Select nodes to deploy UIS-Sec

UIS-Sec can be deployed as VMs to a native site on the UIS cloud platform. Before deploying UIS-Sec, contact with the sales agent to obtain the component package for the UIS-Sec functionality.

You can deploy multiple UIS-Sec gateway VMs and use the gateway VMs in a cluster or in multiple clusters to achieve redundancy.

Restrictions and guidelines

• You can select only one or two hosts for UIS-Sec gateway VM deployment at a time. If you select two hosts, the system considers the hosts as a cluster.

• To enable DPDK, make sure the host provides a minimum of one idle Ethernet port that supports DPDK. You must also configure DPDK settings. For more information about DPDK settings, see "Create a vSwitch."

Procedure

1. On the top navigation bar, click Cloud Services.

2. From the left navigation pane, select Deployment Guides > UIS-Sec page.

3. Click Deploy UIS-Sec in the Step 3 tile.

4. Click the  icon for the target native site to access the Web interface of the standard-edition UIS.

5. On the top navigation bar, click System.

6. From the left navigation pane, select Component Management > Component Repository.

7. Click Upload, and then upload the UIS-Sec gateway component package.

Figure-1 Uploading a component package

 

8. From the left navigation pane, select Component Management > Components.

Figure-2 Components page

 

9. On the UIS-Sec Gateway Component tab, Click Deploy.

10. Select uis_net_gw as the component type, select the component package, and select whether to enable DPDK from the Advanced Features list.

Figure-3 Deploying the UIS-Sec gateway component

 

11. Click Next.

12. Select the target hosts. You can select one or two hosts. If you select two hosts, the system considers the two hosts as a cluster.

Figure-4 Selecting the target hosts

 

13. Click Next.

14. Configure the management cluster VIP and management network IP settings. For more information about the parameters, see "Parameters."

15. Click Finish.

After a successfully deployment, you can view the deployed UIS-Sec gateway component on the Component Management > Components page.

Parameters

• Component Type: Select uis_net_gw as the component type to deployment UIS-Sec gateway component VMs. The VMs act as network nodes for the UIS standard edition or UIS Cloud to provide routers, LB services, firewalls, and public IP addresses for tenants.

• Component Package: Select a component package you have uploaded.

• Advanced Features: Configure advanced features as needed. For example, disable DPDK if you use a DPDK-disabled vSwitch.

• VRRP_ID: Enter a VRRP ID for master election among the component VMs. You can leave this field empty for the system to automatically assign a VRRP ID.

• Host Selection: Select one host for standalone deployment or two hosts for cluster deployment. You can deploy a maximum of two component VMs in one deployment task.

• Component VM Cluster VIP: Specify the virtual IP address of the component VM cluster, which is used for communicating with UIS-Sec management component VMs or a UIS Cloud cluster. The virtual IP address must reside on the same network as the IP addresses of UIS-Sec management component VMs or the virtual IP address of the UIS Cloud cluster.

• Component VM Cluster VIP Mask: Specify a subnet mask for the component VM cluster's virtual IP address. The subnet mask must be the same as that for the IP addresses of UIS-Sec management component VMs or the virtual IP address of the UIS Cloud cluster.

• Management Cluster VIP: Specify the IP addresses of UIS-Sec management component VMs or the virtual IP address of the UIS Cloud cluster.

• Management Network IP: Specify a management network IP address for each UIS-Sec gateway component VM.

• Management Network Gateway: Specify a gateway address for the management network where UIS-Sec gateway component VMs reside.

• System Storage Pool: Select a storage pool to accommodate the image of the component VM. As a best practice, select a shared storage pool. If you leave this field empty, the system automatically selects an optimal storage pool. If you select a local storage pool, the VM does not have HA capabilities. When you deploy a cluster, select the same storage pool with enough space for all hosts. If you leave this field empty, the system might distribute the VMs to multiple storage pools.

• Service Network vSwitch: Select vSwitch vs_gateway. The system uses this vSwitch by default. If this vSwitch does not exist, create a vSwitch named vs_gateway and use it for component VM deployment as a best practice.

• Management Network Port Profile: Select a port profile for the management network. In the current software version, only VLAN configuration takes effect. For successful deployment, make sure vswitch0, the management networks of UIS Cloud and the UIS-Sec management component, and the management network of the UIS-Sec gateway component have the same VLAN ID.