Configure additional NIC for HPE OneView appliance
HPE OneView VM appliance supports adding an additional Network Interface (NIC) to the appliance. The additional NIC, when configured, allows clients to access HPE OneView without granting network connectivity to the managed equipment. A dual NIC appliance allows HPE OneView to connect to the management LAN and separately to a production LAN. Authorized users on the production LAN can use HPE OneView to perform management operations even though they do not have direct access to the management LAN. This adds an extra layer of security by preventing HPE OneView users from having network access to managed environment. Both the NICs support IPv4 and IPv6 addresses. Configuration of the secondary NIC is supported only through the REST API.
HPE OneView uses the primary NIC to connect to the management LAN and perform management operations. If you configure a secondary NIC on HPE OneView, you can use it only to connect to the production LAN.
Prerequisites for adding an additional NIC
Managed devices must be connected to the appliance through its default NIC.
The appliance was powered off before adding the second adapter.
Two different networks must be available.
Guidelines for configuring a secondary NIC on both newly installed and upgraded HPE OneView appliance
You can add an additional NIC to an existing HPE OneView appliance using the management interface of a hypervisor. IPv4 and IPv6 address assignments are supported. This additional NIC is supported on all hypervisor platforms.
If you want to add a secondary NIC on a newly installed HPE OneView appliance, configure the default NIC from the HPE OneView UI or REST APIs. For more information on adding the default NIC, see the HPE OneView Help.
In HPE OneView 5.2 and later versions, you can configure a secondary NIC on an upgraded HPE OneView appliance. Before configuration, make sure you have the required network settings in the upgraded HPE OneView appliance.
Deploy the HPE OneView appliance by choosing the right network and power on the appliance.
NOTE:The single NIC for the VM (default NIC) must be connected to the managed device network.
Configure the network settings for the default NIC from the HPE OneView UI or REST APIs.
Power off the appliance.
Use a hypervisor to add a second network adapter to the HPE OneView virtual appliance. The second adapter must be connected to a different network and not the default NIC. For more information about adding second network adapter, see hypervisor documentation.
Power on the appliance.
Configure the network settings for the secondary NIC configuration through REST API calls. For more information, see the following topic.
Configure the secondary NIC
Retrieve the existing network settings from the appliance by using a GET call.
Take the data that came back and modify the settings for the second network adapter.
Push the new network settings to the appliance by using a POST call.
The default NIC has Appliance as the interface name, and it remains unchanged. This is already configured through the HPE OneView UI or REST APIs.
The following code snippet is an example of configuring the secondary NIC to retrieve the network settings:
Get https://{appl}/rest/appliance/network-interfaces
{
"type": "ApplianceNetworkConfigurationV2",
"uri": "/rest/appliance/network-interfaces",
"eTag": null,
"created": null,
"modified": null,
"applianceNetworks": [
{
"interfaceName": "",
"device": "eth1",
"macAddress": "xx:xx:xx:xx:xx:xx",
"ipv4Type": "UNCONFIGURE",
"ipv6Type": "UNCONFIGURE",
"overrideIpv4DhcpDnsServers": false,
"overrideIpv6DhcpDnsServers": false,
"confOneNode": true,
"activeNode": 1,
"hostname": null,
"app1Ipv4Addr": "",
"app2Ipv4Addr": "",
"virtIpv4Addr": null,
"ipv4Subnet": "",
"ipv4Gateway": "",
"app1Ipv6Addr": "",
"app2Ipv6Addr": "",
"virtIpv6Addr": null,
"ipv6Subnet": "",
"ipv6Gateway": "",
"app1Ipv4Alias": null,
"app2Ipv4Alias": null,
"app1Ipv6Alias": null,
"app2Ipv6Alias": null,
"domainName": null,
"searchDomains": [],
"ipv4NameServers": [],
"ipv6NameServers": [],
"bondedTo": null,
"unconfigure": false,
"aliasDisabled": false
},
{
"interfaceName": "Appliance",
"device": "eth0",
"macAddress": "xx:xx:xx:xx:xx:xx",
"ipv4Type": "DHCP",
"ipv6Type": "UNCONFIGURE",
"overrideIpv4DhcpDnsServers": true,
"overrideIpv6DhcpDnsServers": false,
"confOneNode": true,
"activeNode": 1,
"hostname": " host2.example.com",
"app1Ipv4Addr": "xxx.xx.xxx.x",
"app2Ipv4Addr": null,
"virtIpv4Addr": "xxx.xx.xxx.x",
"ipv4Subnet": "xxx.xxx.x.x",
"ipv4Gateway": "xxx.xx.x.x",
"app1Ipv6Addr": "",
"app2Ipv6Addr": null,
"virtIpv6Addr": "",
"ipv6Subnet": "",
"ipv6Gateway": "",
"app1Ipv4Alias": null,
"app2Ipv4Alias": null,
"app1Ipv6Alias": "",
"app2Ipv6Alias": null,
"domainName": null,
"searchDomains": [
"vse.rdlabs.hpecorp.net"
],
"ipv4NameServers":["xxx.x.x.x","xxx.xx.xxx.x"],
"ipv6NameServers": [],
"bondedTo": null,
"unconfigure": false,
"aliasDisabled": false
}
]
}
Update the secondary NIC details
Configure the secondary NIC using the following NIC REST API:
POST https://{appl}/rest/appliance/network-interfaces
Auth: abcdefghijklmnopqrstuvwxyz012345
X-Api-Version: 1400
Content-Type: application/json
{
"applianceNetworks":[
{
"activeNode":1,
"allowTransientValidationErrors":false,
"bondedTo":null,
"confOneNode":true,
"domainName":"example.com",
"hostname":"host1.example.com",
"interfaceName":"Appliance",
"networkLabel":"Managed devices network",
"ipv4NameServers":["xxx.x.x.x","xxx.xx.xxx.x"],
"ipv4Type":"DHCP",
"ipv6Type":"UNCONFIGURE",
"macAddress":"xx:xx:xx:xx:xx:xx",
"overrideIpv4DhcpDnsServers":false,
"searchDomains":[],
"unconfigure":false
},
{
"activeNode":1,
"allowTransientValidationErrors":false,
"app1Ipv4Addr":"xxx.xx.xxx.x",
"bondedTo":null,
"confOneNode":true,
"domainName":"example.com",
"hostname":"host2.example.com",
"networkLabel":"Management",
"interfaceName":"Management",
"ipv4Gateway":"xxx.xx.xxx.x",
"ipv4NameServers":["xxx.x.x.x","xxx.xx.xxx.x"],
"ipv4Subnet":"xxx.xxx.x.x",
"ipv4Type":"STATIC",
"ipv6Type":"UNCONFIGURE",
"macAddress":"xx:xx:xx:xx:xx:xx",
"overrideIpv4DhcpDnsServers":false,
"searchDomains":[],
"unconfigure":false
}
]
}
The secondary NIC has an empty interface name, which is user configurable.
- Update the fields for the secondary NIC with the required network settings.NOTE:
You need not configure the name servers information for the secondary NIC. The name server configured for the default NIC is applicable for the secondary NIC as well.
- Update the following mandatory parameters for secondary NIC if either the ipv4type or ipv6type attribute is set to static.
app1Ipv4Addr or app1Ipv6Addr
ipv4Gateway or ipv6Gateway
ipv4Subnet or ipv6Subnet
If either the ipv4type or ipv6type attribute is set to DHCP, ignore all the above fields.
Set a hostname only for the secondary NIC, if the CA-signed certificate for the appliance is used.
The DNS settings are appliance level configurations and not NIC level configurations.
The configuration of the appliance is saved and a task URL is returned in the location response header. The task is updated with the status and progress of the network configuration operation.
Limitations of adding an additional NIC
The additional NIC is supported only on the HPE OneView virtual appliance.
It can only be configured using the REST API.
The additional NIC is not visible in the HPE OneView UI once configured.
The additional NIC cannot be configured before starting up the HPE OneView appliance for the first time.
A maximum of two NICs are supported.
iLO remote console sessions and iLO browser sessions cannot be launched from the HPE OneView appliance unless there is a router between the management LAN and the production LAN. However, you can launch the iLO remote console sessions and iLO browser sessions from HPE OneView kiosk independent of whether a router exists between the management LAN and production LAN or not.
Static routes configuration
Static routes can only be defined using the HPE OneView REST APIs. A user with Infrastructure administrator privileges will be able to manage the static routes configuration on the appliance the REST API calls.
You can use the following REST API to configure static routes. For more information, see the HPE OneView API Reference.
https://{appl}/rest/appliance/static-routesPOST https://{appl}/rest/appliance/static-routes
Auth: abcdefghijklmnopqrstuvwxyz012345
X-Api-Version: 1600
Content-Type: application/json
{
"destination": "xxx.xx.x.x/xx",
"gateway": "xxx.xx.xx.x",
"interface": "Deployment",
"metric": "100"
}
When a factory reset is performed with the Preserve appliance network settings option, both NICs and static routes configurations are retained in the appliance. As the appliance settings are not part of the backup, the secondary NIC network configuration and static routes configurations are also not part of the backup.