Prerequisites

Before deploying Fleet Command, initial configuration is required in the following areas: the physical edge site, the Fleet Command user interface, and the NGC account. The following sections cover each of these areas in detail.

In addition to Fleet Command security features, users are also responsible for the physical and network security at the facility where the systems are deployed. Security recommendations include

  • The system is physically protected from unauthorized access.

  • The BMC interface is currently not required for Fleet Command operation; this interface may stay disconnected. If BMC is desired, you should connect the BMC interface to a secure management network.

Important

Refer to your corporate policy before completing the steps below.

  • The system is hosted on a secure network. All internet originating connections should be blocked.

Follow the steps below to prepare your edge sites when deploying Fleet Command on a system.

  • Ensure outbound connections are allowed via TLS 443.

    • You can perform this test from any device on the target network by visiting WebSockets. Verify that the web sockets tests pass, and the “HTTP Proxy” value is “No” in your environment.

  • Ensure that each system is assigned and reserved an IP that does not change during operation. This requirement applies to locations version 1.0.7 or below.

Note

A DHCP reservation creates a “static” IP address assignment that is centrally managed and does not require documenting the IP address manually.

  • Ensure the system has access to a DNS server.

  • If you have multiple network interfaces, you have an option to choose the right network interface.

  • If you plan to add a Proxy to the edge system, you will need to add an HTTP Proxy address.

  • Ensure the system has access to one or more NTP servers.

    • time1.google.com

    • time2.google.com

    • time3.google.com

    • time4.google.com

    • time.cloudflare.com

  • Locations that have interconnected systems must be on the same network.

Note

Interconnected systems refers to multiple systems at the same Location.

Note

To get the customer name, you can reach out to enterprisesupport@nvidia.com.

Fleet Command requires the use of NVIDIA-Certified Systems at edge sites. A comprehensive list of all NVIDIA-Certified Systems is available in the Qualified Systems Catalog. Select the appropriate Category, Workload, System Class and NVIDIA-Certified type for your use case.

The requirements for using NVIDIA-Certified Systems with Fleet Command are:

  • The systems must be from the Data Center, Industrial Edge, Enterprise Edge, or NVIDIA AI Enterprise Compatible categories.

  • The systems must include TPM 2.0, SHA-256, and support Secure Boot.

prereq-qualified-systems.png

Refer to the NVIDIA-Certified Configuration Guide for detailed system specifications separate from the above requirements.

Once you have an NVIDIA-Certified System, follow the BIOS setup recommendations listed below.

  • TPM 2.0 with SHA-256 : Enabled

    Important

    The TPM module should be cleared and unowned before provisioning the system. Reset the TPM module if a prior operating system has been installed.


  • Secure Boot : Enabled

  • For some GPUs and workloads, additional configuration settings such as the values below may be required. For more information, refer to the system configuration recommendations for your NVIDIA-Certified System.

    Configuration

    Setting

    64-bit MMIO/Above 4G Decoding Enabled
    SR-IOV Enabled
    IOMMU Enabled
    CPU Virtualization/VT Disabled
    ECC Memory (if applicable) Enabled
    Hyper-Threading Enabled
    Power Setting or System Profile High Performance
    CPU Performance (if applicable) Enterprise or High-Throughput

NGC is NVIDIA’s AI hub that provides access to Fleet Command and to the private registry, which is used for hosting applications.

To get started with Fleet Command, you will need to log in to your NGC account.

Important

This User Guide assumes that an NGC account has already been provisioned, and admin access for the organization has been granted.

For basic NGC setup and instructions, refer to the NGC Overview Documentation.

Once you have your first NGC Fleet Command Admin account, you will need to assign roles to your organization’s users. The table below lists the different roles and their capabilities.

Roles

Locations

Applications

Deployments

Dashboards

Fleet Command Admin Read, Write, Admin Read, Write, Admin Read, Write, Admin Read
Fleet Command Operator Read Read, Write, Admin Read, Write, Admin Read
Fleet Command Viewer Read Read Read Read

In addition to these roles, three additional roles only apply to your NGC Private Registry access management:

  • User Admin: This user can invite other user admins within an organization. This user cannot download/upload, push/pull, delete, or add/remove users at an org level.

  • Registry User: This user can download, upload, push/pull artifacts within an organization.

  • Registry Read: This user can download and pull artifacts within an organization.

For more information about managing users and teams, refer to the NGC User Management Guide.

By default, Fleet Command allows you to deploy applications from NGC Catalog and your NGC Private Registry. To access applications in your private registry from Fleet Command, you will need to sync your private registry to Fleet Command using an NGC API Key that provides authenticated access.

Note

The following instructions assume that you do not see an API Key added on the Fleet Command Applications page, and you need to add it.

Important

For security and control purposes, Fleet Command recommends that a user with Registry Read role authenticates access rather than from an admin or other user account. You may want to set up an additional user and email address for this role.

  1. If necessary, log in to NGC to get an API key for the NGC Registry. Click the user account icon in the top right corner, and select Setup. Click Get API Key to open the Setup > API Key page.

  2. Add the API key to Fleet Command user interface by navigating to the Applications page and clicking Add API Key on the top right corner of the page.

    getting-started-01.png

  3. Paste your API key into the API Key field and then click Add.

    getting-started-02.png

  4. After the API Key is added, your NGC private registry and Fleet Command interface have synced applications from the private registry that Fleet Command can now pull during application deployment.

Changing Your API Key

If you have forgotten or lost your API Key, you can create a new one at any time through the NVIDIA NGC portal. When you generate a new API key, the old one is invalidated. Applications deployed with the old API key will keep running but could fail if the API key loses access during a new deployment.

Important

If you’re using ImagePullSecret in your application, a new API key will be updated on the edge system by default. For more information about adding ImagePullSecret to your application, refer to ImagePullSecret for container configuration.

Previous Registration
Next Getting Started
© Copyright 2022-2024, NVIDIA. Last updated on Feb 6, 2024.