Creating instances for a high availability cluster on IBM Power Virtual Server

Before you begin

Review the general requirements, product documentation, support articles, and SAP notes listed in Implementing High Availability for SAP Applications on IBM Power Virtual Server References.

Creating the workspace

A workspace is the environment that acts as a folder for all the Power Virtual Server resources in a specific geographic region. These resources include computing, network, and storage volumes. Resources cannot be moved or shared between different workspaces. Each workspace is tied to a single data center.

Log in into Power Virtual Server in IBM Cloud®.

1. Select Workspaces in the navigation bar and press Create to open the Create workspace menu.
2. Enter the Workspace name and select a Resource group according to the intended assignment of the cluster resources.
3. Select the Region where you want the resources to deploy.
4. Add any User tags and Access management tags according to your policies.
5. Click Create to initiate the workspace.

Creating subnets

The virtual server instance is connected to the network and gets an IP address from the assigned IP range.

It is recommended that you connect the cluster nodes to a private network, not to a public network.

An extra bastion node can access both public and private networks and can be used to tunnel SSH connections to the cluster nodes.

Private subnets are created in the context of the Power Virtual Server workspace. When you connect different networks, you can use GRE Tunneling if a subnet range conflicts with existing classical infrastructure.

You need at least one private subnet in the workspace.

Use the following steps to create a subnet.

1. Go to Subnets in Power Virtual Server.

2. Select the workspace that you created.

3. Click Create subnet and enter the following information for the new subnet.

   • Name for the new subnet.
   • Classless Inter-Domain Routing (CIDR) in form of an address prefix.
   • Number of bits reserved for the netmask separated by a slash.

   By entering a specific IP range, you can restrict the IP address range to a subset of the full CIDR range. Restricting the IP address range prevents IP addresses from being automatically assigned to another virtual server instance during a provisioning request.

4. Click Create subnet.

Reserving virtual IP addresses

A high availability cluster typically needs virtual IP addresses that must move with the application in a failover scenario.

Currently, Power Virtual Server does not support reserving a floating IP address. Follow this procedure to avoid that virtual IP addresses are erroneously used during other virtual server deployments in the same workspace:

• Go to the specific Subnets of your Power Virtual Server workspace, and define a subset of the full CIDR as allowed IP range.
• Select one unused IP address within the CIDR range of the subnet, but outside of the IP range that you previously restricted.
• You need to manage the usage of these addresses on your own. Usage of IBM Cloud® DNS Services might help for administration.

Exploring more network architecture options

If your Power Virtual Server workspace is enabled for Power Edge Router (PER), you already have network communication with parts of the IBM network. The PER solution creates a direct connection to the IBM Cloud MPLS Multi Protocol Label Switching (MPLS) backbone, making it easy for different parts of the IBM network to communicate with each other. For more information, see Getting started with the Power Edge Router.

Otherwise, use an IBM Cloud® connection to connect your Power Virtual Server instances to other IBM Cloud® resources within your account. IBM Cloud® connections are not required to configure a Red Hat High Availability cluster on Power Virtual Server, but might be required for integration scenarios when you use the IBM Cloud® Classic network and Virtual Private Cloud (VPC) infrastructures. For more information, see Managing IBM Cloud® connections.

Use IBM Transit Gateway to connect your Power Virtual Server to IBM Cloud® classic and Virtual Private Cloud (VPC) infrastructures outside your account or region. For more information about integrating the on-premises network and Power Virtual Server, see Network architecture diagrams.

Creating an SSH key

Use the following steps to create one or more root login SSH keys.

First, you need to create a keypair and load the public key to the SSH keys store in Power Virtual Server. For deployment of the virtual server instance, specify one or more keys out of the keystore. These keys are added to the authorized key file of the root user, and allow you to securely log in to the virtual server instance by using your private key.

For more information, see Generating an SSH key.

The recommendation is to use key type Ed25519 because this key type is fast and secure.

1. Log in to SSH keys in Power Virtual Server
2. Select the workspace that you created.
3. Click Create SSH key.
4. Enter a Key name, then copy and paste the Public key that you generated before into the field.
5. Click Add SSH key.

Selecting a boot image

You have different options for obtaining operating system images for your cluster. Use the following steps to select a boot image.

You have access to several types of stock images that are already prepared for Power Virtual Server. Images are sorted into "IBM Provided Subscription" and "Client Provided Subscription" sections on the Power Virtual Server provisioning page. For more information, see Full Linux® subscription for Power Virtual Server instances.

If you want to import a custom Linux image, you need to first upload the image to IBM Cloud® Object Storage in OVA format.

• Deploying a custom image within a Power Virtual Server workspace, which outlines the necessary steps for
• Creating an IBM Cloud® Storage bucket
• Generating secret and access keys

Before you begin, make sure that the OVA image is loaded in the storage bucket.

1. Log in to Boot images in Power Virtual Server.
2. Select the workspace that you created.
3. Click Import image.
4. Enter a Custom image name for the image name in your catalog.
5. Select Storage type either as Tier 1 or Tier 3. A virtual server instance can use volumes from one storage type only, and the custom image need to be prepared for this storage type.
6. Select the Region for your deployment.
7. Enter the file name of the image as Image file name.
8. Enter the Bucket name of your Cloud Object Storage.
9. Enter Cloud Object Storage access key and Cloud Object Storage secret key.
10. Click Import image.

Creating a Service ID and API key in IBM Cloud®

A Service ID in IBM Cloud® identifies a service or an application in a similar way as a user ID identifies a user in IBM Cloud®. The service ID is used by the cluster fencing agent to monitor the status of and control the virtual server instances in the cluster.

1. Log in to IBM Cloud®.
2. In the toolbar, click Manage to expand the drop-down menu, then select Access (IAM).
3. Click Service IDs > Create.
4. Enter Name and Description for the service ID.
5. Click Create.
6. In the Access policies section, click Assign access.
7. As Service, click Workspace for Power Virtual Server > Next.
8. Click Specific Resources > Attribute Type Service Instance > name of the workspace that you created earlier > Next.
9. In Service access, select Manager > Add > Assign.
10. Click API Keys to toggle the screen to manage API keys for the service ID.
11. Click Create.
12. Enter the Name and Description for the key.
13. Click Create.

Copy the API key or download it to save it.

The key is available for 300 seconds. After the 300 seconds, you won't be able to display or retrieve the key.

Creating virtual server instances for the cluster

Complete the following steps to create the virtual server instances that you want to use as high availability cluster nodes.

1. Log in to Workspaces - Power Virtual Server.

2. Select the Workspace that you created.

3. Click View virtual server instances > Create Instance. You need to step through the subsections General, Boot Image, Profile, Storage Volume, Network Interfaces.

4. In subsection General, enter the Instance name and click + to increase the Number of instances to 2.

5. Select Numerical postfix as Instance naming convention, and select Different server as Placement group colocation policy. A placement group with colocation policy Different server is automatically created as part of the virtual server instances deployment.

6. Select the SSH key that you created and click Continue.

7. In Boot image, select the Operating system according to your subscription model.
   Use one of the Linux selections either from the IBM-provided subscription or through your Client-provided subscription.
   Keep Auto-select pool for selecting the Storage Pool.
   Click Continue.

8. In Profile, select Machine type, Core type, and the virtual server instance profile according to your workload requirements. Click Continue.

9. In Storage volumes, click Continue.

   When you deploy multiple instances, the storage volumes that are created are shared by both instances. Certain high availability cluster scenarios require shared volumes. In these cases, create the shared volumes later. For SAP HANA, see Storage configuration for SAP HANA. Those volumes must be created later for the individual server instances after their provisioning completes.

10. In subsection Network Interfaces, it is recommended that the cluster nodes are not accessible directly from a public network, so keep the configuration for Public networks as Off.

11. Click Attach existing to attach the virtual server instances to a subnet.

12. In the Attach an existing network screen, select one of the Existing networks. You can either select Automatically assign IP address from IP range, or Manually specify an IP address from IP range to specify an available IP address.

13. Click Attach.

14. Click Finish, check the I agree to the Terms and Conditions flag, and click Create.

The deployment of the virtual server instances starts.

Preparing remote login for virtual server instances

Set up SSH forwarding on the bastion host, and prepare or test SSH remote login from your workstation by using your private SSH key.

Preparing operating system for SAP installation

If you deployed a virtual server instance from a stock image, you need to perform extra configuration tasks before you can install SAP software. For more information, see Configuring a Power Virtual Server instance.