Skip to content

Marketplace Provisioning

Instructions for deploying Inuvika OVD in Opencloud

Pre-requisites

Before proceeding, please ensure the following items are available

  1. The URL of the Opencloud API endpoint - i.e. 

    https://opc-us-01.ussignal.cloud/client/api

  2. The Desired Opencloud zone to which this will be deployed - i.e. us-mi-abh-01

  3. The order number for this

  4. The customer's API key and secret key - docs on this are here: 

    https://opc-internal-docs.ussignal.cloud/general/api/

  5. The desired OVD admin password - generate and send to customer, likely with API credentials

  6. Desired OVD network name - must be an existing network in Opencloud with services and at least 5 IPs available.

  7. Desired ESG network name - if it is desired to use the same network for all components, input the same value for the network used for the OVD Network.

    Warning

    Please note that in order for the deployment to succeed, SSH must be allowed to the ESG network from the OVD network, in addition to the standard port requirements, and required outbound traffic.

  8. Desired OVD version - filled in by default, do not change unless required.

  9. SSH Keypair:

    1. Create an SSH keypair using the key generation page: 
      http://abh-cm-mpw01.mdc.ussignal.cloud/inuvika/keys.html
    2. Copy the contents of the public key and enter it into the form
    3. Copy the contents of the private key and copy it to the form
    4. Save these parts in the appropriate 1Pass vault for this deployment, and then close the key generation page.

  10. Ensure that the customer's firewall allows HTTPS traffic outbound to GitHub

  11. Currently this requires a template be accessible to the tenant with the name "Ubuntu Server 22.04 LTS (QCOW2)"

Firewall Rules

A functional Opencloud DaaS deployment requires at least the following traffic to be allowed, (not including port forwards required for external access or specific application servers):

Source Destination Dest. Port Type
ESG Application Servers 3389 TCP/RDP
ESG Session Manager 443 TCP/HTTPS
ESG Session Manager 1111 TCP/HTTP
ESG File Server 1113 TCP/HTTP
ESG Network Ubuntu Apt Sources 443 TCP/HTTPS
OVD Network Github.com 443 TCP/HTTPS
OVD Network ESG 22 SSH
OVD Network Ubuntu Apt Sources 443 TCP/HTTPS
Session Manager ESG 1112 TCP/HTTP

Notes

  • This process takes roughly 15-20 minutes to complete. It will deploy 5 total VMs:
    • (ORDER ID)-gh-runner-01 - deleted upon completion of the deployment
    • (ORDER ID)-ovd-sm-01 - OVD Session Manager
    • (ORDER ID)-ovd-fs-01 - OVD File Server
    • (ORDER ID)-ovd-prv-01 - OVD Provisioning Server
    • (ORDER ID)-ovd-esg-01 - OVD Enterprise Security Gateway 01
  • The OVD admin password is what the customer will use to log in to the admin panel: https://(session manager IP)/ovd/admin
  • They will be able to use the private key provided to SSH into the 5 OVD VMs with the username "ubuntu"
  • Logs are maintained in Github Actions in case there are any issues

Deployment steps

  1. Navigate to the Inuvika deployment page 
    http://abh-cm-mpw01.mdc.ussignal.cloud/inuvika
  2. Enter the requisite details
  3. Click "Deploy Application"
  4. Check the status of the Opencloud tenant and make sure the new VMs are present about 15-20 minutes after deployment has completed.
  5. Provide the private key and OVD admin password to the customer.

Post-Deployment

Following a successful deployment, you will receive an email similar to: 

Subject: ✅ Opencloud DaaS: build succeeded for uss0012345


Order ID: uss0012345
SMID: "GPT6H-YMWH9-MZ59F-BB30R-12345"

The workflow succeeded for order: uss0012345
Run ID: 17473925796
Repository: ussignalcloudeng/inuvika-ovd-dev

Please send an email to subscriptions@inuvika.com and CC Jerry.Fioramonti@ussignal.com, requesting license activation. Ensure that the email contains the following items: 1. Customer Name 2. Note if it is believed this environment will have more than 500 users 3. The session manager ID from the build completion email