a9s Harbor

This documentation describes the a9s Harbor service. a9s Harbor enables on-demand provisioning of VM-based, dedicated Harbor servers and clusters. Developers can create instances of a Harbor server or cluster using Apps Manager or the Cloud Foundry Command Line interface (cf CLI) and create such called Service Keys in order to get credentials for provisioned Harbor service instances. Depending on your service plan, a service instance may be associated with a single, dedicated VM or a set of VMs consisting of multiple VMs containing a Harbor cluster.

Overview

When you run the cf CLI create-service a9s-harbor command, BOSH creates dedicated VMs for this service instance. This allows the best possible bad neighborhood protection.

Harbor service instance provisioning, including VM orchestration, is entirely automated. This enables service instances to be highly isolated and shielded by infrastructure virtualization mechanisms.

Due to the on-demand provisioning on VMs, only existing service instances allocate infrastructure resources. These resources are released when service instances are destroyed. Using on-demand provisioning the number of service instances is not limited by design.

Distributed across multiple infrastructure availability zones, clustered data service plans enable short failover times and are resilient against failures of individual infrastructure hosts or entire availability zones.

Current Features

The current version of a9s Harbor includes the following key features:

FeatureBenefit
On­-Demand Service Instance Provisioninga9s Harbor deploys Harbor instances automatically. Developers can provision a single-VM Harbor server using a single command.
Service Instance IsolationEach Harbor server runs on a dedicated VM to ensure bad neighborhood protection in order to be aligned with enterprise security requirements.

a9s Harbor uses Cloud Foundry security groups to prevent network connections being established by unauthorized applications.
Deployment UpdaterThis errand automatically updates the stemcell and all provisioned a9s Harbor service instances to their lastest version.
Service GuardThe Service Guard creates Cloud Foundry security groups for your service instance VMs.

When the IP address of a service instance changes, the guard updates the security group. The Service Guard also restarts the application instances bound to the affected service instance. The instances of one application are restarted one by one to avoid downtime.

More information