Network

Networks

Infrastructure -> Network -> Networks

Overview

The Networks section is for configuring networks across all clouds in Morpheus . Existing networks from the Clouds added in Morpheus will auto-populate in the Networks section.

Networks can be configured for DHCP or Static IP assignment, assigned IP pools, and configured for visibility and account assignment for multi-tenancy usage. Networks can also be set as inactive and unavailable for provisioning use.

Configuring Networks

DHCP

To configure a network for DHCP:

  1. Navigate to Infrastructure -> Network -> Networks
  2. Search for the target network
  3. Edit the Network by either:
    • Select Actions -> Edit
    • Select the Network, then select Edit
  4. In the Network Config modal, set the DHCP flag as Active (default)
  5. Save Changes

Important

The DHCP flag tells Morpheus this network has a DHCP server assigning IP Addresses to hosts. Morpheus does not act as the DHCP server, and provisioning to a network that has the DHCP server flag active in Morpheus , but no DHCP server actually on the network will in most cases cause the instance to not receive an IP address.

Note

When selecting a network with DHCP enabled during provisioning, “DHCP” will populate to the right of the selected network:

Static and IP Pools

To configure a network for Static IP Assignment:

  1. Navigate to Infrastructure -> Network -> Networks
  2. Search for the target network
  3. Edit the Network by either:
    • Select Actions -> Edit
    • Select the Network, then select Edit
  4. In the Network Config modal, add the following:
    • Gateway
    • DNS Primary
    • DNS Secondary
    • CIDR ex 10.10.10.0/22
    • VLAN ID (if necessary)
    • Network Pool * Leave as “choose a pool” for entering a static IP while provisioning * Select a Pool to use a pre-configured Morpheus or IPAM Integration IP Pool
    • The Permissions settings are used for Multi-Tenant resource configuration
      • Leave settings as default if used in a single-tenant environment (only one Tenant in your Morpheus appliance)
      • To share this network across all accounts in a multi-tenant environment, select the Master Tenant and set the Visibility to Public
      • To assign this network to be used by only one account in a multi-tenant environment, select the account and set visibility to Private
    • Active
      • Leave as enabled to use this network
      • Disable the active flag to remove this network from available network options
  5. Save Changes

Note

When selecting a network with DHCP disabled and no IP Pool assigned during provisioning, an IP entry field will populate to the right of the selected network(s):

Note

When selecting a network with an IP Pool assigned during provisioning, the name of the IP pool will populate to the right of the selected network(s). IP Pools override DHCP.

Advanced Options (Scan Network)

When adding or editing a network there is an option to scan network. If checked scan network will ping the IP’s in the network range, and if ping is successful Morpheus will quickly check for listening ports on the IP.

Important

Network scanning may cause network monitoring or other alerts

Services

Overview

The Network Services section allows you to add and manage IPAM, DNS, and Service Registry integrations. These services can also be added in the Administration -> Integrations section.

The following integrations are currently supported:

Networking

  • Cisco ACI
  • VMWare NSX

IPAM

  • Infoblox
  • Bluecat
  • phpIPAM

DNS

  • Microsoft DNS
  • Power DNS
  • Route 53

Service Registry

  • Consul

Security

  • Cisco ACI

Add a Service

To configure any of the services, select ADD SERVICE, and fill out the required fields.

Infoblox

  • Name
  • URL (wapi url + version)
    • example https://x.x.x.x/wapi/v2.2.1
  • Username
  • Password

Bluecat

  • Name
  • URL
  • Username
  • Password

Microsoft DNS

  • Name
  • DNS Server
  • Username
  • Password
  • Zone

PowerDNS

  • Name
  • API Host
  • Token

Route 53

  • Region
  • Access Key
  • Secret Key

After Saving, your Network Service integrations will be available for use. These integrations must be scoped to the appropriate sections in Morpheus :

Scoping Services

IPAM
IPAM integrations will populate pools in the IP Pool section, which are available for assignment to networks in the NETWORK POOL dropdown when configuring a network.
DNS
DNS integrations will populate domains in the Infrastructure -> Network -> Domains section, and are available in the DOMAIN dropdown located under the Advanced Options section in Cloud, Group, and Network configurations, as well as in the Configure section of the Create Instance wizard. DNS integrations are also available in the DNS SERVICE dropdown located under the Advanced Options section in Cloud and Group configurations.
Service Registry
Service Registry integrations are available in the SERVICE REGISTRY dropdown located under the Advanced Options section in Cloud and Group configurations.

IP Pools

Infrastructure -> Network -> IP Pools

Overview

The Networks IP Pools sections allows you to create Morpheus IP Pools, which is an IP Range Morpheus can use to assign available static IP addresses to instances. The IP Pool section also displays pools from IPAM integrations like Infoblox and Bluecat.

To add a Morpheus Network Pool

  1. Select + ADD in the Infrastructure -> Network -> IP Pools section
  2. Enter the following:
    Name
    Name of the IP Pool in Morpheus . The name is presented when selecting an IP Pool for a Network, so use a name that easily identifies the IP Pool.
    Starting Address
    The starting IP address of the IP Pool address range. ex: 192.168.0.2
    Ending Address:
    The ending IP address of the IP Pool address range. ex: 192.168.0.255
  3. Save Changes

Note

Multiple Address Ranges can be added to a pool by selecting the + icon to the right of the first address range.

After saving the IP pool will be available for assignment to networks in the NETWORK POOL dropdown when adding or editing a network.

Domains

Infrastructure -> Network -> Domains

Overview

The Domains section is for creating and managing domains for use in Morpheus . Domains are used for setting FQDNs, joining Windows Instances to Domains, and creating A Records with DNS Integrations. The Domains section is also a multi-tenant endpoint for managing domain settings across multiple accounts

  • Added and synced Domains are available for selection in the Domain dropdown when provisioning an Instance.
  • Default domains can be set for Clouds and Networks in their Advanced Options sections.
  • Images can be flagged to Auto-Join Domains in the Provisioning -> Virtual Images section.

Important

For an Instance to auto-join a Domain, a Domain must set in the Advanced Options section of the Cloud or Network used when provisioning.

Adding Domains

  1. Navigate to Infrastructure -> Network -> Domains

  2. Select + Add

  3. Enter the following:

    Domain Name

    Example demo.example.com

    Description

    Descriptive meta-data for use in Morpheus

    Public Zone

    Check for Public Zones, leave uncheck for Private Zones.

    Join Domain Controller

    Enable to have Windows instances join a Domain Controller

    Username

    Admin user for Domain Controller

    Password

    Password for DC Username

    DC Server

    (optional) Specify the URL or Path of the DC Server

    OU Path

    (optional) Enter the OU Path for the connection string.

    Permissions

    Configure Tenant permissions in Morpheus for the Domain (only applicable in Multi-tenant Morpheus setups)

    Tenant

    Select the Tenant to set permissions to for the Domain.

    Visibility
    • Private: Only Accessible by the select Tenant
    • Public: Available for use by all Tenants.
  4. Save Changes

The Domain has been added and will be selectable in Domain dropdown during provisioning, and in Cloud and Network settings.

Note

Only resources assigned to the Master Tenant can be set as Publicly visible. If the Tenant assigned is not the master tenant, visibility will automatically change to private.

Editing and Removing Domains

  • Domains can be edited by selecting the Actions dropdown for the Domain and selecting Edit.
  • Added Domains can be removed from Morpheus by selecting the Actions dropdown for the Domain and selecting Remove.

Setting the default domain on a Cloud

  1. Navigate to Infrastructure -> Clouds.
  2. Edit the target Cloud.
  3. Expand Advanced Options section.
  4. In the Domain dropdown, select the Domain.
  5. Save Changes

Setting the default domain on a Network

  1. Navigate to Infrastructure -> Network.
  2. Edit the target Network.
  3. Expand Advanced Options section.
  4. In the Domain dropdown, select the Domain.
  5. Save Changes

Selecting a Domain while provisioning an instance

  1. While creating an instance, in the Configure section, expand the DNS Options.
  2. Select Domain from the Domain dropdown.

Proxies

Overview

In many situations , companies deploy virtual machines in proxy restricted environments for things such as PCI Compliance, or just general security. As a result of this Morpheus provides out of the box support for proxy connectivity. Proxy authentication support is also provided with both Basic Authentication capabilities as well as NTLM for Windows Proxy environments. Morpheus is even able to configure virtual machines it provisions to utilize these proxies by setting up the operating systems proxy settings directly (restricted to cloud-init based Linux platforms for now, but can also be done on windows based platforms in a different manner).

To get started with Proxies, it may first be important to configure the Morpheus appliance itself to have access to proxy communication for downloading service catalog images. To configure this, visit the Admin -> Settings page where a section labeled “Proxy Settings” is located. Fill in the relevant connection info needed to utilize the proxy. It may also be advised to ensure that the Linux environment’s http_proxy, https_proxy, and no_proxy are set appropriately.

Defining Proxies

Proxies can be used in a few different contexts and optionally scoped to specific networks with which one may be provisioning into or on a cloud integration as a whole. To configure a Proxy for use by the provisioning engines within Morpheus we must go to Infrastructure -> Networks -> Proxies. Here we can create records representing connection information for various proxies. This includes the host ip address, proxy port, and any credentials (if necessary) needed to utilize the proxy. Now that these proxies are defined we can use them in various contexts.

Cloud Communication

When morpheus needs to connect to various cloud APIs to issue provisioning commands or to sync in existing environments, we need to ensure that those api endpoints are accessible by the appliance. In some cases the appliance may be behind a proxy when it comes to public cloud access like Azure and AWS. To configure the cloud integration to utilize a proxy, when adding or editing a cloud there is a setting called “API Proxy” under “Advanced Options”. This is where the proxy of choice can be selected to instruct the Provisioning engine how to communicate with the public cloud. Simply adjust this setting and the cloud should start being able to receive/issue instructions.

Provisioning with Proxies

Proxy configurations can vary from operating system to operating system and in some cases it is necessary for these to be configured in the blueprint as a prerequisite. In other cases it can also be configured automatically. Mostly with the use of cloud-init (which all of our out of the box service catalog utilizes on all clouds). When editing/creating a cloud there is a setting for “Provisioning Proxy” in “Provisioning Options”. If this proxy is set, Morpheus will automatically apply these proxy settings to the guest operating system.

Overriding proxy settings can also be done on the Network record. Networks (or subnets) can be configured in Infrastructure -> Networks or on the Networks tab of the relevant Cloud detail page. Here, a proxy can also be assigned as well as additional options like the No Proxy rules for proxy exceptions.

Docker

When provisioning Docker based hosts within a Proxy environment it is up to the user to configure the docker hosts proxy configuration manually. There are workflows that can be configured via the Automation engine to make this automatic when creating docker based hosts. Please see documentation on Docker and proxies for specific information.

Proxy setups can vary widely from company to company, and it may be advised to contact support for help configuring morpheus to work in the proxy environment.

Security Groups

Infrastructure -> Network - Security Groups

Overview

A security group acts as a virtual firewall that controls the traffic for one or more instances. When you launch an instance, you associate one or more security groups with the instance. You add rules to each security group that allow traffic to or from its associated instances. You can modify the rules for a security group at any time; the new rules are automatically applied to all instances that are associated with the security group.

Important

The Host Level Firewall must be enabled for Security Groups to be applied. The Host Level Firewall can be enabled in Administration -> Settings -> Host Level Firewall Enable/Disable

Important

When local firewall management is enabled, Morpheus will automatically set an IP table rule to allow incoming connections on tcp port 22 from the Morpheus Appliance.

Add Security Group

  1. Navigate to Infrastructure -> Network - Security Groups
  2. Click the + Add Security Group button.
  3. From the Security Group Wizard input a name, and description.
  4. Save Changes

Add Security Group Rule

  1. Navigate to Infrastructure -> Network - Security Groups
  2. Click the name of the security group you wish to add a rule to.
  3. From the security group page click the + Add Rule button.
  4. From the Rule Wizard select the rule type and input source and depending on the type selected protocol and input a port range.
  5. Save Changes

Edit security group rule

  1. Navigate to Infrastructure -> Network - Security Groups
  2. Click the name of the security group you wish to edit a rule in.
  3. Click the edit icon on the row of the security group rule you wish to edit.
  4. Modify information as needed.
  5. Save Changes

Delete security group rule

  1. Navigate to Infrastructure -> Network - Security Groups
  2. Click the name of the security group you wish to delete a rule from.
  3. Click the delete icon on the row of the security group rule you wish to delete.

Add Cloud Security Group

To add Cloud security group

  1. Navigate to Infrastructure -> Clouds
  2. Click the name of the cloud to add an ACL.
  3. Click the Security Groups tab.
  4. Click the Edit Security Groups button.
  5. Click the + (Add) button next to the Security Group(s) in the Available Security Groups list to add to Added Security groups list.
  6. Save Changes

Remove Cloud Security Group

  1. Navigate to Infrastructure -> Clouds
  2. Click the name of the cloud to remove the Security Group from.
  3. Click the Security Groups tab.
  4. Click the Edit Security Groups button.
  5. Click the - (Minus) button of the Security Group from the Added Security groups list to remove.
  6. Save Changes