Chapter 2. Requirements

2.1. Red Hat Virtualization Manager Requirements

2.1.1. Hardware Requirements

The minimum and recommended hardware requirements outlined here are based on a typical small to medium-sized installation. The exact requirements vary between deployments based on sizing and load.

Hardware certification for Red Hat Virtualization is covered by the hardware certification for Red Hat Enterprise Linux. For more information, see https://access.redhat.com/solutions/725243. To confirm whether specific hardware items are certified for use with Red Hat Enterprise Linux, see https://access.redhat.com/ecosystem/#certifiedHardware.

Table 2.1. Red Hat Virtualization Manager Hardware Requirements

ResourceMinimumRecommended

CPU

A dual core CPU.

A quad core CPU or multiple dual core CPUs.

Memory

4 GB of available system RAM if Data Warehouse is not installed and if memory is not being consumed by existing processes.

16 GB of system RAM.

Hard Disk

25 GB of locally accessible, writable disk space.

50 GB of locally accessible, writable disk space.

You can use the RHV Manager History Database Size Calculator to calculate the appropriate disk space for the Manager history database size.

Network Interface

1 Network Interface Card (NIC) with bandwidth of at least 1 Gbps.

1 Network Interface Card (NIC) with bandwidth of at least 1 Gbps.

2.1.2. Browser Requirements

The following browser versions and operating systems can be used to access the Administration Portal and the VM Portal.

Browser support is divided into tiers:

  • Tier 1: Browser and operating system combinations that are fully tested and fully supported. Red Hat Engineering is committed to fixing issues with browsers on this tier.
  • Tier 2: Browser and operating system combinations that are partially tested, and are likely to work. Limited support is provided for this tier. Red Hat Engineering will attempt to fix issues with browsers on this tier.
  • Tier 3: Browser and operating system combinations that are not tested, but may work. Minimal support is provided for this tier. Red Hat Engineering will attempt to fix only minor issues with browsers on this tier.

Table 2.2. Browser Requirements

Support TierOperating System FamilyBrowser

Tier 1

Red Hat Enterprise Linux

Mozilla Firefox Extended Support Release (ESR) version

 

Any

Most recent version of Google Chrome, Mozilla Firefox, or Microsoft Edge

Tier 2

  

Tier 3

Any

Earlier versions of Google Chrome or Mozilla Firefox

 

Any

Other browsers

2.1.3. Client Requirements

Virtual machine consoles can only be accessed using supported Remote Viewer (virt-viewer) clients on Red Hat Enterprise Linux and Windows. To install virt-viewer, see Installing Supporting Components on Client Machines in the Virtual Machine Management Guide. Installing virt-viewer requires Administrator privileges.

You can access virtual machine consoles using the SPICE, VNC, or RDP (Windows only) protocols. You can install the QXLDOD graphical driver in the guest operating system to improve the functionality of SPICE. SPICE currently supports a maximum resolution of 2560x1600 pixels.

Client Operating System SPICE Support

Supported QXLDOD drivers are available on Red Hat Enterprise Linux 7.2 and later, and Windows 10.

Note

SPICE may work with Windows 8 or 8.1 using QXLDOD drivers, but it is neither certified nor tested.

2.1.4. Operating System Requirements

The Red Hat Virtualization Manager must be installed on a base installation of Red Hat Enterprise Linux 8 that has been updated to the latest minor release.

Do not install any additional packages after the base installation, as they may cause dependency issues when attempting to install the packages required by the Manager.

Do not enable additional repositories other than those required for the Manager installation.

2.2. Host Requirements

Hardware certification for Red Hat Virtualization is covered by the hardware certification for Red Hat Enterprise Linux. For more information, see https://access.redhat.com/solutions/725243. To confirm whether specific hardware items are certified for use with Red Hat Enterprise Linux, see https://access.redhat.com/ecosystem/#certifiedHardware.

For more information on the requirements and limitations that apply to guests see https://access.redhat.com/articles/rhel-limits and https://access.redhat.com/articles/906543.

2.2.1. CPU Requirements

All CPUs must have support for the Intel® 64 or AMD64 CPU extensions, and the AMD-V™ or Intel VT® hardware virtualization extensions enabled. Support for the No eXecute flag (NX) is also required.

The following CPU models are supported:

  • AMD

    • Opteron G4
    • Opteron G5
    • EPYC
  • Intel

    • Nehalem
    • Westmere
    • SandyBridge
    • IvyBridge
    • Haswell
    • Broadwell
    • Skylake Client
    • Skylake Server
    • Cascadelake Server
  • IBM

    • POWER8
    • POWER9

For each CPU model with security updates, the CPU Type lists a basic type and a secure type. For example:

  • Intel Cascadelake Server Family
  • Secure Intel Cascadelake Server Family

The Secure CPU type contains the latest updates. For details, see BZ#1731395

2.2.1.1. Checking if a Processor Supports the Required Flags

You must enable virtualization in the BIOS. Power off and reboot the host after this change to ensure that the change is applied.

  1. At the Red Hat Enterprise Linux or Red Hat Virtualization Host boot screen, press any key and select the Boot or Boot with serial console entry from the list.
  2. Press Tab to edit the kernel parameters for the selected option.
  3. Ensure there is a space after the last kernel parameter listed, and append the parameter rescue.
  4. Press Enter to boot into rescue mode.
  5. At the prompt, determine that your processor has the required extensions and that they are enabled by running this command:

    # grep -E 'svm|vmx' /proc/cpuinfo | grep nx

If any output is shown, the processor is hardware virtualization capable. If no output is shown, your processor may still support hardware virtualization; in some circumstances manufacturers disable the virtualization extensions in the BIOS. If you believe this to be the case, consult the system’s BIOS and the motherboard manual provided by the manufacturer.

2.2.2. Memory Requirements

The minimum required RAM is 2 GB. The maximum supported RAM per VM in Red Hat Virtualization Host is 4 TB.

However, the amount of RAM required varies depending on guest operating system requirements, guest application requirements, and guest memory activity and usage. KVM can also overcommit physical RAM for virtualized guests, allowing you to provision guests with RAM requirements greater than what is physically present, on the assumption that the guests are not all working concurrently at peak load. KVM does this by only allocating RAM for guests as required and shifting underutilized guests into swap.

2.2.3. Storage Requirements

Hosts require storage to store configuration, logs, kernel dumps, and for use as swap space. Storage can be local or network-based. Red Hat Virtualization Host (RHVH) can boot with one, some, or all of its default allocations in network storage. Booting from network storage can result in a freeze if there is a network disconnect. Adding a drop-in multipath configuration file can help address losses in network connectivity. If RHVH boots from SAN storage and loses connectivity, the files become read-only until network connectivity restores. Using network storage might result in a performance downgrade.

The minimum storage requirements of RHVH are documented in this section. The storage requirements for Red Hat Enterprise Linux hosts vary based on the amount of disk space used by their existing configuration but are expected to be greater than those of RHVH.

The minimum storage requirements for host installation are listed below. However, use the default allocations, which use more storage space.

  • / (root) - 6 GB
  • /home - 1 GB
  • /tmp - 1 GB
  • /boot - 1 GB
  • /var - 15 GB
  • /var/crash - 10 GB
  • /var/log - 8 GB
  • /var/log/audit - 2 GB
  • swap - 1 GB (for the recommended swap size, see https://access.redhat.com/solutions/15244)
  • Anaconda reserves 20% of the thin pool size within the volume group for future metadata expansion. This is to prevent an out-of-the-box configuration from running out of space under normal usage conditions. Overprovisioning of thin pools during installation is also not supported.
  • Minimum Total - 64 GiB

If you are also installing the RHV-M Appliance for self-hosted engine installation, /var/tmp must be at least 5 GB.

If you plan to use memory overcommitment, add enough swap space to provide virtual memory for all of virtual machines. See Memory Optimization.

2.2.4. PCI Device Requirements

Hosts must have at least one network interface with a minimum bandwidth of 1 Gbps. Each host should have two network interfaces, with one dedicated to supporting network-intensive activities, such as virtual machine migration. The performance of such operations is limited by the bandwidth available.

For information about how to use PCI Express and conventional PCI devices with Intel Q35-based virtual machines, see Using PCI Express and Conventional PCI Devices with the Q35 Virtual Machine.

2.2.5. Device Assignment Requirements

If you plan to implement device assignment and PCI passthrough so that a virtual machine can use a specific PCIe device from a host, ensure the following requirements are met:

  • CPU must support IOMMU (for example, VT-d or AMD-Vi). IBM POWER8 supports IOMMU by default.
  • Firmware must support IOMMU.
  • CPU root ports used must support ACS or ACS-equivalent capability.
  • PCIe devices must support ACS or ACS-equivalent capability.
  • All PCIe switches and bridges between the PCIe device and the root port should support ACS. For example, if a switch does not support ACS, all devices behind that switch share the same IOMMU group, and can only be assigned to the same virtual machine.
  • For GPU support, Red Hat Enterprise Linux 8 supports PCI device assignment of PCIe-based NVIDIA K-Series Quadro (model 2000 series or higher), GRID, and Tesla as non-VGA graphics devices. Currently up to two GPUs may be attached to a virtual machine in addition to one of the standard, emulated VGA interfaces. The emulated VGA is used for pre-boot and installation and the NVIDIA GPU takes over when the NVIDIA graphics drivers are loaded. Note that the NVIDIA Quadro 2000 is not supported, nor is the Quadro K420 card.

Check vendor specification and datasheets to confirm that your hardware meets these requirements. The lspci -v command can be used to print information for PCI devices already installed on a system.

2.2.6. vGPU Requirements

A host must meet the following requirements in order for virtual machines on that host to use a vGPU:

  • vGPU-compatible GPU
  • GPU-enabled host kernel
  • Installed GPU with correct drivers
  • Predefined mdev_type set to correspond with one of the mdev types supported by the device
  • vGPU-capable drivers installed on each host in the cluster
  • vGPU-supported virtual machine operating system with vGPU drivers installed

2.3. Networking requirements

2.3.1. General requirements

Red Hat Virtualization requires IPv6 to remain enabled on the physical or virtual machine running the Manager. Do not disable IPv6 on the Manager machine, even if your systems do not use it.

2.3.2. Network range for self-hosted engine deployment

The self-hosted engine deployment process temporarily uses a /24 network address under 192.168. It defaults to 192.168.222.0/24, and if this address is in use, it tries other /24 addresses under 192.168 until it finds one that is not in use. If it does not find an unused network address in this range, deployment fails.

When installing the self-hosted engine using the command line, you can set the deployment script to use an alternate /24 network range with the option --ansible-extra-vars=he_ipv4_subnet_prefix=PREFIX, where PREFIX is the prefix for the default range. For example:

# hosted-engine --deploy --ansible-extra-vars=he_ipv4_subnet_prefix=192.168.222
Note

You can only set another range by installing Red Hat Virtualization as a self-hosted engine using the command line.

2.3.3. Firewall Requirements for DNS, NTP, and IPMI Fencing

The firewall requirements for all of the following topics are special cases that require individual consideration.

DNS and NTP

Red Hat Virtualization does not create a DNS or NTP server, so the firewall does not need to have open ports for incoming traffic.

By default, Red Hat Enterprise Linux allows outbound traffic to DNS and NTP on any destination address. If you disable outgoing traffic, define exceptions for requests that are sent to DNS and NTP servers.

Important
  • The Red Hat Virtualization Manager and all hosts (Red Hat Virtualization Host and Red Hat Enterprise Linux host) must have a fully qualified domain name and full, perfectly-aligned forward and reverse name resolution.
  • Running a DNS service as a virtual machine in the Red Hat Virtualization environment is not supported. All DNS services the Red Hat Virtualization environment uses must be hosted outside of the environment.
  • Use DNS instead of the /etc/hosts file for name resolution. Using a hosts file typically requires more work and has a greater chance for errors.

IPMI and Other Fencing Mechanisms (optional)

For IPMI (Intelligent Platform Management Interface) and other fencing mechanisms, the firewall does not need to have open ports for incoming traffic.

By default, Red Hat Enterprise Linux allows outbound IPMI traffic to ports on any destination address. If you disable outgoing traffic, make exceptions for requests being sent to your IPMI or fencing servers.

Each Red Hat Virtualization Host and Red Hat Enterprise Linux host in the cluster must be able to connect to the fencing devices of all other hosts in the cluster. If the cluster hosts are experiencing an error (network error, storage error…​) and cannot function as hosts, they must be able to connect to other hosts in the data center.

The specific port number depends on the type of the fence agent you are using and how it is configured.

The firewall requirement tables in the following sections do not represent this option.

2.3.4. Red Hat Virtualization Manager Firewall Requirements

The Red Hat Virtualization Manager requires that a number of ports be opened to allow network traffic through the system’s firewall.

The engine-setup script can configure the firewall automatically.

The firewall configuration documented here assumes a default configuration.

Note

A diagram of these firewall requirements is available at https://access.redhat.com/articles/3932211. You can use the IDs in the table to look up connections in the diagram.

Table 2.3. Red Hat Virtualization Manager Firewall Requirements

IDPort(s)ProtocolSourceDestinationPurposeEncrypted by default

M1

-

ICMP

Red Hat Virtualization Hosts

Red Hat Enterprise Linux hosts

Red Hat Virtualization Manager

Optional.

May help in diagnosis.

No

M2

22

TCP

System(s) used for maintenance of the Manager including backend configuration, and software upgrades.

Red Hat Virtualization Manager

Secure Shell (SSH) access.

Optional.

Yes

M3

2222

TCP

Clients accessing virtual machine serial consoles.

Red Hat Virtualization Manager

Secure Shell (SSH) access to enable connection to virtual machine serial consoles.

Yes

M4

80, 443

TCP

Administration Portal clients

VM Portal clients

Red Hat Virtualization Hosts

Red Hat Enterprise Linux hosts

REST API clients

Red Hat Virtualization Manager

Provides HTTP (port 80, not encrypted) and HTTPS (port 443, encrypted) access to the Manager. HTTP redirects connections to HTTPS.

Yes

M5

6100

TCP

Administration Portal clients

VM Portal clients

Red Hat Virtualization Manager

Provides websocket proxy access for a web-based console client, noVNC, when the websocket proxy is running on the Manager. If the websocket proxy is running on a different host, however, this port is not used.

No

M6

7410

UDP

Red Hat Virtualization Hosts

Red Hat Enterprise Linux hosts

Red Hat Virtualization Manager

If Kdump is enabled on the hosts, open this port for the fence_kdump listener on the Manager. See fence_kdump Advanced Configuration. fence_kdump doesn’t provide a way to encrypt the connection. However, you can manually configure this port to block access from hosts that are not eligible.

No

M7

54323

TCP

Administration Portal clients

Red Hat Virtualization Manager (ImageIO Proxy server)

Required for communication with the ImageIO Proxy (ovirt-imageio-proxy).

Yes

M8

6442

TCP

Red Hat Virtualization Hosts

Red Hat Enterprise Linux hosts

Open Virtual Network (OVN) southbound database

Connect to Open Virtual Network (OVN) database

Yes

M9

9696

TCP

Clients of external network provider for OVN

External network provider for OVN

OpenStack Networking API

Yes, with configuration generated by engine-setup.

M10

35357

TCP

Clients of external network provider for OVN

External network provider for OVN

OpenStack Identity API

Yes, with configuration generated by engine-setup.

M11

53

TCP, UDP

Red Hat Virtualization Manager

DNS Server

DNS lookup requests from ports above 1023 to port 53, and responses. Open by default.

No

M12

123

UDP

Red Hat Virtualization Manager

NTP Server

NTP requests from ports above 1023 to port 123, and responses. Open by default.

No

Note
  • A port for the OVN northbound database (6641) is not listed because, in the default configuration, the only client for the OVN northbound database (6641) is ovirt-provider-ovn. Because they both run on the same host, their communication is not visible to the network.
  • By default, Red Hat Enterprise Linux allows outbound traffic to DNS and NTP on any destination address. If you disable outgoing traffic, make exceptions for the Manager to send requests to DNS and NTP servers. Other nodes may also require DNS and NTP. In that case, consult the requirements for those nodes and configure the firewall accordingly.

2.3.5. Host Firewall Requirements

Red Hat Enterprise Linux hosts and Red Hat Virtualization Hosts (RHVH) require a number of ports to be opened to allow network traffic through the system’s firewall. The firewall rules are automatically configured by default when adding a new host to the Manager, overwriting any pre-existing firewall configuration.

To disable automatic firewall configuration when adding a new host, clear the Automatically configure host firewall check box under Advanced Parameters.

To customize the host firewall rules, see https://access.redhat.com/solutions/2772331.

Note

A diagram of these firewall requirements is available at https://access.redhat.com/articles/3932211. You can use the IDs in the table to look up connections in the diagram.

Table 2.4. Virtualization Host Firewall Requirements

IDPort(s)ProtocolSourceDestinationPurposeEncrypted by default

H1

22

TCP

Red Hat Virtualization Manager

Red Hat Virtualization Hosts

Red Hat Enterprise Linux hosts

Secure Shell (SSH) access.

Optional.

Yes

H2

2223

TCP

Red Hat Virtualization Manager

Red Hat Virtualization Hosts

Red Hat Enterprise Linux hosts

Secure Shell (SSH) access to enable connection to virtual machine serial consoles.

Yes

H3

161

UDP

Red Hat Virtualization Hosts

Red Hat Enterprise Linux hosts

Red Hat Virtualization Manager

Simple network management protocol (SNMP). Only required if you want Simple Network Management Protocol traps sent from the host to one or more external SNMP managers.

Optional.

No

H4

111

TCP

NFS storage server

Red Hat Virtualization Hosts

Red Hat Enterprise Linux hosts

NFS connections.

Optional.

No

H5

5900 - 6923

TCP

Administration Portal clients

VM Portal clients

Red Hat Virtualization Hosts

Red Hat Enterprise Linux hosts

Remote guest console access via VNC and SPICE. These ports must be open to facilitate client access to virtual machines.

Yes (optional)

H6

5989

TCP, UDP

Common Information Model Object Manager (CIMOM)

Red Hat Virtualization Hosts

Red Hat Enterprise Linux hosts

Used by Common Information Model Object Managers (CIMOM) to monitor virtual machines running on the host. Only required if you want to use a CIMOM to monitor the virtual machines in your virtualization environment.

Optional.

No

H7

9090

TCP

Red Hat Virtualization Manager

Client machines

Red Hat Virtualization Hosts

Red Hat Enterprise Linux hosts

Required to access the Cockpit web interface, if installed.

Yes

H8

16514

TCP

Red Hat Virtualization Hosts

Red Hat Enterprise Linux hosts

Red Hat Virtualization Hosts

Red Hat Enterprise Linux hosts

Virtual machine migration using libvirt.

Yes

H9

49152 - 49215

TCP

Red Hat Virtualization Hosts

Red Hat Enterprise Linux hosts

Red Hat Virtualization Hosts

Red Hat Enterprise Linux hosts

Virtual machine migration and fencing using VDSM. These ports must be open to facilitate both automated and manual migration of virtual machines.

Yes. Depending on agent for fencing, migration is done through libvirt.

H10

54321

TCP

Red Hat Virtualization Manager

Red Hat Virtualization Hosts

Red Hat Enterprise Linux hosts

Red Hat Virtualization Hosts

Red Hat Enterprise Linux hosts

VDSM communications with the Manager and other virtualization hosts.

Yes

H11

54322

TCP

Red Hat Virtualization Manager (ImageIO Proxy server)

Red Hat Virtualization Hosts

Red Hat Enterprise Linux hosts

Required for communication with the ImageIO daemon (ovirt-imageio-daemon).

Yes

H12

6081

UDP

Red Hat Virtualization Hosts

Red Hat Enterprise Linux hosts

Red Hat Virtualization Hosts

Red Hat Enterprise Linux hosts

Required, when Open Virtual Network (OVN) is used as a network provider, to allow OVN to create tunnels between hosts.

No

H13

53

TCP, UDP

Red Hat Virtualization Hosts

Red Hat Enterprise Linux hosts

DNS Server

DNS lookup requests from ports above 1023 to port 53, and responses. This port is required and open by default.

No

Note

By default, Red Hat Enterprise Linux allows outbound traffic to DNS and NTP on any destination address. If you disable outgoing traffic, make exceptions for the Red Hat Virtualization Hosts

Red Hat Enterprise Linux hosts to send requests to DNS and NTP servers. Other nodes may also require DNS and NTP. In that case, consult the requirements for those nodes and configure the firewall accordingly.

2.3.6. Database Server Firewall Requirements

Red Hat Virtualization supports the use of a remote database server for the Manager database (engine) and the Data Warehouse database (ovirt-engine-history). If you plan to use a remote database server, it must allow connections from the Manager and the Data Warehouse service (which can be separate from the Manager).

Similarly, if you plan to access a local or remote Data Warehouse database from an external system, the database must allow connections from that system.

Important

Accessing the Manager database from external systems is not supported.

Note

A diagram of these firewall requirements is available at https://access.redhat.com/articles/3932211. You can use the IDs in the table to look up connections in the diagram.

Table 2.5. Database Server Firewall Requirements

IDPort(s)ProtocolSourceDestinationPurposeEncrypted by default

D1

5432

TCP, UDP

Red Hat Virtualization Manager

Data Warehouse service

Manager (engine) database server

Data Warehouse (ovirt-engine-history) database server

Default port for PostgreSQL database connections.

No, but can be enabled.

D2

5432

TCP, UDP

External systems

Data Warehouse (ovirt-engine-history) database server

Default port for PostgreSQL database connections.

Disabled by default. No, but can be enabled.