Overview of Power Virtual Server with VPC landing zone deployable architectures
Provisioning Power Virtual Server with VPC landing zone by using deployable architectures provides an automated deployment method to create an isolated Power Virtual Server workspace and connect it with IBM Cloud services and public internet. Network management components like DNS, NTP, proxy servers and NFS as a Service might be installed. Additionally, IBM Cloud Monitoring and IBM Cloud Security and Compliance Center Workload Protection can be selected as optional features. Comparing the provisioning through the projects UI, user interaction is minimized and ready-to-go deployment time of a Power Virtual Server workspace is reduced from days to less than 1 hour.
Automated Power Virtual Server with VPC landing zone provisioning that is described in this guide is based on IBM Cloud catalog deployable architectures. In this documentation, we describe only specifics that are related to Power Virtual Server with VPC landing zone deployable architecture.
In the following sections, the deployable architecture variants are described.
1. Standard Landscape variation
This deployable architecture variation deploys these resources:
| Resource Type | Optional | Description |
|---|---|---|
| Workspace for Power Virtual Server | Workspace for Power Virtual Server with 2 subnets and an SSH key | |
| Custom Images | Yes | Imports up to three custom images from Cloud Object Storage into Workspace for Power Virtual Server |
| Resource Type | Optional | Description |
|---|---|---|
| VPC | Edge VPC: ACL, SGs, SSH Key and 4 Subnets | |
| Intel VSI | Jump box with 2 cores, 4GB memory running RHEL 9.6 with floating IP attached | |
| Intel VSI | Network Services running RHEL 9.6 configured as squid proxy, NTP and DNS servers(using Ansible Galaxy collection roles IBM Power Linux for SAP). Also configured as central ansible execution node. Default size is 2 cores and 4 GB memory. Can be customized. | |
| File storage share, Network load balancer |
Yes | NFS as a Service Network Load Balancer is deployed along with File storage share to access the share IP from Power Virtual Server |
| Virtual Private Endpoint Gateway | A Virtual Private Endpoint Gateway to reach the Cloud Object Storage bucket | |
| Flow Logs for VPC | Flow Logs for VPC enables the collection, storage, and presentation of information about the Internet Protocol (IP) traffic going to and from network interfaces within your VPC | |
| Client to site VPN Server, Secrets Manager |
Yes | Client to site VPN Server provides client-to-site connectivity, which allows remote devices to securely connect to the VPC network using an OpenVPN software client. Secrets Manager Instance is deployed along with VPN to store the VPN Certificate |
| Resource Type | Optional | Description |
|---|---|---|
| Key Protect | Key Protect provides key management by integrating the IBM Key Protect for IBM Cloud service. These key management services help you create, manage, and use encryption keys to protect your sensitive data | |
| Transit Gateway | Global or local Transit Gateway to interconnect VPC and Power Virtual Server workspace | |
| Cloud Object Storage | Cloud Object Storage instance, buckets and credentials are created | |
| IBM Cloud Monitoring | Yes | Monitoring collects metrics to provide a web UI to monitor the performance and overall system health of the deployment. Interconnects with IBM Cloud Security and Compliance Center Workload Protection if used. |
| IBM Cloud Security and Compliance Center Workload Protection | Yes | Workload Protection can be used to find and prioritize software vulnerabilities, detect and respond to threats, manage configurations, permissions, and compliance from source to run. Interconnects with Monitoring if used. |
2. Quickstart variation
This deployable architecture variation deploys these resources:
| Resource Type | Optional | Description |
|---|---|---|
| Workspace for Power Virtual Server | Workspace for Power Virtual Server with 2 subnets and an SSH key | |
| Power Virtual Server Instance | A Power Virtual Server instance of chosen T-shirt size or a custom t-shirt size. Refer to the table below. |
| Resource Type | Optional | Description |
|---|---|---|
| VPC | Edge VPC: ACL, SGs, SSH Key and 4 Subnets | |
| Intel VSI | Jump box running RHEL 9.6 with floating IP attached | |
| Intel VSI | Network Services running RHEL 9.6 configured as squid proxy, NTP and DNS servers(using Ansible Galaxy collection roles IBM Power Linux for SAP). Also configured as central ansible execution node | |
| File storage share, Network load balancer |
Yes | NFS as a Service Network Load Balancer is deployed along with File storage share to access the share IP from Power Virtual Server |
| Virtual Private Endpoint Gateway | A Virtual Private Endpoint Gateway to reach the Cloud Object Storage bucket | |
| Flow Logs for VPC | Flow Logs for VPC enables the collection, storage, and presentation of information about the Internet Protocol (IP) traffic going to and from network interfaces within your VPC | |
| Client to site VPN Server, Secrets Manager |
Yes | Client to site VPN Server provides client-to-site connectivity, which allows remote devices to securely connect to the VPC network using an OpenVPN software client. Secrets Manager Instance is deployed along with VPN to store the VPN Certificate |
| Resource Type | Optional | Description |
|---|---|---|
| Key Protect | Key Protect provides key management by integrating the IBM Key Protect for IBM Cloud service. These key management services help you create, manage, and use encryption keys to protect your sensitive data | |
| Transit Gateway | Global or local Transit Gateway to interconnect VPC and Power Virtual Server workspace | |
| Cloud Object Storage | Cloud Object Storage instance, buckets and credentials are created | |
| IBM Cloud Monitoring | Yes | Monitoring collects metrics to provide a web UI to monitor the performance and overall system health of the deployment. Interconnects with IBM Cloud Security and Compliance Center Workload Protection if used. |
| IBM Cloud Security and Compliance Center Workload Protection | Yes | Workload Protection can be used to find and prioritize software vulnerabilities, detect and respond to threats, manage configurations, permissions, and compliance from source to run. Interconnects with Monitoring if used. |
You can run AIX, IBM i, and Linux images on your virtual server instances. Select the required T-shirt size and a virtual server instance with chosen T-shirt size or custom configuration is deployed. The T-shirt sizes and the configuration parameters mapping are shown in the following table:
| XS | S | M | L | |
|---|---|---|---|---|
| Cores | 1 | 4 | 8 | 15 |
| Memory | 32 | 128 | 256 | 512 |
| Boot Storage Tier-3 (GB) | 30 | 30 | 30 | 30 |
| Data Storage Tier-3 (GB) | 100 | 500 | 1000 | 2000 |
| XS | S | M | L | |
|---|---|---|---|---|
| Cores | 0.25 | 1 | 2 | 4 |
| Memory | 8 | 32 | 64 | 132 |
| Data Storage Tier-3 (GB) | 100 | 500 | 1000 | 2000 |
| US1 Test/Dev |
|
|---|---|
| Cores | 4 |
| Memory | 256 |
| Data Storage Tier-3 (GB) | 750 |
3. Quickstart OpenShift variation
The 'OpenShift Power Virtual Server with VPC landing zone' variation creates a landing zone similar to that in the Standard Landscape variation and leverages its features to create an OpenShift cluster on Power Virtual Server.
This deployable architecture variation deploys these resources:
| Resource Type | Optional | Description |
|---|---|---|
| Workspace for Power Virtual Server | Workspace for Power Virtual Server with a DHCP subnet and an SSH key | |
| Power Virtual Server Instances | 1 or 3 Power Virtual Server instances as OpenShift master nodes 2 or more Power Virtual Server instances as OpenShift worker nodes Custom profile (cores, memory, machine type, core type) |
| Resource Type | Optional | Description |
|---|---|---|
| VPC | Edge VPC: ACL, SGs, SSH Key and 4 Subnets | |
| Intel VSI | Jump box with 2 cores, 4GB memory running RHEL 9.6 with floating IP attached | |
| Intel VSI | Network Services running RHEL 9.6 configured as squid proxy (using Ansible Galaxy collection roles IBM Power Linux for SAP) and configured as central ansible execution node. Default size is 2 cores and 4 GB memory. Can be customized. | |
| Flow Logs for VPC | Flow Logs for VPC enables the collection, storage, and presentation of information about the Internet Protocol (IP) traffic going to and from network interfaces within your VPC | |
| Client to site VPN Server, Secrets Manager |
Yes | Client to site VPN Server provides client-to-site connectivity, which allows remote devices to securely connect to the VPC network using an OpenVPN software client. Secrets Manager Instance is deployed along with VPN to store the VPN Certificate |
| Three Application Load Balancers | One for internal OpenShift API, public OpenShift API, and OpenShift applications |
| Resource Type | Optional | Description |
|---|---|---|
| Key Protect | Key Protect provides key management by integrating the IBM Key Protect for IBM Cloud service. These key management services help you create, manage, and use encryption keys to protect your sensitive data | |
| Transit Gateway | Global or local Transit Gateway to interconnect VPC and Power Virtual Server workspace | |
| Cloud Object Storage | Cloud Object Storage instance, buckets and credentials are created | |
| IBM Cloud Monitoring | Yes | Monitoring collects metrics to provide a web UI to monitor the performance and overall system health of the deployment. Interconnects with IBM Cloud Security and Compliance Center Workload Protection if used. |
| IBM Cloud Security and Compliance Center Workload Protection | Yes | Workload Protection can be used to find and prioritize software vulnerabilities, detect and respond to threats, manage configurations, permissions, and compliance from source to run. Interconnects with Monitoring if used. |
| IBM Cloud DNS Services | A DNS service instance is created for internal resolution of the cluster domain. |
Other Power Virtual Server related deployable architectures
In addition to the Power Virtual Server with VPC landing zone other deployable architectures and terraform based solutions might be deployed.