IBM Cloud (Early Access)
Frame supports the orchestration of IBM Cloud Early Access Virtual Private Cloud (VPC) and virtual server resources in the customer's own IBM Cloud account.
Requirements
In order to register your IBM Cloud account with Frame, ensure that you have the met the following requirements before proceeding:
- Valid IBM Cloud account
- Permissions to add and modify role assignments for the IBM Cloud account.
Costs (e.g., storage) may begin to accrue immediately after completing the registration of your IBM Cloud account on your Frame Customer or Organization entity.
Preparation
Before your IBM Cloud account can be registered with Frame, you will need to complete two tasks:
- Obtain your IBM Cloud Account ID.
- Create an IBM Cloud Service ID for the Dizzion DaaS Service.
- Generate an IBM Cloud API key for your IBM Cloud Account ID.
Obtain your IBM Cloud Account ID
You will need to obtain your IBM Cloud Account ID for the IBM Cloud Account you wish to register in your Frame tenant.
Open the IBM Cloud Console and navigate to Manage > Account > Account settings.
IBM Cloud Console - Account Settings Copy the Account ID and save the value.
Create a Service ID
In order to programmatically provision and access resources in your IBM Cloud account, you will need to create a Service ID that identifies the Dizzion DaaS service within IBM Cloud. You will be able to assign specific access policies to the Dizzion DaaS-specific Service ID so that the Frame control plane can only use specific IBM Cloud services.
In the IBM Cloud Console, go to the IAM page (Manage > Access (IAM)) and select Service IDs in the menu.
IBM Cloud Console - Service IDs Click on the blue button "Create +". Enter a name and description for this Service ID.
IBM Cloud Console - Create Service ID Assign to your Service ID the following IBM Cloud service access with the specified access levels (Roles and Actions). This will allow Dizzion Frame control plane to orchestrate and manage the IBM Cloud resources in your IBM Cloud account that are required to deliver virtual applications and desktops.
| Service | Roles and Actions |
|---|---|
| All IAM Account Management Services | Administrator |
| Cloud Object Storage | Editor, Manager |
| VPC Infrastructure Services | Administrator |
| Key Protect | Editor, Reader |
| Transit Gateway | Editor |
| All Account Management | Administrator |
Generate your API Key
Next, you will need to generate an API key. You will enter this API key, in conjunction with the IBM Cloud Account ID, into Frame to register your IBM Cloud account.
On the Service IDs page, select API Keys tab.
IBM Cloud Console - API Key Click on the blue button "Create +". Enter a name and description for this API key.
IBM Cloud Console - Create API Key Once the API key is generated, be sure to copy or download the key immediately. This key will not be shown again.
IBM Cloud Console - Copy API Key Before moving on, ensure you have obtained the following values.
- IBM Cloud Account ID
- IBM Cloud Account API Key
You will use these values for the Frame setup below.
Adding your Cloud Acount
Procedure
Go to your Frame Admin Console.
Navigate to the Customer or the Organization page (depending on where you wish to add the cloud account).
Click on Cloud Accounts in the left-hand menu.
Click the Add Cloud Account button on the top-right corner of the page.
Select IBM Cloud.
A new window will appear prompting you for the following information:
Frame Console - Add Cloud Account - Name: Enter the desired name of your cloud service. This will be the name of the Cloud Account in Frame Console.
- Account ID: Enter the IBM Cloud Account ID.
- API Key: Enter the IBM Cloud API key.
Once you have entered the information, click the “Verify credentials” button.
Once your credentials are verified, you can select the data centers (IBM Cloud Multi-Zone Regions) for your Frame accounts. You may add additional data centers in the future.
Check the box at the bottom informing you of possible resource usage on your IBM Cloud infrastructure and then click "Add Account". After a few minutes, you will see your IBM Cloud Account listed as "Ready".
Now that your IBM Cloud Account is created and accessible within Frame, you will be able to create Frame accounts using this BYO cloud account. Be aware that the first Frame account created in an IBM Cloud region may take 30+ minutes as Frame Platform must copy the Dizzion-provided OS images to the IBM Cloud datacenter before the Frame account is created.
Resources Created During BYO IBM Cloud Account Creation
Once the API Key has been validated, Frame provisions the following IBM Cloud Account resources for each multi-zone region added.
- Resource group
- SSH Key
Quotas and Service Limits
By default, a newly created IBM Cloud account will impose certain service limits on available resources. Depending on the number of the Frame workload VMs required of a given instance profile, how the Frame account is created (e.g., Frame-managed networking with or without an SGA), and whether you use Publish or Quick Publish, you will likely need to request increases to the default quotas and service limits imposed by IBM on your IBM Cloud account. If these limits are set to values that are lower than what is required by the Frame platform, you can expect certain functions to either fail, or be substantially delayed. The requirements by Frame for these service limits depends on the desired workload and required resources.
Further documentation on IBM Quotas and Service Limits can be found in official IBM Cloud VPC documentation.
The recommended service limit increases include the following:
| IBM Cloud VPC Resource | Recommendation |
|---|---|
| vCPU | IBM has a default quota of 200 vCPUs per region. We recommend you first determine the expected max number of instances by instance profile across all Frame accounts for each region. Next, calculate the number of vCPUs based on the expected max number of instances and the required number of vCPUs per instance profile. If you use Publish, set your vCPU quota to 2.2 times the required number of vCPUs. The additional 20% will accommodate any additional resources such as Sandboxes, Utility servers, etc. If you use Quick Publish, you can use a minimum factor of 1.X times to calculate the required number of vCPUs. X is computed as the “Number of production instances created on publish” divided by expected max instances. By default, the “Number of production instances created on publish” value is configured to be 10 VMs. A factor of 1.3-1.5 should be sufficient to account for typical Quick Publishes and overhead. |
| RAM | IBM has a default quota of 5600 GB per region. We recommend you first determine the expected max number of instances, by instance profile, across all Frame accounts for each region. Next, calculate the total amount of RAM by summing the products of the max number of instances and the memory for each instance profile. |
| Instance Storage | IBM has a default quota of 18 TB per region. Typically, this resource quota does not need to be modified. To estimate total disk storage consumption, multiply the total number of VMs you expect to provision by the size of the Sandbox VM (e.g., Windows 10/11 images 128 GiB; Windows Server images 64 GiB) across all Frame accounts you plan to provision. Number and size of any utility servers, number of Sandbox image backups, number and size of personal drives, and number and size of enterprise profile disks would be additional storage to consider. |
| Floating IPs | If a Frame account is created with Frame public networking, each workload VM will have both a public and private IP address. If the Frame account is created using Frame private networking, all workload VMs will only have private IP addresses. If the Frame account is created using Frame private networking with Streaming Gateway Appliance (SGA), version 3, then you will need 1 Floating IP address for each SGA VM (and 1 Floating IP address for the load balancer in front of the SGA VMs). For SGA 4, you will need 1 Floating IP address for each SGA VM. All of the workload VMs will only have private IP addresses. You will also need to account for the temporary increase of public IP addresses during a Publish or Quick Publish when the new production VMs are created and before the old production VMs are terminated. |
| GPU | IBM has a default quota of 16 per IBM Cloud account. If you plan to use GPU-backed instance profiles, you will need to request an increase to this quota. |
| VPCs | IBM has a default quota of 10 VPCs per region. If Frame public networking or Frame private networking is used to create Frame accounts, the number of VPCs equals the number of Frame accounts. If Frame private networking with SGA is used to create Frame accounts, then the SGA cluster will require its own VPC (independent of the number of Frame accounts attached to the SGA cluster). For customer-managed networking, no new networks are created. |
Service limit increases may not be necessary for smaller production environments or trial accounts.
Instance Profiles
Dizzion supports both 2nd and 3rd generation IBM Cloud Virtual Servers for VPC. For Windows 10/11 desktops requiring UEFI, only 3rd generation IBM profiles are supported.
More information about IBM Cloud VPC instance profiles can be found in IBM Cloud's official documentation.
For the latest IBM Cloud VPC instance profiles supported by Dizzion, refer to Supported Instance Types.
Resource Naming
Frame provisions the resources below based on a specific naming convention. The resource name value is also saved as value for the tag Name.
| Resource | Resource Name | Example |
|---|---|---|
| Workload VM | prod-v{server.vendor_id}-s{server.id} | prod-v53209-s8059811 |
| Workload VM root volume | prod-v{server.vendor_id}-s{server.id}-root | prod-v53209-s8059811-root |
| User Volume | prod-v{server.vendor_id}-d{disk.id}-{random 5 characters}-{disk_type} | prod-v53273-d170923-857e4-profile |
| User Volume backup (Snapshot) | prod-v{vendor_id}-{user_volume_id}-{snapshot_type}-{random 5 characters} | prod-v53273-6f4ee921-profile-d1101 |
| Image (Snapshot) | prod-v{vendor_id}-s{server_id}-{random 5 characters}-{snapshot_type} or prod-v{vendor_id}-{image_type}-{random 5 characters} | prod-v53273-s8066212-6afc7-publish or prod-v48287-manual-8e750 |
| Master Image | prod-master-image-src-{source_image_id}-{random 5 characters} | prod-master-image-src-239323-d06e8 |
| VPC | prod-v{vendor_id}-vpc{index} | prod-v53273-vpc0 |
| Subnet | prod-v{vendor_id}-sn{index} | prod-v53273-sn1 |
| Security group | prod-v{vendor_id}-sn{index} | prod-v53273-sg0 |
| Static Public IP address | prod-v{server.vendor_id}-s{server.id} or prod-v{vendor_id}-vpc{index}-natgw-{index} | prod-v53209-s8059811 or prod-v7538-vpc0-natgw-0 |
| NAT Gateway | prod-v{vendor.id}-vpc{vpc_idx}-natgw-{idx} | prod-v7538-vpc0-natgw-0 |
| Routing table | frame-prod-{random words separated by ‘-’}-{rtb_db_id} | frame-prod-remold-daffy-unmarked--01hrywf31kevm2k2rp9vn2sv5z |
| SGA VPC | prod-sga-{streaming_configuration_id}-vpc | prod-sga-2431-vpc |
| SGA subnet | prod-sga-{streaming_configuration_id}-vpc{index} | prod-sga-2425-vpc3 |
| SGA security group | prod-sga-{streaming_configuration_id}-vpc-sg-default | prod-sga-2431-vpc-sg-default |
| SGA VM | prod-sga-{workload_streaming_configuration_id}-s{random 8 characters} | prod-sga-2431-s0f532a75 |
| SGA VM root disk | prod-sga-{workload_streaming_configuration_id}-s{random 8 characters} | prod-sga-2431-s0f532a75 |
| Resource group | frame-prod-mr-{random 25 characters} | frame-prod-mr-01hybt5xcqyp1x4q3jvdmyd5ah |
{snapshot_type} can be one of the following values:
manual- for manual backupspublish- for backups created for publishing purposetest_publish- for backups created for test publishauto- for scheduled backupssystem- for backups created internally in various processes (e.g. cloning, generalization)master- from a master image
{disk_type} can be one of the following values:
profile- Enterprise profile diskpersonal- Personal drive
The Streaming Gateway Appliance (SGA) resource naming applies only to Frame-provisioned and managed SGAs.