13 KiB
13 KiB
- Product Requirement Document: Private Cloud Control Plane - Edge (PCCP-Edge)
--- #### **Executive Summary** The "Private Cloud Control Plane - Edge"
(PCCP-Edge) is an extension of the Private Cloud Control Plane (PCCP), designed
to provide centralized management, secure communication, lifecycle management,
and compliance for distributed edge environments. Fully integrated with
GreenLake’s Central Service, PCCP-Edge leverages the Morpheus platform to manage
edge sites. Key features include autonomous edge operation, lifecycle management
for compute, network, and storage, secure VPN/RDA tunneling, and compliance with
ISO 27001 and GDPR standards. --- #### **Product Vision** PCCP-Edge extends
Morpheus' capabilities to manage distributed edge environments as part of a
unified hybrid cloud strategy. It provides seamless centralized control of edge
sites, secure communication with datacenter control planes, and a robust
platform for provisioning and managing compute, network, and storage resources.
PCCP-Edge aligns with HPE’s strategic direction to treat Morpheus as an
appliance, providing cloud-connected and disconnected deployment options. ---
- Target Users 1. Infrastructure Managers: MSP or CSP administrators
managing edge sites from the central Private Cloud Control Plane (PCCP) via
GreenLake Central Service. 2. Infrastructure Consumers: Application
administrators, database administrators, VM administrators, and DevOps teams
leveraging GUI, API, or Terraform to manage edge resources. 3. Compliance
Officers: Professionals ensuring adherence to ISO 27001 and GDPR standards
using pre-defined blueprints. 4. Edge Operators: Individuals responsible for
maintaining local tasks and connectivity at edge sites. --- #### Problem
Statement Organizations deploying workloads across distributed edge
environments face the following challenges: - Centralized management of edge
sites at scale while maintaining local autonomy for critical tasks. - Simplified
lifecycle management of compute, network, and storage resources across edge and
datacenter environments. - Secure communication across network paths in
multi-hop architectures. - Compliance with strict industry standards such as ISO
27001 and GDPR. - Providing a consistent user experience across GUI, API, and
Infrastructure-as-Code (Terraform). PCCP-Edge addresses these challenges with a
unified, secure, and scalable solution integrated with Morpheus and GreenLake.
--- #### Solution Overview PCCP-Edge will: 1. Centralized Edge
Management: Allow the Private Cloud Core Control Plane (Morpheus) to manage
all customer PC Edge sites. 2. Local Worker Nodes: Deploy a small worker
node instance at each edge site to execute local tasks and maintain connectivity
to datacenter control planes. 3. Lifecycle Management: Provide full
provisioning and lifecycle management of compute, network, and storage via GUI,
API, and Terraform provider. 4. Secure Communication: Enable VPN and RDA
tunneling for secure connectivity across multi-hop network architectures. 5.
Compliance Support: Ensure compliance with ISO 27001 and GDPR standards via
pre-defined blueprints (future requirement). --- ### Requirements |
Category | Requirement | Benefit | Acceptance Criteria |
Priority Centralized Edge Management PCCP Core Control Plane (Morpheus) must manage all customer PC Edge sites. Simplifies managing edge sites from a single control plane. PCCP reflects edge site inventory, monitors connectivity status, and allows provisioning and updates. High Support hierarchical management views in GreenLake’s Central Service. Organizes edge sites by regions, tenants, or business units. Central Service UI provides hierarchical views of edge sites and associated resources. Medium **Local Worker Nodes** Deploy a small worker node instance at each edge site to execute local tasks. Ensures edge systems operate autonomously during outages. Worker node successfully executes local tasks independently of the central control plane. High Facilitate connectivity between edge sites and datacenter control plane instances. Maintains secure communication and integration with PCCP. Worker nodes automatically establish and manage VPN/RDA tunnels for reliable connectivity. High Worker nodes must maintain their own state for critical resource management. Improves edge system reliability and resilience. Worker nodes retain state information after reboots or connectivity interruptions. High Lifecycle Management Provision compute resources via GUI, API, and Terraform provider. Enables flexible and user-friendly resource management. Compute resources (VMs, bare metal nodes) are provisioned, monitored, and updated via GUI, API, Terraform. High Provision network resources via GUI, API, and Terraform provider. Simplifies network configuration for edge systems. Network resources (e.g., VLANs, VPN tunnels) are provisioned and managed via GUI, API, Terraform. High Provision storage resources via GUI, API, and Terraform provider. Enhances storage lifecycle management for edge workloads. Storage resources (e.g., volumes, file shares) are provisioned and updated via GUI, API, Terraform. High Provide lifecycle management workflows for compute, network, and storage updates. Simplifies resource upgrades and patching processes. Updates are applied successfully to edge resources, with rollback options available in case of failures. High Secure Communication Establish encrypted VPN tunnels between edge sites and the central control plane. Protects data in transit across multi-hop network architectures. VPN tunnels are encrypted with AES-256 and self-routed for multi-hop scenarios. High Implement RDA tunneling as an alternative secure communication method. Addresses use cases where RDA is preferred over VPN. RDA tunnels are operational with encryption and performance comparable to VPN tunnels. Medium Compliance Enable compliance with ISO 27001 standards through configurable blueprints. Ensures edge systems meet industry-standard security requirements. ISO 27001 compliance blueprints are created, validated, and applied to edge systems. Medium Enable compliance with GDPR standards through configurable blueprints. Ensures edge systems adhere to data privacy regulations. GDPR compliance blueprints are created, validated, and applied to edge systems. Medium Monitoring and Instrumentation Collect metrics and logs from edge systems for centralized monitoring. Improves visibility into system performance and health. Metrics (e.g., CPU/memory usage, filesystem space) and logs are sent to GreenLake Central Service. High Implement predictive analytics for resource usage and upgrade requirements. Proactively identifies capacity or performance bottlenecks. Central Service displays resource usage trends and upgrade recommendations. Medium **High Availability** Support high availability for edge worker nodes in both virtual and physical deployments. Ensures redundancy and resilience for critical edge operations. HA configurations validated across virtual appliances (VM clusters) and physical systems (3-node setups). High Provide options for single-node deployments for smaller edge sites. Offers cost-effective solutions for less demanding sites. Single-node configurations validated for basic edge functionality. Medium Deployment Options Edge worker nodes must be deployable as virtual machines (OVA/QCOW2). Simplifies deployment in environments with virtualization. Edge worker successfully deployed and operational on supported hypervisor platforms. High Edge worker nodes must be deployable on physical systems. Supports edge environments without virtualization infrastructure. Edge worker successfully deployed and operational on HPE physical hardware. High --- ### Non-functional Requirements Category Requirement Benefit Acceptance Criteria Priority -------------------- ----------------------------------------------------------------------------------------------- ------------------------------------------------ ------------------------------------------------------- -------------- Performance Edge worker nodes must efficiently handle local tasks and connectivity management. Ensures reliable edge system operations. No significant performance degradation observed. High Security All communication must use industry-standard encryption protocols (e.g., AES-256). Protects sensitive data. Encryption protocols validated through penetration testing. High Compliance Edge systems must align with ISO 27001 and GDPR standards through configurable blueprints. Ensures regulatory adherence. Compliance requirements validated through audits. High Reliability Worker nodes must maintain state across reboots and connectivity interruptions. Improves resilience of edge systems. State retention validated in simulated outage scenarios. High Scalability Central PCCP instance must scale to manage hundreds of edge sites. Supports large-scale edge deployments. Scalability validated with simulated high-volume edge sites. Medium --- ### Release Plan Phase Deliverable Description Milestone -------------------- ----------------------------------------------------------------------------------------------------- ------------------------------------------------------------------------------------------------------- -------------------------------------------------------------------------------------------------- Phase 1 Core functionalities, including centralized control, local worker nodes, and VPN/RDA tunneling. Initial implementation of foundational features. VPN tunnels operational, worker nodes deployed successfully. Phase 2 Lifecycle management capabilities (compute, network, storage) via GUI, API, and Terraform. Full lifecycle management functionality across interfaces. Resources provisioned and managed across GUI, API, and Terraform. Phase 3 Integration with GreenLake’s Central Service for monitoring, lifecycle management, and compliance. Seamless connection to GreenLake for centralized management and compliance enforcement. Central Service reflects aggregated edge site inventories and metrics. Phase 4 Creation and validation of ISO 27001 and GDPR compliance blueprints. Development and testing of compliance frameworks. Compliance blueprints successfully applied to edge systems. Phase 5 Final documentation, end-to-end testing, and general availability preparation. Comprehensive testing and user documentation. Product ready for general availability deployment. --- ### Open Questions Question Explanation -------------------------------------------------------------------------------------------------------- ------------------------------------------------------------------------------------------------------ What additional configurations are required for Terraform provider compatibility with all PCCP-Edge features? Ensures seamless integration across Infrastructure-as-Code workflows. Are there specific customer requirements for ISO 27001 and GDPR compliance that need additional customization? Helps identify edge-specific compliance needs. What is the expected scale (number of edge sites and worker nodes) for initial deployments? Helps define scalability benchmarks and deployment strategies. --- ### Appendices Appendix Description ------------------------------------------ ----------------------------------------------------------------------------------------------------- Diagrams and Ecosystem Overviews [Link to diagrams](images/ecosystem-building-blocks.png). **Supporting Documentation** [Private Cloud Design and Development Guidelines](#design-and-development-guidelines). [PCCP Overview Presentation](https://hpe-my.sharepoint.com/:p:/p/eric_forgette/EawMcMbZ9xtKg4-z4OIfMgcBpxQbu__Qif4AGKdF5JuK4g?e=F0lMjh). [Disconnected Presentation](https://hpe-my.sharepoint.com/:p:/p/eric_forgette/EZludZrHsvhNlQnrSr-sbQgBdtIguUAyJnmYnvRW-wnjKQ?e=dChPcc). --- This document consolidates all the information into a single structured PRD for clarity and usability. Let me know if further adjustments are required!