For NetScaler SDX appliance, SSH to the XenServer IP address (this is not the Service VM IP).ipmitool from the NetScaler SDX XenServer command line.Crossover Ethernet cable from a laptop with an IP address in the 192.168.1.0 network.There are two ways to set the IP address of the Lights Out Module (LOM): If VPX NSIP is on a different subnet than SVM, then ensure that routing/firewall allows this connection. SVM to NSIP – SVM must be able to communicate with every VPX NSIP.The VPX administrator is only allowed to add VLANs that are in this list. On SVM, when creating the VPX instance, you can specify a list of allowed VLANs.VLAN tagging is handled by the VPX, not XenServer. Once the VPX is created, log into it, and create VLAN objects in the normal fashion.Connect the VPX to one or more LA/x interfaces (port channels).If you want the VPX NSIP to be on the same subnet as SVM and XenServer, then connect the VPX to 0/1.VPX networking – When VPXs are created, you specify which physical ports to connect it to.Use the Service VM to create channels, and then connect the VPXs to the channels. Port channels are configured at XenServer, and not from inside the VPXs. Data ports – The remaining interfaces can be aggregated into port channels.Once you’re on XenServer, you can use Xen commands to see the SVM console, and/or VPX consoles. This port gives you out-of-band console access to XenServer. LOM port – Every SDX has a Lights Out Management ( LOM) port. SVM and XenServer cannot use any of the data ports for management. You need a minimum of two IPs on a management network connected to the 0/1 port. The SVM and XenServer management IP are on this NIC. Management port – Every SDX has a 0/1 port.The VPXs on SDX can utilize this hardware security resource. Some SDXs have Hardware Security Modules (HSM) for FIPS compliance.The SDX NICs can filter VLANs to different instances, thus ensuring that VPX instances cannot cross security boundaries by adding the wrong VLANs.This enables full 40 Gbps throughput to a single VM. VPX on SDX gets SR-IOV access to the Network interfaces.SSL Chips provide significantly higher SSL throughput than normal hypervisors. These SSL ASICs are not available on normal hypervisors. VPX on SDX gets physical access to SSL chips.Why NetScaler VPX on top of SDX instead of normal hypervisors? To achieve HA, you create NetScaler VPX instances on two separate SDXs, and pair the VPX instances in the normal fashion. In other words, every SDX is completely standalone. High Availability – NetScaler SDX does not have any High Availability capability at the XenServer or SVM layer. If it says VPX, then you are logged into an instance. If the top left of the window says SDX, then you are logged into the Management Service (aka Service VM, aka SVM). Once the VPX is provisioned, you connect to the NSIP, and configure it like a normal NetScaler.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |