This documentation describes the a9s Harbor service. a9s Harbor
enables on-demand provisioning of VM-based, dedicated Harbor servers and
clusters. Developers can create instances of a Harbor server or cluster
using Apps Manager or the Cloud Foundry Command Line Interface (
cf CLI) and create such called Service Keys in order to get credentials for provisioned Harbor service instances.
Depending on your service plan, a service instance may be associated with a single,
dedicated VM or a set of VMs consisting of multiple VMs containing a Harbor cluster.
When you run the cf CLI
cf create-service a9s-harbor command, BOSH creates
dedicated VMs for this service instance. This allows the best possible bad neighborhood protection.
Harbor service instance provisioning, including VM orchestration, is entirely automated. This enables service instances to be highly isolated and shielded by infrastructure virtualization mechanisms.
Due to the on-demand provisioning on VMs, only existing service instances allocate infrastructure resources. These resources are released when service instances are destroyed. Using on-demand provisioning the number of service instances is not limited by design.
Distributed across multiple infrastructure availability zones, clustered data service plans enable short failover times and are resilient against failures of individual infrastructure hosts or entire availability zones.
The current version of a9s Harbor includes the following key features:
|On-Demand Service Instance Provisioning||a9s Harbor deploys Harbor instances automatically. Developers can provision a single-VM Harbor server using a single command.|
|Service Instance Isolation||Each Harbor server runs on a dedicated VM to ensure bad neighborhood protection in order to be aligned with enterprise security requirements.|
a9s Harbor uses Cloud Foundry security groups to prevent network connections being established by unauthorized applications.
|Deployment Updater||This errand automatically updates the stemcell and all provisioned a9s Harbor service instances to their lastest version.|
|Service Guard||The Service Guard creates Cloud Foundry security groups for your service instance VMs.|
When the IP address of a service instance changes, the guard updates the security group. The Service Guard also restarts the application instances bound to the affected service instance. The instances of one application are restarted one by one to avoid downtime.