish to start the import. This process may take quite some time to finish, depending on your internet connection speed, because the image file is nearly 3GB in |
| size. Please be patient. After the import process finishes, you're ready to move on to step three. | size. Please be patient. After the import process finishes, you're ready to move on to step three. | ||
