N1 Provisioning Server 3.1, Blades Edition, Control Center Management Guide

Control Center Concepts

The Control Center is a web-based user interface for the N1 Provisioning Server software. The interface provides for the automated deployment, management, and control of heterogeneous computing environments. The Control Center enables you to design, configure, deploy, and manage multiple independent, secure, logical server farms.

The visual, drag-and-drop interface enables you to express complex network topologies, add and remove hardware, and configure farm elements. You can also create libraries of farms and farm templates that enable rapid, standardized, and automated deployment of farms within a data center or across data centers.

For each new logical server farm you design, the Control Center enables you to do the following tasks:

Design arbitrary network topology, including subnet configurations
Configure and provision servers and load balancers

Create and distribute software images

Note –
Although you can perform virtually every farm management task using the Control Center, you can also use command-line tools to perform these tasks if you choose to do so. However, farms that are created through the command-line interface do not appear in the Control Center.

The Control Center uses the concept of a farm lifecycle. The term "lifecycle" describes the process of managing the farm evolution from design to destruction.

Design a new farm by using one of the following methods.
- In the Control Center Editor screen, connect network component icons and configure as appropriate for your business needs. See How To Design a New Farm.
- Import an existing farm by selecting Import from the File menu in the Editor screen. See How To Import a Farm.
After you have designed a new farm, submit the design for activation. The network, devices, and storage are provisioned and configured according to your specifications in a very short time, as little as ten minutes, depending on the complexity of your design.
After the farm is active, you can deploy server monitors and configure alarms. Monitors and alarms are important for farm maintenance and troubleshooting. See Setting Up Element Monitors and Alarms for detailed information. You can also add, remove, or reconfigure elements, servers, and images in an active farm as your business needs require. See Updating Active Farms for detailed instructions.
The standby option on the Control Center enables you to put your farm on hold, releasing the servers and load balancers for others in your organization to use. Your data is maintained for later reactivation while in standby. See Placing a Farm On Standby. When you are completely finished using a particular farm, you can elect to completely decommission the farm, returning all hardware and disk resources to a pool of free resources.

Access Privileges

To administer access privileges in the Control Center, you define access in terms of the user's level of authority and associated privileges. There are three classes of access privileges:

Administrator refers to individuals who manage an entire I-Fabric or multiple I-Fabrics, do not belong to any particular account, and have access and control over all accounts, including approval privileges.
Account Manager refers to individuals in an organization who manage their specific account and users within that account.
User refers to individuals in an organization who manage farms within that account but are limited in their ability to change account-wide settings or manage other users.

Farm Management Tasks

After the I-Fabric has been built and the N1 Provisioning Server software installed, you are ready to begin farm management tasks. Generally, as part of system acceptance, you also create global and account software images before you begin to build farms. For instructions on creating software images, refer to Creating and Managing Images in N1 Provisioning Server 3.1, Blades Edition, System Administration Guide.

Farm management lifecycle involves the following major tasks:

Creating Control Center accounts
Designing and configuring farms
Activating farms
Setting up farm monitors and alarms
Managing changes in farm states
Managing end-user accounts

Farm Management Responsibilities

In some I-Fabric implementations, end users design and configure farms, create monitors and alarms, and manage end-user accounts. In other I-Fabric implementations, administrators perform all farm management tasks.

This guide assumes that administrators perform all farm management tasks. However, this guide identifies those areas where end users can request administrative support.

Task Roles for Each Farm Lifecycle State

The Control Center supports various levels of access privileges. These access privileges enable end users, as well as administrators, to perform certain farm management tasks. In I-Fabric implementations that do not enable end users to interact with the Control Center, administrators perform all tasks.

Table 2–1 lists the various high-level tasks that need to be performed during each of the farm lifecycle states.

Note –

Administrators who are responsible for all farm management tasks perform all tasks listed in this table.

Table 2–1 Lifecycle States and Administration Tasks


User or Account Manager Tasks	Administrator Tasks	Lifecycle State
New farm created but not yet submitted	None	Design
The user submits the farm for approval and activation	Manually validate the submitted farm.	Activation
	Use the Administration screen to unblock the request, if the farm is valid.
	Set the contract parameters in the Control Center Administration screen.
	Turn over active farms to the users.
Migrate application and data	Work with users and assist in migration.	Active
Create server images	Create global images, see Creating and Managing Images in N1 Provisioning Server 3.1, Blades Edition, System Administration Guide.
Change or flex farms	Changing farms is an automated process if the resources are within the set contract type limits. If a farm is not bound by a contract, the request must be unblocked.
Submit a redesigned farm as new	Same task as when the new farm was submitted.
Request that all farm elements (excluding storage) be returned to the free pool.	Unblock the standby request through the Administration screen.	Standby
Request reactivation	Unblock the reactivate request through the Administration screen.
Request deactivation	Unblock the Deactivate request through the Administration screen.	Inactive
Delete the farm		Deleted

Control Center Accounts

A Control Center account contains a group of people, or account members, who have management access and control of a set of logical server farms. Accounts include the following information:

Login information and privileges for people authorized to manage farms in the account
Information on the organization or department that owns the account
Contract data (quotas) defining farm level resource limits
Collection of farms
Account Images

The Control Center can contain multiple accounts, each managed by Account Managers serving multiple users managing multiple farms, potentially spanning multiple I-Fabrics.

An individual with user access in a particular account can manage a farm or group of farms in secure isolation from users in other accounts. For more information regarding Control Center accounts, see Chapter 3, Account Administration.

Control Center Security and Certificates

The Control Center includes the security aspects described in the following list.

Authentication

Each user is assigned a username and a password that is used to authenticate the user during login. No format or restriction is placed on the password, except that the password must be a non-empty string.

Note –
If an end user forgets the password, an administrator must reset the password to some known value. Retrieval of the password is not possible.
Brute-force password attacks

The Control Center defends itself against brute-force password attacks by using the authentication mechanism to keep track of login failures for each user. If any user has 10 consecutive failed logins, the user is placed in a “penalty box,” during which time the user cannot log in, even with the correct password. The user is automatically released from the lock after a short period of time. An administrator can release the lock ahead of schedule, if needed.
Encryption

The Control Center is designed to run with 128-bit SSL encryption. This level of encryption provides security against eavesdroppers.
Session expiration

If a logged-in user is dormant for longer than a configurable period of time, the user is prompted to re-enter the username and password to ensure that the same person is returning to the client machine. The default session expiration is 120 minutes.

Security Certificate

A default security certificate is provided for the Control Center. This security certificate will expire after six months. To update this certificate or to install a new certificate see Sun ONE Application Server 7 Administrator's Guide to Security.