This document describes how to create your first Zadara Virtual Private Storage Array and connect your AWS Outposts to Zadara using the Local Gateway.
Process Overview
- Establish Connectivity between AWS Outposts and your Site Network
- Establish Connectivity between your Site Network and Zadara
- Zadara Provisioning Portal Registration
- VPSA creation
- Establish connectivity between your AWS instances and your VPSA
Establish Connectivity between AWS Outposts and your Site Network
One you have your AWS Outposts racked, please follow the documentation provided by AWS for connecting your AWS Outposts to your network. The following is intended to provide context for later information, and should not be used as a definitive guide for connecting your AWS Outposts to your network. Please also note that in configurations where network equipment is provided by Zadara, that the provided network equipment is not intended to connect your AWS Outposts to your network.
Your AWS Outposts has at least two physical connections to your network equipment, organised into two separate LACP bundles.
Across the LACP interfaces, at least two VLANs are being carried, the AWS 'Service Link VLAN' and the 'LGW VLAN'. The 'Service Link VLAN', ideally, is in a separate VRF from the 'LGW VLAN', and is passed through your infrastructure to the Internet. The 'LGW VLAN' is not passed to the internet, and connects the EC2 instances running within the AWS Outposts with equipment running at your site, including the Zadara VPSAs.
Across both VLANs are dedicated BGP sessions, one per VLAN per LACP interface for a minimum of 4 BGP sessions between your network equipment and the AWS Outposts.
Across the BGP sessions on the 'LGW VLAN', you need to advertise the network range(s) for your site equipment, and the network range chosen to be used by the Zadara VPSAs.
Establish Connectivity between your Site Network and Zadara
Depending on the expected size, your Zadara Cloud has a number of possible connectivity options grouped into two models. For the physical connectivity, we support RJ45/Cat5/Cat6, SFP (1G), SFP+ (10G), QSFP (25G/40G/100G) using Direct Attached Cables (DAC), Single Mode (Optical SM) or MultiMode (Optical MM). Please check with your sales representative or Zadara Support to match capabilities with your equipment.
Firstly, there is the directly attached model. In this model, each of the two Zadara Storage nodes have a pair of connections into your network equipment, for a total of four connections. These connections carrying a tagged VLAN should be placed in the same VRF as the 'LGW VLAN' mentioned above. Note that these connections should be configured as tagged ports without using any LACP bundling.
Secondly, there is the switched model. Each of the provided Zadara switches has one or more physical connections to your network equipment. All of these connections are then organised into a single LACP bundle to provide for redundant connectivity. For larger installations, Zadara Support may recommend the use of L3 routing and BGP sessions in a fashion similar to the above AWS Outposts connectivity. Please note that the Zadara switches are intended to be used for the Zadara equipment interfacing to your site, and not as a physical interface between the AWS Outposts and your site.
In both models, the local site is responsible for determining the network range to be used by the Zadara VPSAs. Where there is no L3 routing, the site will need to provide the required gateway address, or set aside a portion of your address space to be used exclusively by the Zadara VPSAs.
A VLAN will need to be assigned for use by VPSAs, and sent across the LACP interface using tagged VLANs (802.1q). In Zadara Clouds where multiple tenants are expected (eg, different departments), different VPSAs can be placed in the same or different VLANs, which will also be passed across the LACP interface.
Zadara Provisioning Portal Registration
Navigate to your Zadara Cloud's Provisioning Portal. This address will have been provided by Zadara Support. Please note that accounts on your Zadara Cloud's Provisioning Portal are separate from accounts on the main Zadara Provisioning Portal for our public clouds.
If this is your first time visiting your Zadara Cloud's Provisioning Portal, you will need to register a new account.
VPSA Creation
From your Zadara Cloud's Provisioning Portal, click on the VPSA Service you'd like to create:
- VPSA Storage Array - a hybrid virtual array that supports both HDD and SSD drives, offering NAS and block access.
- VPSA All Flash Array - an array designed for flash media. offering NAS and block access.
- VPSA Object Storage - a virtual array that offers Object storage capabilities with both S3 and Swift user interfaces.
Can't decide? We'd love to help! Send us a note at support@zadarastorage.com.
In this tutorial we will provision a VPSA Storage Array, with 20TB of usable capacity.
- Click on "Storage Array" creation button.
- Give your VPSA a name and description, and select your local cloud as the Cloud Provider.
- Click on "Next", on the next page you'll be asked to define your Storage Array engine and available capacity (drives). Drives should be allocated in multiples of two. Your Zadara Cloud will have a different list of drive types available from what is shown here.
Can't decide? We love to help! Send us a note at support@zadarastorage.com. - Click "Next" and allocate Zadara Container Services Engine (allows you to run your Docker applications on top of your Storage Array) - Optional.
- Review your VPSA configuration and click the "Submit" button.
- Your VPSA configuration will be approved and move into "Created" state (you will be notified by an email as well). As part of the VPSA approval process (by your site's administrator or Zadara), the VLAN and network range to be used by the VPSA can be set.
Establish Connectivity to your VPSA
Now that your VPSA is ready, we just need to get it connected to the VPC running within your AWS Outposts. Unlike connecting EC2 instances in a public AWS region to a VPSA running in a public Zadara cloud, EC2 instances in an AWS Outposts connect via a Local Gateway (LGW). Please refer to the AWS documentation for adding a LGW to your AWS Outposts' VPC.
Once added, the route table object(s) for your VPC(s) should be showing the routes for your site's equipment, and for your Zadara VPSA(s) (this may be the same route). If not, please verify that your network equipment is advertising the correct route to your AWS Outposts, and that your LGW is set to propagate routes learned. For debugging purposes, your VPSA will permit ICMP ping and traceroute by default.
For connecting your EC2 instances to your VPSA, please follow one of our guides as follows:
Windows:
Linux: