How to Deploy HyperFlex Edge (When You Can’t Access the Internet)
By Jeff Kamen, Data Center Senior Delivery Engineer, Aspire Technology Partners
The Problem Statement
How does one deploy Hyperflex Edge when you cannot access the Internet?
HyperFlex Edge has quickly become the go-to solution for remote hyperconverged solutions. The ability to deploy a Cisco HyperFlex Edge at remote locations using Intersight makes HyperFlex Edge that much more an attractive solution. However, there may be times when a deployment is required to be cut-off from the outside world – meaning no access to the Internet. For special scenarios like this, Cisco offers a solution – an “air-gapped” deployment via Cisco Intersight Private Appliance which allows for deployment and configuration of a HyperFlex Edge without access to the Cloud.
Your data doesn’t always live in the data center. Often it lives at the edge where your organization’s transactions occur. That’s why Cisco developed Cisco Hyperflex Edge, to provide options for computing and storage at your edge environments in a simple-to-manage, high-performing, hyperconverged infrastructure (HCI) solution. This gives you the ability to deploy infrastructure where you need it most, including your remote and branch offices, retail and manufacturing locations, and other edge locations within your enterprise. But what about scenarios when you need to deploy HyperFlex Edge, but you don’t or can’t have internet access? We’ll look at this in a moment.
First, let’s talk about why HyperFlex Edge has quickly become the go-to solution for most remote hyperconverged solutions. The ability to deploy a HyperFlex Edge at remote locations using Intersight makes HyperFlex Edge an attractive solution. In addition to the flexibility of deployment at edge locations comes faster deployment, OpEx savings CapEx savings as well. For example, Cisco notes that within its own deployment of HyperFlex Edge it had observed the following:
- 4x faster deployment. A 3-node HyperFlex Edge system with VMware ESX takes just two hours to deploy compared to eight hours for three rack servers with third-party storage.
- OpEx savings. There is less time and duplication of effort spent on managing multiple compute and storage systems. A single systems engineer is required to manage the HX deployment. In addition, built-in storage reduces power and cooling costs compared with multiple devices.
- CapEx savings. Cisco determined that compared to three rack servers with third-party storage, its capital expenditures for a comparable 3-node HyperFlex Edge costs approximately 25% less.
These are terrific reasons to deploy HyperFlex Edge. However, there may be times when you have a deployment that you are required to be cut-off from the outside world – meaning no access to the Internet. How does that work? I’m glad you asked! For scenarios when internet access is unavailable, Cisco offers a special solution – an “air-gapped” deployment via Cisco Intersight Private Appliance which allows for deployment and configuration of a HyperFlex Edge without access to the Cloud.
How to Deploy HyperFlex Edge without Internet Access in 10 Steps
Recently a project came about for a customer with this very challenge. This customer – a gas company that absolutely needs to make sure their control networks are secure from would-be attackers – required an infrastructure refresh. Given the remote location of its infrastructure, HyperFlex Edge was the perfect solution.
Aspire needed to be able to deploy this HyperFlex Edge without access to the cloud-based Intersight, which is where the air-gapped Intersight Private Appliance comes into play. The solution included a 3-node HyperFlex Edge cluster, plus a fourth standalone UCS C-Series server, which would live outside of the HX Cluster but run the Intersight Virtual Appliance.
The appliance itself can also be deployed completely cut-off from Internet access. The only requirement is your own personal computer. Here are the steps to take:
- Start by logging into https://software.cisco.com and downloading the appliance itself. In my case, I downloaded the OVA for vSphere.
- Next, log in to intersight.com using your CCID, create a new Intersight account (if necessary) and access the “software downloads” section. Select the “Appliance” tab and choose the version of the appliance you wish to deploy (I chose the most recent).
- After the appliance bundle has downloaded, select the “HyperFlex” tab and choose the version of HyperFlex you wish to deploy (again I chose the most recent).
- Armed with your software downloads, it’s time to connect your computer to the isolated network and deploy the virtual appliance. Several items must be allocated and/or created before deployment:
- IP Address information (unless using DHCP)
- DNS Domain
- DNS Server(s)
- Admin Password (The password can contain 0-9, A-Z, a-z, and all special characters except a colon (:) and space.)
- NTP Servers
- Chose a host name and create an A record in DNS for this hostname, as well as an A record for “dc-. Example – if the appliance hostname is to be “civa”, create an A record for “civa” AND an A record for “dc-civa” on your DNS server using the same IP address.
- Deploy the virtual appliance as you would any other, by stepping through the Wizard.
- When the appliance has finished deploying, turn it on and connect to the appliance’s URL (e.g., http://civa.domain.com ).
- Log in using the username “admin” and the password created during the deployment Wizard. Here you will be prompted to upload the appliance software BIN file. The appliance configuration will continue at this point. Note that this will take some time to complete.
- After completion of the appliance installation, it’s time to license the appliance. Log back into the appliance’s URL and grab the code for licensing. Take this code to your Smart License portal and generate an authorization code, enter this code into the appliance and you’re all set.
- It’s now time to add the HyperFlex bundle downloaded earlier. The bundle is uploaded on the Software Repository section of the appliance.
- From here, you can now deploy the HyperFlex Edge cluster per Cisco’s white paper directions.
As you can see, deploying a HyperFlex Edge in an air-gapped environment is not overly difficult, but there are extra steps needed to do so. Deploying the Cisco Intersight Private Appliance is very straight forward once you understand the steps involved.
Want to Learn More?
Let us help your organization meet the remote security demands of today’s digital workplace. Speak with an Aspire consultant about a HyperFlex Edge solution today.
- Cisco Intersight Virtual Appliance Getting Started Guide: https://www.cisco.com/c/en/us/td/docs/unified_computing/Intersight/b_Cisco_Intersight_Appliance_Getting_Started_Guide/b_Cisco_Intersight_Appliance_Install_and_Upgrade_Guide_chapter_01.html
- Cisco HyperFlex Edge Deployment Guide: https://www.cisco.com/c/en/us/td/docs/hyperconverged_systems/HyperFlex_HX_DataPlatformSoftware/Edge_Deployment_Guide/4-5/b-hx-edge-deployment-guide-4-5/m-installation.html
- Deploy an OVA or OVF Template: https://docs.vmware.com/en/VMware-vSphere/6.7/com.vmware.vsphere.vm_admin.doc/GUID-17BEDA21-43F6-41F4-8FB2-E01D275FE9B4.html
Aspire Technology Partners is a Cisco Gold Certified Partner engrained in solution pillars that set us apart as a true Cisco solutions provider. We are committed to the continuous improvement of expertise and skillsets around Cisco initiatives that enable us to help and guide customers in the adoption and management of technology architectures designed to transform their organization. We hold Cisco Master Specializations in Collaboration, Security, Cloud & Managed Services and is one of only 25 partners in the US to receive the Cisco Advanced Customer Experience Specialization.