A10 Harmony Controller Installation

A10 Harmony Controller can be installed on either of the two types of resources:

  1. A10 Hardware Appliances
    Harmony Controller 2000 or Harmony Controller 8000.
  2. Custom Resources
    Generic hardware or Virtual Machines (VMs) provided by the customer.

Overall Installation Steps

Following steps should be carried out for installing the Harmony Controller software on custom resources:

  1. Prepare the environment
    Prepare Linux machines (physical or virtual) with required resources, networking, storage, etc. In case of A10 hardware appliances, VM images of appropriate sizes are placed inside the appliances. Networking for the appliances and VMs needs to be set-up as well.
  2. Download the Harmony Controller Installer
    Installer is a tar file of the install scripts that needs to be download on the VM. If Internet access is not available during installation, required packages and Docker images need to be downloaded. In case of A10 hardware appliances, this step is not required as the installer packages of the appropriate version is already placed inside the appliances. To avoid running out of space during installation, the downloaded files should be kept in the same storage volume where the installation is planned.
  3. Unpack and run install script
    Installer needs to be unpacked to obtain the install script. This install script needs to be run with appropriate parameters for installing the Harmony Controller software. Installation will take around 30-45 minutes to complete.

Networking Pre-requisites

In order to successfully install the controller and to allow devices (Lightning ADC, Thunder ADC) to connect to the controller, following TCP ports need to be opened for ingress traffic:

_images/network_setup.png
Direction
Port Numbers
Access to A10 Harmony Portal
TCP Secure – 443;
Access to controller
nodes from
Lightning ADC subnet
API server: 443;
Metrics message broker: 9093;
Registry server: 443;
Configuration message bus: 5671;
Persistent proxy: 22121
Access to controller
nodes from
Thunder ADC subnet
API server: 443;
Metrics message broker: 9093;
Registry server: 443;
SCP: 2222
Tunnel at Harmony Controller to allow incoming tunnel request from devices: 25500
Between nodes in a
Three Node set-up
TCP – 6443, 6783, 6789-6820, 9898, 10250, 22, 2379, 2380, 3300
UDP - 123, 6783
(for installation and upgrade)

Note: Please make sure all the IP address used to assign to nodes are static IP address and you understand the implications of changing networking configuration as described in maintenance information.

For devices running older Thunder versions that do not support connectivity displays the following error message:

_images/time_drift.png

For devices that have support for connectivity, but are unable to connect to the requisite port displays the following error message:

_images/dev_connectivity.png

External Access Pre-requisites

  • A10’s Global License Manager Access - All the three nodes should have outbound 443 access to reach the A10 Global License Manager from Harmony Controller.
    • DNS Server Access - Set-up DNS server to resolve the license URL.
  • NTP Server Access - Time should be in sync while performing installation or there are possibilities of unsuccessful deployment. You need to have the NTP connectivity to node0 from node1 and node2. To set the NTP server, refer to Network Time Protocol.