Prerequisites

Before deploying Fleet Command, initial configuration is required in the following areas: the physical edge site, the Fleet Command user interface, and the NGC account. The following sections cover each of these areas in detail.

Physical and Network Security Requirements

In addition to Fleet Command security features, users are also responsible for the physical and network security at the facility where the systems are deployed. Security recommendations include

  • The system is physically protected from unauthorized access.

  • The BMC interface is currently not required for Fleet Command operation; this interface may stay disconnected. If BMC is desired, you should connect the BMC interface to a secure management network.

Important

Refer to your corporate policy before completing the steps below.

  • The system is hosted on a secure network. All internet originating connections should be blocked.

Edge Site Requirements

Follow the steps below to prepare your edge sites when deploying Fleet Command on a system.

  • Ensure outbound connections are allowed via TLS 443.

    • You can perform this test from any device on the target network by visiting WebSockets. Verify that the web sockets tests pass, and the “HTTP Proxy” value is “No” in your environment.

  • Ensure that each system is assigned and reserved an IP that does not change during operation. This requirement applies to locations version 1.0.7 or below.

Note

A DHCP reservation creates a “static” IP address assignment that is centrally managed and does not require documenting the IP address manually.

  • Ensure the system has access to a DNS server.

  • If you have multiple network interfaces, you have an option to choose the right network interface.

  • If you plan to add a Proxy to the edge system, you will need to add an HTTP Proxy address.

  • Ensure the system has access to one or more NTP servers.

    • time1.google.com

    • time2.google.com

    • time3.google.com

    • time4.google.com

    • time.cloudflare.com

  • Locations that have interconnected systems must be on the same network.

Note

Interconnected systems refers to multiple systems at the same Location.

Note

To get the customer name, you can reach out to enterprisesupport@nvidia.com.

Fleet Command System Requirements

Fleet Command requires the use of NVIDIA-Certified Systems at edge sites. A comprehensive list of all NVIDIA-Certified Systems can be found here; however, it is recommended to deploy a system designed for the edge use cases. For most of these use cases, systems supporting A2, A30, or T4 GPUs will be sufficient.

For general guidelines on configuring the specifications of your system for your requirements, refer to the NVIDIA-Certified Systems Configuration Guide.

NGC Setup and Roles

NGC is NVIDIA’s AI hub that provides access to Fleet Command and to the private registry, which is used for hosting applications.

To get started with Fleet Command, you will need to log in to your NGC account.

Important

This User Guide assumes that an NGC account has already been provisioned, and admin access for the organization has been granted.

For basic NGC setup and instructions, refer to the NGC Overview Documentation.

Once you have your first NGC Fleet Command Admin account, you will need to assign roles to your organization’s users. The table below lists the different roles and their capabilities.

Roles

Locations

Applications

Deployments

Dashboards

Fleet Command Admin

Read, Write, Admin

Read, Write, Admin

Read, Write, Admin

Read

Fleet Command Operator

Read

Read, Write, Admin

Read, Write, Admin

Read

Fleet Command Viewer

Read

Read

Read

Read

In addition to these roles, three additional roles only apply to your NGC Private Registry access management:

  • User Admin: This user can invite other user admins within an organization. This user cannot download/upload, push/pull, delete, or add/remove users at an org level.

  • Registry User: This user can download, upload, push/pull artifacts within an organization.

  • Registry Read: This user can download and pull artifacts within an organization.

For more information about managing users and teams, refer to the NGC User Management Guide.

Syncing Fleet Command to your NGC Private Registry

By default, Fleet Command allows you to deploy applications from NGC Catalog and your NGC Private Registry. To access applications in your private registry from Fleet Command, you will need to sync your private registry to Fleet Command using an NGC API Key that provides authenticated access.

Note

The following instructions assume that you do not see an API Key added on the Fleet Command Applications page, and you need to add it.

Important

For security and control purposes, Fleet Command recommends that a user with Registry Read role authenticates access rather than from an admin or other user account. You may want to set up an additional user and email address for this role.

  1. If necessary, log in to NGC to get an API key for the NGC Registry. Click the user account icon in the top right corner, and select Setup. Click Get API Key to open the Setup > API Key page.

  2. Add the API key to Fleet Command user interface by navigating to the Applications page and clicking Add API Key on the top right corner of the page.

    ../_images/getting-started-01.png
  3. You will then be prompted to add an API key.

    ../_images/getting-started-02.png
  4. Click add to complete the process.

    Note

    Paste your API key into the API Key field shown above.

  5. Once the API Key has been added, your NGC private registry and Fleet Command interface have synced applications from the private registry that Fleet Command can now pull during application deployment.

Changing Your API Key

If you have forgotten or lost your API Key, you can create a new one at any time through the NVIDIA NGC portal. When you generate a new API key, the old one is invalidated. Applications deployed with the old API key will keep running but could fail if the API key loses access during a new deployment.

Important

If you’re using ImagePullSecret in your application, a new API key will be updated on the edge system by default. For more information about adding ImagePullSecret to your application, refer to ImagePullSecret for container configuration.