Table of Contents
To prepare an existing vSphere environment so that a RightScale Cloud Appliance for vSphere (RCA-V) can be successfully deployed.
Note: If you do not have access to make the changes outlined below, contact your vSphere network administrator.
Although RightScale does not require admin access to vCenter server, please create a role that contains the minimum set of privileges required by the RightScale platform as described below.
The next step is to create a new user profile that the RightScale platform will use to log in and access the vSphere environment.
Assign the new user (e.g. RS-User) the role that you created in the previous step (e.g. RightScaleRole). It's important to add the user at the vCenter level so that it can have the same permissions throughout the object hierarchy as well as have access to various services. From that point on, you can always restrict the "RightScale" user to a specific cluster, you can go down to that specific cluster and add permission for this user.
Note: Make sure that RS-User has permission to access vSwitches and dvSwitches objects.
The requirements below are specific to deploy the RightScale Cloud Appliance (RCA-V) in the vSphere environment.
Update your firewall permissions accordingly to allow egress connectivity between the RCA-V and RightScale.
Important! There are no inbound connectivity requirements. (RightScale to RCA-V)
RCA-V to RightScale
https://wstunnel10-1.rightscale.com: Secure web socket tunnel between RCA-V and RightScale
https://island10.rightscale.com: RightScale Mirrors which contain required software installation packages (e.g. Ubuntu, rubygem, RCA-V appliance upgrades, etc.) Once the setup is complete, this firewall permission can be removed.
(Optional) Access to DNS servers 22.214.171.124 and 126.96.36.199
(Optional) Access to https://github.com
VMs to RightScale
Each instance launched via the RightScale Dashboard/API must be allowed to make the following egress (outbound) connections to the RightScale platform in order for all instance-level services to be supported.
Note: NTP and DNS can also be provided locally. If true, you do not have to create firewall rules for NTP or DNS.
Each instance launched through RightScale must synchronize with the global time standard (e.g. through NTP or through other means). If the instance clock drifts by more than two minutes, certain operations will start to fail.
Please refer to the firewall rules page here. Also note that only the Egress Rules section applies to vSphere environments.
RCA-V to vCenter Server
RCA-V communicates with vCenter Server over SSL connection. If there is a firewall between RCA-V and the vCenter Server, please setup the rules such that RCA-V is able to make a connection to vCenter Server's IP address on port 443.
You are now ready to install the RightScale Cloud Appliance (RCA-V) in your vSphere environment. The person who is installing the RCA-V can now follow the next section of the installation guide.
Important! Be sure to give the following information to the person who will be installing and configuring the RCA-V.
The "RightScale User" login information (from the Create a Non-Admin User step).
Please proceed to the next step in the setup guide.
© 2006-2014 RightScale, Inc. All rights reserved.
RightScale is a registered trademark of RightScale, Inc. All other products and services may be trademarks or servicemarks of their respective owners.