1. IBM Enterprise Cloud

IBM Enterprise Cloud

IBM brings the power of the cloud to the enterprise with solutions built to integrate seamlessly into your existing IT infrastructure, compatible with your existing applications, and conforming to your policies and compliance needs; helping you move faster, respond quicker, and accelerate innovation. IBM Enterprise Cloud gives you precise, dynamic allocation of computing resources with the scale, performance and security to handle enterprise-wide applications. Large organizations, IT executives and multi-site teams will appreciate the robust solution for its multi-user capacity, dedicated resource pool architecture and role-based security model as well as private network connectivity and physical device integration.

We offer you services and solutions in every part of the cloud services continuum enabling you to adopt the cloud that is right for your business and your needs, right now. Our portfolio of highly secure, scalable, and on-demand solutions include from private cloud deployments and traditional IT managed services as well as public cloud services for enterprises that deliver flexibility and choice.

Enterprise Cloud combines the power and flexibility of infrastructure-as-a-service with the expertise, security and availability that large organizations with mission-critical computing needs demand of their infrastructure.

Enterprise Cloud offers customers two ways of controlling their cloud resources.

With resource-based compute pools, Enterprise Cloud gives customers a discrete, dedicated pool of compute resources (CPU, memory, and storage) where you create and manage your own virtual servers.

Because resource-based compute pools are based on resources, not large and inflexible server units, the Enterprise Cloud allows for precise and dynamic allocation of computing resources when and where they're needed.

With instance-based compute pools, an organization obtains additional compute capacity in Enterprise Cloud without a long term commitment for resources. Virtual server instances receive dedicated storage resources when created and dedicated processor and memory resources when running. They exist in a compute pool separate from any resource-based compute pools the organization may have. In instance-based compute pools, you still have complete control over the compute resources allocated to each virtual server.

Organizations incur processor and memory charges only when an instance-based virtual server is powered on. Organizations incur storage charges when an instance-based virtual machine is created.

Regardless of your choice, you control load balancers and firewall resources allocated to your environment without requiring specialized knowledge or assistance. All of this through an easy-to-use Web console, Infinicenter Console. And your resources are based on IBM's proven Infinistructure utility computing platform, massive and diverse network connectivity, and top-tier data centers. Enterprise Cloud has the scale, performance and security to meet all your enterprise needs.

1.1. Release Notes


1.1.1. Update 2017-10-28

Enterprise Cloud
Update 2017-10-28 Release Notes

Verizon is pleased to announce Update 2017-10-28 of the Enterprise Cloud on 28 October 2017.

Disaster Recovery

Disaster Recovery provides Enterprise Cloud customers with a disk-based Disaster Recovery solution that uses underlying cloud infrastructure to replicate customer environments to a secondary location. Employing a disk-only topology reduces the management complexity involved in an application-based replication solution and increases the efficiency of data transfer between the production and disaster recovery locations.

Storage volumes in single-tenant implementations of Enterprise Cloud are, by design, all dedicated to that tenant. Storage volumes in multi-tenant implementations of Enterprise Cloud are, by design, shared between all tenants.

Infinicenter Console

  • You can failback your disaster recovery environment networking to your primary environment.
  • Note: You cannot initiate failback from Infinicenter Console, you must contact Global Support Services and request failback.

1.1.2. Update 2017-10-07

Enterprise Cloud
Update 2017-12-09 Release Notes

IBM is pleased to announce Update 2017-12-09 of the Enterprise Cloud on 7 October 2017.

Disaster Recovery

Disaster Recovery provides Enterprise Cloud customers with a disk-based Disaster Recovery solution that uses underlying cloud infrastructure to replicate customer environments to a secondary location. Employing a disk-only topology reduces the management complexity involved in an application-based replication solution and increases the efficiency of data transfer between the production and disaster recovery locations.

Storage volumes in single-tenant implementations of Enterprise Cloud are, by design, all dedicated to that tenant. Storage volumes in multi-tenant implementations of Enterprise Cloud are, by design, shared between all tenants.

Enterprise Cloud API

  • In multi-tenant organizations, you can abort a mirror transfer of a customer dedicated volume in progress.
1.1.3. Update 2017-07-31

Enterprise Cloud
Update 2017-07-31 Release Notes

Verizon is pleased to announce Update 2017-07-31 of the Enterprise Cloud on 31 July 2017.

Verizon releases a new software framework to enable and support future product offerings.

1.1.4. Update 2017-06-17

Enterprise Cloud
Update 2017-06-17 Release Notes

Verizon is pleased to announce Update 2017-06-17 of the Enterprise Cloud on 17 June 2017.

VPN Users

VPN users represent a category of user that is capable only of using the SSL VPN to connect to their Enterprise Cloud networks. They are not permitted to use Infinicenter Console for management.

Enterprise Cloud API

  • You can retrieve all VPN users visible to an organization or retrieve a specified VPN user visible to an organization.
  • You can create or remove a VPN user from an organization.
  • You can reset the password of a VPN users in an organization.
1.1.5. Update 2017-05-20

Enterprise Cloud
Update 2017-05-20 Release Notes

Verizon is pleased to announce Update 2017-05-20 of the Enterprise Cloud on 20 May 2017.

Verizon releases a new software framework to enable and support future product offerings.

1.1.6. Update 2017-04-24

Enterprise Cloud
Update 2017-04-24 Release Notes

Verizon is pleased to announce Update 2017-04-24 of the Enterprise Cloud on 24 April 2017.

Verizon releases a new software framework to enable and support future product offerings.

1.1.7. Update 2017-03-18

Enterprise Cloud
Update 2017-03-18 Release Notes

Verizon is pleased to announce Update 2017-03-18 of the Enterprise Cloud on 18 March 2017.

Verizon releases a new software framework to enable and support future product offerings.

1.1.8. Update 2017-02-18

Enterprise Cloud
Update 2017-02-18 Release Notes

Verizon is pleased to announce Update 2017-02-18 of the Enterprise Cloud on 18 February 2017.

Disaster Recovery

Disaster Recovery provides Enterprise Cloud customers with a disk-based Disaster Recovery solution that uses underlying cloud infrastructure to replicate customer environments to a secondary location. Employing a disk-only topology reduces the management complexity involved in an application-based replication solution and increases the efficiency of data transfer between the production and disaster recovery locations.

Storage volumes in single-tenant implementations of Enterprise Cloud are, by design, all dedicated to that tenant. Storage volumes in multi-tenant implementations of Enterprise Cloud are, by design, shared between all tenants.

Infinicenter Console

  • When DR is activated or if the transfer is in-progress, click Abort to stop the progress.
  • If you are using multi- tenant DR, you can choose to skip updating mirrors when DR is activated.
  • You can make deactivation continue without completing its resynchronization.
1.1.9. Update 2017-01-21

Enterprise Cloud
Update 2017-01-21 Release Notes

Verizon is pleased to announce Update 2017-01-21 of the Enterprise Cloud on 21 January 2017.

Verizon releases a new software framework to enable and support future product offerings.

1.1.10. Update 2016-12-17

Enterprise Cloud
Update 2016-12-17 Release Notes

Verizon is pleased to announce Update 2016-12-17 of the Enterprise Cloud on 17 December 2016.

Eliminate NPAPI dependencies

Most browsers no longer support or have announced end of support for the Netscape Plug-in Application Programming Interface (NPAPI). NPAPI was required to run console connect and to run the Java Virtual Machine (JVM). JVM was required to initiate VPN connect and to upload the OVF and VMDK files to VM catalog. NPAPI dependencies are eliminated.

The Web console connect application that has no NPAPI dependencies does not provide the ability to mount an ISO image on the virtual machine of the console to which one is connected. Therefore, you can upload ISO image files to catalog and mount those images to virtual machines.

Note: Support for ISO images is a phased implementation. All tabs and buttons related to ISO images are hidden until the feature is available.

Infinicenter Console

  • Access to the mount and unmount of ISO images is made available based on organization. If unavailable, contact your service delivery manager.

Enterprise Cloud API

  • You can upload an ISO image file from your local machine to Catalog.
  • Access to the mount and unmount of ISO image calls is made available by account. If unavailable, contact your service delivery manager.

Cluster generation

The clusters of hardware on which Resource Groups run can have different generations of hardware with different capacities.

Infinicenter Console

  • You can select cluster generation while performing copy identical and copy customized virtual machines.

Enterprise Cloud API

  • You can get templates, operating system families, and operating systems by cluster generation.
  • You can request a pricing matrix based on cluster generation.
  • You can select cluster generation while creating a either by copy identical or copy customized.
1.1.11. Update 2016-11-19

Enterprise Cloud
Update 2016-11-19 Release Notes

Verizon is pleased to announce Update 2016-11-19 of the Enterprise Cloud on 19 November 2016.

Eliminate NPAPI dependencies

Most browsers no longer support or have announced end of support for the Netscape Plug-in Application Programming Interface (NPAPI). NPAPI was required to run console connect and to run the Java Virtual Machine (JVM). JVM was required to initiate VPN connect and to upload the OVF and VMDK files to VM catalog. NPAPI dependencies are eliminated.

The Web console connect application that has no NPAPI dependencies does not provide the ability to mount an ISO image on the virtual machine of the console to which one is connected. Therefore, you can upload ISO image files to catalog and mount those images to virtual machines.

Note: Support for ISO images is a phased implementation. All tabs and buttons related to ISO images are hidden until the feature is available.

Infinicenter Console

    Note: This feature is in controlled release. Contact your service delivery manager for availability.

  • You can select the ISO image to be mounted on a virtual machine. Upload the ISO image to catalog at My Account > Catalog > ISO Images > Upload ISO Image.
  • You can select the ISO image to be unmounted from a virtual machine.

RDP protocol for Internet services

Internet services permit one or more servers to share the load for a service running on a combination of protocol and port. These protocols are available for Internet services, their assigned node services, and backup Internet services. When configured, firewall rules supporting the new protocols may be viewed.

Note: This feature is in controlled release. Contact your service delivery manager for availability.

Infinicenter Console

  • You can create an Internet service, backup Internet service, and node service with a protocol of Remote Desktop Protocol (RDP), the port must be 3389.

Disaster recovery

Disaster Recovery (DR) provides Enterprise Cloud customers with a disk-based Disaster Recovery solution that uses underlying cloud infrastructure to replicate customer environments to a secondary location. Employing a disk-only topology reduces the management complexity involved in an application-based replication solution and increases the efficiency of data transfer between the production and disaster recovery locations.

Storage volumes in single-tenant implementations of Enterprise Cloud are, by design, all dedicated to that tenant. Storage volumes in multi-tenant implementations of Enterprise Cloud are, by design, shared between all tenants.

Infinicenter Console

  • In the public IP address mapping list, you can view the unmapped public IP addresses.

Resource alerts

Organizations can monitor certain events within the environment and, when thresholds are crossed, have an email alert sent to a list of email addresses. For resources, the events are system-defined and thresholds are user defined. Resource events are: high processor or memory usage, and processor or memory bursting. The email list is user-defined. When an alert occurs, a threshold is crossed, users subscribed to that rule are notified by email of the condition.

Infinicenter console

  • You can edit resource alerts for an Organization. My Accounts > Settings > Organization Settings > Resource Alerts > Edit. (REC-7484)
  • You can view the summary of resource alerts for an Organization. My Accounts > Settings > Organization Settings > Resource Alerts > Edit. (REC-7642)
1.1.12. Update 2016-10-22

Enterprise Cloud
Update 2016-10-22 Release Notes

Verizon is pleased to announce Update 2016-10-22 of the Enterprise Cloud on 22 October 2016.

Eliminate NPAPI dependencies

Most browsers no longer support or have announced end of support for the Netscape Plug-in Application Programming Interface (NPAPI). NPAPI was required to run console connect and to run the Java Virtual Machine (JVM). JVM was required to initiate VPN connect and to upload the OVF and VMDK files to VM catalog. NPAPI dependencies are eliminated.

Infinicenter Console

    Note: This feature is in controlled release. Contact your service delivery manager for availability.

  • Console Connect is an HTML5 client to permit connecting to the virtual machine console from any browser.

Virtual machine snapshot

A virtual machine snapshot preserves the state and data of a virtual machine at a specific point in time. The data includes all of the files that make up the virtual machine. Files include disks and other devices, such as virtual network interface cards. Snapshots create child files that contain all the changes made since the last snapshot.

Infinicenter Console

  • You can filter devices based on snapshots or scheduled for snapshots.

Account Management

Federal organizations have hard spending limits. If billing reaches the limit, the account must be suspended.

Infinicenter Console

  • User accounts are locked and access to VPN is disabled if the organization reaches their spending limit.
1.1.13. Update 2016-09-24

Enterprise Cloud
Update 2016-09-24 Release Notes

Verizon is pleased to announce Update 2016-09-24 of the Enterprise Cloud on 24 September 2016.

Eliminate NPAPI dependencies

Most browsers no longer support or have announced end of support for the Netscape Plug-in Application Programming Interface (NPAPI). NPAPI was required to run console connect and to run the Java Virtual Machine (JVM). JVM was required to initiate VPN connect and to upload the OVF and VMDK files to VM catalog. NPAPI dependencies are eliminated.

Infinicenter Console

  • Previously for VPN connect, a Java applet installed, initiated, and authenticated the SSL VPN connection. Now, users download, install, and initiate the SSL VPN client. VPN Connect provides credentials for a VPN connection that the user types into the client for authentication.
  • The application to upload virtual machine .ovf and .vmdk files to the catalog uses HTML5 instead of Java to permit uploads using any browser.
1.1.14. Update 2016-08-27

Enterprise Cloud
Update 2016-08-27 Release Notes

Verizon is pleased to announce Update 2016-08-27 of the Enterprise Cloud on 27 August 2016.

Virtual Machine Snapshots

A virtual machine snapshot preserves the state and data of a virtual machine at a specific point in time. The data includes all of the files that make up the virtual machine. Files include disks and other devices, such as virtual network interface cards. Snapshots create child files that contain all the changes made since the last snapshot.

Infinicenter Console

  • If you try to delete a snapshot while creating an on demand snapshot, an error is displayed.
  • You have to confirm before creating a snapshot.

Enterprise Cloud API

  • If you try to delete a snapshot while creating an on demand snapshot, an error is returned.

VPN Users

VPN users represent a category of user that is capable only of using the SSL VPN to connect to their Enterprise Cloud networks. They are not permitted to use Infinicenter Console for management.

Infinicenter Console

  • When a new Virtual Private Network (VPN) user is created, a dialog is displayed with user credentials. Credentials are displayed in the dialog and are not sent by mail. Once the dialog is closed, the credentials are not accessible.
  • As an administrator, you can reset and regenerate the password for a VPN user.
1.1.15. Update 2016-07-30

Enterprise Cloud
Update 2016-07-30 Release Notes

Verizon is pleased to announce Update 2016-07-30 of the Enterprise Cloud on 30 July 2016.

Virtual Machine Snapshots

A virtual machine snapshot preserves the state and data of a virtual machine at a specific point in time. The data includes all of the files that make up the virtual machine. Files include disks and other devices, such as virtual network interface cards.

Snapshots create child files that contain all the changes made since the last snapshot:

Infinicenter Console

  • Take a snapshot of your virtual machine on demand.
  • Differentiate between on-demand and scheduled snapshots of a virtual machine in Infinicenter Console.

Enterprise Cloud API

  • Take a snapshot of your virtual machine on demand.
  • Differentiate between on-demand and scheduled snapshots of a virtual machine in the the response to snapshot calls.
1.1.16. Update 2016-06-25

Enterprise Cloud
Update 2016-06-25 Release Notes

Verizon is pleased to announce Update 2016-06-25 of the Enterprise Cloud on 25 June 2016.

Disaster Recovery

Disaster Recovery provides Enterprise Cloud customers with a disk-based Disaster Recovery solution that uses underlying cloud infrastructure to replicate customer environments to a secondary location. Employing a disk-only topology reduces the management complexity involved in an application-based replication solution and increases the efficiency of data transfer between the production and disaster recovery locations.

Storage volumes in single-tenant implementations of Enterprise Cloud are, by design, all dedicated to that tenant. Storage volumes in multi-tenant implementations of Enterprise Cloud are, by design, shared between all tenants.

Enterprise Cloud API

  • You are not allowed to perform the following actions on the primary environment when DR is activated.
    • Action Environments Update Mirrors
  • You are not allowed to perform the following compute pool or resource actions in the primary environment when DR is activated.
    • Action Compute Pools Edit
    • Action Resources Disable Burst Memory
    • Action Resources Disable Burst Processor
    • Action Resources Enable Burst Memory
    • Action Resources Enable Burst Processor
  • You are not allowed to perform the following virtual machine actions in the primary environment when DR is activated.
    • Action Virtual Machines Attach Disk
    • Action Virtual Machines Convert to Managed Asset
    • Action Virtual Machines Create Blank
    • Action Virtual Machines Create Copy Identical
    • Action Virtual Machines Create Copy
    • Action Virtual Machines Create from Template
    • Action Virtual Machines Detach Disk
    • Action Virtual Machines Edit Assigned IP Address
    • Action Virtual Machines Edit Assigned Security Group
    • Action Virtual Machines Edit Hardware Configuration
    • Action Virtual Machines Edit Snapshot Schedule
    • Action Virtual Machines Edit
    • Action Virtual Machines Export
    • Action Virtual Machines Guest Process
    • Action Virtual Machines Import
    • Action Virtual Machines Move
    • Action Virtual Machines Power Off
    • Action Virtual Machines Power On
    • Action Virtual Machines Power Reboot
    • Action Virtual Machines Power Shutdown
    • Action Virtual Machines Remove
    • Action Virtual Machines Tools Install
    • Action Virtual Machines Tools Mount
    • Action Virtual Machines Tools Unmount
    • Action Virtual Machines Upgrade Hardware Version
  • You are not allowed to perform the following physical device actions in the primary environment when DR is activated.
    • Action High Availability Routers Convert to Managed Asset
    • Action High Availability Routers Edit Assigned Security Group
    • Action High Availability Routers Edit
    • Action High Availability Routers Move
    • Action Physical Routers Convert to Managed Asset
    • Action Physical Routers Edit Assigned Security Group
    • Action Physical Routers Edit
    • Action Physical Routers Move
    • Action Physical Servers Convert to Managed Asset
    • Action Physical Servers Edit Assigned IP Address
    • Action Physical Servers Edit Assigned Security Group
    • Action Physical Servers Edit
    • Action Physical Servers Move
    • Action Storage Devices Convert to Managed Asset
    • Action Storage Devices Edit Assigned Security Group
    • Action Storage Devices Edit
    • Action Storage Devices Move
  • You are not allowed to perform the following layout row actions in the primary environment when DR is activated.
    • Action Layout Rows Create
    • Action Layout Rows Edit
    • Action Layout Rows Move Down
    • Action Layout Rows Move Up
    • Action Layout Rows Remove
  • You are not allowed to perform the following layout group actions in the primary environment when DR is activated.
    • Action Layout Groups Create
    • Action Layout Groups Edit
    • Action Layout Groups Order Higher
    • Action Layout Groups Order Lower
    • Action Layout Groups Remove
  • You are not allowed to perform the following task actions in the primary environment when DR is activated.
    • Action Tasks Retry
    • Action Tasks Undo
  • You are not allowed to perform the following retry operation actions in the primary environment when DR is activated.
    • Action Retry Operations Attach Disk by Detached Disk
    • Action Retry Operations Attach Disk by Virtual Machine
    • Action Retry Operations Detach Disk by Detached Disk
    • Action Retry Operations Detach Disk by Virtual Machine
    • Action Retry Operations Virtual Machine
  • You are not allowed to perform the following snapshot actions in the primary environment when DR is activated.
    • Action Snapshots Remove
    • Action Snapshots Revert
  • You are not allowed to perform the following network actions in the primary environment when DR is activated.
    • Action Networks Create
    • Action Networks Edit IPv6
    • Action Networks Edit
    • Action Networks Remove IPv6
    • Action Networks Remove
  • You are not allowed to perform the following trusted network group actions in the primary environment when DR is activated.
    • Action Trusted Network Groups Create
    • Action Trusted Network Groups Edit
    • Action Trusted Network Groups Remove
  • You are not allowed to perform the following public IP actions in the primary environment when DR is activated.
    • Action Public IPs Activate Internal IPv6
    • Action Public IPs Activate Internal
    • Action Public IPs Activate IPv6
    • Action Public IPs Activate
    • Action Public IPs Remove
  • You are not allowed to perform the following certificate actions in the primary environment when DR is activated.
    • Action Certificates Create
    • Action Certificates Edit
    • Action Certificates Edit Configuration
    • Action Certificates Remove
  • You are not allowed to perform the following Internet service or monitor actions in the primary environment when DR is activated.
    • Action Internet Services Create for Environment
    • Action Internet Services Create
    • Action Internet Services Edit
    • Action Internet Services Remove
    • Action Monitors Create Default
    • Action Monitors Create ECV
    • Action Monitors Create HTTP
    • Action Monitors Create Loopback
    • Action Monitors Create Ping
    • Action Monitors Disable
    • Action Monitors Edit ECV
    • Action Monitors Edit HTTP
    • Action Monitors Edit Ping
    • Action Monitors Enable
  • You are not allowed to perform the following backup Internet service actions in the primary environment when DR is activated.
    • Action Backup Internet Services Create
    • Action Backup Internet Services Edit
    • Action Backup Internet Services Remove
  • You are not allowed to perform the following RNAT actions in the primary environment when DR is activated.
    • Action Associations Create Device
    • Action Associations Edit Network
    • Action Associations Remove Device
  • You are not allowed to perform the following node service actions in the primary environment when DR is activated.
    • Action Node Services Create Backup Internet Service
    • Action Node Services Create Internet Service
    • Action Node Services Edit
    • Action Node Services Remove
  • You are not allowed to perform the following IP address actions in the primary environment when DR is activated.
    • Action IP Addresses Configure Reservation IPv6
    • Action IP Addresses Configure Reservation
    • Action IP Addresses Reserve IPv6
    • Action IP Addresses Reserve
    • Action IP Addresses Sync IPv6
    • Action IP Addresses Sync
    • Action IP Addresses Unreserve IPv6
    • Action IP Addresses Unreserve
  • You are not allowed to perform the following security group actions in the primary environment when DR is activated.
    • Action Security Groups Create
    • Action Security Groups Enable
    • Action Security Groups Disable
    • Action Security Groups Environment Assign Devices
    • Action Security Groups Edit
    • Action Security Groups Remove
1.1.17. Update 2016-06-04

Enterprise Cloud
Update 2016-06-04 Release Notes

Verizon is pleased to announce Update 2016-06-04 of the Enterprise Cloud on 04 June 2016.

Verizon releases a new software framework for Enterprise Cloud to enable and support future product offerings.

1.1.18. Update 2016-05-07

Enterprise Cloud
Update 2016-05-07 Release Notes

Verizon is pleased to announce Update 2016-05-07 of the Enterprise Cloud on 07 May 2016.

Disaster Recovery

Disaster Recovery provides Enterprise Cloud customers with a disk-based Disaster Recovery solution that uses underlying cloud infrastructure to replicate customer environments to a secondary location. Employing a disk-only topology reduces the management complexity involved in an application-based replication solution and increases the efficiency of data transfer between the production and disaster recovery locations.

Storage volumes in single-tenant implementations of Enterprise Cloud are, by design, all dedicated to that tenant. Storage volumes in multi-tenant implementations of Enterprise Cloud are, by design, shared between all tenants.

Infinicenter Console

  • When you try to change the reservation percentage on an active environment which locked, an error message is displayed.

Enterprise Cloud API

  • You can activate and deactivate Global Server Load Balancing. Load balancers are capable of routing traffic intelligently across servers and hence used to route traffic globally.
  • You can pick a Customer Defined Volume while copying an identical or customized virtual machine.
  • You can retrieve the disaster recovery environments for your organization.
  • For a new environment, you can request a new CDV.
  • You can edit a CDV for an environment.
  • You can pick a CDV while copying a customized or identical virtual machine.
  • You can request for a new CDV for an existing environment.
  • You can create a virtual machine from a template on a CDV.
  • Based on the environment identifier, you get GSLB routing.
1.1.19. Update 2016-04-02

Enterprise Cloud
Update 2016-04-02 Release Notes

Verizon is pleased to announce Update 2016-04-02 of the Enterprise Cloud on 02 April 2016.

Disaster Recovery

Disaster Recovery provides Enterprise Cloud customers with a disk-based Disaster Recovery solution that uses underlying cloud infrastructure to replicate customer environments to a secondary location. Employing a disk-only topology reduces the management complexity involved in an application-based replication solution and increases the efficiency of data transfer between the production and disaster recovery locations.

Storage volumes in single-tenant implementations of Enterprise Cloud are, by design, all dedicated to that tenant. Storage volumes in multi-tenant implementations of Enterprise Cloud are, by design, shared between all tenants.

Infinicenter Console

  • If you change the disaster recovery reservation percentage for an environment, this change is synchronized across all the backup instance based compute pools.
  • You cannot create, edit, or delete subnets in primary and backup environments.
  • You cannot create a compute pool in primary and backup environments.
  • You cannot modify the primary disaster recovery environment until disaster recovery deactivation is complete.
  • You cannot delete a public IP address in primary and backup environments.
  • You can now see a preview of the resources reserved in disaster recovery by navigating to to Infinicenter Console > My Accounts > Disaster Recovery > disaster recovery Resources.

Private networks

Infinicenter Console

  • You are restricted from deleting a subnet if you do not have the permissions for it.
  • You cannot delete a public IP address if you do not have the permissions for it.
  • You are restricted from creating a subnet if you do not have the permissions for it.

Enterprise Cloud API

  • You are restricted from deleting a public IP address if you do not have permissions for it.
  • You are restricted from creating a subnet if you do not have the permissions for it.
  • You cannot delete a subnet if you do not have the permissions for it.
1.1.20. Update 2016-03-05

Enterprise Cloud
Update 2016-03-05 Release Notes

Verizon is pleased to announce Update 2016-03-05 of the Enterprise Cloud on 05 March 2016.

Disaster Recovery

Disaster Recovery provides Enterprise Cloud customers with a disk-based Disaster Recovery solution that uses underlying cloud infrastructure to replicate customer environments to a secondary location. Employing a disk-only topology reduces the management complexity involved in an application-based replication solution and increases the efficiency of data transfer between the production and disaster recovery locations.

Storage volumes in single-tenant implementations of Enterprise Cloud are, by design, all dedicated to that tenant. Storage volumes in multi-tenant implementations of Enterprise Cloud are, by design, shared between all tenants.

Infinicenter Console

  • If your disaster recovery backup reservation is more than 0%, you will be billed for disaster recovery reserved VPU and disaster recovery reserved memory.
  • You will be billed for disaster recovery VPU burst and disaster recovery memory burst usage when the virtual machines are in disaster recovery activation state and the combined CPU usage exceeds the reservation percentage.
  • You will be billed for disaster recovery reserved VPU or memory burst VPU or memory if your disaster recovery backup has a reservation of more than 0%.
  • You can view the available devices based on reservation percentage.

Use of Microsoft enterprise licenses

By request to their service manager, select single-tenant customers may deploy their Microsoft enterprise licenses in a cloud. Multi-tenant customers must abide by the terms of the Microsoft service provider license agreement..

Enterprise Cloud API

  • While creating blank windows virtual machine, you need not include a template if use of Microsoft enterprise licenses is approved.
  • While creating blank windows virtual machine from catalog, you need not include a template if use of Microsoft enterprise licenses is approved.

Usage Enhancements

Infinicenter Console

  • As an administrator, you can set the threshold values for CPU or memory usage (current usage) for memory and processor alerts.
  • You will be alerted when the CPU and memory usage exceeds the threshold value set by you.
  • A notification mail is sent to the user if the CPU or memory usage goes over the maximum threshold percentage for an environment. If the user has set “Do Not Monitor” then alerts are not sent to the user.
  • If the CPU or memory usage exceeds the threshold percentage, an alert is sent to you.
1.1.21. Update 2016-02-13

Enterprise Cloud
Update 2016-02-13 Release Notes

Verizon is pleased to announce Update 2016-02-13 of the Enterprise Cloud on 13 February 2016.

Disaster Recovery

Disaster Recovery (DR) provides Enterprise Cloud customers with a disk-based Disaster Recovery solution that uses underlying cloud infrastructure to replicate customer environments to a secondary location. Employing a disk-only topology reduces the management complexity involved in an application-based replication solution and increases the efficiency of data transfer between the production and disaster recovery locations.

Storage volumes in single-tenant implementations of Enterprise Cloud are, by design, all dedicated to that tenant. Storage volumes in multi-tenant implementations of Enterprise Cloud are, by design, shared between all tenants.

Infinicenter Console

  • You can view the storage volume billing on the Billing tab.
  • You can view the usage of your Customer Dedicated Volume (CDV) on Environment > Resources > Usage.
  • If the backup reservation for your Disaster Recovery (DR) is more than 0% (zero percent), you will be charged for it.
  • If your DR is activated and the CPU usage exceeds the reserved percentage, then you will be charged for DR VPU burst and DR memory burst.
  • If your DR environment is active for more than 168 hours over a 90 day period, then, as an active DR Windows virtual machine an SPLA license usage is generated.
  • You can relocate a virtual machine from one CDV to another.

Use of Microsoft enterprise licenses

By request to their service manager, select single-tenant customers may deploy their Microsoft enterprise licenses in a cloud. Multi-tenant customers must abide by the terms of the Microsoft service provider license agreement.

Infinicenter Console

  • When creating a Windows virtual machine, you are not prompted to select a template if use of Microsoft enterprise licenses is approved.
  • You are prompted to select a template when creating a Windows virtual machine if use of Microsoft enterprise licenses is not approved.

Additional backup retention periods

Infinicenter Console

  • The standard retention period is 35 days, initially. Additional backup retention periods of 3, 6, and 12 months are available.

Infinicenter console security

Infinicenter Console

  • You are provided with new filtering options to view your audit log history.
  • You can export the audit log files.
1.1.22. Update 2016-01-09

Enterprise Cloud
Update 2016-01-09 Release Notes

Verizon is pleased to announce Update 2016-01-09 of the Enterprise Cloud on 9 January 2016.

Additional backup retention periods

Enterprise Cloud API

When you enable backup, the default retention period is pre-selected. The default retention period is 35 days.

Infinicenter Console Security

Infinicenter Console

Security in Infinicenter Console has been enhanced:

  • You can have only two concurrent login sessions for a user.
  • The audit log stores the number of times support representatives login and logout of a customer's environment through support's administrative portal passthrough.

Utilization graphs

Infinicenter Console

As an admin, you can view a graphical representation of the compute pool utilization.

1.1.23. Update 2015-12-05

Enterprise Cloud
Update 2015-12-05 Release Notes

Verizon is pleased to announce Update 2015-12-05 of the Enterprise Cloud on 5 December 2015.

Disaster Recovery

Disaster Recovery provides Enterprise Cloud customers with a disk-based Disaster Recovery solution that uses underlying cloud infrastructure to replicate customer environments to a secondary location. Employing a disk-only topology reduces the management complexity involved in an application-based replication solution and increases the efficiency of data transfer between the production and disaster recovery locations.

Storage volumes in single-tenant implementations of Enterprise Cloud are, by design, all dedicated to that tenant. Storage volumes in multi-tenant implementations of Enterprise Cloud are, by design, shared between all tenants.

Multi-tenant customers:

  • Purchase disaster recovery volumes in 1 TB, 2 TB, 3 TB, and 4 TB storage sizes.
  • Select a Recovery Point Objective of 6 hr, 4 hr, 2 hr, or 1 hr synchronization intervals for each disaster recovery volume.
  • Are billed for the storage and the price adjusted based on the RPO selected

Infinicenter Console

  • My Account has a Disaster Recovery tab on which to view and monitor virtual machine registration status and manage disaster recovery features.
  • The current state of a selected disaster recovery environment is reflected on the Disaster Recovery tab and can refresh as required.
  • Disaster Recovery tab shows the history of disaster recovery tasks.
  • Can change a compute pool name in the primary environment and the change propagates to the disaster recovery environment.
  • Organization level roles can select a business role to manage disaster recovery.
  • Can update mirrors prior to activating disaster recovery.
  • When disaster recovery is activated, virtual machines, IP addresses, firewall rules, and Internet services are automatically synchronized.
  • When deactivating disaster recovery, virtual machines always power off; when activating disaster recovery, virtual machines optionally power on via startup scripts.
  • Users receive a warning when they activate disaster recovery and they have not performed an update mirrors recently.
  • Can direct all public Internet traffic to the primary site or the disaster recovery site from the Public Internet tab of the Disaster Recovery tab in My Account.
  • You can request, view, and edit DR volumes and assign them to an environment.
  • The Update Mirrors button is visible in single-tenant implementations; in multi-tenant implementations mirror updates occur in accordance with the RPO interval selected.
  • In single-tenant implementations, source volumes are identified by the physical storage name; in multi-tenant implementations, source volumes are identified by a name supplied by the user when the volume is requested.
  • You can create a virtual machine from template, create a virtual machine from a catalog item, or create a blank virtual machine in an environment with a DR volume.
  • You can copy a virtual machine customized or identical into an environment with a DR volume.
  • You can create a virtual machine as high-priority or, after creation, you can set or clear its status as high-priority. However, you are limited to how often you can change its status.
  • When designating a virtual machine as a high-priority virtual machine, a confirmation dialog appears that requires acceptance of the additional charges incurred as a result.
  • A virtual machine is billed an additional fee in hourly increments while it is powered on as a high-priority virtual machine.
  • You can request, view, and edit DR volumes and assign them to an environment.
  • The Update Mirrors button is visible in single-tenant implementations; in multi-tenant implementations mirror updates occur in accordance with the RPO interval selected.
  • In single-tenant implementations, source volumes are identified by the physical storage name; in multi-tenant implementations, source volumes are identified by a name supplied by the user when the volume is requested.
  • You can create a virtual machine from a template, create a virtual machine from a catalog item, or create a blank virtual machine in an environment with a DR volume.
  • You can copy a virtual machine customized or identical into an environment with a DR volume.

Enterprise Cloud API

  • Can retrieve the disaster recovery state of the primary and mirror environments, update the mirror environment, and activate or deactivate disaster recovery.
  • You can pick a CDV when creating a virtual machine from a catalog item or when creating a blank virtual machine.
  • From the environment menu, you can list all the CDVs for an environment.

Network Provisioning

You can create and delete internal and perimeter networks.

Infinicenter Console

  • You can add IPv4 and dual-stack (IPv4 and IPv6) internal and perimeter subnets. You must specify the IPv4 network size, /24 through /29, but the IPv6 network size is always /64. You cannot specify the address range.
  • You can delete internal and perimeter subnets if no virtual machines remain attached and the subnet has not been locked by Verizon. If a network is dual stack, both IPv4 or IPv6, deleting one deletes both.
  • Note: You cannot delete the last IPv4 or last dual-stack network in an environment.

Enterprise Cloud API

  • You can add IPv4 and dual-stack (IPv4 and IPv6) internal and perimeter subnets. You must specify the IPv4 network size,/24 through /29, but the IPv6 network size is always /64. You cannot specify the address range.
  • You can delete internal and perimeter subnets if no virtual machines remain attached and the subnet has not been locked by Verizon. If a network is dual stack, both IPv4 or IPv6, deleting one deletes both.
  • Note: A call to delete the last IPv4 or last dual-stack network in an environment returns an error.

TLS Offloading

Transport Layer Security (TLS) offloading transparently accelerates the TLS transactions by offloading the TLS processing from the application server to a networking appliance, a Load Balancer.

The application server is relieved from TLS encryption and decryption tasks thus reducing the load on the server and the certificate management becomes easy by centrally configuring in one place. The communication from the networking appliance and application server will be done using HTTP on any configured port number.

Enterprise Cloud API

  • You can associate a certificate to a backup internet service; if the backup internet service is deployed, the certificate is deployed.

API Enhancements

Guest customization permits passing information into the guest operating system of a virtual machine by creating key-value pairs stored within the virtual machine. Guest customization variables are accessible to the guest operating system through calls to the VMware Tools. You can now view and edit the guest customization variables for an existing virtual machine.

Enterprise Cloud API

  • You can view and edit persistent boot customization variables for an existing virtual machine.
  • Keys may be up to 255 characters and values up to 10,240 characters.
  • You can add as many key-values pairs as desired.
  • Note: First-time boot customization variables are not meaningful for an existing virtual machine and are not supported for existing virtual machines.

To assist in managing devices managed by Verizon, some additional elements appear in the organization object and the full virtual machine object.

1.1.24. Update 2015-11-07

Enterprise Cloud
Update 2015-11-07 Release Notes

Verizon is pleased to announce Update 2015-11-07 of the Enterprise Cloud on 7 November 2015.

TLS Offloading

Transport Layer Security (TLS) offloading transparently accelerates the TLS transactions by offloading the TLS processing from the application server to a networking appliance, a Load Balancer.

The application server is relieved from TLS encryption and decryption tasks thus reducing the load on the server and the certificate management becomes easy by centrally configuring in one place. The communication from the networking appliance and application server will be done using HTTP on any configured port number.

Using the Enterprise Cloud API, you can perform the following on a load balancer:

Enterprise Cloud API

  • Retrieve a load balancer certificate by its identification number.
  • Edit a load balancer certificate and delete unused load balancer certificates.
  • Replace the certificate on an SSL offloaded internet service.
  • Retrieve all the load balancer certificates.
  • Add certificates to your certificate store.
  • Bind a certificate to an internet service.
  • Add a load balancer certificate.

Public IP Provisioning

Infinicenter Console

  • You are allowed to activate public IP(s) beyond what is purchased.
  • A pop-up message is displayed when you configure more than the allowed number of public IP address.
  • You can delete public IP addresses if no services or RNATs are configured for that IP. If they are configured, then you cannot delete the IP address.
  • The default public IP address cannot be deleted.
  • Your purchased public IP addresses is a soft limit. Activating public IP addresses above your purchased quantity automatically increases your purchased quantity and adds the additional charges to your invoices. However, Enterprise Cloud has a global hard limit for automatically increasing the purchased quantity. If the global hard limit is reached, subsequent activation requests return an error. If this occurs, contact your Service Manager to purchase additional public IP addresses and that quantity becomes your new hard limit.
  • The external IPv4 and IPv6 address sub-menu is enabled in all cases.
  • If you are unable to activate an additional IPv4 and IPv6 address, a message is displayed.

Enterprise Cloud API

  • You are allowed to activate public IP(s) beyond what is purchased.
  • A 409 with error message is returned when you configure more than the allowed number of public IPs.
  • You can delete public IP addresses if no services or RNATs are configured for that IP. If they are configured, then you cannot delete the IP address.
  • The default public IP address cannot be deleted.
  • Your purchased public IP addresses is a soft limit. Activating public IP addresses above your purchased quantity automatically increases your purchased quantity and adds the additional charges to your invoices. However, Enterprise Cloud has a global hard limit for automatically increasing the purchased quantity. If the global hard limit is reached, subsequent Action Public IPs Activate calls fail with a 409 Invalid Request error. If this occurs, contact your Service Manager to purchase additional public IP addresses and that quantity becomes your new hard limit.
1.1.25. Update 2015-10-14

Enterprise Cloud
Update 2015-10-14 Release Notes

Verizon is pleased to announce Update 2015-10-14 of the Enterprise Cloud on 14 October 2015.

Verizon releases a new software framework for Enterprise Cloud to enable and support future product offerings.

1.1.26. Update 2015-08-30

Enterprise Cloud
Update 2015-08-30 Release Notes

Verizon is pleased to announce Update 2015-08-30 of the Enterprise Cloud on 30 August 2015.

Storage and Virtual Machine Placement

Infinicenter Console

  • If resizing the disk of a virtual machine will exceed the storage capacity of its datastore, the virtual machine automatically moves to a datastore with adequate capacity.
  • If resizing causes a move, the user receives a dialog box warning that the resizing task will take more time than usual.

Windows Template Licensing Changes

Infinicenter Console

  • When creating a Windows virtual machine, you must agree to the Microsoft terms for license mobility.
  • When creating a Windows virtual machine from a catalog item, you must select a Verizon template.
  • When creating a blank virtual machine targeted for Windows, you must select a Verizon template.
  • You can select a Verizon template for existing virtual machines created as a blank virtual machine or created from a catalog item.

Enterprise Cloud API

  • When creating a Windows virtual machine from a catalog item, you must select a Verizon template. (TTL-853, TTL-859)
  • When creating a blank virtual machine targeted for Windows, you must select a Verizon template. (TTL-1114)
1.1.27. Update 2015-07-18

Enterprise Cloud
Update 2015-07-18 Release Notes

Verizon is pleased to announce Update 2015-07-18 of the Enterprise Cloud on July 18, 2015.

Windows Template Licensing Changes

Infinicenter Console

You can assign a Verizon Windows template to existing virtual machines that were built with customer-provided Windows operating system licenses. This replaces the customer-provided Windows operating system license with a Windows license from Verizon to comply with Microsoft licensing requirements.

Instance-Based Virtual Machine Configurations

Infinicenter Console

Enterprise Cloud supports larger instance-based virtual machine configurations. The configurations and sites where they are supported are in the following table. These configurations are available in Infinicenter Console when creating a virtual machine.

Configuration Sites Supporting Configuration
4 VPUs / 32 GB RAM

All cloud-enabled data centers

8 VPUs / 32 GB RAM

All cloud-enabled data centers

8 VPUs / 64 GB RAM

All cloud-enabled data centers

16 VPUs / 32 GB RAM

London, UK
Melbourne, AU
Culpeper, VA
Dallas, TX
Miami, FL
Santa Clara, CA

16 VPUs / 64 GB RAM

London, UK
Melbourne, AU
Culpeper, VA
Dallas, TX
Miami, FL
Santa Clara, CA

16 VPUs / 128 GB RAM

London, UK
Melbourne, AU
Culpeper, VA
Dallas, TX
Miami, FL
Santa Clara, CA

Note: Not every configuration is available in every environment; Infinicenter Console shows only those available to your environment.

1.1.28. Update 2015-06-18

Enterprise Cloud
Update 2015-06-18 Release Notes

Verizon is pleased to announce Update 2015-06-18 of the Enterprise Cloud on 18 June 2015.

Windows Server Template

Infinicenter Console

The Windows 2012 R2 template is now available to customers.

Enterprise Cloud API

The Windows 2012 R2 template is now available to customers.

Windows Template Licensing Changes

Infinicenter Console

You can no longer upload a virtual machine with a Windows operating system to the catalog. When you create a blank virtual machine, you can no longer use a Windows operating system.

Enterprise Cloud API

You can no longer upload a virtual machine with a Windows operating system to the catalog. When you create a blank virtual machine, you can no longer use a Windows operating system.

1.1.29. Update 2015-04-29

Enterprise Cloud
Update 2015-04-29 Release Notes

Verizon is pleased to announce Update 2015-04-29 of the Enterprise Cloud on April 29, 2015.

Enhanced Virtual Machine Guest Customization

Virtual machine guest customization is available to users for virtual machines created from templates and catalog items. Behavior varies when copying virtual machine.

Enterprise Cloud API

  • Can provide first-time boot and persistent boot customization variables (key-value pairs). Keys may be up to 255 characters and values up to 10,240 characters.
  • When creating a virtual machine in the API, either from template or from catalog, users can provide guest customization in the request body. Users can add as many key-value pairs as desired.
  • When copying identical in the API, persistent boot guest customization key-value pairs are copied to the destination virtual machine and first-time boot guest customization key-value pairs are ignored. Copy customize does not currently permit enhanced guest customization.
1.1.30. Update 2015-03-14

Enterprise Cloud
Update 2015-03-14 Release Notes

Verizon is pleased to announce Update 2015-03-14 of the Enterprise Cloud on March 14, 2015.

Enhanced Virtual Machine Guest Customization

Virtual machine guest customization is available to to users for virtual machines created from templates and catalog items. Behavior varies when copying virtual machine.

Enterprise Cloud API

  • Can provide first-time boot and persistent boot customization variables (key-value pairs). Keys may be up to 255 characters and values up to 10,240 characters.
  • When creating a virtual machine in the API, either from template or from catalog, users can provide guest customization in the request body. Users can add as many key-value pairs as desired.
  • When copying identical in the API, persistent boot variables are copied to the destination virtual machine and first-time boot variables are ignored. Copy customize does not currently permit enhanced guest customization.
1.1.31. Release 2.27.0.082314

Enterprise Cloud
2.27 Release Notes

Verizon is pleased to announce the availability of release 2.27 of the Enterprise Cloud on August 23, 2014.

The new cloud services are 'click to provision' and require no involvement by Verizon to use. All features are available to all Enterprise Cloud virtual machines in all locations. Virtual machines can be based on Verizon templates or customer-provided images.

Note: Cloud services are in beta testing. Upon completion of beta testing, the feature will enter controlled release with gradual availability across customers.

Note: These cloud services are free today but customers must understand and expect that some or all of these cloud services will be chargeable in the future. When a cloud service becomes chargeable, customers will be clearly notified and permitted to cease using the cloud service prior to any charges.

Advanced Monitoring

This cloud service allows customizable server monitoring of customer’s Enterprise Cloud virtual machines and applications running on any Windows or Linux guest operating system. Customers can set up many monitoring groups and place one to many virtual machines within the groups. All alerts are transmitted by email to a recipient list, which is defined by the user. At this time Verizon is not changing its responsibility for customer’s Enterprise Cloud server availability. Monitoring groups can include one or more monitoring options from:

  • Windows basic
  • Linux basic
  • OS Process
  • Windows IIS
  • Ping
  • Web Transactions using Twill
  • Oracle basic

All monitors can be set to alert and all monitors collect metrics that can be reviewed graphically over time. Additional services will be added.

Infinicenter Console

  • Monitoring groups with packages and containing many devices assigned by users, can be created, viewed, edited, or deleted; monitoring configuration and notifications are set or edited at the group level and applied to all devices in the group.
  • Devices can be assigned to, moved between, or removed from a device class and monitored devices can be viewed, removed from monitoring, or edited for parameter values on the Monitoring tab of the Cloud Services tab.
  • Credentials can be assigned in a device configuration or in a monitoring group configuration.
  • Alerts and email notifications generated when devices exceed thresholds.
  • Advanced monitoring alerts are visible anywhere in the Environments tab from the alerts icon from devices and monitoring groups.
  • Graphs of monitored activities can be viewed.
  • Linux Basic and Windows Basic packages for CPU, Memory and Storage monitoring.
  • IIS package can monitor request rates for GETs, PUTs, POSTs, and DELETEs.
  • Process package can monitor specified processes on the operating system.
  • Oracle package can monitor SGA, Cache Hit Ratio, User IO Wait Time, User Operations, Sorts, Redo Operations, Redo Size, Physical Operations, Messages, Logons, or Opened Cursors.
  • WebTx package can monitor Web transactions scripted using Twill.
  • Ping package can monitor device availability with ICMP pings.
  • Advanced Monitoring billing can be viewed on the Billing tab. Pricing is presented when configuring.
  • Monitoring respects all business operation settings on roles.

Patching

This cloud service offers Infinicenter Console users the ability to patch their Enterprise Cloud Windows 2008 x64, Windows 2012 x64, RHEL 6.x x64, CentOS 6.x x64, and Ubuntu 12.04 x64 virtual machines. The service includes a ‘patch now’ option as well as the option to schedule one time in the future or regularly over time. Customers are required to install an agent onto their servers to take advantage of this new service.

Infinicenter Console

  • Administrators and users with appropriate privileges can enable patching immediately or on a schedule. Schedules have a start date and a time of day to execute and can schedule patching once, weekly on a specified day of the week, or monthly on a specified day of the month.
  • Administrators and users with appropriate privileges can edit a patch schedule on or remove patching from a device.
  • Users can view a list of devices for which patching is enabled from the Patching tab of the Cloud Services tab and view a history of patching tasks by clicking Details on a device.
  • Patching is billed per patch and can be viewed on the Billing tab.

Backup

This cloud service provides an easy to use, straightforward way of protecting and restoring virtual machines in Enterprise Cloud environments. Customer’s virtual machines can be selected within the Infinicenter Console and will be protected with 35 days of available versions from which to recover.

Backup creates an image of the disks on a virtual machine. Restoring from an image clones a new virtual machine from the backup image. The fate of the corrupt virtual machine is left to the user: preserve and attempt further rescue or delete.

To restore a single data disk:

  1. Clone the backup image to a new virtual machine.
  2. Detach the desired data disk.
  3. Delete the remainder of the clone.
  4. Attach the data disk to the source virtual machine.

Infinicenter Console

  • Administrators and users with appropriate privileges can manage device backup from Cloud Services on the Selection menu or from the device context menu.
  • Backup activities (enable, clone, and disable) create tasks that are performed asynchronously and appear in the task history. Backup tasks disable all other device activities that are blocked by active tasks.
  • Administrators and users with appropriate privileges can enable backup. When enabled, backup creates one image each day and retains the most recent 35 images.
  • Administrators and users with appropriate privileges can disable backup and either retain or remove all backup images. Each retained image is deleted after 35 days.
  • Administrators and users with appropriate privileges can clone a new virtual machine from a backup image.
  • Users can view a list of backup images from the Backup tab of the Cloud Services tab.
  • Backup is billed for storage consumed by the backup images and can be viewed on the Billing tab.

Defects Resolved

Infinicenter Console

Hide Manage Snapshots role if Snapshots is not enabled for the organization.

Previously, the Infinicenter Console incorrectly showed the Manage Snapshots business operation in the Security Group Level Roles for organizations for which snapshots had not been enabled.

Processor graphs do not appear for instance-based compute pools.

Previously, the Infinicenter Console failed to show the processor graph for instance-based compute pools, although the values appeared when you clicked on a time.

Enterprise Cloud API

API gives a 500 error when you do a GET on a deleted snapshot.

Previously, the API issued a 500 Internal Server Error HTML response code, instead of a 404 Not Found HTML response code, when a GET requested a deleted snapshot.

1.1.32. Release 2.26.0.053114

Enterprise Cloud
2.26 Release Notes

Verizon is pleased to announce the availability of release 2.26 of the Enterprise Cloud on May 31, 2014.

Virtual Machine Snapshots

A virtual machine snapshot preserves the state and data of a virtual machine at a specific point in time. The data includes all of the files that make up the virtual machine. Files include disks and other devices, such as virtual network interface cards.

Snapshots create child files that contain all the changes made since the last snapshot:

  • Child files can grow up to the size of the source virtual disks; storage fees are incurred for both the source virtual disks and all child files.
  • Tracking changes to the source virtual disk in the child file incurs a performance penalty on the virtual machine.
  • Changes are added to child files until snapshots are disabled and all snapshots are removed from the virtual machine.

Snapshot storage is billed at the size of the source virtual disks for the active child file and at actual usage for all other child files.

Snapshots may be enabled when a virtual machine is powered on or powered off. Snapshots are taken at every interval when powered on but only at the first interval after powering off.

Infinicenter Console

A discussion of how to Manage Virtual Machine Snapshots is available on the Enterprise Cloud knowledgebase.

  • Snapshots, a new Administrative Tasks item, allows users with appropriate permissions to disable or enable snapshots for the selected virtual machine; to specify the delay between snapshots: in minutes, hours, and days; and to specify the number of snapshots to keep for this virtual machine, one to a maximum, globally-configured value.
  • In-progress snapshot activity is automatically updated in the Infinicenter Console.
  • When snapshots are enabled on a virtual machine, its configurations cannot change, although it may be viewed. The virtual machine may, however, be copied at its current, active state.
  • Users with appropriate permissions may revert a virtual machine to a specific prior snapshot.
  • Users with appropriate permissions may delete a specific snapshot and when a user deletes a virtual machine all its snapshots are also deleted.
  • Snapshots created by Verizon Support, unscheduled snapshots, appear in the Infinicenter Console with an indicator to identify its initiation outside the Infinicenter Console.
  • Users may view a history of snapshots up to the maximum number selected, including unscheduled snapshots, on the Manage Snapshots dialog.
  • Users may view a history of snapshot activities in the virtual machine task history.
  • Virtual machine task history includes snapshots skipped due to the virtual machine powered off, unscheduled snapshots that meet the chosen Snapshots to Capture limit, or insufficient storage. Insufficient storage occurs in reserved compute pools, purchased storage; trial instance-based compute pools, trial provisioned storage; or infrastructure storage. Users may enable snapshots if insufficient storage, but a warning is issued and all snapshots are skipped until storage is available.
  • Users may view the last task and the time of the next snapshot on the Manage Snapshots dialog.
  • Users may view total storage consumption including snapshots on the Resources and Resources > Storage Details > Virtual Machine tabs and the snapshot storage consumption on the Configure Server and Manage Snapshots dialogs. The dialogs also show the storage cost for instance-based virtual machines.
  • A business operation for virtual machine snapshots permits administrators to limit users' ability to snapshot virtual machines.
  • Snapshot storage is included when determining whether a new virtual machine is within purchase storage limits when creating, copying, or configuring a virtual machine.

Enterprise Cloud API

  • Snapshots allows users with appropriate permissions to disable or enable snapshots for the selected virtual machine; to specify the delay between snapshots: in minutes and hours; and to specify the number of snapshots to keep for this virtual machine, 1 to a maximum, globally-configured value. (US8434, US7746, US7760, US7658, US8449)
  • Users may view a history of snapshots up to the maximum number selected, including unscheduled snapshots. (US8440, US8441)
  • Users with appropriate permissions may revert a virtual machine to a specific prior snapshot. (US8436, US7659)
  • Users with appropriate permissions may delete a specific snapshot and when a user deletes a virtual machine all its snapshots are also deleted. (US8435, US7660)
  • Snapshot storage is included when displaying storage consumed by virtual machines. (US8438)
1.1.33. Release 2.25.0.041914

Enterprise Cloud
2.25 Release Notes

Verizon is pleased to announce the availability of release 2.25 of the Enterprise Cloud on April 19, 2014.

Templates with Oracle Database

Last quarter Verizon proudly announced efforts to enable Enterprise Cloud customers to leverage Oracle Database technologies in their virtual spaces. We are excited to deliver on this effort and provide you with access to this technology in your Enterprise Cloud environment. To ease your implementation efforts, we have created eight templates that are being made available for your use. We are eager to help you incorporate these templates in your environments, so be sure to contact your Verizon Service Manager or other representatives with any questions you may have.

Available templates include:

  • Red Hat Enterprise Linux 6.5 (64-bit) with Oracle Database 11g Enterprise Edition
  • Red Hat Enterprise Linux 6.5 (64-bit) with Oracle Database 11g Enterprise Edition and Oracle Active Data Guard
  • Red Hat Enterprise Linux 6.5 (64-bit) with Oracle Database 11g Standard Edition
  • Red Hat Enterprise Linux 6.5 (64-bit) with Oracle Database 11g Standard One Edition
  • Oracle Linux 6.5 (64-bit) with Oracle Database 11g Enterprise Edition
  • Oracle Linux 6.5 (64-bit) with Oracle Database 11g Enterprise Edition and Oracle Active Data Guard
  • Oracle Linux 6.5 (64-bit) with Oracle Database 11g Standard Edition
  • Oracle Linux 6.5 (64-bit) with Oracle Database 11g Standard One Edition

The option to bring your own licensing (BYOL) for use is available to you and can be leveraged as additional workloads migrate to the Verizon Enterprise Cloud platform. Contact your Oracle representative about your ability to use an “Authorize Cloud Environment for BYOL” option.

Infinicenter Console

  • Users desiring an Oracle database server may create virtual machines from a template with an Oracle database already installed.

Enterprise Cloud API

  • Users desiring an Oracle database server may create virtual machines from a template with an Oracle database already installed.

Additional Internet Service Protocols

Internet services permit one or more servers to share the load for a service running on a combination of protocol and port. Two new protocols, Internet Protocol Security (IPsec) and Point-to-Point Tunneling Protocol (PPTP) are added to the available protocols. These protocols are available for Internet services, their assigned node services, and backup Internet services. When configured, firewall rules supporting the new protocols may be viewed.

Infinicenter Console

  • Administrators and users with appropriate permissions may create, edit, and remove Internet services with IPsec, attach, edit, and remove node services with IPsec, view firewall rules for services with IPsec.
  • Administrators and users with appropriate permissions may create, edit, and remove Internet services with PPTP, attach, edit, and remove node services with PPTP, view firewall rules for services with PPTP.

Enterprise Cloud API

  • Administrators and users with appropriate permissions may create, edit, and remove Internet services with IPsec, create, edit, and remove backup Internet services with IPsec, attach, edit, and remove node services with IPsec, view firewall rules for services with IPsec.
  • Administrators and users with appropriate permissions may create, edit, and remove Internet services with PPTP, create, edit, and remove backup Internet services with PPTP, attach, edit, and remove node services with PPTP, view firewall rules for services with PPTP.

User Experience Improvements

Infinicenter Console

  • Organizations that deploy private networks with customer-provided IP addresses may view, on the IP Address Usage window, the Verizon IP address to which those addresses are converted during network address translation (NAT). This is required when a SSL VPN is used to access the network.

Defects Resolved

Infinicenter Console

Depending on the physical environment, Console Connect fails.

Previously, customers whose virtual machines resided in certain physical environments could not Console Connect to those virtual machines.

The Infinicenter Console log in page is vulnerable to cross site framing attacks.

Previously, it was possible for a third party to frame the Infinicenter Console log in page within their site for nefarious purposes.

1.1.34. Release 2.24.0.012514

Enterprise Cloud
2.24 Release Notes

Verizon is pleased to announce the availability of release 2.24 of the Enterprise Cloud on January 25, 2014.

Alerts for Metered Billing

Introduced with release 2.12 and enhanced with release 2.19, an organization may monitor certain events within the environment and, when thresholds are crossed, have an email alert sent to a list of email addresses. For resources, the events are system-defined and thresholds are user defined. Resource events are: high processor or memory usage, and processor or memory bursting. The email list is user-defined. When an alert occurs, a threshold is crossed, users subscribed to that rule are notified by email of the condition.

This service is extended to metered billing. An organization defines a billing alert rule with a budget amount and a percentage. An alert is generated when metered billing exceeds the percentage of the budget amount and users subscribed to that rule are notified by email of the condition. The percentage may be greater than 100%, if desired. Billing alert rules may be defined for the entire organization, for an entire environment, or for a compute pool.

Infinicenter Console

  • Notifies users subscribed to the alert when metered billing exceeds the percentage of the budget amount.
  • Administrators may assign the business operation for managing billing alerts to non-administrator users.
  • Administrators or users with appropriate permissions set the billing budget amount; the percentage for the organization, an environment, or a compute pool; and the frequency of billing alerts to once per billing period or daily.

Enterprise Cloud API

  • Notifies users subscribed to the alert when metered billing exceeds the percentage of the budget amount.
  • Administrators may assign the business operation for managing billing alerts to non-administrator users.
  • Administrators or users with appropriate permissions set the billing budget amount; the percentage for the organization, an environment, or a compute pool; and the frequency of billing alerts to once per billing period or daily.

VPN Users

VPN Users represent a new category of user that is capable only of using the SSL VPN to connect to their Enterprise Cloud networks. They are not permitted to use the Infinicenter Console for management.

Infinicenter Console

  • Manage VPN Accounts tab manages VPN users: add, reset password, and delete. Passwords for VPN users are auto-generated.

Defects Resolved

Infinicenter Console

The Excel document is blank when List View is your default display option for the Devices tab

Before this fix, if your default Devices tab display option was the List view and you export the device list upon first arriving on the Devices tab, the resulting Excel document was empty.

Session timeout on Resources tab fails to redirect to login screen

Before this fix, when a session timed out while displaying the Resources tab and the user subsequently requests the next page of the Task History, instead of presenting a dialog box that returns the user to the Sign In screen, a warning icon appears on the Task History, which reports a general system error in the hover tooltip.

1.1.35. Release 2.23.0.112213

Enterprise Cloud
2.23 Release Notes

Verizon is pleased to announce the availability of release 2.23 of the Enterprise Cloud on November 22, 2013.

Verizon releases a new software framework to enable and support future product offerings.

Network Descriptions

Customers and support personnel sometimes have difficulty communicating the network to select. The network description permits customers to add a description to each of their networks, through the Infinicenter Console for INT and DMZ networks and through Verizon support engineers for all others, to aid in selecting the network.

Infinicenter Console

  • May add a description to INT and DMZ networks on the Networks tab. Hovering over the network on the Networks tab shows a tooltip with the description.
  • Users must have the Edit Network Description permission to edit network descriptions.

Enterprise Cloud API

Performance Enhancements

For organizations with large quantities of objects in their environments, the Infinicenter Console is enhanced to present information more quickly.

Infinicenter Console

  • Resources tab presents the task history more quickly.
  • Devices tab presents the first 1500 devices more quickly and the search feature has improved response.
  • Internet Services tab of Network tab presents networks and their virtual machines more quickly and only upon demand.
  • Security Services tab of Network tab presents firewall rules more quickly and pages long lists.
  • Trusted Network Groups tab of Network tab presents the trusted network groups more quickly. (US7079)

User Experience Improvement

Infinicenter Console

Defects Resolved

Infinicenter Console

Cannot enter a memory value greater than 9996MB.

Previously, the memory field was only four digits in length, limiting the maximum memory to 9,996MB; is now five digits for a maximum memory of 99,996MB.

Copy identical of a virtual machine with a custom network fails.

Previously, a copy identical of a virtual machine with a custom network failed; now a copy is prohibited if the virtual machine has a custom network.

Enterprise Cloud API

Copy identical of a virtual machine with a custom network fails.

Previously, a copy identical of a virtual machine with a custom network failed; now a copy is prohibited if the virtual machine has a custom network.

1.1.36. Release 2.22.0.100513

Enterprise Cloud
2.22 Release Notes

Verizon is pleased to announce the availability of release 2.22 of the Enterprise Cloud on September 21, 2013.

User Experience Improvement

Infinicenter Console

  • Internet Explorer 10 supported by the Infinicenter Console.
  • Can filter devices displayed on Devices tab by: partial name, tags, operating system, cloud service subscription, managed state, device type, powered state, or network. Filter icon is yellow when a filter is applied and white otherwise. Filter settings may be saved, edited, deleted, or used.
1.1.37. Release 2.21.0.080313

Enterprise Cloud
2.21 Release Notes

Includes 2.20 Release Notes

Verizon is pleased to announce the availability of release 2.21 of the Enterprise Cloud on August 3, 2013.

Linked Organizations

Sometimes a company is so large that they choose to have more than one organization in the Enterprise Cloud. However, they may wish to enable users to work in more than one organization. Companies may request that Verizon create links based on trust between the organizations. Using the credentials from their original organization, users may log in to any organization linked to their original organization.

Note: Users may log into only one organization at a time from any instance of the Infinicenter Console.

When an organization trusts another organization, users in the trusted organization may log into the trusting organization. Actions of users, regardless of organization, are controlled by the permissions granted in the organization to which they are logged in. For users of the trusted organization to perform any actions in the trusting organization, they must have permissions to that action explicitly granted in the trusting organization. For example, organization B trusts organization A. An administrator in organization B must edit each user from organization A and grant the permissions desired for that user from organization A. Users in organization A may log into organization B and will have access to organization B in accordance with the permissions granted in organization B.

Note: To unlock, deactivate, activate, reset, or delete a user account, a user must have administrator permission to the organization in which the user account was created. To grant permissions for any user account visible in an organization, a user must have administrator permission to the organization to which permissions will be granted. For all other actions, users may perform actions in accordance with permissions granted in that organization.

The home organization is the organization in which the user account is defined. The target organization is the organization in which the user attempts access.

With linked organizations, the authentication method used is that required by the organization to which the user is requesting access. A user, whose home organization requires password authentication, attempts to access an organization that requires certificate-based authentication; the user will be prompted for a certificate. Conversely, a user, whose home organization requires certificate-based authentication, attempts to access an organization that requires password authentication; the user will be prompted for a password.

Infinicenter Console

  • Users from linked organizations may log into either their original organization or any linked organization. Password policy is controlled by the home organization; multi-factor and certificate authentication is controlled by the target organization.
  • The Users tab displays users from its organizations and all linked organizations.
  • Only users with administrator permissions in the same organization as the target user account may perform user account management functions: unlock, deactivate, activate, reset, and delete. The last administrator may not be removed from a linked organization.
  • Only users with administrator permissions in the organization in which permissions are to be granted may grant permissions to a user account.
  • New role of NoAccess initially applied to all users from linked organizations. All permissions for a user from a linked organization in a target organization may be removed with a single click, which restores the NoAccess role.
  • Users with access to multiple organizations establish different preferences for each organization.
  • Users have VPN access to all organizations to which they have access.

Enterprise Cloud API

  • Users from linked organizations may log into either their original organization or any linked organization and can view all organizations for which they have permissions.
  • The User calls display users from its organizations and all linked organizations.
  • Only users with administrator permissions in the same organization as the target user account may perform user account management functions: unlock, deactivate, activate, reset, and delete.
  • Only users with administrator permissions in the organization in which permissions are to be granted may grant permissions to a user account.

User Experience Improvement

Infinicenter Console

  • A search box permits filtering the devices presented on the device tab by name or partial name.
  • Customers of Verizon resellers do not see pricing or billing information, such as when creating instance-based virtual machines or adding cloud services.

Enterprise Cloud API

  • May set the threshold at which an alert fires in alert notification of the Infinicenter Console.
  • Customers of Verizon resellers do not see pricing or billing information, such as in the get compute pools price matrix call, virtual machine calls, or billing calls.
1.1.38. Release 2.20.0.061513

Enterprise Cloud
2.20 Release Notes

Verizon releases a new software framework to enable and support future product offerings.

The features added in release 2.20 deployed to production with release 2.21.

1.1.39. Release 2.19.0.042713

Enterprise Cloud
2.19 Release Notes

User Experience Improvement

Verizon releases a new software framework to enable and support future product offerings.

Enterprise Cloud API

Defects Resolved

Infinicenter Console

Input validation failed in description field

Prior to this solution, input validation in the description field could fail, reducing security.

Other organizations could view private templates

Prior to this solution, organizations other than the owner of a private template could view, although not use, that private template.

1.1.40. Release 2.18.0.030913

Enterprise Cloud
2.18 Release Notes

Verizon is pleased to announce the availability of release 2.18 of the Enterprise Cloud on March 9, 2013.

Internal Public IPs

Internal public IPs enable use of the load-sharing capabilities of a public IP and associated Internet services on a secure and private network. Internal public IPs are not visible from the Internet. Internal public IPs can expose an Internet service to hosts on the corporate network over the LAN-to-LAN connection. Also, internal public IPs can expose an Internet service to virtual machines on an Enterprise Cloud DMZ subnet. You can assign virtual machines on Enterprise Cloud DMZ subnets or INT subnets to node services for Internet services associated with an internal public IP.

Note: IP version 6 addresses are not currently supported for internal public IPs. This is a known issue with this feature.

Infinicenter Console

Enterprise Cloud API

Insert a New Firewall Rule at a Specified Line

Normally, firewall rules are added at the end of the list of firewall rules. If given a line number, the firewall rule is added at the line number specified.

Infinicenter Console

Enterprise Cloud API

User Experience Improvement

Enterprise Cloud API

Defects Resolved

Infinicenter Console

Template OS licensing cost is not showing up correctly in the create server dialog

Previously, the Create Server From Template dialog displayed incorrect licensing costs during the Processor & Memory phase.

Some virtual machines failed to delete

Previously, some virtual machines failed to delete in response to Delete server.

An incorrect URL to the sign in page could cause a redirect

Previously, supplying an invalid URL to the Infinicenter Console sign in page could cause the page to incorrectly redirect the user to another Web site.

Compute Pool names appear out of order

Previously, the compute pool tabs would not always appear on the Devices tab of Environments in the order in which they were created.

Enterprise Cloud API

In the Live Specification, the Action Virtual Machines Detach Disk response returned an incorrect value

Previously, the Live Specification returned Detach Disk as the value of <Operation> in the response to Action Virtual Machines Detach Disk. It now returns Detach Virtual Disk as in the live code.

Some virtual machines failed to delete

Previously, some virtual machines failed to delete in response to Action Virtual Machines Remove.

1.1.41. Release 2.17.0.121512

Enterprise Cloud
2.17 Release Notes

Verizon is pleased to announce the availability of release 2.17 of the Enterprise Cloud on December 15, 2012.

Authentication using X.509 Certificates

Authentication permits use of X.509 certificates from Personal Identity Verification cards. Certificates that sign end entity certificates and the certificates of any Certificate Authorities in the trust hierarchy up to the certificate the customer declares as trusted, or the root Certificate Authority, are exported and stored within the Enterprise Cloud service. Certificates presented are validated using Online Certificate Status Protocol (OCSP) to the OCSP responder provided to the Enterprise Cloud. Certificate Revocation Lists are not supported.

Infinicenter Console

Internet Service Protocol of Both TCP and UDP

Previously, to create an Internet Service on both TCP port 21 and UDP port 21 required two Internet services. A new protocol of TCP+UDP now permits a single Internet service to simultaneously support the same port, or ports, on both the TCP and UDP protocols. Furthermore, TCP, UDP, and TCP+UDP Internet services permit multiple ports and multiple port ranges.

Infinicenter Console

  • Users may view, create, manage, and delete Internet services with a port, ports, a port range, port ranges, or combination simultaneously on both TCP and UDP protocols.

Enterprise Cloud API

  • API users may view, create, manage, and delete Internet services with a port, ports, a port range, port ranges, or combination simultaneously on both TCP and UDP protocols.

Security Groups for Role-Based Access Control 2

Role-Based Access Control (RBAC) is a National Institute of Standards and Technology (NIST) standard with the second level adding constraints to basic RBAC. In the Enterprise Cloud, RBAC2 is implemented with Security Groups added to the granular permissions introduced in release 2.10. Devices are assigned to Security Groups and, as with existing Organization and Environment roles, roles are defined with specific constraints upon device-level activities for each Security Group. Users are assigned to Security Group roles in the same manner as Organization and Environment roles. "User with All Operations" is a new system-defined role for Security Groups.

Note: Users with Organization-level Administrator role, users with Environment-level User w/Billing role, and users with Environment-level User w/o Billing role override the constraints of Security Group roles.

Where Environment level and Security Group level permissions conflict, the Security Group level permissions apply exclusively to actions upon virtual machines that are members of the Security Group; for all other actions the Environment level permissions apply. For example, Manage Device IPs may be assigned in both Environment and Security Group levels. The user with Manage Device IPs permission for a Security Group but not for the Environment may assign IPs to a device in the Security Group but may not reserve IPs on the Network tab.

Note: A user must have access to the Environment in which devices in a Security Group reside. The Security Group role cannot override a lack of an Environment level role.

Enterprise Cloud API

  • System permits or denies user actions on a server depending on Organizational, Environmental, and Security Group access levels.
  • Users may retrieve a list of all security groups or a specified security group.
  • Administrators may create, edit, enable, disable, or delete security groups.
  • Administrators may create, edit, or delete a security group level role.
  • Administrators may assign users security group level roles from Roles service or Users service.
  • Administrators may assign virtual machines and physical devices to a security group or security groups to a virtual machine or physical device.
  • Note: The calls, which assign security groups to a virtual machine or physical device, incorrectly return the virtual machine or physical device. They should return only the AssignedSecurityGroups object. Release 2013-02-01 will return the correct object.

Template Distribution

Template Distribution automates the distribution of templates to all data centers and permits versioning of templates. Versioning permits users to create virtual machines from prior versions of templates to ensure consistent application environments, if desired.

Enterprise Cloud API

User Experience Improvement

Infinicenter Console

  • Users may export metered billing data in detail or summarized by virtual machine.
  • Administrators may set a flag during creates and edits of non-administrator users indicating that they should receive Verizon Change Notices.
  • Firewall Audit report enhanced to perform string comparisons between firewall rules from the firewall configuration and from the Infinicenter configuration. Matches are printed in blue. When exported, a new column, Is Match W/String Comparison, indicates a match with a value of yes.

Enterprise Cloud API

  • Users may retrieve metered billing grouped by virtual machine.
1.1.42. Release 2.16.0.110312

Enterprise Cloud
2.16 Release Notes

Verizon is pleased to announce the availability of release 2.16 of the Enterprise Cloud on November 3, 2012.

Instance-Based Virtual Machines

Note: Instance-based virtual machines will be available in February 2013.

Instance-based virtual machines permit an organization to obtain additional compute capacity in the Enterprise Cloud without a long term commitment for resources. Virtual machine instances receive dedicated storage resources when created and dedicated processor and memory resources when running. They exist in a compute pool separate from any resource-based compute pools the organization may have.

Organizations incur storage charges when an instance-based virtual machine is created. Organizations incur processor and memory charges only when an instance-based virtual machine is powered on.

Organizations have a separate catalog in the instance-based compute pool into which virtual machines may be uploaded. The catalog can contain virtual machines images configured to the requirements of the organization. The organization can quickly create additional instances of that virtual machine image when needed and remove the instance when unneeded.

Infinicenter Console

  • The tab on the Environments screen identifies instance-based compute pools.
  • In an instance-based compute pool when creating a blank server, creating from a template or the catalog, copying a server, either customized or identical, or when re-configuring a server, the configure phase of the dialog shows the available processor, memory, and price matrix and the price per gigabyte for storage.
  • Dialogs for powering a virtual machine on or off present messages regarding usage fees beginning, continuing, or ending.
  • Resource gauges for instance-based compute pools reflects consumed of allocated resources, rather than consumed of purchased resources, on the All Compute Pools tab and on the individual compute pool tabs.
  • Purchased resources and burst mode do not apply to instance-based virtual machines, therefore no alerts occur. Neither Resource Alerts tab nor burst buttons are available on the Resource tab for instance-based compute pools.
  • Graphs of processor and memory usage over time on the Resource | Graphs tab present percentage of allocated resources used, rather than of purchased resources used, over time.
  • Storage for instance-based virtual machines is billed continuously until the virtual machine is deleted. Storage | Virtual Machine shows all virtual machines with percentage of allocated, rather than percentage of purchased.
  • My Account | Billing tab has separate tabs for billing of committed and metered resources. Metered billing has a filter to view all charges, all reserved compute pool charges, all instance-based compute pool charges, only licensing charges, only computing charges, only storage charges, and only licensing charges.
  • For instance-based virtual machines, you may retry Create Blank Server, Create Server from Template, Delete Server, Copy Customized, Copy Identical, Create From Catalog, and Configure Server operations.

Enterprise Cloud API

  • New call retrieves the available processor, memory, and price matrix for an instance-based compute pool.
  • In an instance-based compute pool when creating a blank server or when creating from a template or the catalog or when configuring an existing virtual machine the processor and memory section requires the desired processor and memory match a value in the price matrix.
  • For instance-based compute pools you may retrieve the metered billing usage and costs.
  • For instance-based compute pools you may retrieve a list of all virtual machines but which include no <Purchased> amounts.
  • Resource summary calls report only allocated and consumed resources, not purchased resources.
  • Responses to compute pool calls for instance-based compute pools omit bursting operations as those actions are inappropriate to instance-based compute pools. If called, those calls return error responses against instance-based compute pools.
  • For instance-based virtual machines, you may retry Create Blank Server, Create Server from Template, Delete Server, Copy Customized, Copy Identical, Create From Catalog, and Configure Server operations.

Bug Fixes

Infinicenter Console

Export Task History Data Limit

Prior to this fix, task history exports were limited to 122KB of data with no warning to the user. Exports now permit 1GB of data.

CustomizationPending Flag on VM Create/Clone Incorrect

Prior to this fix, the CustomizationPending flag returned "false" even though the customization was not completed. (DE9404)

1.1.43. Release 2.15.0.090112

Enterprise Cloud
2.15 Release Notes

Verizon is pleased to announce the availability of release 2.15 of the Enterprise Cloud on September 1, 2012.

Internet Protocol Version 6 (IPv6)

Internet Protocol Version 6 (IPv6) is the next generation data communication protocol from the organization that governs the Internet, the Internet Engineering Task Force. The salient feature of IPv6 is an address space that is enormously larger than that of IPv4: roughly 3.4 x 1038 for IPv6 versus 4.3 x 109 for IPv4. While IPv6 has many technical advantages over IPv4, it is the exhaustion of the IPv4 address space in February of 2011 that forced the official launch of IPv6 worldwide on 6 June 2012.

Note: IPv6 is implemented only in a dual-stack architecture, no networks or devices are configured exclusively with IPv6. In the descriptions below, IPv6 capability is in addition to an implied IPv4 address. Some configuration activities permit assigning just an IPv6 address initially but an IPv4 address must subsequently be assigned.

The most visible change is the address representation. In IPv4, addresses are represented by four decimal numbers in the range of 0 to 255 separated by periods: 192.168.28.214. In IPv6, addresses are eight groups of four hexadecimal digits separated by colons: 0db8:85a3:0000:0000:0000:8a2e:0370:7334. Compression of the IPv6 address is permitted: consecutive groups of four zeros may be represented by double colons, although only one set of double colons may appear to prevent ambiguity, and leading zeros in the individual groups may be suppressed, although at least one character must appear. The previous example compressed would be: db8:85a3::8a2e:370:7334.

Note: The Enterprise Cloud will not support IPv6 on physical devices in this release.

Infinicenter Console

  • Create a server with an IPv6 address from a template, from a copy, from an identical copy, or a blank and configure servers.
  • Properly presents IPv6 addresses, in compressed form, wherever an IP address might appear.
  • Properly presents IPv6 addresses in all tasks with IP addresses.
  • Network > Manage IP Addresses properly manages IPv6 addresses. Unused IPv6 addresses are not presented.
  • May activate a Public IP for IPv6 if not using a FWSM firewall and if at least one IPv6 subnet exists.
  • Trusted Network Groups may be configured for IPv6 networks and addresses but IPv4 and IPv6 may not be mixed.
  • Internet Services and Node Services may be configured with IPv6 addresses.
  • RNATs only apply to IPv4 and may not be configured with IPv6.
  • Manage firewall rules with IPv6 addresses; firewall log and firewall audit entries properly report IPv6 addresses.

Enterprise Cloud API

Note: This feature is applicable to version 2012-09-01 (release 2.15) and later. The legacy API version v0.8b-ext2.8 (releases 2.8 and 2.9) and the new API versions 2011-07-01 (release 2.10) through 2012-07-01 (release 2.14) may neither view nor administer IPv6.

  • Create a server with an IPv6 address from a template, from a copy, from an identical copy, or a blank and configure servers.
  • Properly presents IPv6 addresses, in compressed form, wherever an IP address might appear.
  • Properly presents IPv6 addresses in all tasks with IP addresses.
  • Properly manages IPv6 addresses in current and legacy API. Unused IPv6 addresses are not presented.
  • May activate a Public IP for IPv6 in current and legacy API if not using a FWSM firewall and if at least one IPv6 subnet exists.
  • Trusted Network Groups may be configured for IPv6 networks and addresses in current and legacy API but IPv4 and IPv6 may not be mixed.
  • Internet Services and Node Services may be configured with IPv6 addresses in current and legacy API.
  • RNATs only apply to IPv4 and may not be configured with IPv6.
  • Manage firewall rules with IPv6 addresses; firewall log entries properly report IPv6 addresses.

Security Groups for Role-Based Access Control 2

Role-Based Access Control (RBAC) is a National Institute of Standards and Technology (NIST) standard with the second level adding constraints to basic RBAC. In the Enterprise Cloud, RBAC2 is implemented through security groups with security group level roles added to the granular permissions introduced in release 2.10. Devices are assigned to security groups and, as with existing organization and environment level roles, security group level roles are defined with specific constraints upon device-level activities for each security group. Users are assigned to security group roles in the same manner as organization and environment roles. "User with All Operations" is a new system-defined role for security groups.

Note: Users with organization-level Administrator role, users with environment-level User w/Billing role, and users with environment-level User w/o Billing role override the constraints of security group roles.

Where environment level and security group level permissions conflict, the security group level permissions apply exclusively to actions upon virtual machines that are members of the security group; for all other actions the environment level permissions apply. For example, Manage Device IPs may be assigned in both environment and security group levels. The user with Manage Device IPs permission for a security group but not for the environment may assign IPs to a device in the Security Group but may not reserve IPs on the Network tab.

Note: A user must have access to the environment in which devices in a security group reside. The security group role cannot override a lack of an environment level role.

Infinicenter Console

  • Users with organization permissions may view Security Groups for their organization.
  • Users with organization permissions may view a list of Security Group Roles under the Manage Roles tab, in addition to Organization and Environment Level Roles.
  • Administrators may create, edit, and remove Security Groups for environments in their organization.
  • Administrators may create, edit, and remove Security Group Roles and assign selected business operations.
  • Administrators may add or remove specific VMs requiring security to a given Security Group and Environment combination.
  • Administrators may assign multiple users to roles for each security group.
  • Administrators may assign or un-assign roles for a list of Security Groups during user creation, so that the user is invited with proper permissions.
  • Administrators may assign or un-assign roles for a list of security groups while editing a user permission.
  • The system permits or denies user actions on a server depending on Organizational, Environmental, and Security Group access levels.

Enterprise Cloud API

  • The system permits or denies user actions on a server depending on Organizational, Environmental, and Security Group access levels.

Template Distribution

Template Distribution automates the distribution of templates to all data centers and permits versioning of templates. Versioning permits users to create virtual machines from prior versions of templates to ensure consistent application environments, if desired.

Infinicenter Console

  • Users see multiple versions of templates when available and may create servers from the version of their choice.

Enterprise Cloud API

  • Servers created from templates use the latest version.

Known Issues

Create or Copy a Windows Server 2003 with IPv6 Addresses

Microsoft acknowledges this issue. The issue arises when copying a virtual machine configured with an IPv6 address.

As part of the create request, one or more new IPv6 addresses are assigned. Correct behavior would have Windows on the virtual machine add the new IPv6 address, supplied in the create request. However, a Windows Server 2003 virtual machine fails to add the new IPv6 address. No IPv6 communication is possible because the new virtual machine has no IPv6 address.

As part of the copy request, a new IPv6 address is assigned. Correct virtual machine behavior deletes the existing IPv6 address and adds the new IPv6 address from the copy request. However, a Windows Server 2003 virtual machine retains the existing IPv6 address and fails to add the new IPv6 address. An IP address conflict results because the new virtual machine and the source virtual machine have a common IP address.

Infinicenter Console

Workaround:

  1. For a copy, note the IPv6 address(es) on the source virtual machine.
  2. Create the virtual machine or copy the source virtual machine.
  3. When the operation completes, power on the newly created virtual machine.
  4. Console connect to the newly copied virtual machine.
  5. Following a copy, remove the common IPv6 address(es) from Windows networking.
  6. Following a create or copy, add the desired IPv6 address(es) to Windows networking.

Enterprise Cloud API

Workaround:

Use the netsh command line tool to add or remove IPv6 addresses.

netsh interface ipv6 {add | delete} address [[interface=]String] [address=]IPv6Address [[store=]{active | persistent}]

This command will add or delete an IPv6 address on a specified interface.

Parameters

[[interface=]String]

Specifies an interface name or index. The index is the zone number after the percent sign in the IPv6 address of an ipconfig response.

[address=]IPv6Address

Required. Specifies the IPv6 address to delete.

[[store=]{active | persistent}]

Specifies whether the deletion lasts only until the next boot (active) or is persistent (persistent). The default selection is persistent.

This example command deletes the address fe80::39c1:c3ba:8abc:6684 from the interface named "Local Area Connection 3" with a zone of 22 from the ipconfig example below.

netsh interface ipv6 delete address "Local Area Connection 3" fe80::39c1:c3ba:8abc:6684

netsh interface ipv6 delete address "22" fe80::39c1:c3ba:8abc:6684

To use netsh with the API, use the following procedure. Assume the newly copied virtual machine should have IPv6 address fe80::39c1:c3ba:8abc:7684 on interface "Local Area Connection 3" or zone 22.

  1. For a copy, Get Virtual Machines by ID the source virtual machine.
  2. For a copy, note the IPv6 address(es) on the source virtual machine.
  3. Action Virtual Machines Create the virtual machine or Action Virtual Machines Create Copy the source virtual machine.
  4. When the operation completes, Action Virtual Machines Power On the newly created virtual machine.
  5. Action Virtual Machines Guest Process the following body to the newly created virtual machine to retrieve the IP configuration from the virtual machine.

    <CreateGuestProcess>

    <Interpreter></Interpreter>

    <Script>ipconfig > c:\ipconfig.txt</Script>

    </CreateGuestProcess>

  6. Get Virtual Machines Guest File with the query parameter "?path= c:\ipconfig.txt" to retrieve the IPv6 address(es) from Windows. The file should look similar to the following.

    Windows IP Configuration

    Ethernet adapter Local Area Connection 3:

    Connection-specific DNS Suffix . : corp.com

    Link-local IPv6 Address . . . . . : fe80::39c1:c3ba:8abc:6684%22

    IPv4 Address. . . . . . . . . . . : 10.255.4.218

    Subnet Mask . . . . . . . . . . . : 255.255.255.0

    Default Gateway . . . . . . . . . : 10.255.4.1

  7. Following a copy, Action Virtual Machines Guest Process the following body to the newly created virtual machine for each common IPv6 to remove the common IPv6 address(es) from the source virtual machine noted in step 2.

    <CreateGuestProcess>

    <Interpreter></Interpreter>

    <Script>netsh interface ipv6 delete address "Local Area Connection 3" fe80::39c1:c3ba:8abc:6684</Script>

    </CreateGuestProcess>

  8. Following a create or copy, Action Virtual Machines Guest Process the following body to the newly created virtual machine to add the desired IPv6.

    <CreateGuestProcess>

    <Interpreter></Interpreter>

    <Script>netsh interface ipv6 add address "Local Area Connection 3" fe80::39c1:c3ba:8abc:7684</Script>

    </CreateGuestProcess>

  9. Repeat steps 5 and 6 to verify the IPv6 address(es) were removed or added.
  10. Action Virtual Machines Guest Process the following body to the newly created virtual machine to remove the text file from the virtual machine.

    <CreateGuestProcess>

    <Interpreter></Interpreter>

    <Script>del c:\ipconfig.txt</Script>

    </CreateGuestProcess>

1.1.44. Release 2.14.0.072112

Enterprise Cloud
2.14 Release Notes

Verizon is pleased to announce the availability of release 2.14 of the Enterprise Cloud on July 21, 2012.

Distributed Architecture

As the Enterprise Cloud grows and expands, Verizon seeks to continue our excellent service delivery when users administer their Enterprise Cloud infrastructure. By distributing the workload, management tools maintain performance with that continued growth and expansion.

Issues for the Original Architecture

The original management architecture had all components hosted at a one facility. This presented three difficulties:

  • The one facility presented a single point of failure, loss of resources or connectivity to that facility ended management interaction until failures were corrected.
  • The singe instance of the application tier communicated to infrastructure components, VirtualCenters, load balancers, and firewalls, around the world with attendant limitations resulting from international data communication.
  • Those communication requirements necessitated more firewall rules to permit infrastructure management in all the datacenters.

The infrastructure components distributed to remote sites around the world must replicate key information back to the central site. This presented two difficulties:

  • Data consistency is challenged where communications incur high latency and low bandwidth.
  • Replication does not scale out, expand to multiple facilities, as VirtualCenters and sites are added.

Goals for the New Architecture

The new architecture addresses the issues with the original architecture above. To ensure robust and timely delivery, the new architecture minimized the scope of the development effort. The new architecture:

  • Reuses existing entities and business logic.
  • Distributes only those pieces necessary to address the issues of the old architecture.
  • Retains centrally the key pieces required to distribute the data (such as sign on), organizational data, and data not time-sensitive (such as reporting).
  • Minimizes conflicts with existing and future development efforts on the platform for easy integration.

New Architecture

In the new architecture, some components remain at the central site and some are distributed to the remote sites.

Central Site

Organizational information and activities remain at the central site: organizations, users, environments, and compute pools. The organizational data, which is typically slow to change, is replicated to the datacenters. The central site also maintains the location of system entities, connectivity information, and system versions at the remote sites; this enables the central site to route calls to the appropriate remote site.

Users of Enterprise Cloud Private Access and users of white label resellers access all activities through the central site. The central site retrieves information from the remote sites as required on behalf of these users.

Remote Sites

Operational information and activities are distributed to the remote sites. A remote site retains detailed information about local environments: virtual machines, physical devices, networks, Internet services, IP addresses, security, and local resource utilization. A remote site replicates the data from all local VirtualCenters. A remote site provisions and de-provisions local infrastructure components. Remote sites aggregate data for VM utilization, billing, transaction history, licensing, and reporting and replicate the information back to the central site.

Single Sign-On

Users sign in only once to the central site. The central site ensures Infinicenter users' and legacy API users' authorization is presented to remote sites as users are directed to those remote sites. Users of the new API offer authentication credentials with every call. When a user of the new API sends a call to a remote site, the remote site ensures authentication with the central site.

Additional Benefits

The new architecture solves the issues with the original architecture and meets its goals. The new architecture enables a phased roll out to the remote sites of new versions of the system, reducing the impact on both customers and Verizon operations. The central application can be globally load-balanced for growth and performance.

Infinicenter Console

Administrative information, essentially the My Accounts tab, is served from the central site. Operational information is served from the site in which the entities are located. The implementation is seamless: only the URLs change in the browser.

Enterprise Cloud API

The API adds two header fields, which can improve the efficiency of those applications if used. Information regarding operational entities is stored at the site in which the entity resides. Each site has an API service that responds to calls for entities at that site. Calls may be issued to any site. If the entity is not located at that site, the API service will serve as a proxy and forward the request to and the response from the appropriate site as necessary.

Administrative information, calls beginning with /admin/ in the API, is served from the central site. Operational information is served from the site in which the entities are located. The implementation is seamless: no change to existing applications is required. However, the new header fields described below enable applications to optimize calls in the future.

Note: Only API versions 2.8 and later are supported with the new architecture.

Note: New API documentation is available for all supported versions of the API.

Content Location

When a call requests information regarding an entity at a site different from that to which the call was issued, the Content-Location header field will be valued in the response with the complete URL to the entity, including the hostname of the host with the content. The URL may be used to avoid proxy retrievals of that entity in the future.

Note: The Content-Location header field is only present in the response to a call with a GET method.

Note: The Content-Location header field is not used with Enterprise Cloud Private Access or with white-label resellers.

Responding Host

When a call requests information regarding, or performs an action against, an entity at a site different from that to which the call was issued, the x-responding-host header field will be valued in the response with the hostname of the host with the content. The hostname may be used to avoid proxy calls for that entity in the future.

Note: The x-responding-host header field is not used with Enterprise Cloud Private Access or with white-label resellers.

User Experience Improvements

Enterprise Cloud API

  • Filter parameters for Alerts use the href of the entity rather than identifier. Note: Prior parameters are removed.
  • Added a Link to ComputePools to directly access the alerts pertinent to that compute pool.
1.1.45. Release 2.13.0.060912

Enterprise Cloud
2.13 Release Notes

Verizon is pleased to announce the availability of release 2.13 of the Enterprise Cloud on June 9, 2012.

Private Networks with Customer-Provided IP Addresses

Some customers wish to include their private subnets in the Enterprise Cloud within the Internet Protocol address space of their internal corporate network. The customer-provided private subnet feature permits such IP address schemes in the Enterprise Cloud.

Note: Customer-provided IP addresses are available only upon approval of Verizon. If customer-provided IP addresses for private networks are essential to operations, submit the request to an Account Manager.

Infinicenter Console

  • View environment and device tasks with customer-provided IP addresses and Verizon-provided IP addresses where applicable.
  • Create or Copy a server and configure the Network settings to a Network with customer-provided IP addresses seamlessly as with current networks.
  • Configure Network settings on a device using a Network with customer-provided IP addresses seamlessly as with current Networks.
  • Manage IP addresses on a device on a subnet with customer-provided IP addresses seamlessly as with current subnets.
  • Configure node services using an IP address from subnets with customer-provided IP addresses seamlessly as with current nodes.
  • Configure Network RNAT and Device RNAT for a subnet with customer-provided IP addresses seamlessly as with a current RNAT.
  • Create custom firewall rules using a customer-provided IP or a subnet with customer-provided IP addresses as with a current create custom firewall rule.
  • View the firewall audit log with customer-provided IP addresses and Verizon-provided IP addresses where applicable.

Enterprise Cloud API

  • Create and present custom firewall rules using a customer-provided IP or a subnet with customer-provided IP addresses seamlessly as with current firewall rule service.
  • Configure and present device and network RNATs with customer-provided IP addresses seamlessly as with current RNATs.
  • Configure and present node services with customer-provided IP addresses seamlessly as with current node services.
  • Configure and present environments, compute pools, and virtual machines with customer-provided IP addresses seamlessly as with current services.
  • Configure and present IP addresses with customer-provided IP addresses seamlessly as with current IP address service; present tasks with customer-provided IP addresses seamlessly as with current task service.
  • Network, network hosts, and network summary services present customer-provided IP addresses seamlessly as with current services.
  • Firewall log and Internet services service configure and present customer-provided IP addresses seamlessly as with current services.

Password Expiration

Organizations may set a password expiration policy. The policy forces a new password when the password age exceeds the number of days defined by the organization. Users may be notified a configurable number of days prior to expiration of their password. When first setting a password expiration policy, a time period may be set, during which passwords will not expire, to prevent all users' passwords from expiring upon implementation.

Infinicenter Console

  • An organization may enable or disable password expiration, requiring its users to periodically change the password.
  • An organization may define a warning period during which users, upon login, are notified of when their password expires so that they may change their password.
  • Upon expiration of a password, after the user is authenticated with the old password a dialog appears to change their password.
  • When enabling a password expiration policy, an organization may set a date before which existing password do not expire to provide a short time for existing users to change their passwords.

Enterprise Cloud API

  • An organization may enable or disable password expiration, requiring its users to periodically change the password.
  • An organization may define a warning period during which users are notified in Get Users Credentials of when their password expires so that they may change their password. (US3359)
  • The <PasswordExpirationDate> element on <UserCredentials> shows the date and time the password expires, once the password is within the defined warning period, so that the user is aware they need to change their password. (US3364)
  • Upon expiration of a password, the user receives a 401 error until a new password is entered with Action Change Password, an unauthenticated call.
  • When enabling a password expiration policy, an organization may set a date before which existing password do not expire to provide a short time for existing users to change their passwords.

User Experience Improvements

Infinicenter Console

  • On the Device tab, from any group may create a server from a template, from a catalog item, or blank in the same manner as the Create Server button.

Bug Fixes

Infinicenter Console

Add Another Data Disk to an Imported VM Caused Data Disk to Switch with System Disk

Prior to this fix, when configuring a new data disk on an imported VM could cause the data disk and system disk to swap places; that is, Infinicenter would make the newly added disk the first (system) disk and would make the original disk the second (data) disk. The system disk could then be deleted.

Create Server From Template – Available Templates field is misaligned

Prior to this fix, when creating a new server in Internet Explorer, the dropdown list box for the available templates is misaligned.

1.1.46. Release 2.12.0.041412

Enterprise Cloud
2.12 Release Notes

Alert Notification of Real-Time Monitoring

An organization may monitor certain events within the environment and, when thresholds are crossed, have an email alert sent to a list of email addresses. The events and thresholds are system-defined: high processor or memory usage, and processor or memory bursting. The email list is user-defined. When an alert occurs, a threshold is crossed, users subscribed to that rule are notified by email of the condition.

Note: This feature is in beta testing. Upon completion of beta testing, the feature will be gradually implemented across customers.

Infinicenter Console

  • Alert notification will be gradually implemented across customers.
  • Defined alerts for high processor or memory usage, and processor or memory bursting.
  • Notifies users subscribed to the alert when: the alert condition first appears and when the alert condition disappears.
  • For alert conditions that persist, notes the persistence and reduces the frequency of notifications during the ongoing condition.
  • For resources prone to spikes in usage, alerts only on sustained utilization in excess of thresholds.
  • A user with permission to set alert notifications may select alert choices and subscribe other users to alerts.
  • View a list of all alerts logged for an organization. (US2959)
  • Resellers may edit their email wrapper around alert notification emails to maintain consistent branding and preview each notification within that wrapper.

Enterprise Cloud API

  • View Notification settings and recipient lists.
  • Set Notification settings and recipient lists and subsequently edit the recipient lists.
  • View a list of all alerts logged for an organization.

Detached Storage

Individual virtual disks may be detached from and attached to virtual machines. Detached virtual disks may be managed from the API or Infinicenter Console. Failed detach and attach operations may be retried.

Enterprise Cloud API

  • Virtual disks may be detached from a virtual machine.
  • Detached virtual disks may be attached to a virtual machine.
  • Virtual disks may be attached when creating a blank virtual machine.
  • All detached virtual disks may be viewed for a specific resource pool.
  • Detached virtual disks may be renamed.
  • Detached virtual disks may be deleted from a resource pool.
  • Task history shows when a detached disk has been deleted.
  • Task history shows when a virtual machine disk has been detached or attached.
  • Storage utilization includes storage from virtual machines and detached disks.
  • "Manage Media" business operation available to assign to a role.
  • A failed: detach disk operation, attach disk operation, or create blank server with an attached disk operation may be retried.

Copy Virtual Machines to the VM Catalog

A virtual machine in an environment may be copied to the VM Catalog. The catalog item may be copied into an environment to create new instances of the virtual machine.

Infinicenter Console

  • Organizations may purchase additional storage for their VM Catalog.
  • Virtual machines copied into the catalog may be viewed and deleted with copies initiated from Devices tab or VM Catalog tab.
  • New virtual machines may be created from the catalog item previously copied into the catalog.
  • Preserves licensing costs associated with a copied virtual machine, available in the catalog, and transferred to virtual machines created from the catalog.

Enterprise Cloud API

  • Virtual machines copied into the catalog may be viewed and deleted.
  • New virtual machines may be created from the catalog item previously copied into the catalog.
  • Preserves licensing costs associated with a copied virtual machine, available in the catalog, and transferred to virtual machines created from the catalog.

Firewall Rules Audit Report

Some customers wish to see the firewall rules as stored on the firewall and compare them to the rules as shown on the Infinicenter Console. The new firewall rule audit report presents the rules as stored on the firewall.

Infinicenter Console

  • An audit report displays the rules on the firewall and the report may be exported to Excel.

User Experience Improvements

Infinicenter Console

  • Graphs of processor and memory utilization have: higher resolution, a tooltip with the instantaneous values under the mouse location, and an option for custom ranges greater than 24 hours.
  • Verizon support telephone number may be requested from within the user interface.
  • Networks of any size may be added as the user's end of a VPN tunnel’s remote networks.
  • Session persistence methods of Cookie Insert, Session Cookie, and SSL Session added for Internet services.
  • Improved the presentation of information on the VM Catalog tab.
  • Consolidated Create and Copy functions to a common button on the Devices tab.

Enterprise Cloud API

  • Implements the Get Administrative Organizations call.
  • Session persistence methods of Cookie Insert, Session Cookie, and SSL Session added for Internet services.

Bug Fixes

Enterprise Cloud API

A 500 error returns when the header field name "x-tmrk-version" contains any capital letters

Prior to this fix, if a request was sent when the header field name "x-tmrk-version" was not all lower case, for example “X-Tmrk-Version,” the API returned 500 error.

Copy of a virtual machine with a custom network fails with a 400 Bad Request error

Prior to this fix, if API version 2.8 was used to copy a virtual machine with a custom network, the copy request would fail with a 400 Bad Request error.

1.1.47. Release 2.11.0.021112

Enterprise Cloud
2.11 Release Notes

Enhanced API

Note: With this release version 2.6 (v0.8b-ext2.6) of the previous API design is retired from service.

Enterprise Cloud API

Console Features in 2.11

Infinicenter Console features implemented in the 2.11 release:

  • Networking
    • Network Details
    • Network Hosts
    • Firewall ACLs (POST/DELETE only)
  • Devices
    • Create blank server
  • Physical Devices
    • HA Routers
    • Physical Routers
    • Physical Servers
    • Storage Devices
  • Administration
    • Bandwidth Usage
    • Organization Admin
    • Support Tickets
    • User Management
      • API User and API Key Management
    • Roles and Security

Additional Features

  • Import virtual machine may include an alternate operating system reference if the guest OS of the catalog item is unsupported.
  • Virtual machines distinguish between mounted ISO disk and mounted VMware Tools.
  • A virtual machine may be identically copied.
  • IP addresses may be reserved and unreserved, individually or a group,within a network.
  • The API application service logs changes and correlates API identifiers.

API Explorer

  • The API Explorer tool replaces the previous API sample application and presents the familiar look and feel of Enterprise Cloud tools.
  • API Explorer accepts Basic or CloudApi credentials to apply to messages, credentials may be saved (or removed) between sessions, and permits acting against the Live Specification or customer data; valid user credentials must be provided when operating on customer data.
  • API Explorer presents simple point-and-click access to all the calls, grouped by service, with names and tooltips that match the documentation.
  • API Explorer presents messages in a history pane where each result message is prominently displayed, message headers are available, and response references are active links; the history may be managed by the user.
  • API Explorer request pane has the HTTP method, relative URL reference, and request parameters (which automatically fill from response active links); actions open a response body window pre-populated with a skeleton body in which to enter data.
  • API Explorer permits calls to be re-executed, manipulation of the URL, and custom headers applied.

Infinicenter Console

Detached Storage

Individual virtual disks may be detached from and attached to virtual machines. Detached virtual disks may be managed from the Infinicenter Console.

Infinicenter Console

Load Balancing Algorithms

Currently, Least Current Used is the algorithm used by all load balancers for distributing sessions. Additional algorithms may now be chosen.

Enterprise Cloud API

  • The load balancing method may be set when creating, changed when editing, and returned when retrieving an Internet Service.

Infinicenter Console

User Experience Improvements

Infinicenter Console

Bug Fixes

Infinicenter Console

Expand the "Available Templates" dropdown to show the full template name

Prior to this fix, when a Customer went to Devices > Create Server > Available Templates, the name of a template, which was very long, would be truncated.

The list of Environments under My Environments is not in alphabetical order

Prior to this fix, a Customer viewing the available environments on the dropdown list box under My Environments saw the names in a seeming random order.

1.1.48. Release 2.10.0.121111

Enterprise Cloud
2.10 Release Notes

Enhanced API

The Enterprise Cloud Application Programming Interface release 2.10 (API r2.10) represents a new direction for the Enterprise Cloud API. With no backward compatibility to earlier releases, it is a complete departure from the VMware vCloud API, which permits the new API to expose most of the features of the user interface, Infinicenter Console.

The new API will operate alongside the current API versions, 2.6 through 2.8.1, to permit time to migrate to the new API. The prior versions will retire over the course of 2011 and 2012.

Enterprise Cloud API

Unified API

The API r2.10 unifies the application programming interface between Verizon cloud products: Enterprise Cloud and vCloud Express. Everyone uses the same specification to access their environment. Most actions from the respective user interfaces, from both the Environment tab and the My Account tab, are available through the API. The distinction between base and extension calls disappears. All calls use the same URN and are in the same namespace. In addition, physical devices are supported.

Authentication

The API r2.10 uses a stateless authentication implementation; every request passes authentication in the Authorization header field. Support for basic username and password authentication remains supported. However, the new and more secure message-digest authentication is encouraged. The API supports HMAC-SHA1, HMAC-SHA256 and HMAC-SHA512 hash algorithms for the message digest authentication.

Each call carries a UTC timestamp. Requests received more than 5 minutes after the timestamp are silently dropped. To enable time synchronization, the API permits an anonymous call to retrieve the server time.

Versioning

The URI for the API remains constant across versions. The version is passed in the header of every request. Any active version may be used. Deprecated versions are accepted for a limited time to provide time to migrate applications to an active version before retirement of deprecated versions. Use of an invalid version, including retired versions, will result in an error. To verify support for the desired version, the API permits an anonymous call to retrieve the active versions.

Errors

Error responses return additional detail regarding the nature of the error beyond the HTTP error returned in the header. Every method call that results in an error will not return the default HTML error but will return an appropriate HTML message. Error responses will include the HTTP error code (majorErrorCode), an additional error message (message), and a custom error code (minorErrorCode). For example, without the HTTP header:

  • <Error message="Catalog item with that name already exists." majorErrorCode="409" minorErrorCode="CatalogItemAlreadyExists"/>
  • <Error message="Machine is already powered on." majorErrorCode="400" minorErrorCode=“VmAlreadyPoweredOn"/>

API Users

In addition to continued support for existing interactive users to authenticate with usernames and passwords to the API, the API also supports a more robust authentication method for API users discussed above. Users are created specifically as users of the API. This simplifies the creation and maintenance of API users and simplifies the use of the separate authentication model using private keys. The API user is a “user” in that they:

  • Have specific access rights,
  • Their actions are audited, and
  • Access can be disabled or deleted.

The API user is not, however, a “user account” in that they:

  • Do not participate in the registration process nor receive invitations,
  • Do not have email addresses,
  • Do not have a password,
  • Do not have access to the user interface, and
  • Do not have VPN access.

Live Specification

The Live Specification is a live site available to customers that is fully operational, although with static data. As it performs exactly like the API, customers may begin writing code and testing features using the static data.

Read the introductory sections of the API documentation (Sections 1 through 5) for an overview of the API and its use. Read the readme file for use of the Live Specification.

Features in 2.10

Infinicenter Console features implemented in this 2.10 API release:

  • Environments
    • Environments
    • Compute Pools
    • Tasks
    • Operating Systems/Families
    • Devices
      • Layout
      • Templates
      • Virtual Machines
    • Networking
      • Public IPs
      • IP Addresses
      • RNATs
      • Internet Services
      • Backup Internet Services
      • Node Services
      • Firewall ACLs (GETs only)
      • Firewall Logs
      • Trusted Network Groups
  • Administration
    • Contacts
    • SSH Keys
    • Locations (Data Centers)
    • VM Uploads
  • Tags
  • Time
  • Versions

Features Coming in 2.11

Infinicenter Console features implemented in the coming 2.11 API release:

  • Physical Devices
    • Physical Servers
    • Physical Routers
    • HA Routers
    • Storage Devices
  • Networking
    • Network Details
    • Network hosts
    • Firewall ACLs (POST/DELETE only)
  • Administration
    • Bandwidth Usage
    • Organization Administration
    • Support Ticketing
    • User Management
      • API User Management
      • API Key Management
    • Roles and Security

Infinicenter Console

Granular Permissions

Granular permissions improve upon the previous roles of administrator, user, and read-only. Roles are defined by the permissions granted to the role. Roles are defined for each business operation at the organization level (My Account tab) and environment level (Environments tab). A user need not have an organization role and need not have a role in every environment. Lacking a role for a level, the user has no access for that level. Users must have at least one role assigned. Users are assigned no role or one role for the organization and no role or one role for each environment in the organization. A user's role may differ between environments. The system defines six roles that are equivalent to the previous roles:

  • Administrator – full access to all business operations for the organization and all environments.
  • Read-only – read-only access to business operations for the organization.
  • User w/Billing – full access to business operations, including billing, for the specified environment.
  • User w/o Billing – full access to business operations, without billing, for the specified environment.
  • Read-Only User w/Billing – read-only access to business operations, including billing, for the specified environment.
  • Read-Only User w/o Billing – read-only access to business operations, without billing, for the specified environment.
  • No Access (no role assigned) – access is not permitted.

These six roles are just the starting point. Users may define roles to meet the needs of their business. They define organization roles and assign permissions from the organization business operations and define environment roles and assign permissions from the environment business operations. Administrators assign users at their discretion to roles. The user-defined roles are private to the organization; Verizon may not manage an organization's role definitions.

Enterprise Cloud API

  • An API user must be assigned roles and may access through the API only those business operations permitted by that role.

Infinicenter Console

VMRC

Verizon has adopted VMware Remote Connect (VMRC) for the Console Connect to virtual machines. VMRC is a new and more robust solution for connecting to virtual machines. VMRC works with Internet Explorer and Firefox on Windows and Linux.

Infinicenter Console

  • Users may now connect to any virtual machines using VMRC on their browser. However, a user may not power off, suspend, or reset a virtual machine through the Console Connect feature.
  • The mount and unmount of VMware Tools has moved from Console Connect to the Devices tab of the Infinicenter Console.
  • The user interface will prompt users of the Infinicenter Console to install VMRC if it is not installed.

Resellers without White Labeling

Resellers need not rebrand the interface if they do not desire.

Infinicenter Console

Reserved IP Addresses

Users and account managers may reserve specific IP addresses. When reserved, users must explicitly request those addresses to be shown during the "Manage IP" dialog.

Infinicenter Console

  • Users may reserve IP addresses on their private networks through Infinicenter Console. Reserved IP addresses are identified on Manage IPs in Infinicenter Console with an "Reserved" checked or an "(R)" after the address.
1.1.49. Release 2.9.0.300711

Enterprise Cloud
2.9 Release Notes

Compute Pools

A Compute Pool is a pool of CPU, memory, and storage resources purchased by a customer, associated with an environment, and provisioned from a cluster. The customer allocates CPU and memory resources from their Compute Pool to their VMs. An environment may contain more than one Compute Pool, affording greater scalability.

Infinicenter Console

No user interface changes regarding compute pools are visible in environments with only one compute pool.

  • Select a specific compute pool, or a consolidated display of all compute pools, from multiple compute pools with a scrollable tab bar.
  • Right clicking on a tab permits setting an option to hide or show empty rows or groups from the selected compute pool view or modifying the display name of the selected compute pool.
  • Select the compute pool when creating or importing a VM; copying a VM uses the compute pool of the copied VM.
  • On the Network > Internet Services Tab, devices may be filtered by specific Compute Pool or All.
  • Devices are selected by first choosing the compute pool when creating a Node Service, a firewall rule for a device, or setting firewall log destinations.
  • Node lists display the compute pool name.
  • Each user may set a preferred compute pool for their account such that when logged in the opening tab displayed is for that compute pool.
  • On the All Compute Pools summary page, one may view the resource gauges by compute pool, turn on or off the processor and memory burst mode for each compute pool, and the resource summary. These are in addition to similar capabilities on individual compute pool tabs.
  • Views display the containing Compute Pools when the selection is within a pool: Compute Pools show when viewing resources and VMs.
  • Organizations utilizing compute pools are grouped by compute pool and the billing section displays burst billing, licensing, and metered usage charges by compute pool.

Enterprise Cloud API

  • Get vDC returns < Used> values for Storage Capacity, CPU, and Memory aggregated across the environment.
  • Get vDC returns a link to the compute pools, Get All Compute Pools returns information regarding all compute pools, Get Compute Pool for a single compute pool, Get vApp returns a reference to the compute pool to which it belongs; select the compute pool when importing a VM or creating a VM from a template.
  • The first compute pool is the default when provisioning new environments so that previous versions of the API perform VM creation operations without errors.

Resize Disks

Users may increase disk capacity of disks in virtual machines. Decreasing capacity is not supported.

Infinicenter Console

  • Users may increase the disk size on a Virtual Machine (VM) while in the Powered On or Powered Off state. The user can increase the disk size on a VM but can neither decrease the disk size nor modify the default setting when creating a new VM.

Enterprise Cloud API

  • Users may increase the disk size on a Virtual Machine (VM) while in the Powered On or Powered Off state. The API may be used to increase the disk size on a VM but can neither decrease the disk size nor modify the default setting when creating a new VM.

Submit Support Ticket

Users may submit and monitor support tickets from within Infinicenter Console. If any of an organization’s environments are hosted in a data center which does not support ticketing, the Infinicenter Console feature will not be available.

Infinicenter Console

Under My Account > Cloud Support:

Defects Resolved

Infinicenter Console

Read-only User Has Create Monitor Button Available

Prior to this fix, a Customer, who has read-only permissions for an environment, would see an active Create Monitors button on Environments > Network > Internet Services; the button is now disabled for a read only user.

Error on Memory Trend Chart

Prior to this fix, the chart on the Environments > Resources > Memory Trend page sometimes showed a white band between usage and bursting.

Enterprise Cloud API

Get Organization Call Response Errors

Prior to the fix, the Get Organization API call returned identifiers for unauthorized environments. The call also returned HTML error 404 when the customer expected error 401. The API returns a 404 Not Found status for all unsuccessful calls as a security measure. The call should not indicate success, by returning a different status, when requesting the name of environments that exist but for which the user is not authorized to view.

1.1.50. Release 2.8.0.050611
Enterprise Cloud Release 2.8.0.050611 contains the following New Features, Enhancements and Bug Fixes:
 
Please note all features related to the VM Upload capability are being released as part of a limited beta program.  The beta candidates have been selected and will receive notification from their Service Manager.  After the beta program is completed you will be notified and the feature will be enabled within your console.
 
New Feature:  The Ability to Add/View/Delete VM Catalog Items 
With this new feature, the user can add VM Catalog Items and upload the required OVF files along with the corresponding VMDK file (in chunks). The system will display the Name, Compressed Size, Upload Status, Details and Import Status for each Catalog item for the selected Data Center. If the upload process is interrupted the user will have the option to resume the process where it left off. Furthermore, the user will have the ability to delete Catalog items as needed. Note: Only the User Admin will have access to Add Catalog Items and/or resume the file upload process.

New Feature: Audit Log for Catalog Items
The Audit Log will capture and display the Date/Time, User Name, Data Center Name, Event (Added/Deleted), Catalog Name, and File Name whenever an item is added and/or deleted. The Audit Log can be found under My Account> VM Catalog> Audit Log.

New Feature: Import Server (VM)
With this new feature, the user can Import VM’s into their environment that has been uploaded through the VM Catalog. This feature is located under Environments>Devices>Import Server. 

New Feature:  View List of current Catalog Items
The user can view a list of the existing VM Catalog Items or a single Catalog item by using the assigned ID.

New Feature: API v2.8 – Add/Delete Catalog Items
With this new feature, the user can add VM Catalog Items and upload the required OVF files along with the corresponding VMDK file (in chunks). The system will display the Name, Compressed Size, Upload Status, Details and Import Status for each Catalog item for the selected Data Center. If the process is interrupted the user will have the option to resume the process where it left off. Furthermore, the user will have the ability to delete Catalog items as needed.

New Feature: API v2.8 – Import Server (VM)
With this new feature, the user can Import VM’s into their environment that has been uploaded through the VM Catalog.  

Bug Fix: Registration Error related to email format
Prior to this issue being fixed the system would throw an error during the registration process if the email address contained special characters in a row.

1.1.51. Release 2.7.0.121610
Enterprise Cloud Release 2.7.0.121610 contains the following New Features, Enhancements and Bug Fixes:
 
IMPORTANT: API Version 2.5 will be retired with this release.  Versions 2.6 and 2.7 will remain active.
 
New Feature: Enterprise Cloud Status Page
The Cloud Status page will display service disruptions for each of the Enterprise Cloud Data Centers. The user can view the current health of a data center or see the health of a data center over the last 90 days by scrolling through an incident calendar. If a service disruption occurred on a particular day, you can click on it to view additional details about the event. The Status Page is only available to active Enterprise Cloud users and requires a user name and password to login, can be linked to directly from Infinicenter, or can be accessed by the cloud status page URL.

Note: Dates and times are presented in the data center’s local time zone. Incidents over the last 90 days can be displayed by clicking on the specific calendar day. .
 
New Feature: Enterprise Cloud Status Page Email Notification Preferences
This new option will allow an Enterprise Cloud User/Admin to subscribe to email alerts when an event has been posted or updated on the Enterprise Cloud Status page for a given data center.

Note: When the option is activated the user will receive email notifications when an active/inactive environment belonging to the user is in the target data center.
 
New Feature:  Console Connect Pop-Up Window (Informational Message)
A new pop-up message will be displayed after the user clicks on the Connect option to advise them a VPN connection must be established before using this feature. This message is only displayed once per session per user.

Note: The pop-up window does not actually detect whether or not a VPN connection is established; it is intended for informational purposes only.  Users with a LAN-LAN VPN connection can ignore this message.
  
New Feature: API - Display MAC Address for Network Adapter
Now the API user has the ability to see the assigned MAC Address for the VM’s Network Adapter.
 
New Feature: API - Inject a File to a VM
The API user can inject custom files into a VM. Each VM must have an active user account before attempting to use this new feature because the user credentials will be required during the injection call.
 
New Feature: API - Run a Script on a VM
The API user can run scripts on a VM.  Each VM must have an active user account before attempting to use this new feature because user credentials will be required during the run script call. 
 
New Feature: API - Run a Program on a VM
The API user can run programs on a VM.  Each VM must have an active user account before attempting to use this new feature because user credentials will be required during the run program call.
 
New Feature: API - Retrieve files from a VM 
The API user can retrieve files from a VM.  Each VM must have an active user account before attempting to use this new feature because user credentials will be required during the retrieve files call.
 
Bug Fix:  Backup Internet Service 
Prior to this issue being resolved when a backup Internet Service was created the <IsBackupService>false</IsBackupService> was not properly updated during the initial call.

Bug Fix:  Inconsistent Unauthorized Error Message 
Prior to this issue being resolved some users would experience inconsistent unauthorized error messages when using API Automation to make multiple back-to-back calls.
 
Known Defect:  API - Redirect URL
The Redirect URL feature for Internet Services only supports the HTTP protocol due to restrictions with the Enterprise Cloud's load balancing hardware.  The GUI and API currently allow the use of non-HTTP protocols with the Redirect URL option.  This bug will be fixed in a future release.
1.1.52. Release 2.6.0.111710

Enterprise Cloud Release 2.6.0.111710 contains the following New Features, Enhancements and Bug Fixes:  

New Feature: Create/Manage Server Description/Long Name 
During the Create/Copy Server process the user can enter a detailed description/long name up 100 characters for each VM. The Description is different from the actual server name and can be viewed by doing a mouse-over on the desired server. If there is no Description provided, the mouse-over function will default to the server name. The user can edit/delete the Description by selecting the desired server and clicking on the Rename option.
 
New Feature: Create and Assign Tags to a Device
During the Create Server/Copy Server process the user has the ability to create and/or assign existing tags to server. When Copying a Server the system will automatically assign all of the existing tags from the original server to the cloned server. Furthermore, the user has the ability to view and/or edit the existing tags for a given server, by clicking on the Device tab, selecting the desired server and clicking on the TAGS tab located in the bottom section of the screen. Note: Tags are used across the organization for all the servers in all the environments. Once a tag is no longer assigned to a server it will automatically be deleted from the Tags list.
 
New Feature:  Create and Manage Trusted Network Groups (TNG) 
Trusted Network Groups are a catalog of user defined IP addresses or networks that can be mapped to Internet Services for the purposes of restricting inbound network access.  The user can create/manage the TNG by clicking on the Network Tab/Trusted Network Groups option and entering the desired Group Name, Source Type (IP Address or Network) and manually entering the trusted IPs or Networks.

Note: When creating, editing or deleting a TNG the systems will automatically update the Transaction History.
  
New Feature: Assigning Trusted Network Groups to an Internet Service
Once a TNG has been created, the user can assign the TNG to single and/or multiple Internet Services by clicking on Create Service/ TNG option and picking the desired TNG from the drop-down list. The selected TNG setting will be added to the Firewall Rules and only traffic from the trusted IPs/Networks will be allowed.
 
New Feature: Disable Persistence for an Internet Service 
This new feature will allow the user to disable the Persistence Timeout function by selecting “NONE” as the Persistence Type during the Create Service and/or Edit Service process.
 
New Feature: Ping Monitoring for Internet Services
This feature providers users with the ability to override the default TCP load balancer monitor with a simple ping monitor.  Using the ping monitor instead of the default TCP load balancer will reduce the performance hit on load balanced node services and generate fewer server logs.  However, ping monitoring simply checks for a generic network response from the load balancer to the node services and may not be a true indication that the applications running on the node service are up or down. 
 
New Feature: Disable Load Balancing Monitors for Internet Services
This feature allows users to disable all node service monitoring for a given internet service.  The user can disable node service monitoring by selecting the "Disable Monitoring" option during the Create Monitor process.  This will completely remove the default TCP monitor setting.
 
New Feature: API - Specify IP Address during a Create Server Call 
The feature allows the user to specify the desired IP address for a given server during the Create Server call.
 
New Feature: API - Create/Manage Server Description/Long Name
During the Create/Copy Server call the API users can enter a detailed description/long name up 100 characters for each server. The user will have the ability to view/edit/delete a Description for a given server.

New Feature: API - Allow Device Tagging 
API users can create and assign new/existing tags to a server during the Create Server/Configure Server call. During the Copy/Clone Server call all existing tags from the original server will be copied to the cloned server. Note: Once a tag is no longer assigned to a server it will automatically be deleted from the Tags list.

New Feature
: API - Create/Manage Trusted Network Groups (TNG) 
The API users can create a single and/or multiple TNG that can be assigned to multiple Internet Services. The user can create/manage the TNG and enter the desired Group Name, Source Type (IP Address or Network), trusted IPs or Networks, which will be added to the Firewall Rules when the TNG is assigned to an Internet Service.

Note: When creating, editing or deleting a TNG the systems will automatically update the Transaction History log.

New Feature
: API - Disable Persistence Timeout
This feature gives API user the ability to disable the Persistence Timeout function during the Create Service and/or Edit Service call.

New Feature
: API - Ping Monitor 
During the Create Monitor call the API user can create a Ping Monitor which will override the default TCP Monitor setting.

Bug Fix:  Unable to map multiple Internet Services to a single Node Service
This issue has been resolved.  Prior to this fix some customers were unable to map multiple Internet Services to a single Node Service due to configuration settings on the load balancer's operating system.
1.1.53. Release 2.5.0.90210

Enterprise Cloud Release 2.5.0.090210 contains the following New Features, Enhancements and Bug Fixes:  

New Feature: New Resource Gages 
When you log into your account and view the Resources Tab you will see new and improved resource gauges.  The new gauges look different, are more interactive and provide customers with a better representation of how well they are utilizing their purchased Enterprise Cloud resources.  They show Purchased CPU/MEM versus the amount of resources that are actually allocated and used.  One of the biggest values the Enterprise Cloud provides is your ability to deploy more resources than you've actually purchased since not all servers require 100% of the resources at all times.  The new gauges help depict that value for you and give you an indication of how efficient your environments are operating.

New Feature:
Enhanced Security - User Security Questions/Answers
As an added level of security Enterprise Cloud now requires all users to maintain six (6) unique security questions and answers (SQA).  The SQA will consist of three canned questions provided by Enterprise Cloud and three custom SQA's created by the customer through the account registration process.  All existing customers with the previous one (1) SQA will be required to setup their six (6) SQA's the next time they log into their Enterprise Cloud account.  Users can manage their own SQA's at any time through the My Account Tab under the Settings / User Credentials section.

New Feature:  Enhanced Security - Source IP Capture During Forgot Login Credentials 
If a user enters the wrong answer for any one of the SQAs during the Forgot Login Credentials process the system will capture that users source IP address.  These source IP addresses will be displayed in the User Audit Log.  

New Feature: Enhanced Security - Secure SSH Access Using Certificates (SSH Key)
Secure SSH Keys protect customers by restricting administrative SSH access to Linux virtual servers via a customer generated certificate.  Customers can create multiple custom keys/certificates through a new Key Management page.  Once a certificate/key has been created users must associate the key with the Linux server during the server creation process.  From that point forward all SSH connections to the Linux server must be done using the key.
 
New Feature: Enhanced Security - Forgot Login Limit
During the Forgot Login Credentials process all users will have a limited attempt to enter the correct answers for the presented SQAs.  If the incorrect answers are provided as required the user account will be disabled and can only be reset by contacting the Enterprise Cloud support team.  If the SQAs are answered correctly the customer will receive an email with instructions on how to reset the account.
 
New Feature: Reseller Console - Locked & Account Reset Email Templates
Resellers can now configure email templates for Locked/Reset Accounts using the tools provided in the Reseller Console.
 
Please Note:  The same SQA & Forgot Credentials features explained above are also applicable to the Reseller Console.
 
New Feature: Support for Dedicated Load Balancers and Firewalls
With this release the Enterprise Cloud will accommodate customers with dedicated firewall and load balancer requirements.  Please engage your account manager for a list of supported configurations.
 
New Feature: API - Backup Internet Services / Node Services 
With this release the Enterprise Cloud customers have the ability to create a backup internet service / node service through the API to be used in the event there is an issue with the default internet service / node service.  When viewing an Internet Service that has an associated backup internet service implemented through the API the Public IP address field will be referenced as a "Backup Service" in the console.
 
Enhancement: Support for 8VPU and 16GB Memory 
With this release we've increased the number of VPUs and Memory you can assign to a virtual machine.  You can now configure a virtual machine with 8VPUs and 16GB of memory.

Please Note:  In order to take advantage of this enhancement your virtul machines must be running on the most current version of VMware Tools and the most current hardware version.  See the following article for more details.


Enhancement:
 Warning Dialog for Upgrading Virtual Server Hardware 
A new warning pop-up window will be displayed to the end user when the user clicks on the VMware Hardware upgrade option with details regarding the upgrade.
 
Enhancement: API - More Asset Details for Get Network API Calls
During the Get Network API call the system will display additional information about the network such as VLAN, Network Type (DMZ or INT) and the Friendly Name (IP # with DMZ or INT).

Bug Fix: API - Create Node Does Not Error When Using an Internal IP Address
With this fix an error message will be displayed to an API user when trying to create a Node Service using an internal IP. 

Bug Fix: User Console - Full Environment Name Not Displayed
With this fix the full environment name will be displayed in the user console regardless of the character length.
 
Bug Fix: User Console - Billing Period Display Issue
Prior to this issue being fixed, if the original customer environment was created with an activation date in the future and another environment for the same customer was created with a more recent activation date the system would not show the current billing information.  Now the issue has been resolved and the correct billing periods are displayed.
 
Bug Fix: User Console - User Audit Log Export Display Issue
Under the User Audit Log, the Origin, Source IP, and Notes columns were not being populated during the Export process.  Furthermore, the system was not respecting the selected filter options during the export process.
 
Bug Fix:  API - Get IP Address Call Not Functioning Properly
The "Get IP Address" API command would only return the IP addresses that have been assigned for a subnet.  With this fix the Get IP Address API command will return both assigned and unassigned IPs.
 
Bug Fix:  Memory Consumption Calculation
This release includes an update to fix the way memory utilization was being calculated for servers. Prior to this release memory swapping was being used to calculate total memory usage for servers and in some cases resulting in servers consuming more than 100% of their allocated memory. The swapped memory is now excluded from all memory usage calculations and will not exceed 100%.
 
Bug Fix:  API - Naming Inconsistency
Prior to this fix the naming for Catalog and Task Lists were inconsistent.
1.1.54. Release 2.3.0.51410

The Infinicenter Release 2.3.0.51410 contains the following New Features, Enhancements and Bug Fix:  

New Feature: Support for HTTP Monitors
Now the user can add HTTP Monitors along with ECV Monitors (HTTP/HTTPS Protocol only) for all Internet Services. All previous on-screen ECV column headers have been renamed to Monitor. When a Monitor has been created for an Internet Service an indicator will be displayed in the Monitor column.  When a user does a mouse-over the Monitor indicator the system will display the actual Monitor type (HTTP or ECV) created the Internet Service  

New Feature:  Monitor Indicator on the Node tab
When a Monitor has been created for an Internet Service an indicator will be displayed in the new Monitor column on the Server Details/Node tab.  When a user does a mouse-over on the Monitor indicator the system will display the actual Monitor type (HTTP or ECV) created the Internet Service  

New Feature: REST API for HTTP Monitoring
Now the API user has the ability to Create, Modify, Delete, Activate and Deactivate HTTP Monitors along will ECV Monitors  
 
New Feature: RNAT Task History
With this new feature, we now store and display task history records when the user completes a task such as Configure RNATs, Add RNATs, Delete RNATs and Configure RNAT Association Resource screen in the Task History section.
 
New Feature: Export RNAT Logs
Now the user can Export the Network RNATs log as well as the Device RNATs log to Microsoft S Excel. When printing the Device RNATs Log the system will acknowledge the selected filter options during the Export process
 
New Feature: Add Source IP Audit 
For an added measure of security, the Source IP for each login attempt (successful and/or failed) will be tracked and stored the database for each customer account. The user can view this information under My Account/User Audit Log in the new column called Source IP
 
New Feature: Support for Password Complexity Customer
For added security now all customers have the ability to enforce minimum password complexity standards for case sensitivity, number of characters, mixture of upper/lower case letters, and special characters as well as the ability to prohibit password reuse for a defined number of generations. This new feature is located under My Account/Password Complexity Rules
 
New Feature: Show Bandwidth Usage Details for Reseller Customers
Under My Account/Bandwidth tab the Reseller Customer can now view and/or print their Bandwidth Usage information 

Enhancement: API - Multiple version support and Backward Compatibility
API support for version 2.3 as well as backwards compatibility for version 2.0. The default version always points to the latest version of the extensions

 

Enhancement: NFS Storage Issue in production
When allocating the space on the data-store the NSF Storage is fully blocking out the required amount of disk space for the Operating System (OS) and Virtual Machine. Prior to this new feature NSF Storage would only reserve the amount of space that’s being used by the OS when allocating space on the data-store   

Enhancement: Re-Skin  UI
The Enterprise Cloud has been re-skinned to provide a fresh clean look and feel for a more enjoyable user experience

Bug Fix: Public IPs not displayed in Numeric Order
Prior to this fix, the Public IPs were displayed in the order in which they were created, and now they are displayed in numerical order

1.1.55. Release 2.2.0.41310

The Infinicenter Release 2.2.0.41310 contains the following Features and Enhancements:


New Feature: Enhanced Content Verification (ECV) monitors
Now the user can create as well as add/remove ECV monitors for (http/https) services to determine when a Node service is not responding

New Feature: Allow multiple RNATs for an environment
A Configure RNATs option has been added to Public IPs column header under Networks/internet Services which allow the user to configure/set multiple RNATs.  Prior to this enhancement only one default RNAT was allowed

New Feature: Support for Redirect URL as part of internet service configuration
A “Redirect URL” field has been added to the Edit Internet Services screen, which will be used to redirect/route traffic to a predefined URL if for any reason, the internet service or its associated node services or unavailable

New Feature: API Support for specifying ECV monitor configuration
As part of internet service creation and configuration the API users can pass the ECV configurations (add/edit/delete)

New Feature: Rights Agreement Banner (RAB)
Under the My Account section the Admin has the ability configure as well as activate/deactivate the RAB which will be displayed to user after a successful login

Enhancement: API support for RNAT
API users can now configure (add/delete) various public IPs as their RNATs

Enhancement: Multiple version support for APIs
Now we offer Multi-version API support. Versions 2.0 and 2.2 are provided. The default version always points to the latest version of the extensions

Enhancement: Redirect URL for Failed Services using APIs
A “Redirect URL” field has been added, which will give you the ability redirect/route traffic to a predefined URL if there are failed internet services using APIs

Enhancement: Secured Verbiage for Invalid login
For security purposes all references stating the Username is in “Email Address” format have been removed from the systems. The user will only be asked to enter valid Username and/or Password with no reference to the required format.

1.1.56. Release 2.1.0.31010

This release contains a new feature to support virtual machines with multiple NICs, default primary and secondary DNS settings, new template management system, and metered software usage tracking for VM's with more than 4 VPU's.

New Feature: Multiple NIC Support
Allows customers to configure up to 4 NICs per virtual server.  NICs can be assigned to each of customer's networks and Private IPs from those networks can be mapped through the Manage IP function.
 
Enhancement: Default Primary and Secondary DNS
The default primary and secondary DNS settings are automatically populated for customers during the create server wizards.  This enhancement will help those customers who were having problems making their VM's connect to the internet after being deployed due to missing DNS settings.  OpenDNS server IPs are used as the default for these settings.
 
Enhancement: New Template Management System
In preparation for new enhancements in upcoming releases a new template management system was released.  Customers will now see a betting template filing system to help them find what they need faster. This feature also includes some new Public/Private template administrative features for Terremark so we can control access to specific beta or custom templates that are implemented for customers during a professional services engagement.
 
Enhancement: Metered Software Subscription Tracking for 4+ VPU Virtual Machines
In preparation for our vSphere migration and introduction of 8VPU servers (to be released later this year) we've added an enhancement to accurately metered software usage for VM's with more than 4 VPU's.
1.1.57. Release 2.0.0.12910
This release contains a new code framework to support our migration to vSphere and ESX 4.0 (planned for later this year) and code optimization and performance enhancements.

Enhancement: vSphere Compatibility
New Enterprise Cloud code framework has been pushed into production to support our planned migration efforts to vSphere 4.0 Virtual Centers and ESX 4.0 (migration scheduled for later this year).
 
Enhancement: Code Optimization / Performance Enhancements
Major code enhancements and architecture changes were put in place to improve the overall performance of Infinicenter.  Due to these enhancements customers will see faster Infinicenter page loads where real-time information is presented, creation of Internet Services should happen in seconds versus minutes, and firewall changes should happen in seconds versus minutes.
1.1.58. Release 1.5.0.12229

This release contains a new printing and exporting features, server performance reports, task history enhancements, and other administrative enhancements.

New Feature: Printing Functionality
You can now print bandwidth usage reports, the billing summary, and the configuration of your Internet Services.
 
New Feature: Export Functionality
You can now export in CSV format the audit log, resource task summary, transaction history, and firewall rules. 
 
New Feature: Server Performance Reports
You can now run a report on server memory and CPU performance data for the last 90 days.  This data is provided in CSV format so you can retain a local copy for your records.
 
Note:  Since this is a new feature your performance report will only show data from January 21, 2010 or later.
 
New Feature: Delete Users
You can now delete users from your account versus just deactivating them.  When you delete a user they will no longer show up in your User’s tab.
 
Enhancement: Modified Users Tab
Non-Administrator users now have access to the Users Tab.
 
Enhancement: Windows Product Key for Copy Server Feature
You can now enter a Windows Product Key when copying a custom server that you created.  Prior to this enhancement a user was not presented with an option to enter a Product Key while copied their custom servers.
 
Enhancement: Task History Notes
A task notes icon has been added to the task history to provide you with more detail about the task being performed.  When as task has a notes icon (not all tasks contain them) the note details are included when the task history is exported.
 
Enhancement: Task History for Network Changes
Changes made within your Network tab are now displayed in the task history.  Previously the task history was limited to changes within the Servers tab.
 
Enhancement: Server Description - Licensed By
The “Licensed By” description for a server has been modified to display “Service Provider” when Terremark is charging you for use of subscription software.  If Terremark is not charging you for use of any licensing fees on a server this description will say “Customer”.
 
Enhancement: Server Description - Type
A “Type” field has been added to the description of each server to denote when a server was deployed from a Terremark provided “Template” or a “Custom” built server.
1.1.59. Release 1.4.0.11309

This release contains a new bandwidth reporting feature and the introduction of our new SSL VPN solution.

New Feature: Bandwidth Reporting

With this release Enterprise Cloud customers will be able to view monthly bandwidth reports for their environment(s). The bandwidth report, contained on your My Account/Bandwidth tab, contains 3 primary sections:

1) Bandwidth Usage: 95th %tile reading, highest burst, total data transfer in/out.
2) Historical Charts: 95th % tile compared to last 5 months, total data transfer compared to last 5 months
3) IP Statistics: Total data transfer in an out by IP address.

New Feature: SSL VPN

With this release we are implementing a new SSL VPN solution in preparation for the retirement of our current PPTP VPN solution.  Users will now be able to establish a VPN connection from within their Enterprise Cloud web console rather than using the PPTP client that comes with your operating system.  Each Environment Administrator or Environment User will have their own SSL VPN account (no SSL VPN for read-only users).  When you click the VPN connect button within the web console a VPN connection will automatically be established for you using your current account credentials.
 
The SSL VPN connects over the standard SSL Port (443) which should reduce the need for opening custom ports on your local firewall.


 


      1.1.60. Release 1.1.0.01309

      This release contains features that provide fine grained security permissions within the Infinicenter User management tab.  Permissions are based on predefined roles for Customer Admin, User and Viewer.

      New Feature: Fine Grained Security Permissions of Infinicenter User management

      A new button "edit" has been added to the "Users" tab.  Clicking on the "edit" button will give the Customer Admin the ability to assign the following permissions to user accounts:

      Allow User/Viewer to see the billing summary & Transaction History only for the environments they have access to with Billing option enabled
      Allow User/Viewer to see all the environments based on granted permissions
      Allow User/Viewer to see only applicable Environments they have permissions to within preferences section
      Allow Environment Viewer to view & filter the information on all tabs but not perform any transactional actions

      The Customer Admin is the only role to have the following permissions:

      Allow Customer Admin to edit privileges for any other user
      Allow Customer Admin to fine tune the invitation by setting the environment privileges along with Billing Access permissions
      Allow only Customer Admins to view the Users Tab on MyAccount Page
      Allow Customer Admins to see the detailed state of each environment when editing user permissions

      Enhancement:  Month to date Metered Usage information

      On the billing tab a new button has been added to allow Infinicenter users to view month-to-date Metered eCloud burst and SPLA licensing billing information.


      1.1.61. Release 1.0.9.12198
      Release 1.0.9.12198 (Production)

      Production Code Push Date: January 7, 2009

      Details:
      Release contains features that provide Capacity Burst functions to Infinicenter Console users

      New Feature - Enable / Disable Burst

      This new feature allows Infinicenter customers to enable Burst or Disable burst instantaneously on demand and as needed basis without going through a lengthy process. Trend charts have been updated to reflect the burst areas.

      New Feature - Auto detection of IPs and Synch IPs

      This feature allows Infinicenter users to detect IPs on virtual machines and shows any discrepancies in data. This feature also allows IP synch up where feasible.

      Enhancements - Billing Summary Enhancements

      We have made enhancements to the billing tab so that billing information now contains a new overages section that contains Burst Billing information. Current Billing Period is now available to be viewed.


      1.1.62. Release 1.0.5.10178

      Production Code Push Date: November 5, 2008
      Details:
      Release contains features that provide security services to Infinicenter Console users. The Stories implemented as part of this iteration are explained below.

      Create custom rules to allow inside access

      Feature allows users to create custom rules between networks, between a network and a server and between two servers by selecting protocol and port range options

      Create custom rules to deny outside access

      Feature allows users to deny access from external IP or an external network. Delete custom firewall rules Feature allows users to delete multiple rules from the firewall configuration.

      Configure customer specific log server as destination firewall logs

      Feature allows users to configure a log server to receive firewall logs. Users can select can use either one of their Infinicenter IPs or an external IP. Retrofit existing create/upgrade environments to track default rules System was enhanced to store the default generated firewall rules like custom rules added through Infinicenter console.

      Retrofit existing add/delete node services to track Internet Services type rules

      System was enhanced to display internet services based firewall rules along with other custom rules. These rules are for display only and cannot be deleted separately as they are tied to node services

      View firewall rules and apply filters

      Feature allows users to filter the displayed firewall rules by type, permission, network, server or IP.

      Retrofit IP based functions to account for FW rules and Log Server

      System was enhanced to check for existence of firewall rules and log server IP before allowing server deletes, network change configuration and IP remove operations.

      Other Enhancements and Bug Fixes

      Enhanced display name of internal user within Task and Transaction history such that customer sees a generic "Terremark IT Services" while the internal support personnel sees the real name.

       

      1.1.63. Release 1.0.4.10108

      Release 1.0.4.10108


      Production Code Push Date: October 9, 2008

      Details:
      Release contains features that provide Create Blank Server, ISO Mount and Unmount, VMware Tools Installer Mount and Unmount and other enhancements and usability changes

      New Features - Mount Custom ISO Images and Update VMware Tools
      The ISO Mount function provides you with the ability to mount ISO image files on your servers. Once mounted, the operating system is able to access the contents of the ISO media in the same manner provided by CD or DVD ROM's.

      Also available through this feature is the ability to mount and update VMware Tools on a server. The VMware Tools Installer is provided as a mount image for you to use when installing or updating VMware Tools on your servers. VMware Tools provide management, performance, and stability enhancements for virtual machines. It is highly recommended that VMware Tools be installed and kept current.

      New Feature - Create Blank Server
      You are now able to create blank or template-less servers and later load a custom operating system image using the ISO Mount feature. Once created, the server is treated like any other server and can be copied, deleted, or reconfigured as needed.  This function also allows you to customize the amount of storage space used for your operating system partition.

      Enhancement - Added button to send key strokes simulating CTRL-ALT-DEL from console connect window
      We’ve surfaced a button to click to send a CTRL-ALT-DEL to your server when connected via the console.

      Enhancement  - Create new Row and/or Group during server creation and copy
      You can now create a new Row and/or group when you create or copy a server instead of using  pre-existing ones. 
        
      Enhancement  - Display VMware Tool status for each server*
      This enhancement is intended to provide a health check on the status of the VMware tools installed on your servers.  VMware tools significantly improve the usability of servers as well as provide important management and reporting information to the Infinicenter application.  You should make every attempt to keep them up to date and definitely install them on any custom servers. 

      *There is a bug in this feature and it is not correctly reporting the status of your VMware tools.

      Enhancement - Display NETMASK and Default Gateway IP on Manage IPs page
      The Default gateway along with your subnet mask is now visible to you when you click on the “Manage IP” button in the server details window.  You’ll need this info when setting up a custom server.

      1.1.64. Release 1.0.2.80508
      Infinicenter Release Notes: 1.0.2.80508

      Production Code Push Date: August 20, 2008
       
      Details:
      New Feature - Copy Server
      The Copy Server feature allows customers to make identical copies of an existing server within their environment. This feature can be used to speed up the process of deploying many "like" servers in your farm or can be used to create your own Gold Images for use with deploying additional similar servers at a later date.
       
      Note:  In order to use the Copy Server feature the source server you are copying from must have been powered on successfully at least 1 time. Also, the Copy Server feature only works while the source server is powered off.
       
      Enhancement - Deleted Server label in billing summary
      To help you distinguish between active servers and deleted servers in your billing summary we've added a way for you to distinguish between the two. This enhancement is especially useful when you power on a server, delete it, and then recreate a new server with the same name - you can now distinguish between which server with the same name was deleted during a billing cycle.
       
      Usability Change - Clarification on number of public IPs remaining
      To make it easier to view how many public IP addresses you have remaining when activating IPs the available IPs are now viewable on the bottom left hand of the pop-up window.
       
      Usability Change - Label change in Create Node pop-up under Network Tab
      In the Node creation wizard the "Port" label was changed to "Server Port" to make the description more accurate.
       
      Usability Change - Updated error message when sending Infinicenter invitation to a user with an existing e-mail address
      Replace previous vague error message with an update error message when an Infinicenter user sends an invitation to a new user who's e-mail address is already associated with an existing Infinicenter user.
       
      Usability Change - Added time indicators to utilization graphs
      New time indicators and tick marks are now added to the processor and memory utilization graphs to clarify meaning
       
      Usability Change - Changed label of "Invite User" button
      The Invite User button under the My Account tab is now changed to "Add User"
       
      Usability Change - User Setting Confirmation
      When saving user settings you will now get a confirmation message stating that the change has been saved.
      1.2. Known Issues

      Known Issues

      To provide our customers with a reference of known issues identified through troubleshooting with our customers, we consolidate this list of important items that could impact you and your environment. It includes details of potential impact, an ETA where applicable, the origin of the issue, and a workaround where available.

      1.2.1. Console Connect with a Proxy

      Console Connect with a Proxy

      Note: This issue affects only the Plugin Console. The Web Console functions correctly with a proxy.

      Issue: Use of a local proxy server causes connecting to the console of a virtual machine to fail.
      Potential Impact: Inability to use the console session to access a virtual machine or to manage a virtual machine at the operating system level.
      ETA: No ETA available at this time.
      Source of Issue: In vSphere 4.1, VMware removed the use of the mks-plugin as a method to connect to the console of a virtual machine, noting it as a security issue, and changed to using the VMware Remote Console (VMRC). For IBM, this meant updating the code to use a proxy server to which users connect. As such, use of a proxy at the organization site will not allow connectivity via console because VMRC will try to bypass the local proxy and connect directly to our proxy and hosts.

      Workaround:

      1. Build a Windows virtual machine and use it as a jump box to eliminate the use of your local proxy through your local network.
      2. Connect to the virtual machine via SSH/RDP.
      3. Open IP addresses to the DMZ through the use of Trusted Network Groups to allow only certain IP addresses access to the virtual machine over the Internet.
      4. Add a LAN-to-LAN VPN connection to your environment. A LAN-to-LAN VPN connection replaces the SSL VPN and bypasses the proxy issue. Contact your service delivery manager to purchase a LAN-to-LAN VPN connection.

      1.2.2. IPv6 and Windows Server 2003

      IPv6 and Windows Server 2003

      Note: Microsoft ended all support for Windows Server 2003. IBM strongly recommends migrating any remaining Windows Server 2003 virtual machines to Windows Server 2008 or newer.

      Issue

      Creating or copying Windows Server virtual machines with one or more IPv6 addresses may result in incorrect IPv6 addresses on the new server.

      The issue arises when creating or copying a Windows Server virtual machine configured with any IPv6 addresses.

      Creating

      As part of the create request, one or more new IPv6 addresses are assigned. Correct behavior would have Windows on the virtual machine add the new IPv6 address, supplied in the create request. However, a Windows Server 2003 virtual machine fails to add the new IPv6 address.

      Copying

      As part of the copy request, one or more new IPv6 addresses are assigned. Correct behavior during a copy would have Windows on the virtual machine delete the existing IPv6 address, copied from the source virtual machine, and add the new IPv6 address, supplied in the copy request. However, a Windows Server 2003 virtual machine retains the existing IPv6 address and fails to add the new IPv6 address.

      Potential Impact: For creates, no IPv6 communication is possible because the new virtual machine has no IPv6 address. For copies, an IP address conflict results because the new virtual machine and the source virtual machine have a common IP address. At least one of the two virtual machines, typically the last powered on, will not communicate on the IPv6 network.
      ETA: No ETA available at this time. Microsoft acknowledges this issue. However, it is unlikely to be resolved because Microsoft announced that Windows Server 2003 support is ending July 14, 2015.
      Source of Issue: A Microsoft issue prevents the System Preparation tool from properly removing the existing IPv6 address and, in the case of Windows Server 2003, from adding the new IPv6 address.
      Infinicenter Console

      Infinicenter Console requires manual intervention on the newly created virtual machine using the console connect feature. Console connect does not use networking for access and therefore can repair the networking configuration. The source virtual machine must be powered off before a copy may commence. The source virtual machine must remain powered off until the IPv6 addresses are corrected on the newly created virtual machine.

      Workaround:

      1. For a copy, note the IPv6 address(es) on the source virtual machine.
      2. Create the virtual machine or copy the source virtual machine.
      3. When the operation completes, power on the newly created virtual machine.
      4. Console connect to the newly copied virtual machine.
      5. Following a copy, remove the common IPv6 address(es) from Windows networking.
      6. Following a create or copy, add the desired IPv6 address(es) to Windows networking.
      Enterprise Cloud API

      The Enterprise Cloud API requires intervention on the newly created virtual machine using the Action Virtual Machines Guest Process call. Action Virtual Machines Guest Process does not use networking for access and therefore can repair the networking configuration. The source virtual machine must be powered off before a copy may commence. The source virtual machine must remain powered off until the IPv6 addresses are corrected on the newly created virtual machine.

      Use the netsh command line tool to add or remove IPv6 addresses.

      netsh interface ipv6 {add | delete} address [[interface=]String] [address=]IPv6Address [[store=]{active | persistent}]

      This command will add or delete an IPv6 address on a specified interface.

      Parameters

      [[interface=]String]

      Specifies an interface name or index. The index is the zone number after the percent sign in the IPv6 address of an ipconfig response.

      [address=]IPv6Address

      Required. Specifies the IPv6 address to delete.

      [[store=]{active | persistent}]

      Specifies whether the deletion lasts only until the next boot (active) or is persistent (persistent). The default selection is persistent.

      This example command deletes the address fe80::39c1:c3ba:8abc:6684 from the interface named "Local Area Connection 3" with a zone of 22 from the ipconfig example below.

      netsh interface ipv6 delete address "Local Area Connection 3" fe80::39c1:c3ba:8abc:6684

      netsh interface ipv6 delete address "22" fe80::39c1:c3ba:8abc:6684

      Workaround:

      To use netsh with the API, use the following procedure. Assume the newly created virtual machine should have IPv6 address fe80::39c1:c3ba:8abc:7684 on interface "Local Area Connection 3" or zone 22.

      1. For a copy, Get Virtual Machines by ID the source virtual machine.
      2. For a copy, note the IPv6 address(es) on the source virtual machine.
      3. Action Virtual Machines Create the virtual machine or Action Virtual Machines Create Copy the source virtual machine.
      4. When the operation completes, Action Virtual Machines Power On the newly created virtual machine.
      5. Action Virtual Machines Guest Process the following body to the newly created virtual machine to retrieve the IP configuration from the virtual machine.

        <CreateGuestProcess>

        <Interpreter></Interpreter>

        <Script>ipconfig > c:\ipconfig.txt</Script>

        </CreateGuestProcess>

      6. Get Virtual Machines Guest File with the query parameter "?path= c:\ipconfig.txt" to retrieve the IPv6 address(es) from Windows. The file should look similar to the following.

        Windows IP Configuration

        Ethernet adapter Local Area Connection 3:

        Connection-specific DNS Suffix . : corp.com

        Link-local IPv6 Address . . . . . : fe80::39c1:c3ba:8abc:6684%22

        IPv4 Address. . . . . . . . . . . : 10.255.4.218

        Subnet Mask . . . . . . . . . . . : 255.255.255.0

        Default Gateway . . . . . . . . . : 10.255.4.1

      7. Following a copy, Action Virtual Machines Guest Process the following body to the newly created virtual machine for each common IPv6 to remove the common IPv6 address(es) from the source virtual machine noted in step 2.

        <CreateGuestProcess>

        <Interpreter></Interpreter>

        <Script>netsh interface ipv6 delete address "Local Area Connection 3" fe80::39c1:c3ba:8abc:6684</Script>

        </CreateGuestProcess>

      8. Following a create or copy, Action Virtual Machines Guest Process the following body to the newly created virtual machine to add the desired IPv6.

        <CreateGuestProcess>

        <Interpreter></Interpreter>

        <Script>netsh interface ipv6 add address "Local Area Connection 3" fe80::39c1:c3ba:8abc:7684</Script>

        </CreateGuestProcess>

      9. Repeat steps 5 and 6 to verify the IPv6 address(es) were removed or added.
      10. Action Virtual Machines Guest Process the following body to the newly created virtual machine to remove the text file from the virtual machine.

        <CreateGuestProcess>

        <Interpreter></Interpreter>

        <Script>del c:\ipconfig.txt</Script>

        </CreateGuestProcess>

      1.3. Enterprise Cloud Policies

      Enterprise Cloud Policies

      We wish to make access to Enterprise Cloud policies as convenient as possible.

      1.3.1. Acceptable Use Policy

      Enterprise Cloud
      Acceptable Use Policy

      1. IBM Services may only be used for lawful purposes, and Customer shall bear the responsibility for ensuring that such use complies with all applicable laws.
      2. Customer will not provide chat rooms or bulletin boards without the express permission of IBM. Customer will not use its Services in connection with the sending of unsolicited e-mail.
      3. IBM reserves the right, at its sole discretion, with or without notice, to remove or refuse to post Customer Material that violates this Acceptable Use Policy ("AUP") or to suspend or terminate service provided to Customer if Customer or any other party using Customer's services or facilities, directly or indirectly:
        1. posts or transmits to its Services any material that Customer knows or ought reasonably to have known (i) cannot be legally distributed (whether by law or regulation or in contempt of any court or other governmental authority or body); (ii) that infringes the copyrights, trademarks, trade secrets, or other proprietary rights ("Intellectual Property Rights") of any third party; or (iii) that contains any content that is illegal, threatening, harassing, defamatory, obscene, or that in the reasonable judgment of IBM, exposes IBM to unreasonable risk of legal liability;
        2. posts or transmits any material through its Services that breaches any laws or regulation relating to a person's right to privacy or the export of personal data ("Privacy Rights");
        3. uses the Services in a manner that is intended to abuse or to violate the property rights of others, including, without limitation, activities that result in the distribution of viruses, worms, time bombs, Trojan horses, or other destructive activities;
        4. uses its Services for any purpose or in any manner that is unlawful, prohibited under this AUP or that violates any Intellectual Property Right, Privacy Right or other right of IBM or any third party;
        5. violates any law, statute, ordinance, or regulation (including without limitation the laws and regulations governing criminal activity export control, unfair competition or false advertising);
        6. that attempts to break or circumvent security, or in fact, breaks or circumvents security of any IBM computer network;
        7. by using Services to conduct any other activities that IBM determines may be injurious to its clients, operations or reputation; or
        8. that uses its Services in a manner that impairs the performance of the IBM servers, network, and/or services.
      4. Customer must immediately notify IBM of any breach, or attempted breach, of security known to Customer. Customer is responsible for ensuring that its application is configured in a secure manner. Customer may not, through action or inaction, allow others to use its hosted environment for illegal or inappropriate activities. Customer may not resell any software provided by IBM for Customer's use with the Services. For the avoidance of any doubt, "resell" includes Customer permitting any third party to use such software for that third party's business operations. The foregoing prohibition on resale also applies to any IBM-provided third party software.
      5. Although IBM reserves the right to refuse access or edit or remove Customer Materials that violate this AUP, Customer acknowledges and accepts responsibility and liability for Customer Materials posted by its employees and users. Terremark has no obligation to monitor, review, or edit the Customer Material's and does not endorse or guarantee the accuracy or completeness of the information contained therein.
      6. IBM, in its sole discretion, will determine on a case-by-case basis what actions will be taken in response to a violation of this AUP. IBM reserves the right to investigate suspected or alleged violation of this AUP, including gathering information from Customer, the complaining party, and examining of material on IBM servers. Nothing contained in this policy shall be construed to limit IBM's actions or remedies in any manner. IBM reserves the right to take any and all additional actions it may deem appropriate with respect to such activities, including without limitation taking action to recover the costs and expenses of identifying offenders and barring their access to its Services and levying cancellation charges to cover IBM costs in the event of termination for the causes outlined above. IBM reserves at all times all rights and remedies available to it with respect to such activities at law or in equity.
      7. Customer will not deviate from the internet protocols and standards in our facility.
      8. Customer may not circumvent user authentication or security of any host, network, or account (referred to as "cracking:" or "hacking"), nor interfere with service to any user, host or network (referred to as "denial of service attacks").
      9. Violations of this policy shall be reported by telephone to IBM Information: 877-663-7928.
      10. IBM reserves the right to amend, alter, or modify this AUP at any time. Any amendment or modification is effective when posted and any use of its Services after the posting of a modification or amendment will be considered acceptance of those modifications.
      11. Use of IP multicast other than by means provided and coordinated by IBM is likewise prohibited.
      1.3.2. Enterprise Cloud Security Model

      Enterprise Cloud
      Security Model

      Security Model

      The Enterprise Cloud provides a robust security model for authentication, the identification and verification of the user, and authorization, the permission of specific and granular access to activities by the user.

      Infinicenter Console Authentication

      Infinicenter Console uses a username and password model for user authentication. Security may be enhanced with the use of the multi-factor authentication feature. To use multi-factor authentication, a specific number of seats must be requested from IBM.

      Username and Password

      When an organization first engages the Enterprise Cloud, IBM invites a designated individual in the organization to become an administrator. An email with a validation token is sent to that individual with which to complete the registration process. Once the administrator has successfully entered Infinicenter Console, the administrator may invite additional users without IBM intervention.

      Subsequent users are also invited. The username for every user is the email address to which their validation token is sent. The username may not be changed; an administrator must delete the prior account and invite the user again with the new email address.

      The user selects a password and selects and answers security questions during the registration process. Security questions are used to validate the user should they need to reset their password. The administrator may establish organizational password complexity and password expiration rules to which all passwords must conform.

      Multi-Factor Authentication

      With multi-factor authentication, after a user enters the username and password, an automated system calls the user at a predefined telephone number to request entry of a Personal Identification Number (PIN) on their touch-tone dial. If the PIN matches that on record, the user is permitted access to Infinicenter Console. Multi-Factor authentication is available only to those users for whom it is enabled. Administrators may enable and disable multi-factor authentication, for both North American and International, for specific users within Infinicenter Console up to the number of seats acquired.

      Users may change their multi-factor authentication callback telephone number and PIN, for both North American and International, from within Infinicenter Console.

      Authentication using X.509 Certificates

      Authentication permits use of X.509 certificates from Personal Identity Verification (PIV) cards. Certificates that sign end entity certificates and the certificates of any Certificate Authorities in the trust hierarchy up to the certificate the customer declares as trusted, or the root Certificate Authority, are exported and stored within the Enterprise Cloud service. Certificates presented are validated using Online Certificate Status Protocol (OCSP) to the OCSP responder provided to the Enterprise Cloud. Certificate Revocation Lists are not supported.

      With certificate-based authentication, the Enterprise Cloud requests users' credentials (certificate) via Infinicenter Console in a browser, the browser requests the credentials from the operating system, and the operating system provides the credentials from the PIV card. With PIV cards, two-factor authentication is achieved: the Personal identification Number (PIN) to access the PIV card, which is "something you know," and the certificate on the PIV card identifying you, which is "something you have."

      Authentication with Linked Organizations

      Sometimes a company is so large that they choose to have more than one organization in the Enterprise Cloud. However, they may wish to enable users to work in more than one organization. Companies may request that IBM create links based on trust between the organizations. Using the credentials from their original organization, users may log in to any organization linked to their original organization.

      Note: Users may log into only one organization at a time from any instance of Infinicenter Console.

      When an organization trusts another organization, users in the trusted organization may log into the trusting organization. Actions of users, regardless of organization, are controlled by the permissions granted in the organization to which they are logged in. For users of the trusted organization to perform any actions in the trusting organization, they must have permissions to that action explicitly granted in the trusting organization. For example, organization B trusts organization A. An administrator in organization B must edit each user from organization A and grant the permissions desired for that user from organization A. Users in organization A may log into organization B and will have access to organization B in accordance with the permissions granted in organization B.

      Note: To unlock, deactivate, activate, reset, or delete a user account, a user must have administrator permission to the organization in which the user account was created. To grant permissions for any user account visible in an organization, a user must have administrator permission to the organization to which permissions will be granted. For all other actions, users may perform actions in accordance with permissions granted in that organization.

      The home organization is the organization in which the user account is defined. The target organization is the organization in which the user attempts access. When users have access to more than one organization, they will be prompted for the organization to which they want access.

      With linked organizations, the authentication method used is that required by the organization to which the user is requesting access. When a user, whose home organization requires password authentication, attempts to access an organization that requires certificate-based authentication, the user will be prompted for a certificate. Conversely, when a user, whose home organization requires certificate-based authentication, attempts to access an organization that requires password authentication, the user will be prompted for a password.

      API Authentication

      The Application Programming Interface (API) uses a stateless authentication implementation; every request passes authentication in the header. Message-digest authentication is a more secure authentication protocol and its use is strongly encouraged. Support for basic username and password authentication is mainly for backward compatibility.

      Each call carries a UTC timestamp. Requests delayed for an extended period after the timestamp or submitted too far in advance of the timestamp receive an error. To enable time synchronization, the API permits an anonymous call to retrieve the server time. Determine the difference between local time and server time and apply the difference to each call in a session.

      The API supports HMAC-SHA1, HMAC-SHA256 and HMAC-SHA512 hash algorithms for the message digest. In recent years, weakness in HMAC-SHA1 has been reported and its use is strongly discouraged. Either HMAC-SHA256 or HMAC-SHA512 should always be used.

      The API also supports a message-digest of the contents of request bodies. The content-hash is optional for message-digest authentication and for basic authentication.

      CloudApi Authentication

      The API offers more robust CloudApi authentication using a Hash-based Message Authentication Code (HMAC) in the message header. HMAC combines a cryptographic hash function with a private key, shared between only the sender and receiver. A cryptographic hash function takes a block of text and returns a fixed-length bit string. The cryptographic hash function is designed such that:

      • It is easy to compute,
      • It is infeasible to create a message to match a given hash,
      • It is infeasible to alter a message to match the hash, and
      • It is infeasible to find two messages that give the same hash.

      A HMAC assures integrity and authentication; the text has not been altered in transit and only those knowing the secret key could produce the text.

      Not every request in the API has a body. The API uses the URL and HTTP header to form the text for the hash. For messages with a request body, the API can ensure the integrity of the message body; a message digest is created over the body of the request and the message digest placed in the header. The content digest header field is included in the HMAC, thus assuring the integrity of the message body.

      CloudApi authentication uses a public and private key pair to generate the HMAC.

      Keys

      Each API user associates with one or more access keys to use as an identifier in the header. The access key is an opaque identifier; by itself it is a meaningless string of 32 characters. The private key is a random 64 byte string that is Base64 encoded to an 88 byte string. One access key and one private key are associated at the time of creation of an API user. Only users with an administrator role may generate and manage keys. The administrator may create as many key pairs as desired. Key pairs may be deactivated at will should the administrator deem it necessary.

      The access key and private key are generated together during a secure HTTPS online session with Infinicenter Console. Only the access key is presented on the screen but when the details button is pressed for an access key, the access key-private key pair will be presented. The private key may then be copied to the clipboard. It is the responsibility of the user to transfer the contents of the clipboard to a secure, yet usable, location. The key pair may be copied as many times as necessary should a key be lost but not compromised.

      API Users

      The API permits Enterprise Cloud console users' access to the API using Basic authentication. However, the API has the more robust and more secure CloudApi authentication in which users of the API, declared as API users, are authenticated differently from the Enterprise Cloud Infinicenter Console. API users are created specifically and exclusively as users of the API. This simplifies the creation and maintenance of API users and simplifies the use of a separate authentication model using private keys. The keys are generated and administered through Infinicenter Console. An API user may have multiple, active keys assigned. Keys may be deactivated or deleted to maintain security with personnel change. This permits great flexibility to the organization.

      An API user is a “user” in that they:

      • Have specific access rights.
      • Their actions are audited.
      • Access can be disabled or removed.

      An API user is not, however, a “user account” in that they:

      • Do not participate in the registration process nor receive invitations.
      • Do not have email addresses.
      • Do not have a password.
      • Do not have access to the user interface.
      • Do not have VPN access.

      API users are useful for organizations that exclusively use the API to manage their Enterprise Cloud and wish to manage their users through their local identity service, such as Microsoft's Active Directory, rather than duplicate users in the Enterprise Cloud. They can create API users for each role they need and associate those API users to equivalent local identity service groups.

      API users are useful for automation of tasks in Enterprise Cloud where an API user is created with a specific role for that task. For example, a program monitors activity in the Enterprise Cloud. When a surge in activity degrades performance on an Internet service, the program automatically creates additional virtual machines and adds them to the degrading Internet service. When the activity declines, the program deletes the extra virtual machines.

      Basic Authentication

      The API accepts HTTP Basic authentication, a username and password in the header encoded using Base64. The encoding ensures proper transmission through the network and provides no security; the username and password are, essentially, transmitted in plain text. The risk is miniscule as the API is transported via Transport Layer Security (TLS); a listener gaining access to the data stream is extremely unlikely. Basic authentication is provided primarily for backwards compatibility; any user of Infinicenter Console may use those credentials to access the API.

      Temporal Security

      The API security model requires the time in the HTTP header for CloudApi authentication. Any message delayed for an extended period after the time stamp, or submitted too far in advance of the timestamp, in the message header relative to the current server time is rejected with a 403 FORBIDDEN response. This reduces the window of opportunity for replay attacks. Users of the API should request current server time using the Get Time. call, calculate the time difference between clocks, and adjust the time stamp in all messages in the session accordingly.

      Note: Temporal security is not applied to Basic authentication.

      Authorization

      Authorization of user activities within the Enterprise Cloud, both Infinicenter Console and the API, is based upon Role Based Access Control (RBAC), a National Institute of Standards and Technology (NIST) standard with the second level adding constraints to basic RBAC. Basic RBAC is supported through user Roles. Enterprise Cloud also offers role-based control over security groups, which is supported through device Security Groups.

      Roles

      Roles are defined by the permissions granted to the role. Roles are defined for business operations at the organization level (Infinicenter My Account tab), environment level (Infinicenter Environments tab), and security group level (Infinicenter Devices tab within the Environments tab). The system has seven roles defined by IBM:

      • Administrator – full access to all business operations for the organization and all environments.
      • Read-only – read-only access to business operations for the organization.
      • User w/Billing – full access to business operations, including billing, for the specified environment.
      • User w/o Billing – full access to business operations, without billing, for the specified environment.
      • Read-Only User w/Billing – read-only access to business operations, including billing, for the specified environment.
      • Read-Only User w/o Billing – read-only access to business operations, without billing, for the specified environment.
      • User with All Operations – full access to business operations for the specified security group.
      • No Access – No role assigned; access is not permitted.

      These seven roles are just the starting point. Organizations may define roles to meet the needs of their business. They define organization roles with permissions assigned from the organization business operations, define environment roles with permissions assigned from the environment business operations, and define security group roles with permissions assigned from the device business operations. Administrators assign users at their discretion to roles. The user-defined roles are private to the organization; IBM may not manage an organization's role definitions.

      Note: Billing information (within the organization level) is the only business operation for which read-only access may be restricted. For all other information, if any access is given to a level, read-only access is granted to all information within that level.

      Users

      Users are assigned to one or more specific roles. A user need not have an organization role, need not have a role in every environment, and need not have a role for every security group. For a security group role to be meaningful to a user, the user must have an environment level role in the environment in which the security group is defined.

      Lacking a role for the organization or an environment, the user has no access for that level. Security groups are an optional feature; lacking a security group role the user has access to the entities in the security group as defined by their environment level role for the environment in which the security group is defined.

      Users must have at least one role assigned at either the organization level or the environment level. Users are assigned no role or one role for the organization, no role or one role for each environment in the organization, and no role or one role for each security group. A user's role may differ between environments and between security groups.

      Business Operations

      Business operations define the activities permitted to a role upon an entity within the system. If a user has any access to a level then they have read-only access to all entities at that level, except for billing and transaction information. To view billing or transaction information the user must have the Access To View: Billing or Access To View: Transaction History business operation, respectively.

      Business operations are defined for all tasks available within the Enterprise Cloud. Similar tasks on a single entity are sometimes combined, such as create, edit, and delete combined as manage the entity. For convenience in Infinicenter Console, business operations for a tab on an Infinicenter Console screen are grouped under a heading so that all activities in the group may be selected with one choice. For example, business operations for entities on the Security Services tab and Trusted Network Group tab of the Network tab of the Environments tab are grouped under Manage Security Operations. This group selection feature is not available in the API.

      Security Groups for Object Security

      In the Enterprise Cloud, object security is implemented through security groups with security group level roles added to the organization and environment level roles. Security groups are created and devices are assigned to security groups. As with organization and environment roles, roles are defined with specific constraints upon device-level activities for each security group. Users are assigned to security group roles in the same manner as organization and environment roles.

      Note: Users with organization level Administrator role, users with environment level User w/Billing role, and users with environment level User w/o Billing role override the constraints of security group level roles.

      Where environment level and security group level permissions conflict, the security group level permissions apply exclusively to actions upon virtual machines that are members of the security group; for all other actions the environment level permissions apply. For example, Manage Device IPs may be assigned in both environment and security group levels. The user with Manage Device IPs permission for a security group but not for the environment may assign IPs to a device in the security group but cannot reserve IPs on the network tab.

      Note: A user must have access to the environment in which devices in a security group reside. The security group role cannot override a lack of an environment level role.

      1.3.3. Lifecycle Management Policy for Enterprise Cloud Deployment Templates

      Enterprise Cloud
      Lifecycle Management Policy for Template Deployment

      Revision 1.1

      Purpose

      The purpose of this article is to define the Lifecycle Management policies for server deployment templates developed and maintained by IBM for general Enterprise Cloud customer consumption.

      Scope

      This policy applies to all server deployment templates developed and maintained by IBM for its Enterprise Cloud platform and covers all geographic locations where the Enterprise Cloud is located.  It does not cover any of the following deployment template situations:

      • Server Deployment Templates that are custom made for an individual customer
      • Beta Server Deployment Templates that are not made available for general consumption
      • Non-IBM developed and managed server deployment templates; such as Community Templates, 3rd party templates, etc.

      Definitions

      Term Definition
      Release A commercially available version of an operating system as defined by the operating system vendor.
      Release-Current A IBM released version of a server deployment template based on the latest commercially available release of an operating system.
      Release-Deprecated A IBM released version of a server deployment template based on a previous commercially available release of an operating system that has not yet been retired by IBM.
      Release-Retired A IBM released version of a server deployment template based on previous versions of a commercially available operating system that has been retired by IBM.

      Policy

      Current Releases

      IBM will develop and release server deployment templates for new versions of supported operating systems within three (3) months of the Generally Available release by the vendor based on the following criteria:

      • The operating system must be officially support by IBM on the Enterprise Cloud
      • The operating system version must be officially supported by VMware based on the underlying infrastructure supporting the Enterprise Cloud

      IBM will update its server deployment templates on a quarterly basis with:

      • VMware Tools version updates supporting underlying VMware version changes
      • IBM approved configuration changes
      • Commercially available security related patches for the operating system

      IBM will use its standard communication methods to notify Enterprise Cloud customers whenever a new server deployment template version is released.

      Upon release of the server deployment template version the prior current version will be classified as a deprecated release.

      Deprecated Releases

      IBM will maintain deprecated release server deployment templates for three (3) months.

      The configuration of deprecated server deployment templates will be frozen for the remainder of their life cycle unless IBM deems it necessary to perform an update to maintain functionality or maintain critical security levels upon the underlying Enterprise Cloud infrastructure.

      IBM will notify the Enterprise Cloud customer base thirty (30) days prior to retiring a deprecated server deployment template. Customers who need continued availability of a deprecated server deployment template should utilize the features of the Enterprise Cloud platform to create a customer managed copy of the template.

      Retired Releases

      IBM will permanently retire all instances of a deprecated server deployment template once the deprecated template timelines have elapsed and all customer communication requirements specified in this policy have been met.

      Policy Revision History

      Revision Revision Date
      1.0 4/23/2011
      1.1 10/12/2016
      1.3.4. Enterprise Cloud API Support Policy

      Enterprise Cloud
      Application Programming Interface
      Support Policy

      API Support Policy Applicability

      This support policy applies to the Enterprise Cloud Application Programming Interface beginning with version 2011-07-01, first offered November 2011 with release 2.10 of the Enterprise Cloud, and subsequent versions.

      API Support Policy

      IBM defines three stages of support: active, deprecated, and retired. Active versions are current and fully supported. Deprecated versions remain fully supported but for which retirement is imminent. The period during which the version is deprecated permits organizations to plan, prepare, and migrate to a newer version. Retired versions have passed the end of their deprecation period and are no longer supported.

      Active Versions

      API versions remain active for one year. With the first Enterprise Cloud release after that year, the version is deprecated.

      Deprecated Versions

      API versions remain deprecated for six months. With the first Enterprise Cloud release after those six months, the version is retired.

      The period during which the version is deprecated permits organizations to plan, prepare, and migrate to a newer version. The Enterprise Cloud API identifies deprecated versions in the Get Versions call and in the header field, x-tmrk-deprecated.

      The Get Versions call returns the versions available for use. The call returns a repeating group with the <Version> and conditionally a <Deprecated> flag. The <Version> is returned in the format as described in the section Version under Call Constructs in the document Enterprise Cloud Application Programming Interface. In advance of the release of new versions of the API, the version to be displaced will be marked as deprecated. <Deprecated> is set to true on deprecated versions. <Deprecated> is generally not included if set to false.

      Responses to all requests in a deprecated version have the x-tmrk-deprecated header field set to true. The section Deprecated under Call Constructs in the document Enterprise Cloud Application Programming Interface describes the x-tmrk-deprecated header field. This field is conditional and used only in API service responses. When requests are made in versions that have been deprecated, the response header will include x-tmrk-deprecated: true.

      Retired Versions

      API versions retire after not less than eighteen months. Calls made with retired versions will return 412 Invalid Version Specified errors.

      Expected Deprecation and Retirement Dates

      The table below summarizes the expected dates of deprecation and retirement for current API versions. The actual dates may vary depending upon the actual implementation date of future Enterprise Cloud releases.

      Infinicenter Release API Version Expected
      Deprecation
      Expected
      Retirement
      Actual
      Deprecation
      Actual
      Retirement
      Update 2017-10-28 2017-09-01 2018/11/03 2019/05/04
      Update 2017-09-09 2017-08-01 2018/09/15 2019/03/16
      Update 2017-07-15 no new API
      Update 2017-06-17 2017-06-01 2018/06/23 2018/12/23
      Update 2017-05-20 no new API
      Update 2017-04-22 no new API
      Update 2017-03-18 no new API
      Update 2017-02-18 no new API
      Update 2017-01-21 no new API
      Update 2016-12-17 2016-12-01 2017/12/23 2018/06/23
      Update 2016-11-19 2016-11-01 2017/11/25 2018/05/26
      Update 2016-10-22 no new API
      Update 2016-09-24 2016-09-01 2017/09/30 2018/03/31
      Update 2016-08-27 no new API
      Update 2016-07-30 2016-07-01 2017/08/05 2018/02/10
      Update 2016-06-25 no new API
      Update 2016-06-04 2016-05-01 2017/06/01 2017/12/16
      Update 2016-05-07 2016-04-01 2017/05/13 2017/11/18 2017/05/20
      Update 2016-04-02 no new API
      Update 2016-03-05 no new API
      Update 2016-02-13 no new API
      Update 2016-01-09 2015-12-01 2017/01/14 2017/07/15 2017/01/21 2017/10/07
      Update 2015-12-05 2015-11-01 2016/12/10 2017/06/10 2016/12/17 2017/06/17
      1.4. Registration and Login

      Registration and Login

      To use Infinicenter Console, one must have a user account. When an organization is first established in the Enterprise Cloud, IBM invites the first user to be an administrator. While IBM can also invite other users, the administrator typically invites all other users for the organization.

      With an invitation email, the newly invited user can register to use Infinicenter Console. Both administrators and non-administrator users are invited and register in the same manner; only their permissions within Infinicenter Console differ.

      1.4.1. Registration

      Registration

      Registration is the online procedure that adds a new user to an Enterprise Cloud organization.

      Multi-factor authentication requires more than one factor, or method, of authentication. Factors are usually defined as something you know, such as a password; something you have, such as a hardware token; or something you are, such as a fingerprint. Multi-Factor Authentication in the Enterprise Cloud is a two-factor authentication system that uses a password (something you know) and a telephone call (something you have) as the two factors.

      Invitation

      Registration can be initiated two ways. After your environment has been created, IBM invites an administrator to the organization. While IBM can invite additional users, normally an administrator for the organization invites all other users. Regardless of the source, the invitation is one of the following email messages; the message sent depends on the user's role and authentication method.

      Administrators are told in the email that they are an administrator. Organizations that have multi-factor authentication licenses and issue one to an invitee receive an email with additional information.

      If the invitee is an administrator, an additional paragraph in the email notifies the user of their status.

      If multi-factor authentication is enabled for the invitee, an additional paragraph in the email describes multi-factor authentication.

      1. An invitation email is received from Global Support Services.
      2. Copy the Registration Token to paste or type on the User Registration page of Infinicenter Console.
      3. Click on the link under Registration Link to open User Registration.

      Follow the steps in the e-mail to complete your registration.

      Registration

      When you click on the link in the email, you are taken to the First-time User Registration page.

      1. Type or paste the Registration Code, which is called Registration Token on the email.
      2. Click Validate.
      3. Additional fields appear on the page.

      4. Type a First name and Last name of the Full Name.
      5. Type and re-type to verify your password in Create Password and Verify Password.
      6. Note: Password requirements are defined by the organization's Password Policy.

        If the organization has multi-factor authentication licenses and issued one to the invitee, the invitee must enter additional information.

      7. Type and re-type to verify your Personal Identification Number (PIN) in Create PIN and Verify PIN.
      8. In the event that the user forgets their password, the user verifies their identity by answering secret questions. Three questions are selected from predefined lists and three are created by the user. No security question may be repeated and no answer may be repeated. Questions cannot exceed 100 characters and answers cannot exceed 25 characters.

      9. Select questions and type answers to three of Our Secret Questions provided by IBM.
      10. Type questions and type answers to three of Your Secret Questions that you create.
      11. Click Register.
      12. The Registration Completed dialog appears.

      13. Follow the link to open Infinicenter Console.

      Note: Once you have completed registration, you will no longer use the URL in the email to access your environment. All future access to your environment will be through the Enterprise Cloud Sign in page.

      1.4.2. Login to Infinicenter Console

      Login to Infinicenter Console

      Open a Web browser and open the Infinicenter Console.

      Sign In

      1. Type your User Name.
      2. Select Remember me to pre-fill the user name on subsequent visits.
      3. Click Continue.

      Linked Organizations

      For organizations that have linked to other trusted organizations, Infinicenter Console prompts to select the desired organization.

      1. Select the desired Organization.
      2. Select Remember me to pre-fill the user name on subsequent visits.
      3. Click Continue.

      Organizational Authentication Requirements

      Upon submitting the user name, Infinicenter Console determines the appropriate authentication method for the organization and requests authentication in accordance with that authentication method. Continue with the procedures depending on the authentication method.

      Password Authentication

      If the user name submitted belongs to a user required to use password authentication, Infinicenter Console presents the login screen to permit entry of a password.

      1. Type your Password.
      2. Click Sign In.

      Infinicenter Console presents the user's default page.

      Certificate-Based Authentication

      If the user name submitted belongs to a user required to use certificate-based authentication, the identity provider, the server that verifies certificates used for certificate-based authentication, requests the certificate from the browser. The browser, in turn, requests the certificate from the operating system. The response of the operating system varies; a Windows-based system is shown.

      Multiple Certificates Available

      If the operating system stores more than one certificate, it requests that the user select the certificate to submit.

        Select a Certificate dialog appears.

      1. Select the certificate to submit.
      2. Click OK.

      Certificate Selected

      Once a certificate is selected, or if only one certificate is available, the operating system requests the personal identification number (PIN) to unlock the certificate.

        Security dialog appears.

      1. Type a PIN.
      2. Click OK.

      SSL Site Security Warning

      The first time a user authenticates with certificate-based authentication, the user's browser may not have the SSL certificate of the identity provider and may present a warning message to that effect. This is not an attack; permit the identity provider to proceed.

      1. The browser does not know the SSL certificate of the authentication server.
      2. Note: The certificate is called a SSL certificate but Enterprise Cloud no longer uses any SSL protocols, all of which are deprecated. Only Transport Layer Security (TLS) is supported as a secure transport protocol.

      3. Click Proceed anyway.

      Infinicenter Console presents the user's default page.

      1.4.3. Reset Your Enterprise Cloud Password

      Reset Your Enterprise Cloud Password

      Should you forget your password, you may reset it from the Sign In screen.

      1. Click Forgot Password?
      2. The Reset Login Credentials dialog appears to request your user name.

      3. Type your User Name.
      4. Click Next.
      5. The Reset Login Credentials dialog appears to request your Security Questions.

      6. Type the Answer to Question one.
      7. Type the Answer to Question two.
      8. Click Verify Answer.
      9. The Successful dialog appears.

      10. Click Close.

      You will be asked to reset your password by an email.

      1. Open the Reset Account email.
      2. Copy the TOKEN to type or paste on the Account Reset page.
      3. Click RESET ACCOUNT LINK.
      4. The Account Reset page opens.

      5. Paste or type the Token from the email.
      6. Click Validate.
      7. The Reset Password page opens.

      8. Type a New Password.
      9. Type it again to Verify New Password.
      10. Note: Password requirements are defined by the organization's Password Policy.

      11. Click Save.
      12. The Password Reset Completed dialog appears.

      13. Click Sign In Page to sign in.
      1.4.4. Reset Your Multi-Factor Authentication PIN

      Reset Your Multi-Factor Authentication PIN

      Should you forget your multi-factor authentication personal identification number (PIN), you may reset it from the Sign In page.

      1. Click Forgot Password?.
      2. The Reset Login Credentials dialog appears to request your user name.

      3. Type your User Name.
      4. Click Next.
      5. The Reset Login Credentials dialog appears to select the credentials to reset.

      6. Select Reset Password or Reset PIN.
      7. Click Next.
      8. Note: if you select Reset Password, when you click Next you are sent to the security questions of Reset Your Enterprise Cloud Password.

        Reset Login Credentials dialog appears to request your PIN.

      9. Type a new PIN to Create New PIN.
      10. Re-type your new PIN to Verify New PIN.
      11. Note: The PIN can only contain digits and must be at least four digits. The PIN cannot be a subset of the phone number, all the same digit, or sequential digits.

      12. Click Save.
      13. The Successful dialog appears.

      14. Click Close.
      1.4.5. Linked Organizations

      Linked Organizations

      Sometimes a company is so large that they choose to have more than one organization in the Enterprise Cloud. However, they may wish to enable users to work in more than one organization. Companies may request that IBM create links based on trust between the organizations. Using the credentials from their original organization, users may log in to any organization linked to their original organization.

      Note: Users may log into only one organization at a time from any instance of Infinicenter Console.

      When an organization trusts another organization, users in the trusted organization may log into the trusting organization. Actions of users, regardless of organization, are controlled by the permissions granted in the organization to which they are logged in. For users of the trusted organization to perform any actions in the trusting organization, they must have permissions to that action explicitly granted in the trusting organization. For example, organization B trusts organization A. An administrator in organization B must edit each user from organization A and grant the permissions desired for that user from organization A. Users in organization A may log into organization B and will have access to organization B in accordance with the permissions granted in organization B.

      Only users with administrator permissions in the same organization as the target user account may perform user account management functions: unlock, deactivate, activate, reset, and delete. The last administrator may not be removed from a linked organization. Only users with administrator permissions in the organization in which permissions are to be granted may grant permissions to a user account. The role of NoAccess is initially applied to all users from linked organizations. All permissions for a user from a linked organization in a target organization may be removed with a single click, which restores the NoAccess role.

      Note: To unlock, deactivate, activate, reset, or delete a user account, a user must have administrator permission to the organization in which the user account was created. To grant permissions for any user account visible in an organization, a user must have administrator permission to the organization to which permissions will be granted. For all other actions, users may perform actions in accordance with permissions granted in that organization.

      The home organization is the organization in which the user account is defined. The target organization is the organization in which the user attempts access.

      Users from linked organizations may log into either their original organization or any linked organization. With linked organizations, the authentication method used is that required by the organization to which the user is requesting access. A user, whose home organization requires password authentication, attempts to access an organization that requires certificate-based authentication; the user will be prompted for a certificate. Conversely, a user, whose home organization requires certificate-based authentication, attempts to access an organization that requires password authentication; the user will be prompted for a password. Password policy is controlled by the home organization; multi-factor and certificate authentication is controlled by the target organization.

      Within Infinicenter Console, the Users tab displays users from its organizations and all linked organizations as selected by the user. Users with access to multiple organizations establish different preferences for each organization; selections for one organization are maintained separately from those of any other organization.

      Users have VPN access to all organizations to which they have access.

      1.5. Enterprise Cloud Infinicenter Console

      Enterprise Cloud
      Infinicenter Console

      The Enterprise Cloud combines the power and flexibility of infrastructure-as-a-service with the expertise, security and availability that large organizations with mission-critical computing needs demand of their infrastructure. At the heart of The Enterprise Cloud is Infinicenter Console, an easy-to-use, Web-based management console that provides command and control over a cloud-based pool of computing and networking resources built on a fully clustered, enterprise-class, computing architecture. With the click of a mouse button you can dynamically provision new servers from a dedicated pool of physical resources, including processing, memory, and storage. Select from pre-configured server templates for easy deployment, customize your own for total control, or upload your existing virtual servers. We provide you with a full reporting interface that gives visual feedback to historical resource allocation and utilization. So it’s easy to effectively manage and optimize your server infrastructure.

      Sign In Page

      Upon navigating to the URL for your organization, the Sign In page appears. Enter your User Name and click Continue to enter Infinicenter Console. See Login to Infinicenter Console for the next steps for logging in.

      Top Menu

      At the top of every page within Infinicenter Console is the top menu. The current top menu selection is highlighted. The user's name and organization are presented on the left of the menu.

      Environments

      Select Environments to manage your Enterprise Cloud servers and networks. For more information go to Environments.

      My Account

      Select My Account to administer your Enterprise Cloud organization, such as users and catalog. For more information go to My Account.

      Help

      Select Help on the top menu to open the help choices. Select Contact Us to open a new browser window to view the support contact information article of the Enterprise Cloud knowledgebase. Select Support to open a new browser window to the Enterprise Cloud knowledgebase. Among the many topics is the Infinicenter Console.

      Sign Out

      Select Sign Out and your session with Infinicenter Console will close and return to the Sign In page.

      1.5.1. Environments

      Environments

      An environment contains the resources required to create networks and servers. An Enterprise Cloud account can have one or more environments, each environment can have one or more compute pools. Environments contain network resources and compute pools contain processor, memory, and storage resources. Each compute pool can have a combination of servers configured to fit the needs of your enterprise. The Enterprise Cloud Environments screen allows you to open each of your assigned environments to monitor and manage the devices and networks in each environment.

      Navigate

      To navigate on the Enterprise Cloud:

      1. Click Environments.
      2. Select an Environment.
      3. Select a compute pool, if desired.
      4. Select All Compute Pools for an aggregated view.
      5. Select a resource tab.
      6. Click view alerts icon to view resource alerts.

      Environment List

      If you have multiple environments, you can click on the Environment drop-down box to select an environment to view or update, from the list of environments. You can also choose to open each environment in a separate browser.

      Compute Pool Tabs

      Note: Networks are an environment resource; therefore, compute pool tabs are not visible from the Network tab of Environments.

      If an environment has more than one compute pool, the Resources tab and Devices tab of Environments has a special All Compute Pools tab. All Compute Pools tab consolidates information for all compute pools in the environment onto one tab. See Compute Pools for more information.

      If an environment has more than four compute pools, the Environment has navigation buttons to move between the compute pool tabs:

      • Click the left double chevron, compute pools navigate previous page icon, to move compute pool tabs left one page.
      • Click the left single chevron, compute pools navigate previous icon, to move compute pool tabs left one tab.
      • Click the right single chevron, compute pools navigate next icon, to move compute pool tabs right one tab.
      • Click the right double chevron, compute pools navigate next page icon, to move compute pool tabs right one page.

      Resource Tabs

      To view a resource, you can select the particular resource from the resource tabs. Available resource choices are:

      • Resources - Dashboard summary of resource utilization and the task history.
      • Devices - View and administer device resources.
      • Network - View and administer network resources.
      • Cloud Services - View and administer cloud services.

      Resource Alerts

      An organization can monitor certain events within the environment and upon an event, when thresholds are crossed, have an email alert sent to a list of email addresses. See Resource Alerts for more information.

      1.5.1.1. Compute Pools

      Compute Pools

      A Compute pool is a pool of processor, memory, and storage resources associated with an environment and provisioned from a cluster. The customer allocates processor and memory resources from their compute pool to their virtual machines. An environment can contain more than one compute pool, affording greater scalability within an environment.

      Compute pools are one of two types based on how resources are allocated to the virtual machines. In reserved compute pools, the customer purchases and allocates required resources for their virtual machines. In instance-based compute pools, IBM manages required resources on behalf of the customer for their virtual machines.

      IBM creates and names the compute pools on behalf of the organization, the organization can suggest a name for their compute pools. Organization can create Instance-based compute pools in their environment.

      If an environment has multiple compute pools, you can click on a specific compute pool tab to view or update the compute pool.

      Note: Networks are an environment resource; therefore compute pool tabs are not visible from the Network tab of Environments.

      If an environment has more than one compute pool, the Resources tab and Devices tab of Environments has a special All Compute Pools tab. All Compute Pools tab consolidates information for all compute pools in the environment onto one tab. Reserved compute pools can be identified using their name in black font. Instance-based compute pools can be identified using their name in green font.

      You can perform the following activities:

      1.5.1.1.1. Rename a Compute Pool

      Rename a Compute Pool

      An environment can have more than one compute pool. Unless you give the implementation team an alternative name before they create your first environment, the name of the first compute pool is Default Compute Pool. The service manager names the subsequent compute pools when the environment is upgraded.

      However, you can change the name of any compute pool within the Environment.

      Note: The tab labeled All Compute Pools is an aggregation tab within Infinicenter Console and can not be renamed.

      1. On the Devices tab, click a compute pool.
      2. The Selection Menu for compute pool appears.

      3. Click Administrative Tasks.
      4. Click Rename.
      5. The Rename Compute Pool dialog appears.

      6. Type a new Name.
      7. Click Save.
      1.5.1.1.2. Add an Instance-Based Compute Pool

      Add an Instance-Based Compute Pool

      A compute pool is a pool of processor, memory, and storage resources associated with an environment. The customer allocates processor and memory resources from their compute pool to their virtual machines. An environment can contain more than one compute pool, affording greater scalability within an environment.

      Compute pools are one of two types based on how resources are allocated to the virtual machines. In reserved compute pools, customers purchase and manage resources for their virtual machines. In instance-based compute pools, IBM allocates and manages the required resources for virtual machines.

      You can only add instance-based compute pools.

      Note: You cannot create a compute pool in primary and backup disaster recovery environments.

      1. Either on the Resources tab or on the Devices tab, click Add New.
      2. The Add Instance Based Compute Pool dialog appears.

      3. Type a Compute Pool Name.
      4. Select to agree to the Terms and Conditions.
      5. Type your Signature.
      6. Note: Signature must match your full name as presented in the watermark.

      7. Click Save.
      1.5.1.1.3. Delete an Instance-Based Compute Pool

      Delete an Instance-Based Compute Pool

      A compute pool is a pool of processor, memory, and storage resources associated with an environment. The customer allocates processor and memory resources from their compute pool to their virtual machines. An environment can contain more than one compute pool, affording greater scalability within an environment.

      Compute pools are one of two types based on how resources are allocated to the virtual machines. In reserved compute pools, the customer purchases and allocates required resources for their virtual machines. In instance-based compute pools, IBM manages required resources on behalf of the customer for their virtual machines.

      You can only delete instance-based compute pools.

      1. On the Devices tab, click a compute pool.
      2. The Selection Menu for compute pool appears.

      3. Click Delete.
      4. The Confirmation dialog appears.

      5. Click OK.
      1.5.1.1.4. Migrate Virtual Machines Between Compute Pools; Unassisted

      Migrate Virtual Machines Between Compute Pools; Unassisted

      Organizations can migrate virtual machines between compute pools without assistance from Global Support Services. Organizations that desire assistance from Global Support Services in migrating the settings, see Migrate Virtual Machines; Assisted.

      The anticipated use case for migrating virtual machines between compute pools is for organizations that wish to change an existing reserved compute pool into an instance-based compute pool. This article exemplifies this use case. However, this procedure does not preclude migrations between two reserved compute pools, between two instance-based compute pools, or from an instance-based compute pool to a reserved compute pool.

      This procedure imposes two limitations:

      • The two compute pools must be in the same environment.
      • Potential billing adjustments can occur in the month in which the migration occurs or the following month.

      Prerequisites

      The organization must create and sign a contract with sales or client services for an instance-based compute pool and establish the discount tier for billing.

      Enterprise Cloud must create a new, instance-based compute pool in the same environment as the existing reserved compute pool.

      Copy the Virtual Machines

      The virtual machines can be copied in two ways.

      Copy Between Compute Pools

      The organization can choose to copy the virtual machines between compute pools. The copy identical creates the copied virtual machine configured with the IP address of the source virtual machine, which causes address conflicts on the network if both source and copied virtual machines are powered on. However, the IP address is not assigned to the copied virtual machine in the Enterprise Cloud configuration database or Infinicenter Console; this is a deliberate design feature. Once the organization copies identical virtual machines, the organization must migrate the services and settings between the two virtual machines.

      Copy the Virtual Machines to the Destination Compute Pool

      Navigate to the source reserved compute pool in Infinicenter Console.

      For each virtual machine in the source reserved compute pool:

      1. Shut down the source virtual machine.
      2. Rename the source virtual machine in Infinicenter Console to free the virtual machine names for the new compute pool and to enable rollback, if needed.
      3. Copy each virtual machine in the source reserved compute pool identically to the destination compute pool.
      4. Note: If snapshots are enabled on a virtual machine, the copy identical creates the new virtual machine from the current state of the virtual machine. Snapshots are not copied.

      5. Record the new name of the source virtual machine.
      6. Note: Retain the source virtual machine in the source reserved compute pool to enable rollback, if needed.

      Create Inventory

      Create an inventory of the virtual machines to migrate. The inventory must include:

      • Name of the source reserved compute pool.
      • Name of source virtual machines.
      • Name of destination instance-based compute pool.
      • Name of destination virtual machines.

      Continue with Migrate Services and Settings.

      Move Through VM Catalog

      The organization can choose to move the source virtual machines through the VM Catalog. This method is always available to the organization.

      Copy the Virtual Machines to VM Catalog

      Navigate to the source reserved compute pool in Infinicenter Console.

      For each virtual machine in the source reserved compute pool:

      1. Shut down the source virtual machine.
      2. Copy each virtual machine in the source reserved compute pool to the VM Catalog.
      3. Note: If snapshots are enabled on a virtual machine, the copy identical creates the new virtual machine from the current state of the virtual machine. Snapshots are not copied.

      4. Rename the source virtual machine in Infinicenter Console to free the virtual machine name for the create procedure.
      5. Note: Retain the source virtual machine in the source reserved compute pool and enable rollback, if needed.

      6. Record the new name of the source virtual machine.
      7. Record the row and group of the source virtual machine.

      Create the Virtual Machines from VM Catalog

      Navigate to the destination instance-based compute pool in Infinicenter Console.

      For each catalog item created from the source reserved compute pool:

      1. Create each destination virtual machine from the VM Catalog in the row and group of the source virtual machine.
      2. Console connect to the new virtual machine and ensure that the proper network and IP settings are configured in new virtual machine.
      3. Record the name of the new virtual machine.

      Create Inventory

      Create an inventory of the virtual machines to migrate. The inventory must include:

      • Name of the source reserved compute pool.
      • Name of source virtual machines.
      • Name of destination instance-based compute pool.
      • Name of destination virtual machines.

      Continue with Migrate Services and Settings.

      Migrate Services and Settings

      You must have the inventory of virtual machines to migrate, which you created when you copied the virtual machines.

      Remove Services Associated with Source Virtual Machines

      In the source compute pool, remove services in which the source virtual machines participate.

        Remove Firewall Logging

      1. Go to Environments > Network > Security Services.
      2. Click Firewall Log.
      3. On the Firewall Log Server Location dialog, check if the firewall log is sent to any IP address on the inventory.
      4. If the firewall log is sent to an IP address on the inventory, record the IP address to configure.
      5. If the firewall log is sent to an IP address on the inventory, select None and then click Save to stop sending the firewall log to that virtual machine or configure a different IP address.
      6. Remove Device RNATs

      7. Go to Environments > Network > Internet Services.
      8. Click Configure RNATs.
      9. Click Device RNATs.
      10. Search the list of device RNATs for the any IP address of any source virtual machine.
      11. For each device RNAT found for an IP address on the inventory, record the source virtual machine IP address and associated public IP address so you can create the device RNAT for the destination virtual machine.
      12. For each device RNAT found for an IP address on the inventory, remove the device RNAT for the source virtual machine.
      13. Remove Custom Firewall Rules

      14. Go to Environments > Network > Security Services.
      15. Click Export to download a copy of all firewall rules to a spreadsheet.
      16. Search the list of firewall rules for custom firewall rules where the source or destination is a device IP address and the device IP address is an IP address on any source virtual machine.
      17. For each such firewall rule found, record the firewall rule so you can create the firewall rule for the destination virtual machine.
      18. For each such firewall rule found, delete the firewall rule for the source virtual machine.
      19. Remove Node Services

      20. Go to Environments > Network > Internet Services.
      21. Click each public IP address and click Print to print the node services for that public IP address.
      22. Search the node services for any IP address on any source virtual machine.
      23. For each node service found, record the node name, device (virtual machine) name, IP address, protocol, and port of each node service so you can create the node service for the destination virtual machine.
      24. For each node service found, remove the node service for the source virtual machine.

      Remove Settings on Source Virtual Machines

      For each source virtual machine on the inventory, remove the virtual machine settings.

        Navigate to Virtual Machine

      1. Go to Environments > Devices.
      2. Click the desired virtual machine.
      3. Remove Snapshots

        Note: If snapshots are enabled on a virtual machine, the copy identical or copy to VM Catalog creates the new virtual machine from the current state of the virtual machine. Snapshots are not copied.

      4. Click Administrative Tasks.
      5. Click Snapshots.
      6. If Enabled is selected, record the configuration to enable snapshots on the destination virtual machine; if Enabled is not selected, snapshots are not configured.
      7. Remove Cloud Services

      8. Click Cloud Services.
      9. For each cloud service:

      10. Click the cloud service.
      11. Click Edit Configuration, if available, and record the configuration to add cloud services on the destination virtual machine; if Edit Configuration is not available, cloud services are not configured.
      12. Click Cloud Services.
      13. Click the cloud service again.
      14. Click Remove Configuration, if available; if Remove Configuration is not available, cloud services are not configured.
      15. Remove IP Addresses

      16. Click Administrative Tasks.
      17. Click Manage IPs.
      18. Select all the assigned IP addresses on the source virtual machine and remove the IP addresses on the source virtual machine.

      Add Settings on Destination Virtual Machines

      For each destination virtual machine on the inventory, add the virtual machine settings.

        Navigate to Virtual Machine

      1. Go to Environments > Devices.
      2. Click the desired virtual machine.
      3. Add IP Addresses

      4. Add the IP addresses from the inventory to the destination virtual machine.
      5. Add Cloud Services

      6. If cloud services were configured on the source virtual machine, add the cloud services as described under Cloud Services to the destination virtual machine using the configuration recorded earlier.
      7. Add Snapshots

        Note: If snapshots are enabled on a virtual machine, the copy identical or copy to VM Catalog creates the new virtual machine from the current state of the virtual machine. Snapshots are not copied.

      8. If snapshots were enabled on the source virtual machine, enable snapshots on the destination virtual machine using the configuration recorded earlier.

      Add Services Associated with Destination Virtual Machines

      For the destination compute pool, add services on the destination virtual machines.

        Add Node Services

      1. For each node service recorded earlier, create the node service for the destination virtual machine using the configuration recorded earlier.
      2. Add Custom Firewall Rules

      3. For each custom firewall rule recorded earlier, add the allow or deny firewall rule for the destination virtual machine using the configuration recorded earlier.
      4. Add Device RNATs

      5. For each device RNAT recorded earlier, add the device RNAT for the destination virtual machine using the configuration recorded earlier.
      6. Add Firewall Logging

      7. If the firewall log was sent to an IP address on the inventory, configure a server to receive the firewall log using the IP address recorded earlier.

      Test Destination Virtual Machines

      1. Test each destination virtual machine.
      2. Test the services associated with each destination virtual machine.

      Delete Source Virtual Machines and Catalog Items

      1. Delete the source virtual machines renamed in step 2 of Copy the Virtual Machines to the Destination Compute Pool or step 2 of Copy the Virtual Machines to VM Catalog earlier.
      2. Note: Failure to remove the source virtual machines (or, alternatively, change the IP addresses) will result in duplicate IP address errors.

      3. Delete the catalog items created in step 1 of Copy the Virtual Machines to VM Catalog earlier, if desired.
      1.5.1.1.5. Migrate Virtual Machines Between Compute Pools; Assisted

      Migrate Virtual Machines Between Compute Pools; Assisted

      Organizations can migrate virtual machines between compute pools with assistance from Global Support Services in migrating the settings. Organizations that wish to migrate without assistance, see Migrate Virtual Machines; Unassisted.

      Note: Arrange with Global Support Services for assistance before proceeding.

      The anticipated use case for migrating virtual machines between compute pools is for organizations that wish to change an existing reserved compute pool into an instance-based compute pool. This article exemplifies this use case. However, this procedure does not preclude migrations between two reserved compute pools, between two instance-based compute pools, or from an instance-based compute pool to a reserved compute pool.

      This procedure imposes two limitations:

      • The two compute pools must be in the same environment.
      • Potential billing adjustments can occur in the month in which the migration occurs or the following month.

      Prerequisites

      The organization must create and sign a contract with sales or client services for an instance-based compute pool and establish the discount tier for billing.

      IBM must create a new, instance-based compute pool in the same environment as the existing reserved compute pool.

      Copy the Virtual Machines

      The virtual machines can be copied two ways.

      Copy Between Compute Pools

      The organization can choose to copy the virtual machines between compute pools. The copy identical creates the copied virtual machine configured with the IP address of the source virtual machine, which causes address conflicts on the network if both source and copied virtual machines are powered on. However, the IP address is not assigned to the copied virtual machine in the Enterprise Cloud configuration database or Infinicenter Console; this is a deliberate design feature. Once the organization copies identical the virtual machines, the organization must migrate the services and settings between the two virtual machines.

      Copy the Virtual Machines to the Destination Compute Pool

      Navigate to the source reserved compute pool in Infinicenter Console.

      For each virtual machine in the source reserved compute pool:

      1. Shut down the source virtual machine.
      2. Rename the source virtual machine in Infinicenter Console to free the virtual machine names for the new compute pool and to enable rollback, if needed.
      3. Copy each virtual machine in the source reserved compute pool identically to the destination compute pool.
      4. Note: If snapshots are enabled on a virtual machine, the copy identical creates the new virtual machine from the current state of the virtual machine. Snapshots are not copied.

      5. Record the new name of the source virtual machine.
      6. Note: Retain the source virtual machine in the source reserved compute pool to enable rollback, if needed.

      Create Inventory

      Create an inventory of the virtual machines to migrate. The inventory must include:

      • Name of the source reserved compute pool.
      • Name of source virtual machines.
      • Name of destination instance-based compute pool.
      • Name of destination virtual machines.

      Continue with Migrate Services and Settings.

      Move Through VM Catalog

      The organization can choose to move the source virtual machines through the VM Catalog. This method is always available to the organization.

      Copy the Virtual Machines to VM Catalog

      Navigate to the source reserved compute pool in Infinicenter Console.

      For each virtual machine in the source reserved compute pool:

      1. Shut down the source virtual machine.
      2. Copy each virtual machine in the source reserved compute pool to the VM Catalog.
      3. Note: If snapshots are enabled on a virtual machine, the copy identical creates the new virtual machine from the current state of the virtual machine. Snapshots are not copied.

      4. Rename the source virtual machine in Infinicenter Console to free the virtual machine name for the create procedure.
      5. Note: Retain the source virtual machine in the source reserved compute pool and enable rollback, if needed.

      6. Record the new name of the source virtual machine.
      7. Record the row and group of the source virtual machine.

      Create the Virtual Machines from VM Catalog

      Navigate to the destination instance-based compute pool in Infinicenter Console.

      For each catalog item created from the source reserved compute pool:

      1. Create each destination virtual machine from the VM Catalog in the row and group of the source virtual machine.
      2. Console connect to the new virtual machine and ensure that the proper network and IP settings are configured in new virtual machine.
      3. Record the name of the new virtual machine.

      Create Inventory

      Create an inventory of the virtual machines to migrate. The inventory must include:

      • Name of the source reserved compute pool.
      • Name of source virtual machines.
      • Name of destination instance-based compute pool.
      • Name of destination virtual machines.

      Continue with Migrate Services and Settings.

      Migrate Services and Settings

      Provide Enterprise support with the inventory of virtual machines to migrate created in Copy the Virtual Machines.

      Test Destination Virtual Machines

      1. Test each destination virtual machine.
      2. Test the services associated with each destination virtual machine.

      Delete Source Virtual Machines and Catalog Items

      1. Delete the source virtual machines renamed in step 2 of Copy the Virtual Machines to the Destination Compute Pool or step 2 of Copy the Virtual Machines to VM Catalog earlier.
      2. Note: Failure to remove the source virtual machines (or, alternatively, change the IP addresses) will result in duplicate IP address errors.

      3. Delete the catalog items created in step 1 of Copy the Virtual Machines to VM Catalog earlier, if desired.
      1.5.1.2. Resources Tab

      Resources Tab

      The Resources tab enables you to evaluate the resource usage and capacity of the servers in an environment and track the status of server tasks.

      All Compute Pools Tab

      1. Click Resources tab.
      2. Click All Compute Pools tab.
      3. Select an activity.

      Select Summary to view the dashboard of gauges as discussed in Summary Tab.

      Select Usage to view the resource utilization report as discussed in Usage Tab.

      Burst state is represented by the appearance of the buttons used to enable or disable resource bursting as discussed in Resource Bursting.

      Task History is a list of events that have occurred in the environment as discussed in Task History.

      Specific Compute Pools Tab

      If you select a specific compute pool, rather than All Compute Pools, additional tabs become available.

      1. Select a specific compute pool.
      2. Select an activity.

      Select Summary to view the dashboard of gauges as discussed in Summary Tab.

      Select Storage Details to view the storage usage as discussed in Storage Details Tab.

      Select Graphs to view a visual representation of historical resource usage as discussed in Graphs Tab.

      Task History is a list of events that have occurred in the environment as discussed in Task History.

      1.5.1.2.1. Summary Tab

      Summary Tab

      The Summary tab displays summary of resource utilization information. Gauges graphically present the total processor and memory utilization. The display differs slightly between the tab for all compute pools and the tab for a specific compute pool and between reserved compute pools and instance-based compute pools.

      For reserved compute pools, the gauges present the portion of resources consumed by your virtual machines compared to the total resources purchased. For instance-based compute pools, the gauges present the portion of resources consumed by your virtual machines compared to the total resources allocated. The utilization graphs changes over time as your consumption, purchases, and allocations of resources change. Resources consumed are the 95th percentile of consumption.

      Around the gauges are resources consumed, allocated, and purchased.

      • Consumed resources – in use in all active virtual machines.
      • Allocated resources – sum of resources defined within all created virtual machines.
      • Purchased resources – purchased by the organization.

      Beneath the gauges are several ratios:

      • Virtual processing units – in use in active virtual machines versus total, in all created virtual machines.
      • Virtual Machines – active virtual machines versus all created virtual machines.
      • Storage – storage used by all created virtual machines versus purchased storage.

      Note: On instance-based compute pools, no storage is purchased; therefore, only the storage used by all created virtual machines is shown.

      The final element in the summary utilization is the burst mode button, one each for processor and memory. For more information on Burst mode, see Resource Bursting.

      Resource Utilization in All Compute Pools Tab

      Reserved Compute Pools

      For Reserved compute pools:

      1. Click All Compute Pools.
      2. Click Reserved compute pool.
      3. Click All VMs or Active VMs to calculate allocated resources.

      The utilization information presented includes:

      • One set of gauges, processor and memory, per compute pool.
      • Allocated and purchased resources.
      • Buttons to enable or disable burst mode.
      • Environment processor, memory, virtual processing units, and virtual machine usage: Active versus Total.
      • Environment storage: Used versus Purchased.

      Instance-Based Compute Pools

      For Instance-Based compute pools:

      1. Click All Compute Pools.
      2. Click Instance based compute pool.
      3. Click All VMs or Active VMs to calculate allocated resources.

      The utilization information presented includes:

      • One set of gauges, processor and memory, per compute pool.
      • Allocated resources.
      • No buttons for burst mode; burst mode is not available for instance-based compute pools.
      • Environment processor, memory, virtual processing units, and virtual machine usage: Active versus Total.
      • Environment storage: Used only.

      Resource Utilization in a Specific Compute Pool Tab

      Reserved Compute Pools

      For resource utilization in a specific compute pool tab:

      1. Select a specific reserved compute pool.
      2. Click Summary.
      3. Click All VMs or Active VMs to calculate allocated resources.

      The utilization information presented includes:

      • One set of gauges, processor and memory, for the selected compute pool.
      • Allocated resources.
      • Consumed and purchased resources.
      • Buttons to enable or disable burst mode.
      • Compute pool processor, memory, virtual processing units, and virtual machine usage: Active versus Total.
      • Compute pool storage: Used versus Purchased.

      Instance-Based Compute Pools

      For a specific Instance-Based compute pool:

      1. Select a specific instance-based compute pool.
      2. Click Summary.
      3. Click All VMs or Active VMs to calculate allocated resources.

      The utilization information presented includes:

      • One set of gauges, processor and memory, for the selected compute pool.
      • Allocated resources.
      • Consumed resources only.
      • No buttons for burst mode; burst mode is not applicable to instance-based compute pools.
      • Compute pool processor, memory, virtual processing units, and virtual machine usage: Active versus Total.
      • Compute pool storage: Used only.

      Purchased versus Allocated versus Consumed

      One of the key differentiators of The Enterprise Cloud versus other cloud providers is over-subscription: you can deploy more virtual machines than you purchased resources for. As you allocate more resources, consume more resources, or purchase more resources the gauges will present an accurate state of your environment.

      When a virtual machine is running idle or not using 100% of its allocated processor and memory resources those resources are made available to other running virtual machines or can be deployed to new virtual machines. To achieve the maximum value for your Enterprise Cloud environments, it is ideal to run them near 85% usage at all times.

      See the Difference between purchased, allocated, consumed, and burst resources for a description of the various categories of resources.

      Gauge Features

      Gauges permit a quick view of the processor and memory resource utilization in a compute pool. The gauges are slightly different between reserved compute pools and instance-based compute pools.

      Reserved Compute Pool

      Gauge features of a reserved compute pool:

      • The colored shell around the gauge shows allocated resources as a percentage of purchased resources.
      • The bar shows consumed resources as a percentage of purchased resources.
      • Bursting permits consumed resources over 100% of purchased.

      Instance-Based Compute Pool

      Gauge features of an instance-based compute pool:

      • The colored shell around the gauge shows allocated resources as a percentage of allocated resources; always 100%.
      • The bar shows consumed resources as a percentage of allocated resources.
      • Bursting is not permitted, consumed resources are never over 100% of allocated.

      Gauge States

      The color of the bar on a gauge is a visual indicator of resource utilization. The bar must be in one of four states, each with a distinctive color:

      State Color Utilization Performance
      Normal Gray processor within 0-69%
      memory within 0-64%
      Performance normal
      Warning Yellow processor within 70-84%
      memory within 70-84%
      Performance normal, but warrants careful monitoring
      Error Red processor greater than 85%
      memory greater than 90%
      Performance degraded
      Reserved compute pools: consider purchasing more resources or enabling bursting
      Instance-based compute pools: consider adding virtual machines to the Internet service
      Burst Green processor greater than 0%
      memory greater than 0%
      Performance normal, but charges incurred when exceeding 100%
      Note: Bursting not applicable in instance-based compute pools
      1.5.1.2.1.1. Resource Bursting

      Resource Bursting

      In reserved compute pools, resource bursting allows a compute pool to expand demand beyond purchased resources using a separate, designated pool of host resources. To utilize bursting, the compute pool must be configured for bursting; contact your service delivery manager if you are unsure of the burst configuration for any compute pool. In a compute pool configured for bursting, you can enable or disable bursting for processor or memory from Infinicenter Console.

      In instance-based compute pools, bursting is not needed and is not available. To maintain performance, IBM monitors your virtual machine placement and resources needed.

      Bursting is intended to provide additional resources on a first-demand basis for temporary overage needs. IBM does not recommend reliance on burst utilization for long-term memory or CPU pressure relief; if your environment grows to the point where a permanent increase over the current resource allocation is needed, IBM recommends you to contact your sales representative or your service delivery manager to discuss purchasing additional resources.

      Note: Bursting is not available to trial customers. If you wish to enable the bursting feature please contact your account representative.

      On the Summary tab is a dashboard of resource utilization. On the dashboard are buttons to change the burst state of your reserved compute pool. These buttons also reflect the state of resource bursting.

      On the compute pool tab for a specific compute pool, the buttons reflect state:

      • Enabled: not configured
      • Disabled: not configured
      • Not Configured: not configured

      On the All Compute Pools tab, the buttons reflect state:

      • Enabled: not configured
      • Disabled: not configured
      • Not Configured: not configured

      Note: On All Compute Pools tab, only the tooltip visually, distinguishes a disabled burst mode from an unconfigured burst mode.

      1.5.1.2.1.1.1. Enable Burst Resources

      Enable Bursting

      In reserved compute pools, resource bursting allows a compute pool to expand demand beyond purchased resources using a separate, designated pool of host resources. To utilize bursting, the compute pool must be configured for bursting; contact your service delivery manager if you are unsure of the burst configuration for any compute pool. In a compute pool configured for bursting, you can enable bursting for processor or memory from Infinicenter Console.

      In instance-based compute pools, bursting is not needed and is not available. To maintain performance, IBM monitors your virtual machine placement and resources needed.

      You can enable processor or memory bursting in any compute pool for which bursting is configured. You can enable bursting from either All Compute Pools tab or from a specific compute pool tab.

      Enable Bursting from All Compute Pools Tab

      Note: If enable burst button is gray and the tooltip does not appear, not configured, resource bursting is not enabled for the selected compute pool. Contact your service delivery manager.

      1. Click All Compute Pools.
      2. Click Reserved compute pools.
      3. Click the bursting icon, not configured.
      4. The Confirmation dialog appears.

      5. Click OK.

      Enable Bursting from a Specific Compute Pool Tab

      Note: If enable burst button is dim, not configured, resource bursting is not enabled for the selected compute pool. Contact your service delivery manager.

      1. Select a reserved compute pool.
      2. Click Summary.
      3. Click Enable Burst, not configured.
      4. The Confirmation dialog appears.

      5. Click OK.
      1.5.1.2.1.1.2. Disable Burst Resources

      Disable Bursting

      In reserved compute pools, resource bursting allows a compute pool to expand demand beyond purchased resources using a separate, designated pool of host resources. To utilize bursting, the compute pool must be configured for bursting; contact your service delivery manager if you are unsure of the burst configuration for any compute pool. In a compute pool configured for bursting, you can disable bursting for processor or memory from Infinicenter Console.

      In instance-based compute pools, bursting is not needed and is not available. To maintain performance, IBM monitors your virtual machine placement and resources needed.

      You can disable processor or memory bursting in any compute pool for which bursting is configured. You can disable from either the all Compute Pools tab or from a specific compute pool tab.

      Disable Bursting from All Compute Pools Tab

      1. Click All Compute Pools.
      2. Click Reserved compute pools.
      3. Click the bursting icon, not configured.
      4. The Confirmation dialog appears.

      5. Click OK.

      Disable Bursting from a Specific Compute Pool Tab

      1. Select a reserved compute pool.
      2. Click Summary.
      3. Click Disable Burst, not configured.
      4. The Confirmation dialog appears.

      5. Click OK.
      1.5.1.2.1.1.3. Purchased Versus Burst Resource Usage

      Purchased Versus Burst Resource Usage

      When bursting is enabled, colors on the graph indicate the state of bursting and bursting resource utilization.

      1. Blue graph indicates normal usage.
      2. Purple graph indicates burst usage; not applicable in Instance-based compute pools.
      3. White background indicates usage zone below bursting.
      4. Pink background indicates bursting time interval and usage zone above bursting; not applicable in Instance-based compute pools.
      5. The blue vertical line and legend shows the 95th percentile usage at the time indicated.
      6. Note: Resource utilization is captured every five minutes. The 95th percentile is calculated from the 288 utilization readings of the preceding 24 hours. The 95th percentile is the utilization reading below which 95%, or 273, of the 288 readings fall.

      7. The orange vertical line and legend, if a specific time is selected, indicates usage at the selected time; otherwise it is not shown. To select a time:
        • Click on the graph to view resource utilization at that selected time.
        • Click << to move back one hour.
        • Click < to move back five minutes.
        • Click > to move ahead five minutes.
        • Click >> to move ahead one hour.
      1.5.1.2.1.2. Task History

      Task History

      The task history presents a complete listing of tasks, which are a history of changes to an environment, for up to six months. Tasks are listed whether initiated by a user or programmatically. You can page through a list of tasks spanning multiple pages by clicking on the navigation buttons at the bottom right of the page or you can type a page number to go directly to a specific page. You can filter the tasks in the list by a date range.

      The task Status column has an icon and explanatory text of whether the task is Complete, Running, Queued, Error. For tasks in which the note field is valued, a note icon appears in the Notes column; hover over the note icon and the note appears as a tooltip.

      1. Type or select From and To dates.
      2. Click Icon: calendar to select using the calendar.
      3. Click Filter to filter the task history by the selected date.
      4. Click Export to export the task history as a spreadsheet file.
      5. Click Icon: Resource alerts to page back.
      6. Click Icon: Resource alerts to page forward.
      7. Type a page number to jump to a specific page.

      Note:  You can click on each column header to sort either in ascending or descending order.

      1.5.1.2.2. Storage Details Tab

      Storage Details Tab

      From the Storage Details tab you can monitor your storage usage in any compute pool. Two types of storage usage are presented: virtual machines and detached disks.

      To view storage details:

      1. Select a compute pool.
      2. Click Storage Details.
      1.5.1.2.2.1. Virtual Machine Storage Details

      Virtual Machine Storage Details

      From the Storage Details tab you can monitor your storage usage by virtual machines in any compute pool. Storage usage is presented differently in reserved compute pools than instance-based compute pools. Storage for reserved virtual machines is purchased in advance. Reserved compute pools show usage as a percentage of purchased storage. However, storage for instance-based virtual machines is not purchased in advance, but rather billed by usage. Instance-based compute pools show usage as a percentage of allocated storage.

      Note: You can click on each column header to sort either in ascending or descending order.

      Reserved Compute Pools

      For reserved compute pools:

      1. Click Virtual Machine.
        • Reserved virtual machines and their storage usage appear.
        • Reserved compute pools show % of Purchased.

      Instance-Based Compute Pools

      For instance-based compute pools:

      1. Click Virtual Machine.
        • Instance-based virtual machines and their storage usage appear.
        • Instance-based compute pools show % of Allocated.
      1.5.1.2.2.2. Detached Disk Storage Details

      Detached Disk Storage Details

      From the Storage Details tab you can monitor your storage usage by detached disks in any compute pool. You can also rename or delete any detached disks.

      Note: You can click on each column header to sort either in ascending or descending order.

      View Detached Disk Storage

      To view detached disk storage:

      1. Click Detached.
      2. The detached disks and their storage usage appear.

      Rename a Detached Disk

      To rename a detached disk storage:

      1. Click Detached.
      2. Select a detached disk.
      3. Click Rename.
      4. The Rename Detached Disk dialog appears.

      5. Type a Name.
      6. Type a Description.
      7. Click Save.

      Delete a Detached Disk

      To delete a detached disk:

      1. Click Detached.
      2. Select a detached disk.
      3. Click Delete.
      4. The Confirmation dialog appears.

      5. Click OK.
      1.5.1.2.3. Graphs Tab

      Graphs Tab

      To assist in managing purchased resources, the Graphs tab displays a graph of processor usage over time and memory usage over time. You can select either the past 24 hours or a custom time interval.

      1. Select a specific compute pool.
      2. Click Graphs.
      3. The virtual machine and their processor usage or memory usage graph appears.

      1.5.1.2.3.1. Memory Graph

      Memory Graph

      The Memory graph displays a visual representation of historical memory usage based on resource utilization measurements taken every five minutes. You can select to display the graph for Past 24 Hours or, with Advanced display, a custom time interval.

      Note: When bursting is enabled, colors on the graph indicate the state of bursting as described in Purchased Versus Burst Resource Usage.

      Past 24 Hours

      To see the memory usage for the past 24 hours:

      1. Click Memory.
      2. Click Past 24 Hours.
      3. The virtual machines and their memory usage appear.

        Note: You can click on each column header to sort either in ascending or descending order.

      4. Click Export, to export a comma-separated value (.CSV) file of usage data.
      5. The blue legend shows the 95th percentile usage at the time indicated.

        The orange legend, if you select a specific time, indicates usage at the selected time. If you do not select a specific time, indicates the same time as the blue legend.

      6. Click at a specific time on the graph.
      7. Click >> to advance one hour.
      8. Click > to advance five minutes.
      9. Click < to go back five minutes.
      10. Click << to go back one hour.
      11. The orange legend indicates usage at the selected time.

      Advanced

      To see the memory usage using the advanced option:

      1. Click Memory.
      2. Click Advanced.
      3. Select a Date Range.
      4. Note: If you select Custom date range, type or select From and To dates.

      5. Select Devices.
      6. Click Apply to display the graph.
      7. The graphs displays for the selected time interval with the time increment used.

      1.5.1.2.3.2. Processor Graph

      Processor Graph

      The Processor graph displays a visual representation of historical processor usage based on resource utilization measurements taken every five minutes. You can select to display the graph for Past 24 Hours or, with Advanced display, a custom time interval.

      Note: When bursting is enabled, colors on the graph indicate the state of bursting as described in Purchased Versus Burst Resource Usage.

      Past 24 Hours

      To see the processor usage for the past 24 hours:

      1. Click Processor.
      2. Click Past 24 Hours.
      3. The virtual machines and their processor usage appear.
      4. Note: You can click on each column header to sort either in ascending or descending order.

      5. Click Export, to export a comma-separated value (.CSV) file of usage data.
      6. The blue legend shows the 95th percentile usage at the time indicated.

        The orange legend, if you select a specific time, indicates usage at the selected time. If you do not select a specific time, indicates the same time as the blue legend.

      7. Click at a specific time on the graph.
      8. Click >> to advance one hour.
      9. Click > to advance five minutes.
      10. Click < to go back five minutes.
      11. Click << to go back one hour.
      12. The orange legend indicates usage at the selected time.

      Advanced

      To see the processor usage using the advanced option:

      1. Click Processor.
      2. Click Advanced.
      3. Select a Date Range.
      4. Note: If you select Custom date range, type or select From and To dates.

      5. Select Devices.
      6. Click Apply to display the graph.
      7. The graphs displays for the selected time interval with the time increment used.

      1.5.1.2.4. Usage Tab

      Usage Tab

      The Usage tab displays utilization of all your resources across environments.

      Current

      You can view the utilization of resources on any given day based on the CPU usage, memory, and storage.

      1. Click Current.
      2. Select an environment.
      3. Click Apply.
      4. The system displays the resource utilization report for the selected environment.

      5. Click Export, to export a comma-separated value (.CSV) file of resource utilization.

      Advanced

      You can view the resource utilization for a particular virtual machines tags. For this, the resource utilization of all the virtual machines with specified tags is considered based on the current consumption and allocation at the time of requesting for the report.

      1. Click Advanced.
      2. Select an environment.
      3. Select a Date Range.
      4. Note: If you select Custom date range, type or select From and To dates.

      5. Select the Tags.
      6. Click Apply to display the graph.
      7. The system displays the resource utilization report for a particular period of days and tags for the selected environment.

      8. Click Export, to export a comma-separated value (.CSV) file of resource utilization for the specific period of days and tags.
      1.5.1.3. Devices Tab

      Devices Tab

      On the Devices tab, you create, modify, and organize virtual machines, and physical devices; manage the visual layout; and connect to servers.

      Review the visual features of the Devices tab on Layout.

      Navigate to Devices Tab

      1. Click Devices.
      2. Select a compute pool.
      3. Note: Reserved compute pools can be identified using their name in black font. Instance-based compute pools can be identified using their name in green font.

      Layout Menu

      At the top of the Devices tab is a fixed menu for tasks related to the entire layout.

      Selected Pane

      At the bottom of the Devices tab is the Selected Pane with a menu on which the tasks vary depending on the specific layout feature you select. Features include: compute pools, rows, groups, virtual machines, and physical devices. The menu is sensitive to context, the available menu items vary by the feature selected and the state of that feature. See Selected Pane of Layout for all the menus.

      1.5.1.3.1. Layout

      Layout

      Introduction

      You can logically organize the layout of your environment using the Devices tab. Two logical containers are available: rows and groups. The layout contains one or more rows; rows contain one or more groups. Each device must be located in a row and group.

      You can create rows and groups, rename rows and groups, and delete rows and groups as needed. The meaning of row and group names is at the discretion of the organization.

      You can move a row up or down on the layout and groups can be ordered higher or lower in a row. Rows and groups are defined at the environment level and therefore you can see them on every compute pool tab. You can hide empty rows and groups to reduce information presented on the layout.

      Layout Visual Features

      The layout on the Devices tab is rich in visual information. You can switch the layout between Icon view for a more visual format and List view for a more textual format.

      You can select which environment (if you have multiple environments) and which compute pool in that environment (if you have multiple compute pools) when you first arrive at the Devices page. You can also choose between Icon view and List view when you first arrive at the Devices page. You can select your preferences from My Accounts.

      You can choose between the Icon view, Icon: Icon View, and the List view, Icon: List View, in the upper right corner.

      You can Filter Devices to limit the devices displayed on the layout. You can filter by name, power state, device type, operating system, network, or tags. Name can be an explicit name or a substring within the device names; both are case-insensitive.

      You can export the device list, with any device filter applied, as a spreadsheet file.

      The Selected pane displays the actions available to the selection. The Details tab of the Selected pane displays information regarding the selected row, group, or device. The Tags tab of the Selected pane displays the tags assigned to a device. The arrow on the right expands or collapses the the Selected pane. The padlock indicates whether a device is in a security group: locked, Icon: padlock closed, indicates the device is in one or more security groups and unlocked, Icon: padlock open, indicates the device is not in any security groups.

      Icon View

      The Icon view of the layout presents devices as icons inside groups assembled within rows. The Selected pane presents more information regarding the selected item. Expand, Icon: pane expand, or collapse, Icon: pane collapse, the Selected pane to view or hide details regarding the selected item.

      Rows are shown with dark gray bands (not selected) or yellow (selected) with the row name on the left. Groups are shown with light gray bands (not selected) or yellow (selected) over the included devices with the group name centered. Device icons present information about the device:

      • Physical devices are dark gray with stripes. The power light is indiscriminate as the power state is not monitored by the system.
      • Powered on virtual machines are medium gray and the power light is lit blue.
      • Powered off virtual machines are light gray and the power light is dark.
      • Virtual machines in a transition state, perhaps being created or powering off, are light gray with a spinning wheel.
      • Virtual machines copying have a small, animated arrow to an icon representing to where they are copying, the catalog or another device.

      List View

      The List view presents more information on the layout than the Icon view regarding each device. The Selected pane presents more information regarding the selected item. Expand, Icon: pane expand, or collapse, Icon: pane collapse, the Selected pane to view or hide details regarding the selected item.

      Rows are shown by dark gray bands with the row name on the left. Groups are shown with light gray bands with the group name indented on the right. Devices are present with textual information with a bullet representing their state:

      • Physical devices have gray bullets.
      • Powered on virtual machines have green bullets.
      • Powered off virtual machines have red bullets.
      • Virtual machines in a transition state, perhaps being created or powering off, have spinning wheels.

      Selected Pane

      Depending upon the object you select; the information varies in the Selected pane. Additionally, when you select devices, the selected pane has two tabs, Details and Tags.

      Select a Compute Pool

      When you select a compute pool, the Selected pane presents actions available for a compute pool.

      Note:

      • If you select a reserved compute pool, Delete and View price List actions are not available.
      • If you select an instance-based compute pool which contains devices, Delete action is not available.

      Select a Row

      When you select a row, the Selected pane presents actions available for a row and the following information regarding the row:

      • Number of devices in all groups in the row.
      • Number of groups in the row.

      Note:

      • On tabs other than the All Compute Pools tab, the only actions available for rows are Create Row and Rename.
      • If you select a row at the top of the layout, Move Up is not available.
      • If you select a row at the bottom of the layout, Move Down is not available.
      • If you select a row containing groups, Delete Row is not available.

      Select a Group

      When you select a group, the Selected pane presents actions for a group and the number of devices in the group.

      Note:

      • On tabs other than the All Compute Pools tab, the only actions available for groups are Create Group and Rename.
      • If you select a group at the top left of the row in the icon view or the top of the row in the list view, Order Higher is not available.
      • If you select a group at the bottom right of the row in the icon view or the bottom of the row in the list view, Order Lower is not available.
      • If you select a group containing devices, Delete Group is not available.

      Details Tab: Select a Virtual Machine

      Powered Off

      When you select a virtual machine and if it is powered off, the Selected pane presents actions available for the virtual machine and click the Details tab to present the following information regarding the virtual machine:

      • Detected IP(s) – Always blank when powered off.
      • MAC Address – Hardware address of the first virtual network interface card.
      • Processors – Number of processors in the virtual machine.
      • Memory – Amount of memory in the virtual machine.
      • Storage – Total storage of all attached disks to the virtual machine.
      • Operating System – Operating system assigned to the virtual machine when created.
      • Licensed By – Who provided the operating system license, Service Provider (IBM) or Customer.
      • Licensing Costs – Total cost of all licenses provided by IBM.
      • Type – Type of source for virtual machine, Template or Custom.
      • Active Tasks – Number of active tasks against the virtual machine.
      • VMware Tools Status – Always Not Running when powered off.
      • Compute Pool – Compute Pool in which the virtual machine is located.
      • Hardware Version – Appears only if the hardware version is not current and available only when powered off.
      • Customization Pending – True if the virtual machine has never been powered on and customization of the operating system is needed.

      Note: When the virtual machine is powered off:

      • Change of power state is Power On.
      • Connect is not available.
      • IP addresses cannot be detected and are not shown.
      • The state of VMware Tools cannot be determined and is valued with the power state of the virtual machine, Not Running, instead.

      Powered On

      When you select a virtual machine and if it is powered on, the Selected pane presents actions available for the virtual machine and click the Details tab to present the following information regarding the virtual machine:

      • Detected IP(s) – Shows the IP address of the first virtual network interface card.
      • MAC Address – Hardware address of the first virtual network interface card.
      • Processors – Number of processors in the virtual machine.
      • Memory – Amount of memory in the virtual machine.
      • Storage – Total storage of all attached disks to the virtual machine.
      • Operating System – Operating system assigned to the virtual machine when created.
      • Licensed By – Who provided the operating system license, Service Provider (IBM) or Customer.
      • Licensing Costs – Total cost of all licenses provided by IBM.
      • Type – Type of source for virtual machine, Template or Custom.
      • Active Tasks – Number of active tasks against the virtual machine.
      • VMware Tools Status – Not Installed, Out-of-Date, or Current.
      • Compute Pool – Compute Pool in which the virtual machine is located.
      • Hardware Version – Appears only if the hardware version is not current and unavailable when powered on.
      • Customization Pending – Always False when powered on.

      Note: When the virtual machine is powered on:

      • Change of power state is Shut Down.
      • Copy and Delete are not available.
      • IP addresses can be detected and the first is shown.
      • Customization occurs the first time a virtual machine is powered on, therefore Customization Pending is always False.

      Details Tab: Select a Physical Server

      When you select a physical server, the Selected pane presents actions available for a physical server and click the Details tab to present the following information regarding the physical server:

      • Model.
      • Serial Number.
      • Lights-Out IP – IP address for the lights-out management module in the physical server.
      • Operating System.
      • Licensed By – Who provided the operating system license, Service Provider (IBM) or Customer.
      • Licensing Costs – Total cost of all licenses provided by IBM.

      Details Tab: Physical Router Selected

      When you select a physical router, the Selected pane presents actions available for a physical router and click the Details tab to present the following information regarding the physical router:

      • Classification – Router application: Circuit or VPN.
      • Model.
      • Serial Number.
      • Inside IP – IP address for each subnet on the private side of the router.
      • Outside IP – IP address for each network on the public side of the router.

      Details Tab: Select a High-Availability (HA) Router

      When you select a HA router, the Selected pane presents actions available for a HA router and select the Details tab to present the following information regarding the HA router:

      • Classification – Router application: HA Circuit or HA VPN.
      • Model.
      • Serial Number (a) – Serial number of the A side of the high-availability router cluster.
      • Serial Number (b) – Serial number of the B side of the high-availability router cluster.
      • Inside IP – IP address for the private, or subnet, side of the router.
      • Outside IP – IP address for the public, or Internet, side of the router.

      Details Tab: Select a Storage Device

      When you select a storage device, the Selected pane presents actions available for a storage device and click the Details tab to present the following information regarding the storage device:

      • Model.
      • Serial Number.
      • IP Addresses – Network and IP address for each network interface on the storage device.

      Tags Tab: Select any Device

      The Tags tab presents the tags assigned to the device, a virtual machine or physical device. When you select a device, the Selected pane presents actions available for a device and click the Tags tab to present the tags assigned to the device:

      Note: Click Edit Tags to change the tags assigned to the device as described in Device Tags.

      1.5.1.3.1.1. Hide Empty Rows and Groups

      Hide Empty Rows and Groups

      You can logically organize the layout of your environment using the Devices tab. Two logical containers are available: rows and groups. The layout contains one or more rows; rows contain one or more groups. Each device must be located in a row and group.

      Rows and groups on the layout are defined at the environment level and therefore appear on every compute pool tab. Consequently, for organizations with multiple compute pools, rows and groups defined for one compute pool appear on the layout for all compute pools. However, devices appear only in the rows and groups on the layout of the compute pool in which they were created. On the layout of all other compute pools, these rows and groups are empty.

      You can temporarily hide the empty rows and groups.

      Note:

      • The All Compute Pools tab, shows all devices; you can not hide empty rows and groups on all compute pool tab.
      • The empty rows and groups are hidden temporarily; if you navigate away from the Environments tab and return, they will again appear.

      To hide empty rows and groups from the Selected pane:

      1. Select a compute pool.
      2. Click Administrative Tasks.
      3. Click Hide Empty Rows & Groups.
      4. Empty rows and groups temporarily disappear from the layout.

      1.5.1.3.1.2. Create a Row

      Create a Row

      You can logically organize the layout of your environment using the Devices tab. Two logical containers are available: rows and groups. The layout contains one or more rows; rows contain one or more groups. Each device must be located in a row and group.

      You can create rows as needed. The meaning of rows is at the discretion of the organization.

      To create a new row:

      1. Click Layout.
      2. Click Create Row.
      3. The Create Row dialog appears.

      4. Type a Row Name.
      5. Click Save.

      You can also create a new row from the context menu.

      1. Right-click where rows are not defined.
      2. Click Create Row.
      3. The Create Row dialog appears.

      4. Type a Row Name.
      5. Click Save.
      1.5.1.3.1.3. Create a Group

      Create a Group

      You can logically organize the layout of your environment using the Devices tab. Two logical containers are available: rows and groups. The layout contains one or more rows; rows contain one or more groups. Each device must be located in a row and group.

      You can create groups as needed. The meaning of groups is at the discretion of the organization.

      To create a new group:

      1. Click Layout.
      2. Click Create Group.
      3. The Create Group dialog appears.

      4. Type a Group Name.
      5. Select to Place in Row.
      6. Note:  If you select New Row >> for Place in Row, type a New Row Name.

      7. Click Save.

      You can create a new group from the context menu.

      1. Right-click where groups are not defined.
      2. Click Create Group.
      3. The Create Group dialog appears.

      4. Type a Group Name.
      5. Select to Place in Row.
      6. Note:  If you select New Row >> for Place in Row, type a New Row Name.

      7. Click Save.
      1.5.1.3.1.4. Filter Devices

      Filter Devices

      You can logically organize the layout of your environment using the Devices tab. Two logical containers are available: rows and groups. The layout contains one or more rows; rows contain one or more groups. Each device must be located in a row and group.

      You can use filter by name, power state, device type, operating system, network, or tags to limit the devices displayed.

      Note: The filter remains until you navigate away from the Environments tab.

      Simple Device Filter

      You can type a full name or partial name to filter devices.

      To filter devices by name:

      1. Type a full or partial name.
      2. Note: Name can be an explicit name or a substring within the device names; both are case-insensitive.

      3. Click filter icon, Icon: Device Filter, to apply filter.

      Advanced Device Filter

      You can define an advanced device filter using any combination of available filter criteria: name, power state, device type, operating system, network, or tags.

      To filter devices using an advance filter:

      1. Click advanced filter icon, Icon: Device Filter, to define an advanced filter.
      2. Select a Power State, if desired.
      3. Select a Snapshot, if desired.
      4. Type a full or partial Name, if desired.
      5. Note: Name can be an explicit name or a substring within the device names; both are case-insensitive.

      6. Select a Device Type, if desired.
      7. Select an Operating System, if desired.
      8. Select a Network, if desired.
      9. Select Tags, if desired.
      10. Click Apply.

      Highly Restrictive Device Filter

      A device filter that is too restrictive and have no devices in the filter criteria, pass no devices, and you can see the warning adjacent to the filter icon.

      End an Advance Device Filter

      You can end an advance device filter.

      1. Click the filter icon, Icon: Device Filter, to end the filter.

      Save Device Filters

      You can save an advanced device filter for reuse and you can use a saved device filter as the default when you Edit Display Preferences.

      Save an Advanced Device Filter

      You can save an advanced device filter.

      1. Define a filter.
      2. Click the add filter icon, Icon: Device Filter, to add the filter.
      3. Type a name for the filter.
      4. Click the save filter icon, Icon: Device Filter, to save the filter.

      Note: Click the undo saved filter icon, Icon: Device Filter, to undo your device filter definition.

      Edit a Saved Filter

      You can edit a saved device filter.

      1. Select a filter.
      2. Edit the filter; change any of: Name, Power State, Device Type, Operating System, Network, or Tags.
      3. Click the save filter icon, Icon: Device Filter, to save the changes to the filter.

      Delete a Saved Filter

      You can delete a saved device filter.

      1. Select a filter.
      2. Click the delete saved filter icon, Icon: Device Filter, to delete the filter.
      1.5.1.3.1.5. Rename a Row

      Rename a Row

      You can logically organize the layout of your environment using the Devices tab. Two logical containers are available: rows and groups. The layout contains one or more rows; rows contain one or more groups. Each device must be located in a row and group.

      You can rename rows as needed. The meaning of row names is at the discretion of the organization.

      To rename a row:

      1. Select a row.
      2. Click Rename.
      3. The Rename Row dialog appears.

      4. Type a new Row Name.
      5. Click Save.

      You can also rename a row from the context menu.

      1. Right-click a row.
      2. Click Rename.
      3. The Rename Row dialog appears.

      4. Type a new Row Name.
      5. Click Save.
      1.5.1.3.1.6. Rename a Group

      Rename a Group

      You can logically organize the layout of your environment using the Devices tab. Two logical containers are available: rows and groups. The layout contains one or more rows; rows contain one or more groups. Each device must be located in a row and group.

      You can rename groups as needed. The meaning of group names is at the discretion of the organization.

      1. Select a group.
      2. Click Rename Group.
      3. The Rename Group dialog appears.

      4. Type a new Group Name.
      5. Click Save.

      You can also rename a group from the context menu.

      1. Right-click where groups are not defined.
      2. Click Rename Group.
      3. The Rename Group dialog appears.

      4. Type a new Group Name.
      5. Click Save.
      1.5.1.3.1.7. Move a Row Up or Down

      Move a Row Up or Down

      You can logically organize the layout of your environment using the Devices tab. Two logical containers are available: rows and groups. The layout contains one or more rows; rows contain one or more groups. Each device must be located in a row and group.

      You can manage your rows as needed. The meaning of rows is at the discretion of the organization.

      You can move Rows up or down in the layout, changing their position within the layout.

      • When moved up, the row moves toward the top of the layout.
      • When moved down, the row moves toward the bottom of the layout.

      Note: You can only move rows on the All Compute Pools tab.

      To move rows up or down:

      1. Select the row to move.
      2. Click Move Up or Move Down.

      You can also move a row from the context menu.

      1. Right-click the row to move.
      2. Click Move Up or Move Down.

      Note:

      • If the selected row is the topmost row of the layout, Move Up is not available.
      • If the selected row is the bottommost row of the layout, Move Down is not available.
      1.5.1.3.1.8. Order a Group Higher or Lower

      Order a Group Higher or Lower

      You can logically organize the layout of your environment using the Devices tab. Two logical containers are available: rows and groups. The layout contains one or more rows; rows contain one or more groups. Each device must be located in a row and group.

      You can manage groups as needed. The meaning of groups is at the discretion of the organization.

      Groups may be ordered higher or lower in a row, changing their position within the row.

      On the Icon view:

      • When ordered higher, the group moves left or, if at the leftmost edge of the row, moves to the rightmost end of the line toward the top of the row.
      • When ordered lower, the group moves right or, if at the rightmost edge of the row, moves to the leftmost end of the line toward the bottom of the row.

      On the List view:

      • When ordered higher, the group moves higher within the row, toward the top of the row.
      • When ordered lower, the group moves lower within the row, toward the bottom of the row.

      Note: You can only order groups on the All Compute Pools tab.

      To order groups higher or lower:

      1. Select the group to order.
      2. Click Order Higher or Order Lower.

      You can also order a group from the context menu.

      1. Right-click the group to order.
      2. Click Order Higher or Order Lower.

      Note:

      • If the selected group is leftmost device in the topmost line in the row of the icon view or the topmost device in the row of the list view, Order Higher is not available.
      • If the selected group is rightmost device in the bottommost line in the row of the icon view or the bottommost device in the row of the list view, Order Lower is not available.
      1.5.1.3.1.9. Delete a Row

      Delete a Row

      You can logically organize the layout of your environment using the Devices tab. Two logical containers are available: rows and groups. The layout contains one or more rows; rows contain one or more groups. Each device must be located in a row and group.

      You can delete rows as needed. The meaning of rows is at the discretion of the organization.

      Note:

      • You can only delete an empty row.
      • You can only delete rows on the All Compute Pools tab.

      To delete a row:

      1. Select a row.
      2. Click Delete Row.
      3. The Confirmation dialog appears.

      4. Click OK.

      You can also delete a row from the context menu.

      1. Right-click a row.
      2. Click Delete Row.
      3. The Confirmation dialog appears.

      4. Click OK.
      1.5.1.3.1.10. Delete a Group

      Delete a Group

      You can logically organize the layout of your environment using the Devices tab. Two logical containers are available: rows and groups. The layout contains one or more rows; rows contain one or more groups. Each device must be located in a row and group.

      You can delete groups as needed. The meaning of groups is at the discretion of the organization.

      Note:

      • You can only delete an empty group.
      • You can only delete groups on the All Compute Pools tab.

      To delete a row:

      1. Select a group.
      2. Click Delete Group.
      3. The Confirmation dialog appears.

      4. Click OK.

      You can also delete a group from the context menu.

      1. Right-click a group.
      2. Click Delete Group.
      3. The Confirmation dialog appears.

      4. Click OK.
      1.5.1.3.2. Create a Virtual Machine

      Create a Virtual Machine

      You can create a virtual machine by three methods:

      To create a virtual machine:

      1. Select a compute pool in which to create the virtual machine.
      2. Select a row or a group in which to create the virtual machine.
      3. Click Create Server.
      4. Select a create method: From Template, From Catalog, or Blank Server.

      You can also create a virtual machine from the context menu.

      1. Right-click the group in which to create the virtual machine.
      2. Click Create Server.
      3. Select a create method: From Template, From Catalog, or Blank Server.
      1.5.1.3.2.1. Create a Virtual Machine from a Template

      Create a Virtual Machine from a Template

      You can create a virtual machine from standardized model virtual machines, called templates, provided by IBM. Creating a virtual machine from a template has a six phase dialog:

      1. Template
      2. Configuration
      3. Processor and Memory
      4. Device Tags
      5. Network Settings
      6. Review and Save

      Navigate

      To create a virtual machine from Template:

      1. Click Create Server.
      2. Select From Template.

      You can also create a virtual machine from the context menu.

      1. Right-click the group in which to create the virtual machine.
      2. Click Create Server.
      3. Select From Template.

      Template

        The Create Server From Template dialog appears for the Template phase.

      1. Select a Compute Pool; defaults to the compute pool in which the action was taken if not All Compute Pool.
      2. If the compute pool has more than one cluster generation, select a Cluster Generation.
      3. Note: Cluster Generation is only available in instance-based compute pool.

      4. If disaster recovery is enabled in the multi-tenant environment, select a Storage Volume.
      5. Note: Storage Volume is available only for multi-tenant environments.

      6. Select an operating system Family/Category.
      7. Select an Operating System.
      8. Select a template from Available Templates.
      9. Select a Version of the template.
      10. The virtual machine details appear.

      11. Click Next.
      12. Note: Instance-based virtual machine includes Server Cost Summary; scroll down in the server details to view server cost summary.

      Configuration

      Windows

      Windows virtual machines permit you to configure administrator's password.

        The Create Server From Template dialog appears for the Configuration phase.

        The virtual machine details appear.

      1. Type a Server Name.
      2. Note: Server Name cannot be that of another virtual machine; must begin with a letter; can contain only letters, numbers, or hyphens; and must not exceed fifteen characters.

      3. Type a Description, if desired.
      4. Note: Description must not exceed 100 characters.

      5. Type an Admin Password.
      6. Type again to Confirm Password.

      Linux

      Linux virtual machines do not permit you to configure administrator's password. Some Linux distributions require you to select an SSH key for secure shell access to the operating system.

        The Create Server From Template dialog appears for the Configuration phase.

        The virtual machine details appear.

      1. Type a Server Name.
      2. Type a Description, if desired.
      3. Select an SSH Key, if required by the operating system.

      Choose Location

      You can select an existing row and group into which to place the newly created virtual machine.

      1. Select Place in Row of an existing row.
      2. Select Group of an existing group.

      You can select an existing row and create a new group into which to place the newly created virtual machine.

      1. Select Place in Row of an existing row.
      2. Select Group of New Group.
      3. Type a New Group Name for the group to create.

      You can create a new row and a new group into which to place the newly created virtual machine.

      1. Select Place in Row of New Row.
      2. Type a New Row Name for the row to create.
      3. Type a New Group Name for the group to create.

      If the newly created virtual machine is placed in a new compute pool, no row or groups exist. Therefore, the only option is to name the new row and new group.

      1. Type a New Row Name for the row to create.
      2. Type a New Group Name for the group to create.

      Continue

      After you select the location, continue to the next phase.

      1. Click Next.

      Processor and Memory

      Reserved

      Reserved virtual machines can have any combination of processor and memory within the Enterprise Cloud processor limits and memory limits.

        The Create Server From Template dialog appears for the Processor and Memory phase.

      1. Select the number of Processors.
      2. Type the amount of Memory.

      Instance-Based

      Instance-based virtual machines can only have the processor and memory combinations presented by the dialog.

        The Create Server From Template dialog appears for the Processor and Memory phase.

      1. Select a Processor Count and Memory combination permitted in the compute pool.
      2. The Server Cost Summary appears.

      Continue

      After you select the processor and memory, continue to the next phase.

      1. Click Next.

      Device Tags

        The Create Server From Template dialog appears for the Device Tags phase.

      1. To add new tags, type one or more tag names; separating each tag with a comma under Assigned Tags.
      2. Note: Tags must be separated by commas and cannot exceed 50 characters each. Tags can contain spaces but not commas because commas are used as the delimiter in the list.

      3. To add an existing tag, click a tag under Available Tags.
      4. To remove a tag, delete the tag from Assigned Tags.
      5. Click Save.
      6. Note: Click the help icon for any help.

        Note: Instance-based virtual machine includes Server Cost Summary; scroll down in the server details to view server cost summary.

      7. Click Next.

      Network Settings

        The Create Server From Template dialog appears for the Network Settings phase.

        The virtual machine details are displayed.

      1. Type IP addresses for the Primary DNS and Secondary DNS servers, if desired.
      2. Select a Network.
      3. Network can be IPv4 only or both IPv4 and IPv6, if IPv6 is available.

      4. Under IP Address:
        1. For IPv4 networks, select IPv4 address from the list.
        2. For IPv6 networks, type an IPv6 address or accept the default presented.
      5. Click Next.

      Review and Save

        The Create Server From Template dialog appears for the Review and Save phase.

        The virtual machine details are displayed.

      1. Click Details link of IP Address(s) to view the IP address details in the virtual machine.
      2. The IP address details appear.

      3. Select to Power the server on when created, if available and desired.
      4. Select AGREEMENT to licensing and fees.
      5. Select ACCEPTANCE OF RED HAT SERVICE AGREEMENT, if available.
      6. Click Deploy.
      7. Note: Instance-based virtual machine includes Server Cost Summary; scroll down in the server details to view server cost summary.

      1.5.1.3.2.2. Create a Virtual Machine from a VM Catalog Item

      Create a Virtual Machine from a VM Catalog Item

      You can create a virtual machine from Catalog. Creating a virtual machine from catalog item has a six phase dialog:

      1. Catalog
      2. Configuration
      3. Processor and Memory
      4. Device Tags
      5. Network Mapping(s)
      6. Review and Save

      Note: The validation limits imposed during uploads to VM Catalog are the least restrictive of all Enterprise Cloud environments. The compute pool in which a virtual machine is created from a catalog item can be more restrictive. Infinicenter Console presents errors if the compute pool is more restrictive. If the compute pool is more restrictive, all mismatches other than hardware version are presented in the Create Server From Catalog dialog. Hardware version mismatches result in a failed task to create the virtual machine with the message: Unable to import VM. Create import specification failed. Error: Line {line number}: Unsupported hardware family 'vmx-{hardware version}'.

      Navigate

      To create a virtual machine from Catalog:

      1. Click Create Server.
      2. Click From Catalog.

      You can also create a virtual machine from the context menu.

      1. Right-click the group in which to create the virtual machine.
      2. Click Create Server.
      3. Click From Catalog.

      Catalog

        The Create Server From Catalog dialog appears for the Catalog phase.

      1. Select a Compute Pool; defaults to the compute pool in which the action was taken if not All Compute Pool.
      2. If the compute pool has more than one cluster generation, select a Cluster Generation.
      3. Note: Cluster Generation is only available in instance-based compute pool.

      4. If disaster recovery is enabled in the multi-tenant environment, select a Storage Volume.
      5. Note: Storage Volume field is only available for multi-tenant environments.

      6. Select a Catalog Item.
      7. The Catalog Item Details appear.

        Note: Instance-based virtual machine includes Server Cost Summary; scroll down in the server details to view server cost summary.

        Note: If the operating system in the catalog item is not supported by the chosen compute pool, a warning message appears in the Catalog Item Details box: "Catalog item has an unsupported operating system."

      8. Click Next.

      Configuration

      Configure

      The administrator's password is inherited from the catalog item. When creating from a catalog item, configuration of the virtual machine does not differ by the operating system.

        The Create Server From Catalog dialog appears for the Configuration phase.

      1. Type a Server Name.
      2. Note: Server Name cannot be that of another virtual machine; must begin with a letter; can contain only letters, numbers, or hyphens; and must not exceed fifteen characters.

      3. Type a Description, if desired.
      4. Note: Description must not exceed 100 characters.

      5. Admin Password inherited from the source catalog item.
      6. If the operating system in the catalog item is not supported by the chosen compute pool, the dialog permits changing the operating system family and operating system.

      Choose location

      You can select an existing row and group into which to place the newly created virtual machine.

      1. Select Place in Row of an existing row.
      2. Select Group of an existing group.

      You can select an existing row and create a new group into which to place the newly created virtual machine.

      1. Select Place in Row of an existing row.
      2. Select Group of New Group.
      3. Type a New Group Name for the group to create.

      You can create a new row and a new group into which to place the newly created virtual machine.

      1. Select Place in Row of New Row.
      2. Type a New Row Name for the row to create.
      3. Type a New Group Name for the group to create.

      If the newly created virtual machine is placed in a new compute pool, no row or groups exist. Therefore, the only option is to name the new row and new group.

      1. Type a New Row Name for the row to create.
      2. Type a New Group Name for the group to create.

      Select Template

      Note:  Only if you have selected a Catalog Item with windows OS, the Select Template section will be available.

      1. Select the operating system Family/Category.
      2. Select the Operating System.
      3. Select from Available Templates.
      4. Select the Version.
      5. The Selected Details appears.

        Note: Instance-based virtual machine includes Server Cost Summary; scroll down in the selected details to view server cost summary.

      Continue

      After you enter all mandatory details in configuration phase, continue to the next phase.

      1. Click Next.

      Processor and Memory

      Reserved

        The Create Server From Catalog dialog appears for the Processor & Memory phase.

      1. Select the number of Processors.
      2. Type the amount of Memory.

      Instance-Based

        The Create Server From Catalog dialog appears for the Processor & Memory phase.

      1. Select a Processor and Memory combination.
      2. The Server Cost Summary appears.

      Continue

      After selecting the processor and memory, continue to the next phase.

      1. Click Next.

      Device Tags

        The Create Server From Catalog dialog appears for the Device Tags phase.

      1. To add new tags, type one or more tag names; separating each tag with a comma under Assigned Tags.
      2. Note: Tags must be separated by commas and cannot exceed 50 characters each. Tags can contain spaces but not commas because commas are used as the delimiter in the list.

      3. To add an existing tag, click a tag under Available Tags.
      4. To remove a tag, delete the tag from Assigned Tags.
      5. Click Save.
      6. Note: Click the help icon for any help.

        Note: Instance-based virtual machine includes Server Cost Summary; scroll down in the server details to view server cost summary.

      7. Click Next.

      Network Mapping(s)

        The Create Server From Catalog dialog appears for the Network Mapping(s) phase.

      1. Select a Network for each logical network in the catalog item.
      2. Note: This only maps network interfaces on the virtual machine to networks in your environment. You must change the IP addresses assigned to the virtual machine as described in Manage IP Addresses. Neither call configures the IP address in the guest operating system; you must manually configure the IP address in the guest operating system.

      3. Click Next.

      Review and Save

        The Create Server From Catalog dialog appears for the Review and Save phase.

        The server details appear.

      1. Click Details link of Logical Network(s).
      2. The table of assigned networks appears.

      3. Select AGREEMENT to licensing and fees.
      4. Click Deploy.
      5. Note: Instance-based virtual machine includes Server Cost Summary; scroll down in the server details to view server cost summary.

      1.5.1.3.2.3. Create a Blank Virtual Machine

      Create a Blank Virtual Machine

      You can create a blank virtual machine, a virtual machine with no guest operating. Creating a blank virtual machine has a five phase dialog:

      1. Configuration
      2. Processor and Memory
      3. System Disk
      4. Device Tags
      5. Review and Save

      Navigate

      To create a blank virtual machine:

      1. Click Create Server.
      2. Select Blank Server.

      You can also create a blank virtual machine from the context menu.

      1. Right-click the group in which to create the virtual machine.
      2. Click Create Server.
      3. Select Blank Server.

      Configuration

      Configure

      A blank virtual machine has no operating system and therefore no administrator's password is required. The Enterprise Cloud must know the target operating system to create appropriate virtual drivers for the blank virtual machine.

        The Create Blank Server dialog appears for the Configuration phase.

      1. Select a Compute Pool.
      2. If the compute pool has more than one cluster generation, select a Cluster Generation.
      3. Note: Cluster Generation is only available in instance-based compute pool for multi-tenant environments.

      4. If disaster recovery is enabled in the multi-tenant environment, select a Storage Volume.
      5. Note: Storage Volume field is only available for multi-tenant environments.

      6. Select an OS Family.
      7. Select an operating system Version.
      8. Type a Server Name.
      9. Note: Server Name cannot be that of another virtual machine; must begin with a letter; can contain only letters, numbers, or hyphens; and must not exceed fifteen characters.

      10. Type a Description, if desired.
      11. Note: Description must not exceed 100 characters.

      12. Select a Network.

      Choose Location

      You can select an existing row and group into which to place the newly created virtual machine.

      1. Select Place in Row of an existing row.
      2. Select Group of an existing group.

      You can select an existing row and create a new group into which to place the newly created virtual machine.

      1. Select Place in Row of an existing row.
      2. Select Group of New Group.
      3. Type a New Group Name for the group to create.

      You can create a new row and a new group into which to place the newly created virtual machine.

      1. Select Place in Row of New Row.
      2. Type a New Row Name for the row to create.
      3. Type a New Group Name for the group to create.

      If the newly created virtual machine is placed in a new compute pool, no row or groups exist. Therefore, the only option is to name the new row and new group.

      1. Type a New Row Name for the row to create.
      2. Type a New Group Name for the group to create.

      Select Template

      Note:  Only if you have selected Windows in OS Family, the Select Template section will be available.

      1. Select the operating system Family/Category.
      2. Select the Operating System.
      3. Select from Available Templates.
      4. Select the Version.
      5. The Selected Details appears.

        Note: Instance-based virtual machine includes Server Cost Summary; scroll down in the selected details to view server cost summary.

      Continue

      After you enter all mandatory details in configuration phase, continue to the next phase.

      1. Click Next.

      Processor and Memory

      Reserved

        The Create Blank Server dialog appears for the Processor & Memory phase.

      1. Select the number of Processors.
      2. Type the amount of Memory.

      Instance-Based

        The Create Blank Server dialog appears for the Processor & Memory phase.

      1. Select a Processor and Memory combination.
      2. The Server Cost Summary appears.

      Continue

      After selecting the processor and memory, continue to the next phase.

      1. Click Next.

      System Disk

      A blank virtual machine must have at least one disk. You can assign the system disk through two methods:

      • Create and add a blank disk.
      • Attach an existing detached disk from the compute pool in which the blank disk will be created.

      Add Disk

      You can create and add a blank disk for the blank virtual machine.

        The Create Blank Server dialog appears for the System Disk phase.

      1. Select the add method of Add Disk.
      2. Type the disk size.

      Add Detached Disk

      You can attach an existing detached disk to the blank virtual machine from the compute pool in which the blank disk will be created. A warning appears if the virtual disk's source virtual machine configuration differs from the target blank virtual machine. The source configuration difference can affect the ability of the target guest operating system to read the disk.

        The Create Blank Server dialog appears for the System Disk phase.

      1. Select the add method of Add Detached Disk.
      2. Select the detached disk.
      3. Warning icon appears if the disk's source virtual machine configuration differs from this blank virtual machine.

      Continue

      After you select the location, continue to the next phase.

      1. Click Next.

      Device Tags

        The Create Blank Server dialog appears for the Device Tags phase.

      1. To add new tags, type one or more tag names; separating each tag with a comma under Assigned Tags.
      2. Note: Tags must be separated by commas and cannot exceed 50 characters each. Tags can contain spaces but not commas because commas are used as the delimiter in the list.

      3. To add an existing tag, click a tag under Available Tags.
      4. To remove a tag, delete the tag from Assigned Tags.
      5. Click Save.
      6. Note: Click the help icon for any help.

        Note: Instance-based virtual machine includes Server Cost Summary; scroll down in the server details to view server cost summary.

      7. Click Next.

      Review and Save

        The Create Blank Server dialog appears for the Review and Save phase.

        The server details appear.

      1. Select AGREEMENT to licensing.
      2. Select AGREEMENT to licensing and fees.
      3. Click Deploy.
      4. Note: Instance-based virtual machine includes Server Cost Summary; scroll down in the server details to view server cost summary.

      1.5.1.3.2.4. Create a Custom Server with an ISO Image

      Create a Custom Server with an ISO Image

      You can create a custom virtual machine by creating a blank virtual machine and then adding all the desired applications.

      1. Create a Blank Server.
      2. Mount the ISO to the blank server.
      3. Install the Operating System and other applications.
      4. Install VMware Tools on the completed server.
      1.5.1.3.3. VPN Connect

      VPN Connect

      Overview

      VPN Connect is valuable for managing your Enterprise Cloud environment. VPN Connect provides you with a secure encrypted connection between your local PC and the environment network where your servers reside. While known as Secure Sockets Layer Virtual Private Network (for historical reasons), the Virtual Private Network actually uses Transport Layer Security (TLS), which is a more modern security protocol. A VPN connection is required to establish a secure Remote Desktop or Secure Shell connection to your servers for server administration within the guest operating system. VPN Connect is not necessary if you have a LAN-to-LAN virtual private network connection to your networks.

      The default SSL VPN configuration for Enterprise Cloud is session-based. If you require dedicated SSL VPN credentials, you must create VPN Users from the Manage VPN Accounts Tab. VPN Users can Use VPN User Credentials to Connect to Environment Networks with SSL VPN. If you have no SSL VPN client, see Cannot download SSL VPN client.

      You can establish a VPN connection from your browser or using a SSL VPN client.

      Connect Now

      To establish a VPN connection from your browser:

      1. Click VPN Connect on the top menu.
      2. Click Connect Now.
      3. The response of your browser varies whether you use Internet Explorer, Firefox, or Chrome.

      VPN Credentials

      To establish a VPN connection using a SSL VPN client, access the VPN credentials:

      1. Click VPN Connect on the top menu.
      2. Click VPN Credentials.
      3. The Verify Password dialog appears.

      4. Type your Password.
      5. Click Verify.
      6. The VPN Connection Credentials dialog appears with Connection Endpoint, User ID, and Password.

        Note: The VPN Connection Credentials are valid only for the time shown in the VPN Connection Credentials dialog.

      7. Establish a VPN connection using a SSL VPN client, see Connect to Enterprise Cloud with a SSL VPN Client.
      1.5.1.3.3.1. SSL VPN from Internet Explorer

      SSL VPN from Internet Explorer

      Overview

      The SSL VPN is a core component for managing your Enterprise Cloud environment. The SSL VPN provides you with a secure encrypted connection over port 443 between your local PC and the Enterprise Cloud network where your servers reside. A VPN connection is required to establish a secure Remote Desktop or Secure Shell connection to your servers for server administration within the guest operating system. While known as Secure Sockets Layer Virtual Private Network (for historical reasons), the Virtual Private Network actually uses Transport Layer Security (TLS), which is a more modern security protocol.

      Establishing a VPN Connection from Internet Explorer

      The procedure differs between first time use and subsequent use.

      Note: To ensure access, *.terremark.com should be added to Trusted Sites. See How do I add Infinicenter Console as a Trusted Site? for instructions.

      First Time Use

      Note: If you receive the message: "There is a problem with this website's security certificate," click Continue to this website (not recommended).

      1. Click Environments.
      2. Select an Environment.
      3. Click Devices.
      4. Click VPN Connect.
      5. Click Connect Now.
      6. The first time you use VPN Connect, Internet Explorer will open a new window to install an ActiveX control.

      7. Click the alert and permit the window to open.
      8. Click the alert and Install the ActiveX control.
      9. Note: You may need to follow from step 3 again after the ActiveX control has been successfully installed.

        The SSL VPN client downloads and installs on your local PC.

        Note:

        • Download, installation, and configuration can take a few minutes.
        • If you receive the security alert "This page requires a secure connection which includes server authentication" during installation, click Yes to proceed.
        • Your web browser may prompt you for your user name and password for the SSL VPN Client. DO NOT CLOSE THIS WINDOW - it will close automatically once your client has established a secure connection.

        When the VPN client installation completes, it authenticates and establishes your connection; you will receive a "Connection Established" message and the SSL VPN client icon, , appears in your system tray.

        Note: The SSL VPN client does not automatically disconnect when you end your session. Right click on the icon, , in your system tray and click Disconnect to disconnect your SSL VPN session.

      Subsequent Use

      Note: If you receive the message: "There is a problem with this website's security certificate," click Continue to this website (not recommended).

      1. Click Environments.
      2. Select an Environment.
      3. Click Devices.
      4. Click VPN Connect.
      5. Click Connect Now.
      6. The SSL VPN client authenticates and establishes your connection.

        Note: Your web browser may prompt you for your user name and password for the SSL VPN Client. DO NOT CLOSE THIS WINDOW - it will close automatically once your client has established a secure connection.

        When the VPN connection has successfully establishes, you will receive a "Connection Established" message and the SSL VPN client icon, , appears in your system tray.

        Note: The SSL VPN client does not automatically disconnect when you end your session. Right click on the icon, , in your system tray and click Disconnect to disconnect your SSL VPN session.

      1.5.1.3.3.2. SSL VPN from Firefox

      SSL VPN from Firefox

      Overview

      The SSL VPN is a core component for managing your Enterprise Cloud environment. The SSL VPN provides you with a secure encrypted connection over port 443 between your local PC and the Enterprise Cloud network where your servers reside. A VPN connection is required to establish a secure Remote Desktop or Secure Shell connection to your servers for server administration within the guest operating system. While known as Secure Sockets Layer Virtual Private Network (for historical reasons), the Virtual Private Network actually uses Transport Layer Security (TLS), which is a more modern security protocol.

      Note:

      Establishing a VPN Connection from Firefox

      The procedure differs between first time use and subsequent use.

      First Time Use

      1. Click Environments.
      2. Select an Environment.
      3. Click Devices.
      4. Click VPN Connect.
      5. Click Connect Now.
      6. A pop-up warning appears at the top of the browser window, depending upon your Firefox options.

      7. Click Options.
      8. Select Allow pop-ups.
      9. The Installation tab appears.

        Note: Depending upon your Firefox options, a new window may open.

        A request to allow Java to run appears, depending upon your Java options in Firefox.

      10. Click Allow.
      11. A request to allow Java to run appears, depending upon your Java options in Firefox.

      12. Click either Allow option.
      13. A request to install SSL VPN client appears.

      14. Click Run.
      15. The SSL VPN client downloads and installs on your local PC.

        Note:

        • Download, installation, and configuration can take a few minutes.
        • If you receive the security alert "This page requires a secure connection which includes server authentication" during installation, click Yes to proceed.
        • Your web browser may prompt you for your user name and password for the SSL VPN Client. DO NOT CLOSE THIS WINDOW - it will close automatically once your client has established a secure connection.

        When the VPN client installation completes, it authenticates and establishes your connection; you will receive a "Connection Established" message and the SSL VPN client icon, , appears in your system tray.

        Note: The SSL VPN client does not automatically disconnect when you end your session. Right click on the icon, , in your system tray and click Disconnect to disconnect your SSL VPN session.

      Subsequent Use

      1. Click Environments.
      2. Select an Environment.
      3. Click Devices.
      4. Click VPN Connect.
      5. Click Connect Now.
      6. The SSL VPN client authenticates and establishes your connection.

        Note: Your web browser may prompt you for your user name and password for the SSL VPN Client. DO NOT CLOSE THIS WINDOW - it will close automatically once your client has established a secure connection.

        When the VPN connection has successfully establishes, you will receive a "Connection Established" message and the SSL VPN client icon, , appears in your system tray.

        Note: The SSL VPN client does not automatically disconnect when you end your session. Right click on the icon, , in your system tray and click Disconnect to disconnect your SSL VPN session.

      1.5.1.3.3.3. SSL VPN from Chrome

      SSL VPN from Chrome

      Overview

      The SSL VPN is a core component for managing your Enterprise Cloud environment. The SSL VPN provides you with a secure encrypted connection over port 443 between your local PC and the Enterprise Cloud network where your servers reside. A VPN connection is required to establish a secure Remote Desktop or Secure Shell connection to your servers for server administration within the guest operating system. While known as Secure Sockets Layer Virtual Private Network (for historical reasons), the Virtual Private Network actually uses Transport Layer Security (TLS), which is a more modern security protocol.

      Note:

      Establishing a VPN Connection from Chrome

      The procedure differs between first time use and subsequent use.

      First Time Use

      1. Click Environments.
      2. Select an Environment.
      3. Click Devices.
      4. Click VPN Connect.
      5. Click Connect Now.
      6. A pop-up warning appears at the top of the browser window, depending upon your Chrome options.

      7. Click Options.
      8. Select Allow pop-ups.
      9. The Installation tab appears.

        Note: Depending upon your Chrome options, a new window may open.

        A request to allow Java to run appears, depending upon your Java options in Chrome.

      10. Click Allow.
      11. A request to allow Java to run appears, depending upon your Java options in Chrome.

      12. Click either Allow option.
      13. A request to install SSL VPN client appears.

      14. Click Run.
      15. The SSL VPN client downloads and installs on your local PC.

        Note:

        • Download, installation, and configuration can take a few minutes.
        • If you receive the security alert "This page requires a secure connection which includes server authentication" during installation, click Yes to proceed.
        • Your web browser may prompt you for your user name and password for the SSL VPN Client. DO NOT CLOSE THIS WINDOW - it will close automatically once your client has established a secure connection.

        When the VPN client installation completes, it authenticates and establishes your connection; you will receive a "Connection Established" message and the SSL VPN client icon, , appears in your system tray.

        Note: The SSL VPN client does not automatically disconnect when you end your session. Right click on the icon, , in your system tray and click Disconnect to disconnect your SSL VPN session.

      Subsequent Use

      1. Click Environments.
      2. Select an Environment.
      3. Click Devices.
      4. Click VPN Connect.
      5. Click Connect Now.
      6. The SSL VPN client authenticates and establishes your connection.

        Note: Your web browser may prompt you for your user name and password for the SSL VPN Client. DO NOT CLOSE THIS WINDOW - it will close automatically once your client has established a secure connection.

        When the VPN connection successfully establishes, you receive a "Connection Established" message and the SSL VPN client icon, , appears in your system tray.

        Note: The SSL VPN client does not automatically disconnect when you end your session. Right click on the icon, , in your system tray and click Disconnect to disconnect your SSL VPN session.

      1.5.1.3.3.4. Use VPN User Credentials to Connect to Environment Networks with SSL VPN

      Use VPN User Credentials to Connect to Environment Networks with SSL VPN

      Introduction

      VPN Users are a category of user that are capable only of using a SSL VPN to connect to their Enterprise Cloud networks. You can manage VPN Users from the Manage VPN Accounts Tab.

      Note: The VPN is called SSL VPN but no longer uses any SSL protocols, all of which are deprecated. Only Transport Layer Security (TLS) is supported as a secure transport protocol.

      VPN Users are not permitted to use Infinicenter Console for management. VPN Users can access the guest operating system of their virtual machines using tools such as Remote Desktop Protocol (RDP) and Secure Shell (SSH).

      VPN users must have on their local computer a VPN client that uses TLS as the transport protocol to connect to the networks in their environment. A VPN client that uses IPsec as the transport protocol will not work. When users in Infinicenter Console use VPN Connect to connect to their networks using SSL VPN, Infinicenter Console installs a VPN client usable with VPN User credentials. See Connect to Enterprise Cloud with a SSL VPN Client, to connect to your environment networks using a VPN client.

      1.5.1.3.3.5. Connect to Enterprise Cloud with a SSL VPN Client

      Connect to Enterprise Cloud with a SSL VPN Client

      Connect

      This example shows the Cisco AnyConnect Secure Mobility Client installed by Infinicenter Console for VPN Connect. Other VPN clients operates in a similar fashion. See the documentation for your client for more information. While known as Secure Sockets Layer Virtual Private Network (for historical reasons), the Virtual Private Network actually uses Transport Layer Security (TLS), which is a more modern security protocol.

      Note: Global Support Services supports the Cisco AnyConnect Secure Mobility Client. While most SSL VPN clients that are compatible with a Cisco gateway are expected to work with the Enterprise Cloud, Global Support Services can only provide best effort advice for issues encountered while using other client software.

      The client will request the domain name or IP address of the VPN gateway. For the Enterprise Cloud, the domain name is typically {data center identifier}.sslvpn.terremark.com where {data center identifier} is the three character code for a data center. If you do not know the code for your data center, check SSL VPN Endpoints for SSL VPN Clients or contact Global Support Services. The Enterprise Cloud establishes a VPN to the networks of your environment regardless of the location of the gateway and the location of your environment. However, latency is reduced if the gateway selected is in the same data center as your environment.

      To connect to the networks for your environment using SSL VPN Client:

      Start Your Client

      1. Start your SSL VPN client.
      2. The SSL VPN client window appears.

      3. Type the VPN gateway domain name.
      4. Click Connect.

      Enter Your Credentials

        The Credentials window appears.

      1. Select a Group of EnterpriseCloud.
      2. Note: You must select a Group of EnterpriseCloud unless directed by your service delivery manager to use another.

      3. Type the Username as provided by the administrator who gave you VPN access.
      4. Type the Password as provided by the administrator who gave you VPN access.
      5. Click OK.
      6. You are now connected to the networks of your environments over the VPN.

      Disconnect

      While your session with the gateway time outs after a period of disuse, you should manually disconnect your VPN at the conclusion of your work. The procedure to disconnect your VPN session varies with operating system and client. The Cisco AnyConnect Secure Mobility Client on Windows minimizes to the tool tray of the taskbar.

      To disconnect the VPN connection:

      1. Right click the icon, , for the client in your system tray.
      2. Click VPN Disconnect.
      1.5.1.3.3.6. SSL VPN Endpoints for SSL VPN Clients

      SSL VPN Endpoints for SSL VPN Clients

      When connecting to Enterprise Cloud with SSL VPN clients you must know the endpoint for the VPN connection.While known as Secure Sockets Layer Virtual Private Network (for historical reasons), the Virtual Private Network actually uses Transport Layer Security (TLS), which is a more modern security protocol.

      Datacenter Endpoint
      Amsterdam amb.sslvpn.terremark.com
      Culpeper cua.sslvpn.terremark.com
      Dallas dac.sslvpn.terremark.com
      Englewood egw.sslvpn.terremark.com
      Sao Paolo gra.sslvpn.terremark.com
      Hong Kong hk1.sslvpn.terremark.com
      Melbourne mel.sslvpn.terremark.com
      Miami mia.sslvpn.terremark.com
      Europe sslvpn.eu.terremark.com
      Anywhere sslvpn.terremark.com (same as mia.sslvpn.terremark.com)
      Santa Clara stc.sslvpn.terremark.com
      London uk5.sslvpn.terremark.com
      1.5.1.3.4. Manage Security Groups

      Manage Security Groups

      Authorization of user activities within the Enterprise Cloud, both Infinicenter Console and the API, is based upon Role Based Access Control (RBAC). RBAC is a National Institute of Standards and Technology (NIST) standard.See Role Based Access Control for a full discussion of RBAC as implemented in the Enterprise Cloud.

      In the Enterprise Cloud, basic RBAC is implemented through user Roles. Roles permit administrators to restrict access for every business operation of Infinicenter Console based on the role of the user. Enterprise Cloud also offers role-based control over devices assigned to specific security groups, which is implemented through device Security Groups and security group level roles.

      Navigate to Manage Security Groups

      To manage security groups:

      1. Click Manage Security Groups.
      2. The Manage Security Group Devices dialog appears.

      Add Devices to a Security Group

      1. Select a Security Group.
      2. Select one or more devices in Available Devices list.
      3. Click Add to queue the device for addition to the selected security group.
      4. The devices move to Assigned list.

      5. Click Save.

      Remove Devices from a Security Group

      1. Select a Security Group.
      2. Select one or more devices in the Assigned list.
      3. Click Remove to queue the selected device for removal from the security group.
      4. The devices move to Available Devices list.

      5. Click Save.
      1.5.1.3.5. Server Tasks

      Server Tasks

      The selection menu for servers varies depending on the server selected and its state.

      Virtual Machine Servers

      The selection menu for a virtual machines has only tasks appropriate to a virtual machine and appears as shown.

      • Shut Down - If the virtual machine is powered on.
      • Power On - If the virtual machine is shutdown.
      • Configure - Allows you to configure the virtual machine.
      • Copy - The virtual machine must be powered off to copy.
      • Copy consists of the following:

        • To Catlog
        • Identical
        • Customized
      • Delete - The virtual machine must be powered off to delete.
      • Administrative Tasks - Allows you to perform the administrative tasks on the virtual machine.
      • Administrative Tasks consists of the following:

        • Assign To Security Groups
        • Manage IPs
        • Move
        • Relocate
        • Note: Relocate is only available in the multi-tenant environment.

        • Snapshots
        • SnapShot Now
        • Rename
        • View Tasks
      • Cloud Services - Allows you to add, edit, and remove the value-added service configuration.
      • Cloud Services consists of the following:

        • Monitoring Service
        • Patching Service
        • Backup Service
      • Connect - VPN connection is required and the virtual machine must be powered on to connect.

      Physical Servers

      The selection menu for a physical server has only tasks appropriate to a physical server and appears as shown.

      • Rename
      • Manage IPs
      • Move
      • Connect
      • View Tasks
      • Assign to Security Groups
      1.5.1.3.5.1. Change the Power State of a Virtual Machine

      Change the Power State of a Virtual Machine

      You can change the power state of a virtual machine: power on, shutdown, restart, or power off. Shutdown, restart, and power off are controlled from the Shut Down menu.

      Power On a Virtual Machine

      You can power on a virtual machine. To power on a virtual machine:

      1. Select a virtual machine to power on.
      2. Click Power On.

      You can also power on a virtual machine from the context menu.

      1. Right-click the virtual machine desired to power on.
      2. Click Power On.

      Reserved Virtual Machines

      The application will display the powering on message box until the server receives the power on task. The virtual machine will display a task in progress, , until powered on.

      Instance Based Virtual Machines

      To power on an instance based virtual machine:

        The Power On Server dialog appears.

      1. Select the AGREEMENT, acknowledging that your billing will change.
      2. Click Save.

      The application will display the powering on message box until the server receives the power on task. The virtual machine will display a task in progress, , until powered on.

      Shut Down a Virtual Machine

      You can shut down a virtual machine in three ways:

      • Restart – performs an orderly shutdown of the virtual machine and subsequently powers on.
      • Shut Down – performs an orderly shutdown of the virtual machine.
      • Power Off – stops the virtual machine; equivalent to pulling the power plug.

      Note: To Restart or Shut Down, VMware Tools must be installed and running on the virtual machine.

      To shut down a virtual machine:

      1. Select a virtual machine to shut down.
      2. Click Shut Down.

      You can also shut down a virtual machine from the context menu.

      1. Right-click the virtual machine desired to shut down.
      2. Click Shut Down.

      Reserved Virtual Machines

      To shut down a reserved virtual machine:

        The Shut Down Server dialog appears.

      1. Select the desired shut down method.
      2. Click Save.

      If Restart is selected, the application will display the restarting message box until the server receives the restart task. The virtual machine will display a task in progress, , until restarted.

      If Shut Down is selected, the application will display the shutting down message box until the server receives the shutdown task. The virtual machine will display a task in progress, , until shutdown.

      If Power Off is selected, the application will display the powering off message box until the server receives the power off task. The virtual machine will display a task in progress, , until powered off.

      Instance Based Virtual Machines

      To shut down an instance based virtual machine:

        The Shut Down Server dialog appears.

      1. Select the desired shut down method.
      2. Select the AGREEMENT, acknowledging that your billing will change.
      3. Click Save.

      If Restart is selected, the application will display the restarting message box until the server receives the restart task. The virtual machine will display a task in progress, , until restarted.

      If Shut Down is selected, the application will display the shutting down message box until the server receives the shutdown task. The virtual machine will display a task in progress, , until shutdown.

      If Power Off is selected, the application will display the powering off message box until the server receives the power off task. The virtual machine will display a task in progress, , until powered off.

      1.5.1.3.5.2. Configure Server

      Configure Server

      The Configure Server dialog allows you to make the following changes to a server regardless of the power state of the server.

      • Add new disks.
      • Grow the capacity of existing disks.
      • Change the network to which a network interface is attached.

      The Configure Server dialog allows you to make the following changes to a server when the server is powered off.

      • Attach disks, if detached disks are available in the compute pool.
      • Detach disks other than the system disk.
      • Delete disks other than the system disk.
      • Change the number of processors.
      • Change the amount of memory.
      • Add a network interface.
      • Delete a network interface, if more than one.

      To shut down a server, see Shut Down a Virtual Machine.

      Navigate

      1. Select a virtual machine.
      2. On the Selected Pane menu, click Configure.

      You can also select the configure option from the context menu.

      1. Right-click a virtual machine.
      2. On the context menu, click Configure.

      Configure the Server

      The initial appearance of the Configure Server dialog varies depending on whether the selected virtual machine is powered off or powered on.

      Server Powered Off

      If the server is powered off, the Configure Server dialog appears with three options.

        The Configure Server dialog appears.

      1. Select an option:
      2. Click Next.

      Configure the Server Selected or Server Powered On

      If you select Configure the Server from the options dialog or if the virtual machine is powered on, the Configure Server dialog appears with three tabs:

      • Processor & Memory allows you to change the number of processors and the amount of memory.
      • Network Settings allows you to change the network to which each network interface on the server is associated.
      • Disks allows you to add, grow, or delete virtual disks from a server.
      • Note: Disks does not add the space to the guest operating system; you must manually change the disk configuration in the guest operating system.

      If the server is powered on, the Configure Server dialog appears with three tabs and a help note that explains why Processor & Memory configurations are unavailable.

      Note: The Network Settings tab and Disks tab remain fully available.

      1.5.1.3.5.2.1. Configure Server - Processor and Memory Tab

      Configure Server - Processor and Memory Tab

      You can change the number of processors or the amount of memory in a virtual machine.

      Note: The following are limitations on changes to the processor and memory settings:

      • To change the processor or memory the virtual machine must be powered off. To shut down a server, see Shut Down a Virtual Machine.
      • The number of processors are limited to those in the list: powers of 2.
      • The amount of memory must be integer multiples of 4 MB.

      Change Processor and Memory Configuration

      The procedure to change number of processors or the amount of memory begins with configuring the virtual machine.

      Navigate to Configure a Server

      To navigate to Configure a Server, see Configure Server.

      Note: The server must be powered off to change processor count or memory capacity.

      Configure Virtual Machine Options: Configure the Server

      If the virtual machine is powered off, the initial presentation of the Configure Server dialog offers options to configure your virtual machine.

      Note: If the virtual machine is powered on, continue with Change Processor and Memory Configuration.

        The Configure Server dialog appears.

      1. Select Configure the Server.
      2. Click Next.

      Continue with Change Processor and Memory Configuration.

      Change Processor and Memory Configuration

      You can change the number of processors or the amount of memory in a server.

        The Configure Server dialog appears.

      1. Click Processor & Memory.
      2. Select a Processor Count and Memory combination permitted in the compute pool.
      3. Note: If the virtual machine is powered on, Processor count and memory combination is not available.

      4. Click Save.
      1.5.1.3.5.2.2. Configure Server - Network Settings Tab

      Configure Server - Network Settings Tab

      You can add or delete network interfaces and change the network to which a network interface is attached.

      Note: The following are limitations on changes to the network settings:

      • To add or delete a network interface the virtual machine must be powered off. To shut down a server, see Shut Down a Virtual Machine.
      • The first network interface defined cannot be deleted.
      • A server can have a maximum of four network interfaces.

      Network Interface Configuration

      The procedures to add a network interface, delete a network interface, and change the networks to which a network interface is attached all begin with configuring the virtual machine.

      Navigate to Configure a Server

      To navigate to Configure a Server, see Configure Server.

      Note: The server must be powered off to add or delete network interfaces.

      Configure Virtual Machine Options: Configure the Server

      If the virtual machine is powered off, the initial presentation of the Configure Server dialog offers options to configure your virtual machine.

      Note: If the virtual machine is powered on, continue with Change the Network of a Network Interface.

        The Configure Server dialog appears.

      1. Select Configure the Server.
      2. Click Next.

      Continue with Change the Network of a Network Interface, Add a Network Interface, or Delete a Network Interface.

      Change the Network of a Network Interface

      You can change the network to which a network interface is attached.

        The Configure Server dialog appears.

      1. Click Network Settings.
      2. Click the Network to display available networks.
      3. Select the desired network.
      4. Click Save.

      Note: Steps 3 and 4 can be repeated until all networks are changed.

      Add a Network Interface

      You can add a network interface to any virtual machine with fewer than four network interfaces. The virtual machine must powered off to add network interfaces.

      Note: Adding a network interface in Infinicenter Console does not provision the network interface in the guest operating system. The newly-added network interface must be configured through the guest operating system before it is available for use.

        The Configure Server dialog appears.

      1. Click Network Settings.
      2. Click Add a Connection.
      3. Note: If the virtual machine is powered on, Add a Connection is not available.

      4. Click the Network to display available networks.
      5. Select the desired network.
      6. Click the Undo Add icon, , to undo the add.
      7. Click Save.

      Note: Steps 3, 4, and 5 can be repeated until the desired quantity of network interfaces is available.

      Delete a Network Interface

      You can delete a network interface from any virtual machine. A virtual machine must be powered off to delete network interfaces.

      Note: The first network interface cannot be deleted.

        The Configure Server dialog appears.

      1. Click Network Settings.
      2. The first network interface cannot be deleted, indicated by the Prohibited icon, .
      3. Click the Delete icon, , of the network interface to delete.
      4. Note: If the virtual machine is powered on, the Delete icon, , is not available.

      5. Click the Undo Delete icon, , to undo the delete.
      6. Click Save.

      Note: Step 3 can be repeated until all desired network interfaces are marked for deletion.

      1.5.1.3.5.2.3. Configure Server - Disks Tab

      Configure Server - Disks Tab

      Individual virtual disks can be added, deleted, or grown in capacity on a virtual machine. System disks cannot be deleted.

      The following are limitations on changes to the disk configuration:

      • The virtual machine must be powered off to delete a disk. To shut down a server, see Shut Down a Virtual Machine.
      • The first hard disk, the system disk, cannot be deleted.
      • A server can have a maximum of 15 disks.
      • Disk capacity can be from 2 GB to 2048 GB, inclusive.
      • Note: Disk capacity can be limited to 512 GB depending on the storage device on which the drive is physically located. An error is returned if the storage device does not support capacities greater than 512 GB.

      • Disk capacity can only be increased.
      • Note: Infinicenter Console does not provide the ability to shrink disks. This is by design to avoid possible data corruption caused by shrinking a disk smaller than the data contained on the disk’s partitions.

      Disk Configuration

      Procedures to add, delete, and grow disks all begin with configuring the virtual machine.

      Navigate to Configure a Server

      To navigate to Configure a Server, see Configure Server.

      Note: The server must be powered off to detach and attach disks.

      Configure Virtual Machine Options: Configure the Server

      If the virtual machine is powered off, the initial presentation of the Configure Server dialog offers options to configure your virtual machine.

      Note: If the virtual machine is powered on, continue with Add a Disk or Grow a Disk.

        The Configure Server dialog appears.

      1. Select Configure the Server.
      2. Click Next.

      Continue with Add a Disk, Delete a Disk, or Grow a Disk.

      Add a Disk

      You can add a disk to any virtual machine with fewer than fifteen disks. The virtual machine can be powered on or powered off to add disks.

      Note: Adding a disk in Infinicenter Console does not provision the disk in the guest operating system. The newly-added disk must be partitioned and formatted through the guest operating system before it is available for use.

        The Configure Server dialog appears.

      1. Click Disks.
      2. Type the Size of the disk to add.
      3. Click Add Disk.
      4. The new disk appears on the list of Current Disks.

      5. Click the Undo Add icon, , to undo the add.
      6. Click Save.

      Note: Steps 2, 3, and 4 can be repeated until the desired quantity of disks is available.

      After the new disk is created, the system will assign a name to the new disk of Hard Disk and the sequential order in which the disk was created, for example Hard Disk 3.

      Grow a Disk

      You can grow the capacity of any disk on a virtual machine. The maximum size of the disk is the lesser of the system maximum of 2048 GB per disk and the remaining storage capacity purchased in the compute pool.

      Note: The Grow a Disk feature is intended to provide the ability to expand a disk in cases where the addition of a hard disk into a logical volume group is not practical or feasible. In certain cases, an error is received when expanding a disk due to safety limitations on the storage system. In those cases, we recommend adding a disk and using the guest operating system to extend the volume over the disk rather than attempting to expand the drive. The ability to expand a drive in place is not guaranteed to be available in all cases.

        The Configure Server dialog appears.

      1. Click Disks.
      2. Click the Edit icon, , of the disk to grow.
      3. The Grow Disk dialog appears.

      4. Use the slider to adjust the size; the size changes in the Disk Size box.
      5. Click OK.
      6. You return to the Configure Server dialog.

      7. Click Save.

      Note: Steps 2, 3, and 4 can be repeated until all disks are the desired size.

      Delete a Disk

      You can delete a disk from any virtual machine. A virtual machine must be powered off to delete disks.

      Note: The first hard disk, the system disk, cannot be deleted.

        The Configure Server dialog appears.

      1. Click Disks.
      2. Note: The first disk cannot be deleted, indicated by the Prohibited icon, .

      3. Click the Delete icon, , of the disks to delete.
      4. Note: If the virtual machine is powered on, the Delete icon, , is not available.

      5. Click the Undo Delete icon, , to undo the delete.
      6. Click Save.

      Note: Step 2 can be repeated until all desired disks are marked for deletion.

      1.5.1.3.5.2.4. Configure Server - Detach Disks

      Configure Server - Detach Disks

      Individual virtual disks can be detached from a virtual machine. System disks cannot be detached. A virtual machine must be powered off to detach a disk.

      Note: Storage utilization includes storage consumed by both virtual machines and detached disks.

      Detach a Disk

      Detach disk begins with configuring the virtual machine.

      Navigate to Configure a Server

      To navigate to Configure a Server, see Configure Server.

      Note: The server must be powered off to detach disks.

      Configure Server Dialog

        The Configure Server dialog appears.

      1. Select Detach disk.
      2. Click Next.

      Detach Unavailable

      Note: If the virtual machine has only a system disk, Detach disk is unavailable.

      Detach a Virtual Disk from a Virtual Machine

      You can detach a disk from any virtual machine with more than one disk and which is powered off.

      Note: The system disk cannot be detached from its virtual machine.

        The Configure Server dialog appears.

        Basic details regarding the virtual machine displays.

      1. Select the disk to detach from the list of Current Disks.
      2. Type a Name for the detached virtual disk.
      3. Type a Description for the detached virtual disk, if desired.
      4. Click Detach.
      1.5.1.3.5.2.5. Configure Server - Attach Disks

      Configure Server - Attach Disks

      Individual virtual disks can be attached to a virtual machine. A virtual machine must be powered off to attach. When creating a blank server, a detached disk can be attached, instead of making a new blank disk, during creation.

      Note: Storage utilization includes storage consumed by both virtual machines and detached disks.

      Attach Disk

      Attach disk begins with configuring the virtual machine.

      Navigate to Configure a Server

      To navigate to Configure a Server, see Configure Server.

      Note: The server must be powered off to attach disks.

      Configure Server Dialog

        The Configure Server dialog appears.

      1. Select Attach a detached disk.
      2. Click Next.

      Attach Unavailable

      Note: If the compute pool has no detached disks or the virtual machine has the maximum of 15 disks, Attach a detached disk is unavailable.

      Attach a Virtual Disk to a Virtual Machine

      You can attach a disk to any virtual machine with fewer than fifteen disks and which is powered off.

        The Configure Server dialog appears.

        Basic details regarding the virtual machine is displayed.

      1. Select the disk to attach from the list of Available Disks.
      2. Click Attach.
      1.5.1.3.5.3. Copy a Virtual Machine

      Copy a Virtual Machine

      You can create a virtual machine by copying an existing virtual machine. Two copy methods are available to create new virtual machines directly. Copy customized permits changes to networking during the copy. Copy identical creates an exact duplicate of the source virtual machine and permits no configuration changes. Virtual machines can be copied between compute pools.

      Note: Any of the following conditions prevents copying a virtual machine between compute pools and causes an error message:

      • The virtual machine's hardware version is incompatible with the target compute pool.
      • The environment has no storage common to the source and target compute pools.
      • The source virtual machine has a processor and memory configuration that matches no permissible configurations in the target instance-based compute pool.

      You can also copy a virtual machine to a catalog item in the VM Catalog. You can then create additional virtual machines in the same manner as any other catalog item.

      Navigate

      To copy a virtual machine:

      1. Select the desired virtual machine to copy.
      2. Click Copy.
      3. Select a copy method: To Catalog, Identical, or Customized.

      You can also copy a virtual machine from the context menu.

      1. Right-click the desired virtual machine to copy.
      2. Click Copy.
      3. Select a copy method: To Catalog, Identical, or Customized.
      1.5.1.3.5.3.1. Copy a Virtual Machine to Catalog

      Copy a Virtual Machine to the VM Catalog

      You can copy a virtual machine into your VM catalog and later create new virtual machines from catalog.

      Note: To copy a virtual machine to the VM catalog, you must have the organization-level permission of Manage Catalog Items. The environment-level permission of Copy Server to Catalog is insufficient without the organization-level permission of Manage Catalog Items.

      Navigate

      To copy a virtual machine:

      1. Select the desired virtual machine to copy.
      2. Click Copy.
      3. Click To Catalog.

      You can also copy a virtual machine from the context menu.

      1. Right-click the desire virtual machine to copy.
      2. Click Copy.
      3. Click To Catalog.

      Catalog Details

        The Copy Server To Catalog dialog appears.

        The virtual machine details are displayed.

      1. Type a Catalog Name for the new catalog item.
      2. Click Copy.
      1.5.1.3.5.3.2. Copy a Virtual Machine, Identical

      Copy a Virtual Machine, Identical

      You can create an identical copy of a virtual machine; all configuration of the newly-created virtual machine is identical to the source virtual machine. If desired, you can copy to a compute pool different from the source compute pool, but both compute pools must be in the same environment.

      Note: The newly created virtual machine is configured with the same network address as the source virtual machine. If both are powered on, an IP address conflict will result on the network. However, within Infinicenter Console, the source machine is assigned the IP address and the copied virtual machine has no IP address assigned. An IP address must be assigned to the copied virtual machine and the virtual machine configured with that IP address before powering on both virtual machines.

      Navigate

      To copy a virtual machine:

      1. Select the desired virtual machine to copy.
      2. Click Copy.
      3. Click Identical.

      You can also copy a virtual machine from the context menu.

      1. Right-click the desired virtual machine to copy.
      2. Click Copy.
      3. Click Identical.

      Destination, Name, and Description

        The Copy Identical Server dialog appears.

        The virtual machine details are displayed.

      1. Select a Destination Compute Pool.
      2. If the compute pool has more than one cluster generation, select a Cluster Generation.
      3. Note: Cluster Generation is only available in instance-based compute pool.

      4. If disaster recovery is enabled in the multi-tenant environment, select a Storage Volume.
      5. Note: Storage Volume is only available for multi-tenant environments.

      6. Type a Server Name.
      7. Type a Description for the virtual machine, if desired.
      8. Note:  Instance-based virtual machine includes Server Cost Summary; scroll down in the server details to view server cost summary.

      Choose Location

      You can select an existing row and group into which to place the newly created virtual machine.

      1. Select Place in Row of an existing row.
      2. Select Group of an existing group.

      You can select an existing row and create a new group into which to place the newly created virtual machine.

      1. Select Place in Row of an existing row.
      2. Select Group of New Group.
      3. Type a New Group Name for the group to create.

      You can create a new row and a new group into which to place the newly created virtual machine.

      1. Select Place in Row of New Row.
      2. Type a New Row Name for the row to create.
      3. Type a New Group Name for the group to create.

      If the newly created virtual machine is placed in a new compute pool, no row or groups exist. Therefore, the only option is to name the new row and new group.

      1. Type a New Row Name for the row to create.
      2. Type a New Group Name for the group to create.

      Agree and Deploy

      Agree to licensing and fees and deploy.

      1. Select AGREEMENT to licensing and fees.
      2. Click Deploy.
      1.5.1.3.5.3.3. Copy a Virtual Machine, Customized

      Copy a Virtual Machine, Customized

      You can copy a virtual machine and modify some of the configuration of the newly-created virtual machine. If desired, you can copy to a compute pool different from the source compute pool, but both compute pools must be in the same environment.

      Note: If Power the server on when created is not selected (or cannot be selected) and you intend to make additional copies using the new virtual machine, the newly-created virtual machine must be powered on once to allow guest customization to complete. Guest customization finalizes virtual machine configuration and allows full functionality of the new virtual machine.

      Navigate

      To copy a virtual machine:

      1. Select the desired virtual machine to copy.
      2. Click Copy.
      3. Click Customized.

      You can also copy a virtual machine from the context menu.

      1. Right-click the desired virtual machine to copy.
      2. Click Copy.
      3. Click Customized.

      Virtual Machine Details and Destination

        The Copy Server dialog appears for the Server Details phase of virtual machine copying.

        The virtual machine details displays to verify a proper selection and Instance-based virtual machine includes Server Cost Summary.

      1. Select a destination Compute Pool.
      2. If the compute pool has more than one cluster generation, select a Cluster Generation.
      3. Note: Cluster Generation is only available in instance-based compute pool.

      4. If disaster recovery is enabled in the multi-tenant environment, select a Storage Volume.
      5. Note: Storage Volume is only available for multi-tenant environments.

      6. Click Next.

      Network Settings

      Copy customized permits the network settings of the copied virtual machine to differ from the source virtual machine.

        The Copy Server dialog appears for the Network Settings phase of virtual machine copying.

        The virtual machine details are displayed.

      1. Type IP addresses for the Primary DNS and Secondary DNS servers, if desired.
      2. Select a Network.
      3. Network can be IPv4 only or both IPv4 and IPv6, if IPv6 is available.

      4. Under IP Address:
        1. For IPv4 networks, select IPv4 address from the list.
        2. For IPv6 networks, type an IPv6 address or accept the default presented.
      5. Click Next.

      Assign a Name and Select a Location by Row and Group

      You must assign a name to the new virtual machine and select a location, a row and group, into which to place the newly created virtual machine.

      Windows

      For Windows virtual machines you must assign an administrator's password.

        The Copy Server dialog appears for the Name and Location phase of virtual machine copying.

        The virtual machine details are displayed.

      1. Type a Server Name.
      2. Type a Description for the virtual machine, if desired.
      3. Type a Password.
      4. Type again to Confirm Password.

      Linux

      Passwords cannot be assigned to Linux virtual machines.

        The Copy Server dialog appears for the Name and Location phase of virtual machine copying.

        The virtual machine details are displayed.

      1. Type a Server Name.
      2. Type a Description for the virtual machine, if desired.
      3. No password is required for Linux.

      Choose Location

      You can select an existing row and group into which to place the newly created virtual machine.

      1. Select Place in Row of an existing row.
      2. Select Group of an existing group.

      You can select an existing row and create a new group into which to place the newly created virtual machine.

      1. Select Place in Row of an existing row.
      2. Select Group of New Group.
      3. Type a New Group Name for the group to create.

      You can create a new row and a new group into which to place the newly created virtual machine.

      1. Select Place in Row of New Row.
      2. Type a New Row Name for the row to create.
      3. Type a New Group Name for the group to create.

      If the newly created virtual machine is placed in a new compute pool, no row or groups exist. Therefore, the only option is to name the new row and new group.

      1. Type a New Row Name for the row to create.
      2. Type a New Group Name for the group to create.

      Continue

      After you select the Name and Location, continue to the next phase.

      1. Click Next.

      Agree and Deploy

      Agree to licensing and fees and deploy.

        The Copy Server dialog appears for the Review and Save phase of virtual machine copying.

        The virtual machine details are displayed.

      1. Select to Power the server on when created.
      2. Select AGREEMENT to licensing and fees.
      3. Click Deploy.
      1.5.1.3.5.4. Retry a Virtual Machine Operation

      Retry a Virtual Machine Operation

      Some Enterprise Cloud operations require substantial time to complete and, if they fail, can be retried. A retry operation is an outstanding failed operation for which retries are possible. The Enterprise Cloud permits retry operations against detached disks and virtual machines.

      Note: Retry events are often caused by conditions that may take time to resolve. When a retry event is detected, wait a short time before attempting the retry operation. Failure of a retry operation may only signify the condition remains unresolved. However, if repeated attempts fail, contact Customer Support for assistance.

      To retry any failed operation in a virtual machine:

        Red exclamation, icon: error, indicates a failed operation state.

      1. Select a virtual machine.
      2. Retry menu choice appears if recovery is possible.

      3. Click Retry.

      You can also retry a virtual machine operation from the context menu.

      1. Right-click a desired virtual machine to retry.
      2. Retry menu choice appears if recovery is possible.

      3. Click Retry.

      Retry Detach Disk

      You can retry failed detach disk operations.

        The Configure Server dialog appears.

        The basic virtual machine and disk details appear.

      1. Click Retry Detach.

      Retry Attach Disk

      You can retry failed attach disk operations.

        The Configure Server dialog appears.

        The basic virtual machine and disk details appear.

      1. Click Retry Attach.

      Retry Other Operations

      For instance-based virtual machines, you can retry a failed, create server from template, create server from catalog, create blank server, configure server, delete server, copy customized, and copy identical operations.

      Note: Operations on a resource-based virtual machine cannot be retried, except for detached disk operations.

        The Retry {operation} dialog appears where {operation} is one of:

        • Create Server From Template.
        • Create Server From Catalog.
        • Create Blank Server.
        • Configure Server.
        • Delete Server.
        • Copy Customized.
        • Copy Identical.
      1. Select AGREEMENT.
      2. Click Continue.
      1.5.1.3.5.5. Delete a Server

      Delete a Virtual Machine

      You can delete a virtual machine. To delete a virtual machine, the virtual machine must be powered off and the virtual machine must be removed from all Internet services for which the virtual machine is a node service. To power off a virtual machine, see Change the Power State of a Virtual Machine. To determine for which Internet services a virtual machine is a node service, see Nodes under Internet Services Tab. To remove a node service from an Internet service, see Delete a Node Service.

      To delete a virtual machine:

      1. Select a virtual machine.
      2. Click Delete.

      You can also delete a virtual machine from the context menu.

      1. Right-click a virtual machine.
      2. Click Delete.

      Regardless of the menu used, Infinicenter Console requests confirmation of the deletion.

        The Confirmation dialog appears.

      1. Click OK.
      2. Infinicenter Console displays a Deleting Server message until the server task begins.

      1.5.1.3.5.6. Move Server

      Move a Device

      You can move a device to a different row or group. In the dialog to move the device, you can choose to create a new group or create a new row and a new group.

      Move Virtual Machines

      To move a virtual machine:

      1. Select a desired virtual machine to move.
      2. Click Administrative Tasks.
      3. Click Move.

      You can also move a virtual machine from the context menu.

      1. Right-click the desired virtual machine to move.
      2. Click Administrative Tasks.
      3. Click Move.

      Continue with moving.

      Move Physical Devices

      To move a physical device:

      1. Select a desired physical device to move.
      2. Click Move.

      You can also move a physical device from the context menu.

      1. Right-click the desired physical device to move.
      2. Click Move.

      Continue with moving.

      Move a Device

      Existing Row and Existing Group

      You can choose an existing row and an existing group to which to move the device.

        The Move Device dialog appears.

      1. Select a Move to Row.
      2. Select a Group.
      3. Click Save.

      Existing Row and New Group

      You can choose an existing row and create a new group to which to move the device.

        The Move Device dialog appears.

      1. Select a Move to Row.
      2. Select a Group of New Group.
      3. Type a New Group Name.
      4. Click Save.

      New Row and New Group

      You can create a new row and create a new group to which to move the device.

        The Move Device dialog appears.

      1. Select a Move to Row of New Row.
      2. Type a New Row Name.
      3. Type a New Group Name.
      4. Click Save.
      1.5.1.3.5.7. Relocate a Virtual Machine

      Relocate a Virtual Machine

      You can relocate a virtual machine. It allows you to change the Customer Defined Volumes (CDV) or move the virtual machines to secured shared storage.

      Note: Relocate is only available in the primary multi-tenant environment and not in the backup environment.

      To relocate a virtual machine:

      1. Select a desired virtual machine to relocate.
      2. Click Administrative Tasks.
      3. Click Relocate.
      4. The Relocate Device dialog appears.

      5. Select a New Storage Volume.
      6. Click Save.

      You can also relocate a virtual machine from the context menu:

      1. Right-click the desired virtual machine to relocate.
      2. Click Administrative Tasks.
      3. Click Relocate.
      4. The Relocate Device dialog appears.

      5. Select a New Storage Volume.
      6. Click Save.
      1.5.1.3.5.8. Manage Virtual Machine Snapshots

      Manage Virtual Machine Snapshots

      Introduction

      A virtual machine snapshot preserves the state and data of a virtual machine at a specific point in time. The data includes all of the files that make up the virtual machine. Files include disks and other devices, such as virtual network interface cards.

      Note: When snapshots are enabled on a virtual machine, its configurations cannot change, although it can be viewed. The virtual machine can, however, be copied at its current, active state.

      Snapshots create child files that contain all the changes made since the last snapshot:

      • Child files can grow up to the size of the source virtual disks; storage fees are incurred for both the source virtual disks and all child files.
      • Tracking changes to the source virtual disk in the child file incurs a performance penalty on the virtual machine.
      • Changes are added to child files until snapshots are disabled and all snapshots are removed from the virtual machine.

      Snapshot storage is included when determining whether a new virtual machine is within purchase storage limits in reserved compute pools when creating, copying, or configuring a virtual machine. Snapshot storage is billed at the size of the source virtual disks for the active child file and at actual usage for all other child files. You can view total storage consumption including snapshots on the Resources and Virtual Machine Storage Details tabs and the snapshot storage consumption on the Configure Server and Manage Snapshots dialogs. The dialogs also show the storage cost for instance-based virtual machines.

      Note: Snapshot storage is only fully recovered when all snapshots for a virtual machine are deleted and snapshots disabled.

      Snapshots can be enabled when a virtual machine is powered on or powered off. Snapshots are taken at every interval when powered on but only at the first interval after powering off.

      Snapshots created by Global Support Services, called unscheduled snapshots, appear in Infinicenter Console with an indicator, Icon warning, to identify its initiation outside Infinicenter Console. Unscheduled snapshots are included in the Snapshots to Capture limit. Unlike scheduled snapshots, unscheduled snapshots are not removed when a new snapshot is taken. As a consequence, if the Snapshots to Capture limit is 1 and an unscheduled snapshot is taken, no further scheduled snapshots will occur; you would need to delete the unscheduled snapshot or raise the Snapshots to Capture limit for scheduled snapshots to resume.

      You can view a history of snapshots up to the maximum number selected, including unscheduled snapshots, on the Manage Snapshots dialog.

      You can view a history of snapshot activities in the virtual machine task history. Virtual machine task history includes snapshots skipped due to the virtual machine powered off, unscheduled snapshots that meet the chosen Snapshots to Capture limit, or insufficient storage. Insufficient storage occurs in reserved compute pools, purchased storage; trial instance-based compute pools, trial provisioned storage; or infrastructure storage. You can enable snapshots if insufficient storage, but a warning is issued and all snapshots are skipped until storage is available.

      If you have appropriate permissions you can revert a virtual machine to a specific prior snapshot, which restores the state and disks to the condition at the snapshot.

      If you have appropriate permissions you can delete a specific snapshot and when you delete a virtual machine all its snapshots are also deleted.

      Note: Deleting a snapshot does not necessarily reduce the storage consumed by snapshots.

      Navigate

      To manage virtual machine snapshots:

      1. Select a virtual machine.
      2. The actions available for the virtual machine appear in the selection pane.

      3. Click Administrative Tasks on the selection pane.
      4. Click Snapshots.

      You can also manage virtual machine snapshots from the context menu.

      1. Right-click a virtual machine.
      2. The context menu appears.

      3. Click Administrative Tasks on the context menu.
      4. Click Snapshots.
      1.5.1.3.5.8.1. Enable Virtual Machine Snapshots

      Enable Virtual Machine Snapshots

      A virtual machine snapshot preserves the state and data of a virtual machine at a specific point in time. The state includes the virtual machine's power state; such as, powered on or powered off. The data includes all of the files that make up the virtual machine. Files include disks, memory configuration, and other devices, such as virtual network interface cards.

      Note: Snapshots can be enabled when a virtual machine is powered on or powered off. Snapshots are taken at every interval when powered on but only at the first interval after powering off.

      To enable snapshots for a virtual machine:

      1. Select a virtual machine.
      2. Click Administrative Tasks.
      3. Click Snapshots.
      4. The Manage Snapshots dialog appears.

      5. Select snapshots Enabled.
      6. Select the number of Snapshots to Capture.
      7. Note: The maximum number of snapshots to capture is 3.

      8. Type the Interval between snapshots in hours and minutes.
      9. Note: The minimum interval is 15 minutes and the maximum interval is 24 hours.

      10. Click Save.
      1.5.1.3.5.8.2. Edit Virtual Machine Snapshots

      Edit Virtual Machine Snapshots

      A virtual machine snapshot preserves the state and data of a virtual machine at a specific point in time. The state includes the virtual machine's power state; such as, powered on or powered off. The data includes all of the files that make up the virtual machine. Files include disks, memory configuration, and other devices, such as virtual network interface cards.

      To edit snapshots for a virtual machine:

      1. Select a virtual machine.
      2. Click Administrative Tasks.
      3. Click Snapshots.
      4. The Manage Snapshots dialog appears.

      5. Select the new number of Snapshots to Capture.
      6. Note: The maximum number of snapshots to capture is 3.

      7. Type the new Interval between snapshots in hours and minutes.
      8. Note: The minimum interval is 15 minutes and the maximum interval is 24 hours.

      9. Click Save.
      1.5.1.3.5.8.3. Disable Snapshots

      Disable Virtual Machine Snapshots

      A virtual machine snapshot preserves the state and data of a virtual machine at a specific point in time. The state includes the virtual machine's power state; such as, powered on or powered off. The data includes all of the files that make up the virtual machine. Files include disks, memory configuration, and other devices, such as virtual network interface cards.

      Note: Snapshots can be disabled when a virtual machine is powered on or powered off. Snapshots are taken at every interval when powered on but only at the first interval after powering off.

      To disable snapshots for a virtual machine:

      1. Select a virtual machine.
      2. Click Administrative Tasks.
      3. Click Snapshots.
      4. The Manage Snapshots dialog appears.

      5. Deselect snapshots Enabled.
      6. Click Save.
      1.5.1.3.5.8.4. Revert a Virtual Machine to a Snapshot

      Revert a Virtual Machine to a Snapshot

      A virtual machine snapshot preserves the state and data of a virtual machine at a specific point in time. The state includes the virtual machine's power state; such as, powered on or powered off. The data includes all of the files that make up the virtual machine. Files include disks, memory configuration, and other devices, such as virtual network interface cards.

      If you have appropriate permissions you can revert a virtual machine to a specific prior snapshot, which restores the state and disks to the condition at the snapshot.

      Note: The virtual machine can be powered off upon completion of the revert task.

      To revert snapshots for a virtual machine:

      1. Select a virtual machine.
      2. Click Administrative Tasks.
      3. Click Snapshots.
      4. The Manage Snapshots dialog appears.

      5. Click Refresh to update the snapshot list.
      6. Click the revert icon, Icon warning.
      7. The Confirmation dialog appears.

      8. Click OK.
      9. Click Save.
      1.5.1.3.5.8.5. Delete a Virtual Machine Snapshot

      Delete a Virtual Machine Snapshot

      A virtual machine snapshot preserves the state and data of a virtual machine at a specific point in time. The state includes the virtual machine's power state; such as, powered on or powered off. The data includes all of the files that make up the virtual machine. Files include disks, memory configuration, and other devices, such as virtual network interface cards.

      If you have appropriate permissions you can delete a specific snapshot and when a user deletes a virtual machine all its snapshots are also deleted.

      Note: Deleting a snapshot does not necessarily reduce the storage consumed by snapshots.

      When snapshots are enabled, changes to disks are tracked in child files as discussed in the Introduction to Manage Virtual Machine Snapshots. If subsequent snapshots rely on the changes in an earlier child file, the child files are retained for change continuity even though the snapshot has been deleted. The storage consumed by the child file retained for change continuity continues to count toward total snapshot storage consumption.

      To delete snapshots for a virtual machine:

      1. Select a virtual machine.
      2. Click Administrative Tasks.
      3. Click Snapshots.
      4. The Manage Snapshots dialog appears.

      5. Click Refresh to update the snapshot list.
      6. Click the delete icon, Icon warning to delete a snapshot.
      7. Or

      8. Click Delete All Snapshots to delete all the snapshots.
      9. The Confirmation dialog appears.

      10. Click OK.
      11. Click Save.
      1.5.1.3.5.8.6. On-Demand Virtual Machine Snapshot

      On-Demand Virtual Machine Snapshot

      A virtual machine snapshot preserves the state and data of a virtual machine at a specific point in time. The state includes the virtual machine's power state; such as, powered on or powered off. The data includes all of the files that make up the virtual machine. Files include disks, memory configuration, and other devices, such as virtual network interface cards.

      Snapshots create child files that contain all the changes made since the last snapshot.

      You can create the on-demand snapshot of a virtual machine.

      To create on-demand snapshots for a virtual machine:

      1. Select a virtual machine.
      2. Click Administrative Tasks.
      3. Click Snapshots.
      4. The Manage Snapshots dialog appears.

      5. Click Snapshot Now to create a snapshot of a virtual machine.
      6. The Confirmation dialog appears.

      7. Click OK.
      8. Note: The on-demand snapshot is not dependent on the scheduled snapshot. However, the on-demand snapshot is removed after 48 hours.

      9. Click Save.
      1.5.1.3.5.9. Rename a Device

      Rename a Device

      You can change the name or the description of a device at any time.

      Navigate to Rename Virtual Machines

      To rename a virtual machine:

      1. Select the desired virtual machine to rename.
      2. Click Administrative Tasks.
      3. Click Rename.

      You can also rename a virtual machine from the context menu.

      1. Right-click the desired virtual machine to rename.
      2. Click Administrative Tasks.
      3. Click Rename.

      Continue with renaming.

      Navigate to Rename Physical Devices

      To rename a physical device:

      1. Select the desired physical device to rename.
      2. Click Rename.

      You can also rename a physical from the context menu.

      1. Right-click the desired physical device to rename.
      2. Click Rename.

      Continue with renaming.

      Rename or Change Description

        The Rename Device dialog appears.

      1. Type a new Name.
      2. Type a Description, if desired.
      3. Click Save.
      1.5.1.3.5.10. View Device Tasks

      View Device Tasks

      Tasks are a history of changes to an environment, in this case a particular device (a virtual machine, physical server, physical router, high availability router, or storage device), and are retained for up to six months. While an Active Tasks tab is available, tasks typically are active for a very short time and are very difficult to view.

      Navigate to View Tasks for a Virtual Machines

      To view tasks for a virtual machine:

      1. Select a virtual machine.
      2. Click Administrative Tasks.
      3. Click View Tasks.

      You can also view tasks for a virtual machine from the context menu.

      1. Right-click a virtual machine.
      2. Click Administrative Tasks.
      3. Click View Tasks.

      Navigate to View Tasks for a Physical Devices

      To view tasks for a physical device: physical server, physical router, high availability router, or storage device.

      1. Select a physical device.
      2. Click View Tasks.

      You can also view tasks for a physical device from the context menu.

      1. Right-click a physical device.
      2. Click View Tasks.

      View the Tasks

        The Tasks dialog appears.

      1. Click Task History.
      2. The Task history appears.

      3. Click Close.
      1.5.1.3.5.11. Convert Customer-Provided License to IBM-Provided License

      Convert License

      You can convert the operating system license of an existing virtual machine from a customer-provided license to an IBM-provided license by assigning an Enterprise Cloud template to the virtual machine.

      Navigate

      To convert license for a virtual machine:

      1. Select a virtual machine.
      2. Click Administrative Tasks.
      3. Select Convert License.

      You can also convert license for a virtual machine from the context menu.

      1. Right-click a virtual machine.
      2. Click Administrative Tasks.
      3. Select Convert License.

      Convert License for a Virtual Machine

        The Convert License dialog appears.

      1. Select the operating system Family/Category.
      2. Select the Operating System.
      3. Select from Available Templates.
      4. Select the Version.
      5. The virtual machine details appear.

      6. Select the AGREEMENT to indicate understanding of the change in billing.
      7. Click Assign.

      Note: Instance-based virtual machine includes Server Cost Summary; scroll down in the server details to view server cost summary.

      1.5.1.3.5.12. Manage IPs

      Manage IP Addresses

      From Infinicenter Console, you can track the assignment of IP addresses to virtual machines and physical servers within the Enterprise Cloud. An IP address assigned to one server cannot be duplicated and assigned to another server within the Enterprise Cloud application.

      Note: Assigning an IP address to a device does not configure an IP address change within the guest operating system on the server. You must also enter the server's operating system and perform the necessary configuration change to add the IP address within the guest operating system running on the server.

      Some IP addresses can be associated with other features within the Enterprise Cloud console. These features will be indicated by the following after the address.

      (NS) Node Service
      (FR) Firewall Rule
      (LOG) Firewall Logging Server
      (AS) Network Assigned to Server
      (CRN) Custom RNAT
      (R) Reserved

      Navigate to Manage IP Addresses for a Virtual Machine

      To manage IP addresses for a virtual machine:

      1. Select a virtual machine.
      2. Click Administrative Tasks.
      3. Click Manage IPs.

      You can also manage IP addresses for a virtual machine from the context menu.

      1. Right-click a virtual machine.
      2. Click Administrative Tasks.
      3. Click Manage IPs.

      Navigate to Manage IP Addresses for a Physical Server

      To manage IP addresses of a physical server:

      1. Select a physical server.
      2. Click Manage IPs.

      You can manage IP addresses from the context menu.

      1. Select a physical server.
      2. Click Manage IPs.

      Manage IP Addresses Dialog

        The Manage IP Addresses dialog appears.

      1. Select the Networks from which you wish to manage IP addresses.

      Add IP Addresses

      1. Select an IP address in the Available IPs list.
      2. Click add, Add IP address button, to queue the IP address for addition to the selected server.
      3. The selected IP address moves to Assigned to this Server list.

      Remove IP Addresses

      1. Select an IP address in the Assigned to this Server list.
      2. Click remove, Remove IP address button, to queue the IP address for removal from the selected server.
      3. The selected IP address moves to Available IPs list.

      Save Assigned IP Addresses

      1. Click Save to apply the list of assigned IP addresses to the server.

      View Reserved IP Addresses

      You can choose to reserve IP addresses for any reason. Once reserved, those IP addresses are no longer visible by default on the Manage IPs dialog. However, a simple selection will make reserved IP addresses available for selection.

      1. Select Include Reserved IPs.
      2. Reserved IP addresses have an "(R)".
      1.5.1.3.5.13. Assign Security Groups

      Assign Security Groups to a Device

      Authorization of user activities within the Enterprise Cloud, both Infinicenter Console and the API, is based upon Role Based Access Control (RBAC). RBAC is a National Institute of Standards and Technology (NIST) standard. See Role Based Access Control for a full discussion of RBAC as implemented in the Enterprise Cloud.

      In the Enterprise Cloud, basic RBAC is implemented through user Roles. Roles permit administrators to restrict access for every business operation of Infinicenter Console based on the role of the user. Enterprise Cloud also offers role-based control over devices assigned to specific security groups, which is implemented through device Security Groups and security group level roles.

      Navigate to Assign Security Groups for a Virtual Machine

      To assign security groups for a virtual machine:

      1. Select a virtual machine.
      2. Click Administrative Tasks.
      3. Click Assign To Security Groups.

      You can also assign security groups for a virtual from the context menu.

      1. Right-click a virtual machine.
      2. Click Administrative Tasks.
      3. Click Assign To Security Groups.

      Navigate to Assign Security Groups for a Physical Server

      To assign security groups for a physical server:

      1. Select a physical server.
      2. Click Assign To Security Groups.

      You can also assign security groups for a physical server from the context menu.

      1. Select a physical server.
      2. Click Assign To Security Groups.

      Add Security Groups to a Device

        The Assign Device To Security Groups dialog appears.

      1. Select one or more security groups in Available Security Groups list.
      2. Click Add to queue the security groups for addition to the selected device.
      3. The selected security groups move to Assigned To list.

      4. Click Save.

      Remove Security Groups from a Device

        The Assign Device To Security Groups dialog appears.

      1. Select one or more security groups in the Assigned To list.
      2. Click Remove to queue the security groups for removal from the selected device.
      3. The selected security groups move to Available Security Groups list.

      4. Click Save.
      1.5.1.3.5.14. Cloud Services

      Cloud Services

      Cloud Services are value-added services, such as patching and backup, that can be offered to organizations for their virtual machines and physical devices, although just physical servers. These services can be managed by the customer or managed by IBM. Availability of specific services for any given virtual machine can be limited by constraints in the physical, rather than virtual, environment.

      Cloud services can be enabled by datacenter, by physical divisions within the datacenter, or by customer. Not every cloud service is available to every server in every environment. Cloud services available to a specific server are shown in Infinicenter Console.

      Navigate to Cloud Services

      To navigate to cloud services:

      1. Select a virtual machine.
      2. Click Cloud Services.
      3. Select a cloud service.

      You can also assign cloud services to a server from the context menu.

      1. Right-click a virtual machine.
      2. Click Cloud Services.
      3. Select a cloud service.
      1.5.1.3.5.14.1. Add Patching to a Server

      Add Patching to a Server

      Patching is a value-added cloud service that can patch the guest operating system and selected applications on your virtual machines.

      Cloud services can be enabled by datacenter, by physical divisions within the datacenter, or by customer. Not every cloud service are available to every server in every environment. Cloud services available to a specific server are shown in Infinicenter Console.

      Note: 

      To add patching service to a virtual machine:

      1. Select a virtual machine.
      2. Click Cloud Services.
      3. Click Patching Service.
      4. Click Add Configuration.

      You can also add patching service to a virtual machine from the context menu.

      1. Right-click a virtual machine.
      2. Click Cloud Services.
      3. Click Patching Service.
      4. Click Add Configuration.

      Configure

        The Add Configuration dialog appears.

      1. Select a Start Time.
      2. Type or select a Start Day.

      You can then select a Recurrence Pattern, which can require additional configuration. The Recurrence Pattern can be:

      Recur Once or Daily

      Patching of a Windows virtual machine requires the User Name and Password of an account that is an administrator or has the limited permission modifications as described in What is required on my Windows server to enable patching?

      1. Select a Recurrence Pattern, if you select Once or Daily.
      2. Click Save.

      Weekly

      Patching of a Windows virtual machine requires the User Name and Password of an account that is an administrator or has the limited permission modifications as described in What is required on my Windows server to enable patching?

      1. Select a Recurrence Pattern, if you select Weekly.
      2. Select a Day of Week.
      3. Click Save.

      Monthly

      Patching of a Windows virtual machine requires the User Name and Password of an account that is an administrator or has the limited permission modifications as described in What is required on my Windows server to enable patching?

      1. Select a Recurrence Pattern, if you select Monthly.
      2. Select a Day of Month.
      3. Click Save.
      1.5.1.3.5.14.2. Edit Patching on a Server

      Edit Patching on a Server

      Patching is a value-added cloud service that can patch the guest operating system and selected applications on your virtual machine.

      Cloud services can be enabled by datacenter, by physical divisions within the datacenter, or by customer. Not every cloud service are available to every server in every environment. Cloud services available to a specific server are shown in Infinicenter Console.

      Navigate

      To edit patching service on a virtual machine:

      1. Select a virtual machine.
      2. Click Cloud Services.
      3. Click Patching Service.
      4. Click Edit Configuration.

      You can also edit patching service on a virtual machine from the context menu.

      1. Right-click a virtual machine.
      2. Click Cloud Services.
      3. Click Patching Service.
      4. Click Edit Configuration.

      Configure

        The edit Configuration dialog appears.

        The service details appear.

      1. Select a Start Time.
      2. Type or select a Start Date.

      You can then select a Recurrence Pattern, which can require additional configuration. The Recurrence Pattern can be:

      Recur Once or Daily

      Patching of a Windows virtual machine requires the User Name and Password of an account that is an administrator or has the limited permission modifications as described in What is required on my Windows server to enable patching?

      1. Select a Recurrence Pattern, if you select Once or Daily.
      2. Click Save.

      Weekly

      Patching of a Windows virtual machine requires the User Name and Password of an account that is an administrator or has the limited permission modifications as described in What is required on my Windows server to enable patching?

      1. Select a Recurrence Pattern, if you select Weekly.
      2. Select a Day of Week.
      3. Click Save.

      Monthly

      Patching of a Windows virtual machine requires the User Name and Password of an account that is an administrator or has the limited permission modifications as described in What is required on my Windows server to enable patching?

      1. Select a Recurrence Pattern, if you select Monthly.
      2. Select a Day of Month.
      3. Click Save.
      1.5.1.3.5.14.3. Remove Patching from a Server

      Remove Patching from a Server

      Patching is a value-added cloud service that can patch the guest operating system and selected applications on your virtual machine.

      Cloud services can be enabled by datacenter, by physical divisions within the datacenter, or by customer. Not every cloud service are available to every server in every environment. Cloud services available to a specific server are shown in Infinicenter Console.

      To remove patching service on a virtual machine:

      1. Select a virtual machine.
      2. Click Cloud Services.
      3. Click Patching Service.
      4. Click Remove Configuration.
      5. The Confirmation dialog appears.

      6. Click OK.

      You can also remove patching service on a virtual machine from the context menu.

      1. Right-click a virtual machine.
      2. Click Cloud Services.
      3. Click Patching Service.
      4. Click Remove Configuration.
      5. The Confirmation dialog appears.

      6. Click OK.
      1.5.1.3.5.14.4. Add Backup to a Server

      Add Backup to a Server

      Backup is a value-added cloud service that can backup and restore your virtual machine.

      Cloud services can be enabled by datacenter, by physical divisions within the datacenter, or by customer. Not every cloud service are available to every server in every environment. Cloud services available to a specific server are shown in Infinicenter Console.

      Note: Deduplication of backups is not possible for virtual hardware versions prior to vmx-7, which results in higher storage costs for backup images. To ensure your virtual machines are current and at virtual hardware versions vmx-7 or newer, follow Upgrade Virtual Machine Hardware Version. Hardware Version will not appear if the virtual hardware version is current.

      To add backup service to a virtual machine:

      1. Select a virtual machine.
      2. Click Cloud Services.
      3. Click Backup Service.
      4. Click Add Configuration.
      5. The Add Configuration dialog appears.

      6. Select a Backup Retention Period.
      7. Click Yes.

      You can also add backup service to a virtual machine from the context menu.

      1. Right-click a virtual machine.
      2. Click Cloud Services.
      3. Click Backup Service.
      4. Click Add Configuration.
      5. The Add Configuration dialog appears.

      6. Select a Backup Retention Period.
      7. Click Yes.
      1.5.1.3.5.14.5. Remove Backup from a Server

      Remove Backup from a Server

      Backup is a value-added cloud service that can backup and restore your virtual machine.

      Cloud services can be enabled by datacenter, by physical divisions within the datacenter, or by customer. Not every cloud service are available to every server in every environment. Cloud services available to a specific server are shown in Infinicenter Console.

      When you remove backup service from a virtual machine, you can remove all the backup image files at the time you remove the service or you ca retain the images and let the backup service automatically remove them as they reach their retention age.

      To remove backup service from a virtual machine:

      1. Select a virtual machine.
      2. Click Cloud Services.
      3. Click Backup Service.
      4. Click Remove Configuration.
      5. The Remove Confirmation dialog appears.

      6. Select to Remove all images.
      7. Click OK.

      You can also remove backup service to a virtual machine from the context menu.

      1. Right-click a virtual machine.
      2. Click Cloud Services.
      3. Click Backup Service.
      4. Click Remove Configuration.
      5. The Remove Confirmation dialog appears.

      6. Select to Remove all images.
      7. Click OK.
      1.5.1.3.5.15. Connect to the Console of a Virtual Machine

      Connect to the console of a Virtual Machine

      To make changes to a virtual machine's operating system, you must obtain access to the guest operating system from Infinicenter Console using connect feature.

      Note: Connect is only available if the selected server is powered on.

      Connect to the console of a Virtual Machine

      To connect to your virtual machine's guest operating system:

      1. Select a virtual machine.
      2. Click Connect.

      You can also connect to your virtual machine's guest operating system from the context menu.

      1. Right-click a virtual machine.
      2. Click Connect.

      Note:  You can mount an optical disk image file to a virtual machine using PlugIn Console Window and directly from Infinicenter Console.

      Console Connect Options

      The Console Connect dialog appears with two options.

      PlugIn Console To connect to your virtual machine's guest operating system using VMware client integration plugin.
      Web Console To connect to your virtual machine's guest operating system using HTML5 web client.

      PlugIn Console

      PlugIn console allows you to connect to your virtual machine's operating system using VMware client. To connect using plugin console, you must first download VMware web client integration plugin and install it. You can download VMware client integration plugin from Plugin Installer link in the Console Connect dialog.

      Note: PlugIn Console requires a VPN connection to the network on which the virtual machine resides. You can use VPN Connect from Infinicenter Console if your environment does not have a LAN-to-LAN VPN connection.

      Note: Chrome does not support the plugin console.

      After installing VMware client:

      1. Click PlugIn Console.
      2. The virtual machine console window appears.

      Once the console connects to the virtual machine, you can login normally to the guest operating system.

      Web Console

      Web console allows you to connect to your virtual machine's operating system using HTML5 client.

      Note: Web Console uses your browser session to connect to the network on which the virtual machine resides. A VPN connection is not required with the Web console.

      To connect using web console.

      1. Click Web Console.
      2. The virtual machine console window appears.

      Once the console connects to the virtual machine, you can login normally to the guest operating system.

      Special Key Combinations

      The console has four special key combinations for common operations.

      Key Combination Outcome
      Ctrl + Alt + Del Resets the host on which the console is running
      Ctrl + Alt + Ins Resets the virtual machine
      Ctrl + G Sends keyboard and cursor control to the console
      Ctrl + Alt Sends keyboard and cursor control to the host on which the console is running
      1.5.1.3.5.16. Device Tags

      Device Tags

      Device tags permit organizations to add additional metadata to their devices: virtual machines or physical devices. This feature can be useful for API users who want to perform specific API calls to a virtual machine or group of virtual machines based on the tags assigned to them. The user can view and edit the tags for a device on the Devices tab.

      A tag is added to an organization when assigned to a device. Any given tag is retained by an organization as long as at least one devices is assigned the tag. When a tag is removed from the last device to which it is assigned, that tag is removed from the organization.

      The user can also create and assign new tags or assign existing tags when creating, copying, or configuring a virtual machine. When copying a virtual machine, all existing tags from the original server are assigned to the copied server.

      To add, edit, or remove device tags:

      1. Select a device.
      2. Click, Icon: pane expand, to expand the Selected pane.
      3. Click Tags.
      4. The Assigned Tags appear.

      5. Click Edit Tags.
      6. The Device Tagging Management dialog appears.

      7. To add new tags, type one or more tag names; separating each tag with a comma under Assigned Tags.
      8. Note: Tags must be separated by commas and cannot exceed 50 characters each. Tags can contain spaces but not commas because commas are used as the delimiter in the list.

      9. To add an existing tag, click a tag under Available Tags.
      10. To remove a tag, delete the tag from Assigned Tags.
      11. Click Save.
      12. Note: Click the help icon for any help.

      1.5.1.3.5.17. Install or Update VMware Tools

      Install or Update VMware Tools

      VMware Tools is a suite of utilities that enhances the performance of the virtual machine's guest operating system and improves management of the virtual machine. Without VMware Tools installed in your guest operating system, guest performance lacks important functionality. Installing VMware Tools eliminates or improves the following issues:

      • Low video resolution.
      • Inadequate color depth.
      • Incorrect display of network speed.
      • Restricted movement of the mouse.
      • Inability to copy and paste and drag-and-drop files.
      • Missing sound.

      To install or update VMware Tools, mount the VMware Tools CD from Infinicenter Console and then connect to the guest operating system to install or update the tools.

      Note: The sever must be powered on before you can mount the VMware Tools CD and install or update VMware Tools.

      Mount VMware Tools CD

      1. Select the desired virtual machine with VMware Tools not installed or out-of-date.
      2. Expand the Selected pane.
      3. Click Mount.
      4. The Successful dialog appears.

      5. Click Close.

      Install VMware Tools

      Note: This procedure is for a Windows-based virtual machine. In a Linux-based virtual machine with a GUI installed, the process is similar. For a Linux-based virtual machine that has only a CLI, the installation or upgrade is manual. To manually install from a Linux CLI, see How do I Install VMware Tools in Linux using the VMware Tools ISO?

      1. Select the virtual machine on which you just mounted the VMware Tools CD.
      2. Click Connect.
      3. The console window appears.

      4. Click the CD drive in which VMware Tools is installed or run \Setup.exe from that CD drive.
      5. The VMware Tools installation wizard appears.

      6. Click Next to begin the installation.
      7. Respond to the requests of the installer.
      8. The VMware Tools installation wizard completes.

      9. Click Finish.
      10. The VMware Tools automatically unmounts the installation CD.

      Unmount VMware Tools CD

      The VMware Tools installer should unmount the installation CD at the conclusion of the installation. If for any reason this does not occur or if you change your mind before installing, VMware Tools CD can be unmounted from the virtual machine.

      1. Select the virtual machine on which you just mounted the VMware Tools CD.
      2. Expand the Selected pane.
      3. Click Unmount.
      1.5.1.3.5.18. Mount ISO

      Mount an Optical Disk Image File on a Virtual Machine

      An optical disk image file is often called an ISO; from the International Organization for Standards (ISO) for the disk format, ISO 9667, and from the file extension most often used, .iso. Because the optical disk is a common distribution medium for software and given the lack of a physical optical disk on a virtual machine, the optical disk image file is a convenient alternative to install software to a virtual machine.

      In addition to installing application software, an optical disk image file can also be used to install an operating system to a blank virtual machine.

      Note: You must abide by the rules described in the article, Can I replace IBM software licenses with my own?, when installing operating systems to blank virtual machines.

      Mount the ISO

      You can mount an optical disk image file to a virtual machine using PlugIn Console Window and directly from Infinicenter Console.

      PlugIn Console Window

      You can mount ISO images to your virtual machine's guest operating system from the virtual machine's console window. To mount an optical disk image file to a virtual machine, you must first connect to the virtual machine.

      To mount an ISO image from the plugin console window:

      1. Click CD/DVD drop-down icon.
      2. Select Connect to CD/DVD image on a local disk.
      3. Click Mount.
      4. The Open image window appears.

      5. Select the desired optical disk image file.
      6. Click Open.

      If the virtual machine has a guest operating system, the optical disk image is now available to the guest operating system and you can use the image file as you would use a disk in an attached CD or DVD drive.

      Directly Infinicenter Console

      To mount ISO images, first you have to Upload the ISO image to the catalog and then mount the ISO image to the desired virtual machine.

      To upload the ISO image to the catalog, see Upload the ISO.

      To mount the ISO image to the virtual machine:

      1. Click Environments.
      2. Select an Environment.
      3. Click Devices.
      4. Select a compute pool.
      5. Select a virtual machine.
      6. Click, Icon: pane expand, to expand the Selected pane.
      7. Click Administrative Tasks.
      8. Click Mount ISO.
      9. The Mount ISO dialog appears.

      10. Select an ISO image.
      11. Click OK.
      12. You can now see the ISO image with the Size and Expires time in ISO File field, in the selected pane Details tab.

        Note: If the image remains mounted on virtual machines at the Expires date and time, the image is forcibly unmounted from the virtual machines.

      If the virtual machine has a guest operating system, the optical disk image is now available to the guest operating system and you can use the image file as you would use a disk in an attached CD or DVD drive.

      To unmount the ISO image:

      1. Select the virtual machine from which you want to unmount the ISO.
      2. Click, Icon: pane expand, to expand the Selected pane.
      3. Click Administrative Tasks.
      4. Click Unmount ISO.
      5. The Confirmation dialog appears.

      6. Click OK.

      Reboot for Operating System Installations

      To install an operating system on a blank virtual machine, you must reboot the virtual machine after mounting the optical disk image file to force it to boot from the ISO.

      To reboot the virtual machine.

      1. Click Ctrl+Alt+Del.
      2. The virtual machine shuts down and then boots from the optical disk image file.

      1.5.1.3.5.19. Upgrade Virtual Machine Hardware Version

      Upgrade Virtual Machine Hardware

      Just like a traditional server, it is very important to ensure your virtual machines have the latest hardware drivers installed. Each time new hardware versions are released, they contain new and updated device drivers that improve the stability and performance of your virtual machines. IBM recommends keeping your hardware versions current at all times.

      Note:

      • The virtual machine must be powered off to upgrade the hardware version.
      • VMware Tools must be installed and current on the virtual machine to upgrade hardware. If VMware Tools are not installed or not current, Install or Update VMware Tools.
      • When upgrading the hardware version, your virtual machines will reboot multiple times, causing them to be off line for a period of time.
      • Record the current IP configuration of the guest operating system before starting the upgrade process. The new hardware version can contain changes to the network adapter's virtual hardware which can cause a loss of network configuration. If this occurs, you will need to Connect to a Server and restore the correct network configuration.

      To upgrade the virtual machine hardware:

      1. Select a virtual machine.
      2. Expand the Selected pane.
      3. Click Upgrade.
      4. The Confirmation dialog appears.

      5. Click OK.

      You can also upgrade the virtual machine hardware from the context menu.

      1. Right-click a virtual machine.
      2. Click Upgrade.
      3. The Confirmation dialog appears.

      4. Click OK.

      Note: VMware advises that all NIC settings can revert to default upon completion of the hardware upgrade because the virtual NIC is moved to a different position on the virtual Peripheral Component Interconnect (PCI) bus, which causes the operating system to treat it as a new hardware device. It is most common on Windows virtual machines. VMware discusses the issue at Virtual NIC settings on a Windows guest are lost after a virtual hardware upgrade.

      1.5.1.4. Network Tab

      Network Tab

      From the Network tab, you can administer all the networking functions for your environments.

      • Internet Services – Control IP usage and manage the sharing of multiple servers on a public IP address to provide Internet services.
      • Security Services – View, manage, and audit firewall rules controlling access to networks and servers and direct firewall logs to a particular server.
      • Trusted Network Groups – Manage groups of IP addresses or networks that are allowed access to your public IP addresses.

      Navigate to Network Tab

      1. Click Network.
      2. Select an network activity.
      1.5.1.4.1. Internet Services Tab

      Internet Services Tab

      To offer a service over the Internet, you must associate one or more devices to a specific service, listening on a port for a protocol, and associate that service to a public IP address, an IP address open to the public Internet. In the Enterprise Cloud, this is called an Internet service. You manage your Internet services from the Internet Services tab. In the Enterprise Cloud, an Internet service can also be defined on an internal address, thus providing an Internet service for use only by private devices.

      When a public IP address, Reverse Network Address Translation (RNAT), or device is selected in the pane on the left, details and tasks that can be performed on the selected item appear in the pane on the right.

      From the Internet Services tab, you can:

      Navigate

      1. Click Internet Services.
      2. Select an Internet services activity:
        • Click Configure RNATs to present reverse network address translations (RNATs).
        • Select a Public IP to present Internet services and node services on that IP address.
        • On Networks & Devices, click Filter to filter devices by compute pool.
        • On any network, click Edit to edit network description.
        • Click right arrow, Icon: Left white expand, to expand a section.
        • Click down arrow, Icon: Left white collapse, to collapse a section.
        • After expanding a network section, select a Device to present details and node services on the device.

      The left panel of the Internet Services tab lists the public IP addresses, networks, and devices in the environment. All public IP addresses activated for the environment are listed in the Public IPs group at the top of the panel with External Addresses listed separately from Internal Addresses. Internal and DMZ networks are listed by network address/network prefix length beneath the Public IPs group. Internal networks are identified by a lock, Lock icon. The lock icon signifies that servers attached to internal networks are secured from receiving network traffic from the public Internet or DMZ subnets. RNAT configurations are also available from the left panel.

      Public IP Addresses

      When a public IP address is selected in the left panel, the Internet services and node services associated with that public IP address appear in the details section on the right. You must select a public IP address before you create, edit, or delete an Internet service or node service.

      1. Select a Public IP address.
      2. The configured Internet services to use that public IP address appears.

        The configured Node services appear beneath the Internet service.

      Devices

      Devices are listed by the networks to which they are attached. You can limit the devices shown by the compute pool in which they operate. Select a device on a network to present information regarding the device.

      Details

      The Details tab displays details regarding a device attached to the network.

      1. Expand Networks & Devices.
      2. Expand a network.
      3. Select a Device.
      4. Click Details.
      5. The device details appear.

      Nodes

      The Nodes tab displays node services the device provides and the Internet services to which they are configured.

      1. Expand Networks & Devices.
      2. Expand the desired network.
      3. Select a Device.
      4. Click Nodes.
      5. The node services appear that have been configured to use that device.

        The Internet services appear beneath the node service to which they have been configured.

      Filter

      You can limit the devices shown by the compute pool in which they operate.

      1. On Networks & Devices, click filter icon, Icon: Device Filter.
      2. The Filter Devices by Compute Pools dialog appears.

      3. Select Compute Pools of Specific.
      4. Select Specific compute pools to view.
      5. Click Apply.

      RNATs

      A Reverse Network Address Translation (RNAT) permits a device to initiate traffic to the public Internet through the public IP address assigned in the RNAT. An RNAT can be associated with an entire network or just a device.

      Network

      To view all network RNATs defined:

      1. Click Configure RNATs.
      2. Click Network RNATs.
      3. The network RNATs appear.

      4. Click Export, if desired, to download the firewall rules as a comma-separated file spreadsheet file.

      Device

      To view all device RNATs defined:

      1. Click Configure RNATs.
      2. Click Device RNATs.
      3. The device RNATs appear.

      4. Click Export, if desired, to download the firewall rules as a comma-separated file spreadsheet file.
      5. Select any filter options to limit the devices displayed:
        • Network
        • Device
        • Device IP
        • Public IP
      6. Click Filter.
      1.5.1.4.1.1. Activate a Public IP Address

      Activate a Public IP Address

      Introduction

      Public IP addresses are the avenue through which traffic flows between the Internet and groups of servers in the Enterprise Cloud. This IP address is often called a virtual IP (VIP) because one IP address is virtualized across multiple servers; that is, traffic on that IP address is shared across multiple servers to spread the load of providing a service. Public IP addresses can be IP version 4 (IPv4) or IP version 6 (IPv6). To utilize IPv6 public IP addresses, an environment must have at least one IPv6 network.

      In the Enterprise Cloud, an internal address can be declared a public IP, thus enabling a private Internet service visible only to an organization's own servers in an environment. This results in four possible public IP addresses:

      • External IPv4
      • External IPv6
      • Internal IPv4
      • Internal IPv6

      Select a Public IP Type

      The appearance of the menu varies depending upon the state of networks and availability of public IPs in the environment. If external and internal public IP addresses are available and at least one network in an environment is dual-stack, which means both IPv4 and IPv6 are enabled on a network, the menu offers all choices.

      1. Click Activate Public IP.
      2. The External and Internal appear when external or internal public IP addresses are available.

        The IPv4 Address and IPv6 Address appear if any network is dual-stack (both IPv4 and IPv6).

        • If external public IP addresses are not available but internal public IP addresses are available and at least one network in an environment is dual-stack, external public IP address choices are unavailable.
        • If external public IP addresses are available but internal public IP addresses are not available and at least one network in an environment is dual-stack, the menu offers only IP version choices.
        • If external and internal public IP addresses are available but no network in an environment is dual-stack, the menu does not show IP versions.
        • If external public IP addresses are available but internal public IP addresses are not available and no network in an environment is dual-stack, no menu appears.
      3. Click desired public IP type.
      4. The selected external or internal public IP address is added to External Addresses or Internal Addresses respectively.

      1.5.1.4.1.2. Delete a Public IP Address

      Delete a Public IP Address

      You can delete a public IP address.

      Following are the limitations to delete a public IP address.

      • The public IP address cannot be removed if RNATs or Internet services are defined on it.
      • The public IP address with the default RNAT cannot be removed.
      • The public IP address cannot be removed if it is in a primary or backup disaster recovery environment.
      • While the public IP address is removed immediately from use in the environment, it can take up to several days before it is reclaimed by the Enterprise Cloud.

      To delete a public IP address:

      1. Click Delete.
      2. The Confirmation dialog appears.

      3. Click OK.
      1.5.1.4.1.3. IP Address Usage

      IP Address Usage

      IP Usage helps you track and manage the IP addresses that are assigned to devices in the network environment. From the Environment IP Address Usage window, you can also Reserve or Unreserve an IP Address and Synchronize IP Addresses.

      1. Click IP Usage.
      2. The Environment IP Address Usage window appears.

      IPv4 Usage

      IPv4 networks are sufficiently small to present every IP address on the network.

      1. Select an IPv4 Network.
      2. The IPv4 addresses appear.

        • IP address with valid icon, green check valid icon, and a name is assigned and detected.
        • IP address with valid icon, green check valid icon, and no name is available; neither assigned nor detected.
        • IP address with warning icon, green check valid icon, and no Sync is assigned and not detected.
        • IP address with warning icon, green check valid icon, and Sync is detected but not assigned.
      3. Click Print or Save, if desired.

      Customer-Provided IP Addresses

      Organizations with customer-provided IP addresses are shown another column, Associated IP Address, which is the IBM IP address to which those addresses are converted during network address translation (NAT). When using a VPN to access the network, you must connect to a virtual machine using the Associated IP Address.

      1. Select an IPv4 network with customer-provided IP addresses.
      2. The Associated IP Address column shows the NATed address associated with the customer-provided IP address.

      IPv6 Usage

      IPv6 networks are so large that it is impractical to present every IP address on the network.

      1. Select an IPv6 Network.
        • IP address with valid icon, green check valid icon, and a name is assigned and detected.
        • IP address with warning icon, green check valid icon, and Sync is detected but not assigned.
        • IP address with warning icon, green check valid icon, and no Sync is assigned and not detected.
      2. Type an IP Address or select from the list of first 50 Available IP Addresses.
      3. Click the down arrow, green check valid icon, to load 50 more Available IP Addresses.
      4. Click Print or Save, if desired.
      1.5.1.4.1.3.1. Reserve or Unreserve an IP Address

      Reserve or Unreserve an IP Address

      At times, you wish to reserve an IP address. Perhaps you are configuring servers to use a service on a virtual machine not yet created and wish to keep that IP address available. From the Environment IP Address Usage window, as opened by IP Usage, you can reserve or unreserve an IP address.

      Note: Reserving an IP address does not prevent assigning it to a device. Reserved IP addresses are just hidden in address assignment dialogs unless revealed by selecting a check box.

      1. Click IP Usage.
      2. The Environment IP Address Usage window appears.

      IPv4 Usage

      IPv4 networks are sufficiently small to present every IP address on the network.

      1. Select an IPv4 Network.
      2. The IPv4 networks are small enough that all addresses appear.

        The detected IP addresses are unavailable to reserve and are grayed out under the Reserved column.

      3. Under the Reserved column, select to reserve the IP address.
      4. Under the Reserved column, deselect to unreserve the IP address.
      5. Click Save.

      IPv6 Usage

      IPv6 networks are so large that it is impractical to present every IP address on the network. The only IPv6 addresses to appear are:

      • Assigned IPv6 addresses.
      • Detected IPv6 addresses, addresses which detected on a server but not assigned.
      • Reserved IPv6 addresses.
      1. Select an IPv6 Network.
      2. The IPv6 networks are too large for all addresses to appear.

        The detected IP addresses are unavailable to reserve and are grayed out under the Reserved column.

      3. Type an IP Address or select an IP Address to reserve.
      4. Under the reserved column, deselect to unreserve the IP address.
      5. Click Save.
      1.5.1.4.1.3.2. Synchronize IP Addresses

      Synchronize IP Addresses

      IP addresses assigned in Infinicenter Console are typically not injected into the guest operating system of the device, with the exception of virtual machines created from a template. Under all other circumstances, it is up to the user to enter the guest operating system and configure the IP address assigned in Infinicenter Console. However, Infinicenter Console can detect IP addresses configured on a virtual machine. When an IP address is detected on a virtual machine but is not assigned in Infinicenter Console, you can synchronize the IP address; that is, assign the detected IP address to the virtual machine. From the Environment IP Address Usage window, as opened by IP Usage, you can synchronize IP addresses from the Internet Services tab.

      1. Click IP Usage.
      2. The Environment IP Address Usage window appears.

      IPv4 Usage

      To sync IPv4 addresses:

      1. Select an IPv4 Network.
      2. The IPv4 addresses appear.

      3. Click Sync.
      4. Click Save.

      IPv6 Usage

      To sync IPv6 addresses:

      1. Select an IPv6 Network.
      2. The IPv6 addresses appear.

      3. Click Sync.
      4. Click Save.
      1.5.1.4.1.4. Create an Internet Service

      Create an Internet Service

      To offer a service over the Internet, you must associate one or more devices to a specific service, listening on a port for a protocol, and associate that service to a public IP address, an IP address open to the public Internet. In the Enterprise Cloud, this is called an Internet service. You create your Internet services from the Internet Services tab. In the Enterprise Cloud, an Internet service can also be defined on an internal address, thus providing an Internet service for use only by private devices.

      Navigate

      To create a service:

      1. Click Create Service.
      2. The Create Internet Service dialog appears.

      3. Select a Public IP address, defaults to public IP selected when you click Create Service.

      Protocol and Port

      Port selection varies depending upon the protocol selected.

      FTP, HTTP, and HTTPS

      For protocols FTP, HTTP, and HTTPS you can choose only a single port.

      1. Select a Protocol.
      2. Type a Port number.

      IPsec, PPTP and RDP

      For protocols IPsec, PPTP and RDP you cannot choose a port, since they are pre-defined.

      1. Select a Protocol.
      2. The Port number is pre-defined and unavailable to change.

      TCP, UDP, and TCP+UDP

      For protocols TCP, UDP, and TCP+UDP you can choose a port, a port range, or a combination of ports and port ranges.

      Choose a Port

      1. Select a Protocol.
      2. Select a Port of Port >>.
      3. Type a port number.

      Choose a Port Range

      1. Select a Protocol.
      2. Select a Port of Port Range >>.
      3. Type a comma-delimited list of port ranges and ports.

      From Source Type

      1. Select a From Source Type.
        • If you select a From Source Type of Any, the trusted network group will not available.
        • Note: Internet services on internal public IPs cannot have a From Source Type of Trusted Network Group.

        • If you select a From Source Type of Trusted Network Group, you must select the desired trusted network group.
      2. Select a Trusted Network Group.

      Service and Load Balancer Configuration

      1. Type a Service Name.
      2. Type a Service Description, if desired.
      3. Type a Redirect URL, if desired; only available if Protocol is HTTP.
      4. Select a Persistence Type.
      5. Note: Persistence Type is limited by Protocol: Cookie Insert and Session Cookie are valid only with HTTP, SSL Session is valid only with HTTPS, Source IP is valid with any protocol for external public IP addresses but unavailable for internal public IP addresses, and None is valid with any protocol.

        Note: The persistence type is called SSL Session but Enterprise Cloud no longer uses any SSL protocols, all of which are deprecated. Only Transport Layer Security (TLS) is supported as a secure transport protocol.

      6. Type a Persistence Timeout.
      7. Note: The minimum value for Persistence Timeout is 2 (minutes) and the maximum is 5.

      8. Select a Load Balancing Method.
      9. Note: The Load Balancing Method of Least Response Time is only available when Protocol is HTTP.

      10. Select the State of the Internet service upon creation.
      11. Click Save.
      1.5.1.4.1.5. Edit an Internet Service

      Edit an Internet Service

      To offer a service over the Internet, you must associate one or more devices to a specific service, listening on a port for a protocol, and associate that service to a public IP address, an IP address open to the public Internet. In the Enterprise Cloud, this is called an Internet service. You edit your Internet services from the Internet Services tab. In the Enterprise Cloud, an Internet service can also be defined on an internal address, thus providing an Internet service for use only by private devices.

      Note: You cannot change: the public IP address on which the Internet service is defined, the protocol, or the port.

      To edit a service:

      1. Select a Public IP address.
      2. Select an Internet service.
      3. Click Edit Service.
      4. The Edit Internet Service dialog appears.

      5. Select a From Source Type.
        • If you select a From Source Type of Any, the trusted network group will not available.
        • Note: Internet services on internal public IPs cannot have a From Source Type of Trusted Network Group.

        • If you select a From Source Type of Trusted Network Group, you must select the desired trusted network group.
      6. Select a Trusted Network Group.
      7. Type a Service Name.
      8. Type a Service Description, if desired.
      9. Type a Redirect URL, if desired; only available if Protocol is HTTP.
      10. Select a Persistence Type.
      11. Note: Persistence Type is limited by Protocol: Cookie Insert and Session Cookie are valid only with HTTP, SSL Session is valid only with HTTPS, Source IP is valid with any protocol for external public IP addresses but unavailable for internal public IP addresses, and None is valid with any protocol.

        Note: The persistence type is called SSL Session but Enterprise Cloud no longer uses any SSL protocols, all of which are deprecated. Only Transport Layer Security (TLS) is supported as a secure transport protocol.

      12. Type a Persistence Timeout.
      13. Note: The minimum value for Persistence Timeout is 2 (minutes) and the maximum is 5.

      14. Select a Load Balancing Method.
      15. Note: The Load Balancing Method of Least Response Time is only available when Protocol is HTTP.

      16. Select the State of the Internet service upon creation.
      17. Click Save.
      1.5.1.4.1.6. Delete an Internet Service

      Delete an Internet Service

      To offer a service over the Internet, you must associate one or more devices to a specific service, listening on a port for a protocol, and associate that service to a public IP address, an IP address open to the public Internet. In the Enterprise Cloud, this is called an Internet service. You delete your Internet services from the Internet Services tab. In the Enterprise Cloud, an Internet service can also be defined on an internal address, thus providing an Internet service for use only by private devices.

      To delete a service:

      1. Select a Public IP address.
      2. Select an Internet service.
      3. Click Delete Service.
      4. The Confirmation dialog appears.

      5. Click Save.
      1.5.1.4.1.7. Create a Monitor on an Internet Service

      Create a Monitor on an Internet Service

      To manage high-traffic Internet services, the Enterprise Cloud can track the state of each node service in the Internet service in near real time, so that it can divert traffic from, any node service that is not responding to a node service that is responding. To do so, a monitor is bound to each Internet service. The monitor tests the Internet service by sending periodic probes to the node services in the Internet service. This is sometimes referred to as performing a health check. If the monitor receives a timely response to its probes, it marks the node service as up. If it does not receive a timely response to the configured number of probes, it marks the node service as down.

      If no monitor is created, the Enterprise Cloud periodically probes with a TCP SYN message and expects a SYN-ACK response to verify that the node service remains available. In addition to this default behavior, you can create on of four types of monitors:

      Monitor Probes Expects
      ECV HTTP GET request HTTP response is scanned, within the first 24 KB, for a specific string (configured)
      HTTP HTTP HEAD request HTTP response code (configured)
      Ping ICMP echo request ICMP echo reply

      To create a monitoring service on an Internet service:

      1. Select a Public IP address.
      2. Select an Internet service.
      3. Click Create Monitor.
      4. The Create Internet Service Monitor dialog appears.

      5. Select a Monitor Type.

      The appearance of the dialog changes depending upon the type of monitoring selected.

      ECV Monitor

      An ECV monitor periodically probes each node service on the Internet service with an HTTP GET request. The response is scanned, within the first 24 KB, for a specific string to verify that the node service remains available.

      1. Type the URL to Send.
      2. Type any HTTP Headers required to successfully GET the URL.
      3. Type content expected to Receive.
      4. Select the State of the monitor.
      5. Click Advanced Options to show or hide.
      6. Type the request Interval time - the time between each probe.
      7. Type the number of Retries before considering the node service unavailable.
      8. Type the Response Timeout - the time to wait for the response to a probe.
      9. Type the Downtime - the time to wait before resuming probes after considering the node service unavailable.
      10. Click Save.

      HTTP Monitor

      An HTTP monitor periodically probes each node service on the Internet service with an HTTP HEAD request and expects an HTTP response to verify that the node service remains available. The Web server can be configured to send a different response to a HEAD request or none at all; a suitable response should be agreed with the web server administrator before setting up the monitor.

      1. Type the URL of the HTTP Request.
      2. Type any HTTP Headers required to successfully GET the URL.
      3. Type the expected HTTP Response Codes, a comma-delimited list.
      4. Select the State of the monitor.
      5. Click Advanced Options to show or hide.
      6. Type the request Interval time - the time between each probe.
      7. Type the number of Retries before considering the node service unavailable.
      8. Type the Response Timeout - the time to wait for the response to a probe.
      9. Type the Downtime - the time to wait before resuming probes after considering the node service unavailable.
      10. Click Save.

      Ping Monitor

      A ping monitor periodically probes each node service on the Internet service with an ICMP echo request and expects an ICMP echo reply in response to verify that the node service remains available.

      1. Select the State of the monitor.
      2. Type the request Interval time - the time between each probe.
      3. Type the number of Retries before considering the node service unavailable.
      4. Type the Response Timeout - the time to wait for the response to a probe.
      5. Type the Downtime - the time to wait before resuming probes after considering the node service unavailable.
      6. Click Save.

      Disable Monitoring

      When monitoring is disabled, the monitor periodically probes its loopback address with an ICMP echo request and expects an ICMP echo reply. While reducing traffic and logs, this monitor does not probe the node service on the Internet service and therefore does not ensure the availability of the service.

      1. Click Save.
      1.5.1.4.1.8. Edit a Monitor on an Internet Service

      Edit a Monitor on an Internet Service

      To manage high-traffic Internet services, the Enterprise Cloud can track the state of each node service in the Internet service in near real time, so that it can divert traffic from any node service that is not responding to a node service that is responding. To do so, a monitor is bound to each Internet service. The monitor tests the Internet service by sending periodic probes to the node services in the Internet service. This is sometimes referred to as performing a health check. If the monitor receives a timely response to its probes, it marks the node service as up. If it does not receive a timely response to the configured number of probes, it marks the node service as down.

      Once an ECV, HTTP, or ping monitor is created, you may change the configuration.

      To edit a monitoring service on an Internet service:

      1. Select a Public IP address.
      2. Select an Internet service.
      3. Click Edit Monitor.
      4. The Edit Internet Service Monitor dialog appears.

      The appearance of the dialog box changes depending upon the type of monitoring selected.

      ECV Monitor

      An ECV monitor periodically probes each node service on the Internet service with an HTTP GET request. The response is scanned, within the first 24 KB, for a specific string to verify that the node service remains available.

      1. Type the URL to Send.
      2. Type any HTTP Headers required to successfully GET the URL.
      3. Type content expected to Receive.
      4. Select the State of the monitor upon creation.
      5. Click Advanced Options to show or hide.
      6. Type the request Interval time - the time between each probe.
      7. Type the number of Retries before considering the node service unavailable.
      8. Type the Response Timeout - the time to wait for the response to a probe.
      9. Type the Downtime Interval - the time to wait before resuming probes after considering the node service unavailable.
      10. Click Save.

      HTTP Monitor

      An HTTP monitor periodically probes each node service on the Internet service with an HTTP HEAD request and expects an HTTP response to verify that the node service remains available. The Web server can be configured to send a different response to a HEAD request or none at all; a suitable response should be agreed with the web server administrator before setting up the monitor.

      1. Type the URL of the HTTP Request.
      2. Type any HTTP Headers required to successfully GET the URL.
      3. Type the expected HTTP Response Codes, a comma-delimited list.
      4. Select the State of the monitor upon creation.
      5. Click Advanced Options to show or hide.
      6. Type the request Interval time - the time between each probe.
      7. Type the number of Retries before considering the node service unavailable.
      8. Type the Response Timeout - the time to wait for the response to a probe.
      9. Type the Downtime Interval - the time to wait before resuming probes after considering the node service unavailable.
      10. Click Save.

      Ping Monitor

      A ping monitor periodically probes each node service on the Internet service with an ICMP echo request and expects an ICMP echo reply in response to verify that the node service remains available.

      1. Select the State of the monitor upon creation.
      2. Type the request Interval time - the time between each probe.
      3. Type the number of Retries before considering the node service unavailable.
      4. Type the Response Timeout - the time to wait for the response to a probe.
      5. Type the Downtime Interval - the time to wait before resuming probes after considering the node service unavailable.
      6. Click Save.
      1.5.1.4.1.9. Enable a Monitor on an Internet Service

      Enable a Monitor on an Internet Service

      To manage high-traffic Internet services, the Enterprise Cloud can track the state of each node service in the Internet service in near real time, so that it can divert traffic from any node service that is not responding to a node service that is responding. To do so, a monitor is bound to each Internet service. The monitor tests the Internet service by sending periodic probes to the node services in the Internet service. This is sometimes referred to as performing a health check. If the monitor receives a timely response to its probes, it marks the node service as up. If it does not receive a timely response to the configured number of probes, it marks the node service as down.

      If monitoring is disabled on an Internet service, you can easily enable monitoring again. When enabled, the Enterprise Cloud periodically probes with a TCP SYN message and expects a SYN-ACK response to verify that the node service remains available. In addition to this default behavior, you can create on of four types of monitors:

      To enable monitoring on an Internet service:

      1. Select a Public IP address.
      2. Select an Internet service.
      3. Click Enable Monitoring.
      1.5.1.4.1.10. Delete a Monitor on an Internet Service

      Delete a Monitor from an Internet Service

      To manage high-traffic Internet services, the Enterprise Cloud can track the state of each node service in the Internet service in near real time, so that it can divert traffic from any node service that is not responding to a node service that is responding. To do so, a monitor is bound to each Internet service. The monitor tests the Internet service by sending periodic probes to the node services in the Internet service. This is sometimes referred to as performing a health check. If the monitor receives a timely response to its probes, it marks the node service as up. If it does not receive a timely response to the configured number of probes, it marks the node service as down.

      Once an ECV, HTTP, or ping monitor is created, you can delete it.

      To delete a monitoring service from an Internet service:

      1. Select a Public IP address.
      2. Select an Internet service.
      3. Click Delete Monitor.
      4. The Confirmation dialog appears.

      5. Click OK.
      1.5.1.4.1.11. Create a Node Service

      Create a Node Service

      To offer a service over the Internet, you must associate one or more devices to a specific service, listening on a port for a protocol, and associate that service to a public IP address, an IP address open to the public Internet. In the Enterprise Cloud, this is called an Internet service and the devices associated to the Internet service are called node services. You create your node services from the Internet Services tab. In the Enterprise Cloud, an Internet service can also be defined on an internal address, thus providing an Internet service for use only by private devices.

      To create a node service:

      1. Select a Public IP address.
      2. Select an Internet service.
      3. Click Create Node.
      4. The Create Node Service for Internet Service dialog appears with the information about the Internet service.

      5. Select an IP Address.
      6. Type a Device Port, this can differ from the port number of the Internet service.
      7. Type a Node Name.
      8. Type a Node Description, if desired.
      9. Select the State of the node service upon creation.
      10. Click Save.

      You can filter the devices shown in the IP Address list.

      1. Select a Network from which to select IP addresses.
      2. Select a Compute Pool from which to select IP addresses.
      3. Select a Device from which to select IP addresses.
      4. Click Apply.
      1.5.1.4.1.12. Edit a Node Service

      Edit a Node Service

      To offer a service over the Internet, you must associate one or more devices to a specific service, listening on a port for a protocol, and associate that service to a public IP address, an IP address open to the public Internet. In the Enterprise Cloud, this is called an Internet service and the devices associated to the Internet service are called node services. You edit your node services from the Internet Services tab. In the Enterprise Cloud, an Internet service can also be defined on an internal address, thus providing an Internet service for use only by private devices.

      To edit a node service:

      1. Select a Public IP address.
      2. Select a node service.
      3. Click Edit Node.
      4. The Edit Node Service for Internet Service dialog appears with the information about the Internet service.

      5. Type a Node Name.
      6. Type a Node Description, if desired.
      7. Select the State of the node service upon creation.
      8. Click Save.
      1.5.1.4.1.13. Delete a Node Service

      Delete a Node Service

      To offer a service over the Internet, you must associate one or more devices to a specific service, listening on a port for a protocol, and associate that service to a public IP address, an IP address open to the public Internet. In the Enterprise Cloud, this is called an Internet service and the devices associated to the Internet service are called node services. You delete your node services from the Internet Services tab. In the Enterprise Cloud, an Internet service can also be defined on an internal address, thus providing an Internet service for use only by private devices.

      To delete a node service:

       

      1. Select a Public IP address.
      2. Select a node service.
      3. Click Delete Node.
      4. The Confirmation dialog appears.

      5. Click OK.
      1.5.1.4.1.14. Edit Network RNAT Associations

      Edit Network RNAT Associations

      Typically, network RNAT is used to allow servers on a network configured with private, non-routable IP addresses to initiate connections to the Internet. Physically, the load balancer substitutes the public IP address for the source IP address in packets originating on the private network. When a network is added to an environment, a network RNAT is configured to the first public IP address in the environment. If you have more than one public IP address in an environment, you can change the public IP address associated with the network RNAT.

      To edit network RNAT associations:

      1. Click Configure RNATs.
      2. Click Network RNATs.
      3. Select at the top of the column to choose all networks or select one or more networks.
      4. Click Edit Association.
      5. The Edit a Network RNAT Association dialog appears.

      6. Select a public IP address to Associate to.
      7. Click Save.
      1.5.1.4.1.15. Create a Device RNAT Association

      Create a Device RNAT Association

      Typically, device RNAT is used to allow servers configured with private, non-routable IP addresses to initiate connections to the Internet. Physically, the load balancer substitutes the public IP address for the source IP address in packets originating on the private device. You can associate a public IP address with the device RNAT.

      To create a device RNAT association:

      1. Click Configure RNATs.
      2. Click Device RNATs.
      3. Click Create Association.
      4. The Create a Device RNAT Association dialog appears.

      5. Select a Network.
      6. Select a Compute Pool.
      7. Select a Device.
      8. Select a Device IP address.
      9. Select a Public IP address.
      10. Click Save.
      1.5.1.4.1.16. Remove Device RNAT Associations

      Remove Device RNAT Associations

      Typically, device RNAT is used to allow servers on configured with private, non-routable IP addresses to initiate connections to the Internet. Physically, the load balancer substitutes the public IP address for the source IP address in packets originating on the private device. You can dissociate a public IP address from the device RNAT.

      To remove device RNAT association:

      1. Click Configure RNATs.
      2. Click Device RNATs.
      3. Select at the top of the column to choose all networks or select one or more networks.
      4. Click Remove Association.
      5. The Confirmation dialog appears.

      6. Click OK.
      1.5.1.4.1.17. Internet Service URL Redirect

      Internet Service Redirect URL

      You can configure a redirect URL in the event that all your load balanced servers, known as node services, behind an Internet Service are down or disabled. This is useful if you must perform maintenance on your servers and want to redirect incoming traffic to a maintenance URL on a different Internet service or an external Web site. It is also useful in the event your application is down, as monitored by an ECV monitor or HTTP monitor, and you prefer to send customers to an alternate URL rather than display a 404 error.

      • The URL redirect specified must not exceed 127 characters.
      • The domain name specified in the redirect URL cannot be the same domain name associated with the incoming traffic.
      • The redirect URL can be a local or remote link.
      • The redirect URL can be an absolute URL or a relative URL.
      • If the redirect URL contains an absolute URL, the HTTP redirect is sent to the configured location, regardless of the URL in the incoming HTTP request.
      • If the redirect URL contains only a domain name, the HTTP redirect is sent to a location composed of the incoming URL path name appended to the domain configured in the redirect URL.

      The redirect URL can be configured when creating an Internet service or when editing an Internet service.

      1.5.1.4.1.18. Create a Subnet

      Create a Subnet

      When you create a subnet on Enterprise Cloud, you must choose whether the network type will be Perimeter Network (DMZ), subnet used for exposing services to the Internet and/or adding an additional layer of security to your internal network or Internal (INT), subnet containing the servers and services that are private and inaccessible from the Internet.

      You can add IPv4 and dual-stack (IPv4 and IPv6) internal and perimeter subnets. You must specify the IPv4 network size, /24 through /29, but the IPv6 network size is always /64. You cannot specify the address range.

      Note: You cannot create subnets in primary and backup disaster recovery environments.

      1. Click Create Subnet.
      2. The Create Subnet dialog appears.

      3. Select a Network Type, either Perimeter Network (DMZ) or Internal (INT).
      4. Type the Network Size.
      5. Click the Is Dual Stack check box.
      6. Type the Description.
      7. Click Save.
      1.5.1.4.1.19. Edit a Subnet

      Edit a Subnet

      When you create a subnet on Enterprise Cloud, you must choose whether the network type will be Perimeter Network (DMZ), subnet used for exposing services to the Internet and/or adding an additional layer of security to your internal network or Internal (INT), subnet containing the servers and services that are private and inaccessible from the Internet.

      You can add IPv4 and dual-stack (IPv4 and IPv6) internal and perimeter subnets. You must specify the IPv4 network size, /24 through /29, but the IPv6 network size is always /64. You cannot specify the address range.

      To edit a subnet description:

      Note: You cannot edit subnets in primary and backup disaster recovery environments.

      1. Under Networks & Devices, click Edit.
      2. Type a Description.
      3. Click Save.
      1.5.1.4.1.20. Delete a Subnet

      Delete a Subnet

      When you create a subnet on Enterprise Cloud, you must choose whether the network type will be Perimeter Network (DMZ), subnet used for exposing services to the Internet and/or adding an additional layer of security to your internal network or Internal (INT), subnet containing the servers and services that are private and inaccessible from the Internet.

      You can add IPv4 and dual-stack (IPv4 and IPv6) internal and perimeter subnets. You must specify the IPv4 network size, /24 through /29, but the IPv6 network size is always /64. You cannot specify the address range.

      You can delete a subnet. You can delete internal and perimeter networks if:

      • No virtual machines remain attached to the network.
      • The network is not locked by IBM.
      • The network is not in a primary or backup disaster recovery environment.
      • The network is not the last IPv4 or last dual-stack network in the environment.
      1. Under Network & Devices, click Delete.
      2. The Confirmation dialog appears.

      3. Click OK.
      1.5.1.4.2. Security Services Tab

      Security Services Tab

      The Security Services tab allows you to view, manage, and audit firewall rules controlling the networks and server access in an environment. You can also direct firewall logs to a particular server or disable firewall logging.

      Navigate

      To navigate to security services:

      1. Click Security Services.
      2. Click a Security Services activity, if desired.
      3. The firewall rules are presented.

      4. Click Export, if desired, to download the firewall rules as a comma-separated file.
      5. Click Icon: Resource alerts to page back.
      6. Click Icon: Resource alerts to page forward.
      7. Type a page number to jump to a page.

      Firewall Rules

      The lower portion of the Security Services tab displays the firewall rules in the environment.

      To filter firewall rules:

      1. Type or select options and click Filter.
      2. The firewall rules are presented.

      3. Click Export, if desired, to download the firewall rules as a comma-separated file.

      Filter Options

      Three filter options allow you to customize which items are displayed in the Security Services list. Select one or more of the options and click Filter. The available filter options are Permission, Type, and From/To.

      Note: Enabled Internet services are presented in the list of firewall rules. Disabled Internet services are not presented in the list of firewall rules. To change the state of an Internet service, see Edit an Internet Service.

      Permission Filter Options

      All

      Displays firewall rules of every permission.

      Allow

      Displays only those firewall rules that permit access to servers and networks in the environment.

      Deny

      Displays only those firewall rules that deny access to servers and networks in the environment.

      Type Option Filters

      All

      Displays both internet service firewall rules and custom firewall rules.

      Custom Rules

      Displays only custom firewall rules.

      Internet Services

      Displays only internet service firewall rules.

      From/To Filter Options

      All

      Displays firewall rules from any source and to any destination.

      Outside Traffic

      Displays only firewall rules permitting outside traffic, that is, traffic to or from the public Internet.

      Network

      Displays only firewall rules in which the selected network is a source or destination, including devices on that network.

      Device

      Displays firewall rules in which the selected server is a source or destination.

      External Network

      Displays only firewall rules in which the selected external network is a destination.

      External IP

      Displays only firewall rules in which the selected external IP address is a destination.

      External Any

      Displays only firewall rules in which external IP address or external network is the destination.

      For From/To filters of Network, Server, External Network, or External IP, additional choices appear.

      From/To: Network

      1. Select From/To of Network.
      2. Select a network from the list.

      From/To: Device

      1. Select From/To of Device.
      2. Select a device from the list.
      3. Select an IP address on the device from the list.

      From/To: External Network

      1. Select From/To of External Network.
      2. Type a network address.
      3. Type a network prefix length.

      From/To: External IP

      1. Select From/To of External IP.
      2. Type an IP address.
      1.5.1.4.2.1. Allow Inside Traffic

      Allow Inside Traffic

      Create a firewall rule with Allow Inside Traffic as the Permission to allow traffic from specified sources to specified destinations.

      Sources can be:

      • An entire internal (INT) network.
      • An entire DMZ network.
      • A specified device on one of those networks.

      Destinations can be:

      • An entire internal (INT) network.
      • An entire DMZ network.
      • An entire external network.
      • A specified device on one of those networks.

      You can choose to allow inside traffic that uses a transport Protocol of TCP or UDP. Select the Protocol of Any to allow inside traffic over both TCP and UDP. You can also choose to allow inside traffic on a specific port, a range of ports, or any port from the selected source. Ports must be in the decimal range of 1-65534.

      Create Rule

      1. Click Create Firewall Rule.
      2. The Create Firewall Rule dialog appears.

      Select Permission

      1. Select Permission of Allow Inside Traffic.
      2. Select a Line Number.

      Select From Source Type

      The From Source Type selects the extent of the source to the firewall:

      • An entire internal network.
      • A particular internal device.

      Network

      1. Select From Source Type of Network.
      2. Select a Network.

      Device

      1. Select From Source Type of Device.
      2. Select a Network.
      3. Select a Compute Pool to narrow the device selection.
      4. Select a Device.
      5. Select a Device IP address.

      Select To Destination Type

      The To Destination Type selects the extent of the destination from the firewall:

      • Any internal network or device.
      • An entire internal network.
      • A particular internal device.
      • An entire external network.
      • A particular external IP address.

      Any

      1. Select To Destination Type of Any, every internal network and device is available as a destination.

      Network

      1. Select To Destination Type of Network.
      2. Select a Network.

      Device

      1. Select To Destination Type of Device.
      2. Select a Network.
      3. Select a Compute Pool to narrow the device selection.
      4. Select a Device.
      5. Select a Device IP address.

      External Network

      1. Select To Destination Type of External Network.
      2. Type Network IP.
      3. Type network prefix Size.

      External Server

      1. Select To Destination Type of External Server.
      2. Type IP Address.

      Select a Protocol and Port

      Select a protocol and port for allowing inside traffic.

      Any Protocol and Any Port

      1. Select Protocol of Any.
      2. Select Port of Any to allow all ports, which is the only choice permitted.

      TCP or UDP Protocol and Any Port

      1. Select Protocol of TCP or UDP.
      2. Select Port of Any to allow all ports.

      TCP or UDP Protocol and a Single Port

      1. Select Protocol of TCP or UDP.
      2. Select Port of Port >> to allow a single port.
      3. Type the port number.

      TCP or UDP Protocol and a Range of Ports

      1. Select Protocol of TCP or UDP.
      2. Select Port of Port Range >> to allow a range of ports.
      3. Type the starting port number.
      4. Type the ending port number.

      Save

      1. Click Save.
      2. The new firewall rule appears in the firewall rule list.

      1.5.1.4.2.2. Deny Outside Traffic

      Deny Outside Traffic

      Create a firewall rule with Deny Outside Traffic as the Permission to prevent incoming traffic from a network or a specified IP address. You can choose to deny outside traffic that uses a transport Protocol of TCP or UDP. Select the Protocol of Any to deny outside traffic over both TCP and UDP. You can also choose to deny outside traffic on a specified port, a range of ports, or any port from the selected source. Ports must be in the decimal range of 1-65534.

      Create Rule

      1. Click Create Firewall Rule.
      2. The Create Firewall Rule dialog appears.

      Select Permission

      1. Select Permission of Deny Outside Traffic.
      2. Select a Line Number.

      Select From Source Type

      • An entire network.
      • A particular IP address.

      Network

      1. Select From Source Type of Network.
      2. Type a Network IP.
      3. Type network prefix Size.

      IP Address

      1. Select From Source Type of IP Address.
      2. Type an IP Address.

      Select a Protocol and Port

      Select a protocol and port for denying outside traffic.

      Any Protocol and Any Port

      1. Select Protocol of Any.
      2. Select Port of Any to deny all ports, which is the only choice permitted.

      TCP or UDP Protocol and Any Port

      1. Select Protocol of TCP or UDP.
      2. Select Port of Any to deny all ports.

      TCP or UDP Protocol and a Single Port

      1. Select Protocol of TCP or UDP.
      2. Select Port of Port >> to deny a single port.
      3. Type the port number.

      TCP or UDP Protocol and a Range of Ports

      1. Select Protocol of TCP or UDP.
      2. Select Port of Port Range >> to deny a range of ports.
      3. Type the starting port number.
      4. Type the ending port number.

      Save

      1. Click Save.
      2. The new firewall rule appears in the firewall rule list.

      1.5.1.4.2.3. Delete Firewall Rule

      Delete Firewall Rules

      You can delete custom firewall rules, which are created by you. Internet Service firewall rules are created when you create an Internet service and are deleted when you delete the Internet service.

      To delete firewall rules:

      1. Select at the top of the column to select all custom rules or select one or more custom rules.
      2. Click Delete Rule(s).
      3. The Confirmation dialog appears.

      4. Click OK.
      1.5.1.4.2.4. Firewall Log

      Firewall Log

      A firewall can record its activities in a log. You can disable the firewall log or enable the log and specify the location of the firewall log, either on an Enterprise Cloud server or to an external IP address.

      Note: The server selected must have:

      • A third party firewall logging application installed.
      • The logging application configured to process UDP log data.
      • Access to the specified IP address.

      Your firewall sends its log data on port 514. If your logging requires the source IP address, contact Global Support Services for the active IP address of your firewall context.

      Note: The firewall does not support Internet Protocol version 6 (IPv6) addresses for logging.

      Navigate

      1. Click Firewall Log.
      2. The Firewall Log Server Location dialog appears.

        The Current Location of log is shown.

      Disable Logging

      1. Select None.
      2. Click Save.

      Enterprise Cloud Server

      1. Select Network and select a Network.
      2. Select a Compute Pool.
      3. Select a Server IP and select an IP address on that device.
      4. Click Save.

      External Server

      1. Select External IP and type an External IP address.
      2. Click Save.
      1.5.1.4.2.5. Audit Firewall Rules

      Audit Firewall Rules

      You can present a report of firewall rules to audit the order and configuration of all audit rules in your environment.

      1. Click Audit Firewall Rules.
      2. The Firewall Rules Audit View window appears.

        The IPv4 and IPv6 firewall rules appear.

      3. Click Refresh to force a fresh read.
      4. Click Export, if desired, to download the firewall rules as a comma-separated file.
      1.5.1.4.3. Trusted Network Groups Tab

      Trusted Network Groups Tab

      Trusted Network Groups (TNG) are customer defined groups of IP addresses, networks, or a combination of both that are allowed to access an organization's public IP addresses. Trusted network groups are used when creating an Internet service or when editing an Internet service. The Trusted Network Groups tab allows you to view and manage trusted network groups.

      Navigate

      To navigate to trusted network groups:

      1. Click Trusted Network Groups.
      2. The trusted network groups are presented.

        The Internet services are shown, if the trusted network group is associated with an Internet service.

      3. Select an activity, to manage the trusted network groups.

         

      1.5.1.4.3.1. Create a Trusted Network Group

      Create a Trusted Network Group

      Trusted Network Groups (TNG) are customer defined groups of IP addresses, networks, or a combination of both that are allowed to access an organization's public IP addresses. Trusted network groups are used when creating an Internet service or when editing an Internet service.

      Create Trusted Network Group

      1. Click Create Trusted Network Group.
      2. The Create Trusted Network Group dialog appears.

      Select a Source Type

      1. Type a Group Name.
      2. Select a Type.

      IP Address

      1. Select a source Type of IP Address.
      2. Type an IP Address.
      3. Click Icon: Add green plus to add the entry.
      4. The entry is added to Trusted Entries.

      Network

      1. Select a source Type of Network.
      2. Type a Network IP address.
      3. Type a network prefix Size.
      4. Click Icon: Add green plus to add the entry.
      5. The entry is added to Trusted Entries.

      Entries

      1. Click Icon: Add green plus to remove an entry.
      2. Click Save.
      1.5.1.4.3.2. Delete a Trusted Network Group

      Delete a Trusted Network Group

      Trusted Network Groups (TNG) are customer defined groups of IP addresses, networks, or a combination of both that are allowed to access an organization's public IP addresses. Trusted network groups are used when creating an Internet service or when editing an Internet service.

      Note: You cannot delete a trusted network group if it is associated with an Internet Service. You must first remove the Trusted Network Group from the Internet Service before it can be deleted.

      To remove a trusted network group:

      1. Select a trusted network group.
      2. Click Delete Group.
      3. The Confirmation dialog appears.

      4. Click Save.
      1.5.1.4.3.3. Edit a Trusted Network Group

      Edit a Trusted Network Group

      Trusted Network Groups (TNG) are customer defined groups of IP addresses, networks, or a combination of both that are allowed to access an organization's public IP addresses. Trusted network groups are used when creating an Internet service or when editing an Internet service.

      You can change the name of and the IP addresses and networks in a trusted network group even if assigned to Internet services.

      Edit Trusted Network Group

      1. Select a trusted network group.
      2. Click Edit Group.
      3. The Edit Trusted Network Group dialog appears.

      Select a Source Type

      1. Type a Group Name.
      2. Select a Type.

      IP Address

      1. Select a source Type of IP Address.
      2. Type an IP Address.
      3. Click Icon: Add green plus to add the entry.
      4. The entry is added to Trusted Entries.

      Network

      1. Select a source Type of Network.
      2. Type a Network IP address.
      3. Type a network prefix Size.
      4. Click Icon: Add green plus to add the entry.
      5. The entry is added to Trusted Entries.

      Entries

      1. Click Icon: Add green plus to remove an entry.
      2. Click Save.
      1.5.1.4.4. Load Balancing

      Load Balancing

      Load Balancing Methods

      Load Balancing allows for greater scalability and reliability by distributing server load to multiple servers and monitoring the services running on the servers (if monitoring is enabled). It allows traffic to be distributed to available servers and direct traffic to the servers that are most likely to serve the fastest possible response. Should an entire server or a service fail and the service is monitored, the server is marked as unavailable and users directed to one of the available healthy servers instead.

      The following table details the available load balancing methods.

      Method

      Functionality

      Considerations

      Least Connections

      Selects the service that has the least number of connections.

      Number of connections counted are:

      • Established, active connections to a service; includes only those connections that have outstanding requests and does not include inactive, reusable connections.
      • For UDP services, sessions between client and physical service; a session is created upon the first arriving UDP package.

      Round Robin

      Distributes the load to each service in rotation, regardless of load.

       

      Least Packets

      Selects the service that is currently serving the least number of packets per second.

       

      Least Response Time

      Distributes the load based on the time to first byte (TTFB), which is the time between the first request to the first byte of the first response that comes back.

      Available on HTTP and HTTPS Internet Services.

      View the Load Balancing Method on the Resources Tab

      Infinicenter Console presents the load balancing method in several locations. View the load balancing method on the Resources tab.

      1. Click Resources.
      2. Select a compute pool if desired.
      3. On tasks relating to Internet Services and Node Services, the Notes present the load balancing method.

      4. Hover the cursor over the Notes icon, Task note, of an Internet service or a node service.
      5. The load balancing method is presented on the Load Balancing Method row of the note.

      View the Load Balancing Method on the Network Tab

      Infinicenter Console presents the load balancing method in several locations. View the load balancing method on the Internet Services tab of the Network tab.

      1. Click Internet Services.
      2. Select a Public IP address.
      3. The load balancing method is presented on each Internet Service in the Persistence – LB Method column.

      On the Node Service

      View the current load balancing method on each node in the Internet Service.

      1. Expand Networks & Devices, expand a network.
      2. Select a server.
      3. Click Nodes.
      4. The load balancing method is presented on each Internet Service in the Persistence – LB Method column.

      Manage the Load Balancing Method

      Manage the load balancing method on the Internet Services tab of the Network tab.

      1. Click Internet Services.

      When Creating an Internet Service

      When creating an Internet service, you must select a load balancing method.

      1. Click Create Service.
      2. The load balancing method defaults to Least Connection when the Create Internet Service dialog appears.

      3. Select a Load Balancing Method.

      When Editing an Internet Service

      When editing an Internet service, you must select a load balancing method.

      1. Select a Public IP address.
      2. Select an Internet service.
      3. Click Edit Service.
      4. The predefined load balancing method, when creating an Internet service is the method currently assigned when the Edit Internet Service dialog appears.

      5. Select a Load Balancing Method.

      See create an Internet service and edit an Internet service for more information.

      1.5.1.5. Cloud Services Tab

      Cloud Services Tab

      Cloud Services are value-added services, such as patching, that can be offered to organizations for their virtual machines and physical devices, although typically just virtual machines. These services can be managed by the customer or managed by IBM. Availability of specific services for any given virtual machine can be limited by constraints in the physical, rather than virtual, environment.

      Cloud services can be enabled by datacenter, by physical divisions within the datacenter, or by customer. Not every cloud service will be available to every server in every environment. Cloud services available to a specific server are shown in Infinicenter Console.

      Activities in Cloud Services include:

    • Patching Tab
    • Backup Tab
    • Navigate to Cloud Services Tab

      1. Click Cloud Services.
      2. Select a cloud service activity.
      1.5.1.5.1. Patching Tab

      Patching Tab

      Introduction

      Cloud Services are value-added services, such as patching, that can be offered to organizations for their and physical devices, although typically just virtual machines. These services can be managed by the customer or managed by IBM. Availability of specific services for any given virtual machine can be limited by constraints in the physical, rather than virtual, environment.

      Note: 

      From the Patching tab, you can:

      1. Click Patching.
      2. Select the filter criteria:
        • Package – Select from a list of all available packages.
        • Compute Pool – Select from a list of all compute pools.

        Note: The compute pool criterion is not shown in environments with only one compute pool.

      3. Click Filter, if desired, to filter to only select devices.
      4. The patched devices appear.

      1.5.1.5.1.1. View Patching Details for a Device

      View Patching Details for a Device

      Cloud Services are value-added services, such as patching, that can be offered to organizations for their virtual machines and physical devices, although typically just virtual machines. These services can be managed by the customer or managed by IBM. Availability of specific services for any given virtual machine can be limited by constraints in the physical, rather than virtual, environment.

      You can view the history of patching for a device.

      1. Click Patching.
      2. The patched devices appear.

      3. Click Details on a device for more information.
      4. The Patching History dialog appears.

      5. Select Month and Year.
      6. Click Get History.
      7. The patching history appears.

      8. Click Close.
      1.5.1.5.1.2. Remove a Device from Patching