- Introduction to WorkXpress
- Building Your Application
- Examples and Best Practices
- Technical Manual
This shows you the differences between two versions of the page.
| Both sides previous revision Previous revision Next revision | Previous revision Next revision Both sides next revision | ||
|
private cloud setup [2017/04/03 13:54] kstennett [Can I limit access by IP address ?] |
private cloud setup [2017/05/12 13:28] aliffick [What will I need?] |
||
|---|---|---|---|
| Line 7: | Line 7: | ||
| * You will need to install, and have a working knowledge of an OVF compliant hypervisor to manage your private cloud infrastructure. We recommend VMware's ESXi product. Installing ESXi is beyond the scope of this document. For details and to download ESXi, please visit their [[https://my.vmware.com/web/vmware/info/slug/datacenter_cloud_infrastructure/vmware_vsphere_hypervisor_esxi/5_5|product]] page. For support, please visit the [[http://communities.vmware.com/community/vmtn/vsphere/esxi|ESXi community]]. | * You will need to install, and have a working knowledge of an OVF compliant hypervisor to manage your private cloud infrastructure. We recommend VMware's ESXi product. Installing ESXi is beyond the scope of this document. For details and to download ESXi, please visit their [[https://my.vmware.com/web/vmware/info/slug/datacenter_cloud_infrastructure/vmware_vsphere_hypervisor_esxi/5_5|product]] page. For support, please visit the [[http://communities.vmware.com/community/vmtn/vsphere/esxi|ESXi community]]. | ||
| * You will need a publically routable IP address from your ISP with TCP ports 80 (www), 443 (Secure www), 22 (for secure administrative access), 36602 (application monitoring), UDP port 10161 (custom snmp port for performance monitoring and graphing functionality), ICMP echo-requests available for incoming traffic, and TCP ports 80 (www), 443 (Secure www), 465 (smtp-ssl), 10008 (application updates), UDP 123 (NTP), and UDP 53 (DNS) available for outgoing traffic. | * You will need a publically routable IP address from your ISP with TCP ports 80 (www), 443 (Secure www), 22 (for secure administrative access), 36602 (application monitoring), UDP port 10161 (custom snmp port for performance monitoring and graphing functionality), ICMP echo-requests available for incoming traffic, and TCP ports 80 (www), 443 (Secure www), 465 (smtp-ssl), 10008 (application updates), UDP 123 (NTP), and UDP 53 (DNS) available for outgoing traffic. | ||
| - | * You will need at least 2 Processors, 6GB of RAM, and 15GB of available storage for your private cloud. | + | * You will need at least 2 Processors (or cores), 6GB of RAM, and 42GB of available storage for your private cloud. 4 CPU cores or more, and 8GB or more of RAM is recommended for more than one installation. |
| * You will need an elementary knowledge of TCP/IP networking in order to properly configure your virtual appliance's network connection. | * You will need an elementary knowledge of TCP/IP networking in order to properly configure your virtual appliance's network connection. | ||
| * You will need a basic understanding of the Domain Name System (DNS). | * You will need a basic understanding of the Domain Name System (DNS). | ||
| Line 22: | Line 22: | ||
| If you still feel that you need to filter at your network edge you can use the follow as guidelines for filtering: | If you still feel that you need to filter at your network edge you can use the follow as guidelines for filtering: | ||
| - | * Inbound access to TCP port 80 (HTTP) and TCP port 443 (HTTPS) is required for access to your application by your users. Those ports are also used by platform to manage your applications. If your application will only be accessed by users internal to your network, you can limit access to those ports to platform. Those requests will be from 69.16.193.85. | + | * Inbound access to TCP port 80 (HTTP) and TCP port 443 (HTTPS) is required for access to your application by your users. Those ports are also used by platform to manage your applications. If your application will only be accessed by users internal to your network, you can limit access to those ports to platform. Those requests will be from 104.196.195.208. |
| - | * Inbound access to TCP port 22 (SSH) is required for administration. Those requests will be from 50.73.31.59 and 54.175.210.196. | + | * Inbound access to TCP port 22 (SSH) is required for administration. Those requests will be from 50.73.31.59, 104.196.106.51, and 54.175.210.196. |
| * Inbound access to UDP port 10161, TCP port 36602 and icmp echo-requests is required for application monitoring. Those requests will be from 54.175.210.196. | * Inbound access to UDP port 10161, TCP port 36602 and icmp echo-requests is required for application monitoring. Those requests will be from 54.175.210.196. | ||
| * Outbound access to TCP port 80 (HTTP) and TCP port 443 (HTTPS) is required for your application to connect to platform and also for any calls to third party APIs that your application may use. It is not practical to filter this access by IP address, due to the nature of using third party APIs. | * Outbound access to TCP port 80 (HTTP) and TCP port 443 (HTTPS) is required for your application to connect to platform and also for any calls to third party APIs that your application may use. It is not practical to filter this access by IP address, due to the nature of using third party APIs. | ||
| * Outbound access to UDP port 53 (DNS) is required to resolve domain names to IP addresses. This can be limited to the IP address of the DNS server that you supply during private cloud setup and 8.8.8.8. This is a DNS server that is configured as a backup. | * Outbound access to UDP port 53 (DNS) is required to resolve domain names to IP addresses. This can be limited to the IP address of the DNS server that you supply during private cloud setup and 8.8.8.8. This is a DNS server that is configured as a backup. | ||
| * Outbound access to TCP port 465 (SMTP over SSL) is required to allow the system to send emails for monitoring. It is not practical to filter this access by IP address. | * Outbound access to TCP port 465 (SMTP over SSL) is required to allow the system to send emails for monitoring. It is not practical to filter this access by IP address. | ||
| - | * Outbound access to TCP port 10008 is required for application updates. This can be limited to 50.73.31.59. | + | * Outbound access to TCP port 10008 is required for application updates. This can be limited to 50.73.31.59 and 104.196.106.51. |
| * Outbound access to UDP port 123 is required so that the cloud server can keep its system time up-to-date. This can be limited to (ALL) 16 IP addresses for time.nist.gov (found at http://tf.nist.gov/tf-cgi/servers.cgi) and the server ntp.ubuntu.com. | * Outbound access to UDP port 123 is required so that the cloud server can keep its system time up-to-date. This can be limited to (ALL) 16 IP addresses for time.nist.gov (found at http://tf.nist.gov/tf-cgi/servers.cgi) and the server ntp.ubuntu.com. | ||
| ===== I'm ready, lets begin! ===== | ===== I'm ready, lets begin! ===== | ||
| Line 75: | Line 75: | ||
| * UDP 53: dns | * UDP 53: dns | ||
| - | Click Next, review your settings, and click Finish to start the import. This process may take quite some time to finish, depending on your internet connection speed, because the image file is just over 1 GB in | + | Click Next, review your settings, and click Finish to start the import. This process may take quite some time to finish, depending on your internet connection speed, because the image file is nearly 3GB in |
| size. Please be patient. After the import process finishes, you're ready to move on to step three. | size. Please be patient. After the import process finishes, you're ready to move on to step three. | ||
