Note: For more information about IBM Hyper Protect Virtual Servers (previously known as Secure Service Container for IBM Cloud Private), see the following resources:
•Chapter 3: Secure Service Container installation and configuration of Implementation Guide for IBM Blockchain Platform for Multicloud, SG24-8458.
|
Parameter
|
Resource
|
Value
|
Example
|
Where to get
|
1
|
Architecture
|
x86 or s390x Linux
|
s390x
|
Cloud administrator
|
2
|
Host name
|
|
management_server
|
hostname
|
3
|
Primary Network interface Controller (NIC)
|
|
eth0
|
ifconfig -a
|
4
|
Management Server IP
|
|
10.152.151.100
|
ifconfig -a (inet addr parameter in the result)
|
5
|
Password for the user root
|
|
root_user_password
|
System administrator
|
6
|
Internal IP address
|
|
192.168.40.251
|
Network administrator
|
7
|
NIC for internal network
|
|
eth1
|
Network administrator
|
8
|
Subnet mask for internal IP
|
|
192.168.40.0/24
|
Network administrator
|
9
|
Gateway for internal IP
|
|
192.168.40.1
|
Network administrator
|
Parameter
|
Resource
|
Value
|
Example
|
Where to get
|
1
|
Partition IP address
|
|
10.152.151.105
|
System administrator
|
2
|
Master ID
|
|
ssc_master_user
|
System administrator
|
3
|
Master password
|
|
ssc_master_password
|
System administrator
|
4
|
Storage disks for quotagroups resizing
|
|
3600507630affc427000000000002000 (FCP) or 0.0.78CA (IBM FICON® DASD)
|
System administrator
|
Parameter
|
Resource
|
Value
|
Example
|
Where to get
|
1
|
Partition IP address
|
|
10.152.151.105
|
System administrator
|
2
|
Secure Build container name
|
|
securebuild1
|
Cloud administrator
|
3
|
CPU thread number
|
|
2
|
System administrator
|
4
|
Memory (GB)
|
|
12
|
System administrator
|
5
|
Storage for the Secure Build container application (GB)
|
|
10
|
System administrator
|
6
|
Storage for the Docker images built by Secure Build (GB)
|
|
16
|
System administrator
|
7
|
Storage for logs configuration data for the Secure Build Container (GB)
|
|
2
|
System administrator
|
8
|
Quotagroup of Secure Build container
|
|
myquotagroup
|
Cloud administrator
|
9
|
Connection method (port-mapping/IP)
|
|
IP
|
System administrator
|
10
|
Internal network name
|
|
encf900_internal_network1
|
Cloud administrator
|
11
|
Internal IP address (only needed if an internal network is used)
|
|
192.168.40.6
|
Cloud administrator
|
12
|
External IP address (only needed if an external network is used)
|
|
164.23.2.77
|
System administrator
|
13
|
Forward port for external (only needed if an external IP address is not assigned)
|
|
10433
|
System administrator
|
14
|
Repository ID of the Secure build container image
|
|
SecureDockerBuild
|
Cloud administrator
|
15
|
Tag of the Secure build container image
|
|
latest
|
Cloud administrator
|
16
|
Repository ID for your apps
|
|
MyDockerApp
|
Cloud administrator
|
17
|
Source code repository URL
|
|
github.com:MyOrg/my-docker-app.git
|
App developer or ISV
|
18
|
Source code branch
|
|
dev
|
App developer or ISV
|
19
|
Private key for Source code repository
|
|
|
App developer or ISV
|
20
|
Remote docker registry server
|
|
docker.io
|
Cloud administrator
|
21
|
Remote docker repository name for built images
|
|
docker_base_user/MyDockerApp
|
Cloud administrator
|
22
|
Remote docker registry user name to register the base images
|
|
docker_base_user
|
Cloud administrator
|
23
|
Remote docker registry user password to register the base images
|
|
passw0rd
|
Cloud administrator
|
24
|
Remote docker registry user name to push the images
|
|
docker_writable_user
|
Cloud administrator
|
25
|
Remote docker registry user password to push the images
|
|
passw0rd
|
Cloud administrator
|
26
|
Cloud Object Storage service API key (Optional)
|
|
0viPH...kliJ
|
Cloud administrator
|
27
|
Cloud Object Storage service bucket (Optional)
|
|
my-cos-bucket1
|
Cloud administrator
|
28
|
Cloud Object Storage service resource crn (Optional)
|
|
crn:v1...::1
|
Cloud administrator
|
29
|
Cloud Object Storage service auth_endpoint (Optional)
|
|
iam.cloud.ibm.com
|
Cloud administrator
|
30
|
Cloud Object Storage service end_point (Optional)
|
|
s3.....cloud
|
Cloud administrator
|
Parameter
|
Resource
|
Value
|
Example
|
Where to get
|
1
|
Repository name
|
|
docker.io/docker_base_user/MyDockerApp
|
Cloud administrator
|
2
|
Readonly Docker Hub user ID
|
|
docker_readonly_user
|
Cloud administrator
|
3
|
Docker Hub User password
|
|
docker_password
|
Cloud administrator
|
4
|
The public key
|
|
isv_user.pub
|
App developer or ISV
|
5
|
The private key
|
|
isv_user.private
|
App developer or ISV
|
Parameter
|
Resource
|
Value
|
Example
|
Where to get
|
1
|
Partition IP address
|
|
10.152.151.105
|
System administrator
|
2
|
External network name
|
|
encf900_network
|
Cloud administrator
|
3
|
Container external IP address
|
|
164.20.5.78
|
Cloud administrator
|
4
|
Internal network name
|
|
encf900_internal_network1
|
Cloud administrator
|
5
|
Internal IP address
|
|
192.168.40.188
|
Cloud administrator
|
6
|
Parent device
|
|
encf900
|
Appliance administrator
|
7
|
Gateway
|
|
192.168.40.1
|
Cloud administrator
|
8
|
Subnet
|
|
192.168.40.0/24
|
Cloud administrator
|
9
|
Repository name
|
|
MyDockerApp
|
Cloud administrator
|
10
|
Image tag
|
|
latest
|
Cloud administrator
|
11
|
CPU threads number
|
|
2
|
Cloud administrator
|
12
|
Memory size (GB)
|
|
12
|
Cloud administrator
|
13
|
Quotagroup size (GB)
|
|
100G
|
Cloud administrator
|
Parameter
|
Resource
|
Value
|
Example
|
Where to get
|
1
|
Partition IP address
|
|
10.152.151.105
|
System administrator
|
2
|
Domain suffix
|
|
first
|
System administrator
|
3
|
DNS name
|
|
example.com
|
System administrator
|
4
|
Connection method (port-mapping/IP)
|
|
8443
|
System administrator
|
5
|
Private key for the monitoring infrastructure
|
|
server.key
|
openssl utility
|
6
|
Certificate for the monitoring infrastructure
|
|
server-certificate.pem
|
openssl utility
|
7
|
Certificates for the monitoring client
|
|
client-certificate.pem
|
openssl utility
|
Parameter
|
Resource
|
Value
|
Example
|
Where to get
|
1
|
Partition IP address
|
|
10.152.151.105
|
System administrator
|
2
|
Crypto domain name
|
|
09.000b
|
System administrator
|
3
|
Domain suffix
|
|
grep11
|
System administrator
|
4
|
DNS name
|
|
example.com
|
System administrator
|
5
|
Connection method (port-mapping/IP)
|
|
IP
|
System administrator
|
6
|
Internal network name
|
|
my-private-network-name1
|
System administrator
|
7
|
IP address
|
|
192.168.10.106
|
System administrator
|
8
|
TLS key and certificate
|
|
key.pem, cert.pem
|
openssl utility
|
Important: Disks are formatted in this step.
|
Important: Two images are available. The image to be used depends upon the type of Linux Management Server that is used. The image with TAG containing 1.2.0.s390x must be used if the Linux Management Server is Z s390x architecture. If the Linux Management Server is a x86 machine, use the image with TAG shown as 1.2.0.
|
Note: The monitoring metrics are collected from Secure Service Container partitions. Only Hyper Protect hosting appliance and Secure Service Container partition level metrics are supported for IBM Hyper Protect Virtual Servers v1.1.0.
|
Note: When you generate certificates, use collectdhost-<metric-dn-suffix>.<dns-name> or *.<dns-name> as the common name. A wildcard certificate with *.<dns-name> common name can be used across multiple partitions.
|
Note: If you want the GREP11 container in your network of IBM Hyper Protect Virtual Servers and accessible internally, you must set the key network_name and IP to be part of your IBM Hyper Protect Virtual Servers network (the port always is 9876). The network_name can be created as VLAN or Ethernet type connection on the Secure Service Container partition.
|
Note: You must use certificate-based authentication as shown in the following code examples to access the GREP11 container on the Secure Service Container partition.
|
18.188.70.255