diff --git a/content/docs/06-integrations/00-byoos.md b/content/docs/06-integrations/00-byoos.md
index bfa3e6a1e4..bfde28bb8f 100644
--- a/content/docs/06-integrations/00-byoos.md
+++ b/content/docs/06-integrations/00-byoos.md
@@ -70,7 +70,7 @@ The BYOS Edge OS pack supports the following parameters.
BYOOS enables you to use a custom OS for your Edge host. You can use this feature to customize the desired specifications of your OS layer in the Edge host. You can reference the custom OS through the BYOOS pack.
-To use a custom OS, you must include all the Edge artifacts and provider images required by the Edge Installer in the custom OS. Refer to the [Bring Your Own OS](/clusters/edge/edgeforge-workflow/build-kairos-os) guide for steps on how to create a custom OS that includes all the required components for the Edge Installer.
+To use a custom OS, you must include all the Edge artifacts and provider images required by the Edge Installer in the custom OS. Refer to the [Build Edge Artifacts](/clusters/edge/edgeforge-workflow/palette-canvos) guide for steps on how to create a custom OS that includes all the required components for the Edge Installer.
Select the BYOOS pack and fill out the required parameters during the cluster profile creation process. The `system.uri` parameter specifies the location of the BYOOS image. Refer to the [Build Edge Artifacts](/clusters/edge/edgeforge-workflow/palette-canvos) guide to learn how to create Edge Artifacts.
diff --git a/content/docs/12-enterprise-version/00-on-prem-system-requirements.md b/content/docs/12-enterprise-version/00-on-prem-system-requirements.md
index b63908716f..8629a5abc6 100644
--- a/content/docs/12-enterprise-version/00-on-prem-system-requirements.md
+++ b/content/docs/12-enterprise-version/00-on-prem-system-requirements.md
@@ -1,7 +1,7 @@
---
title: "System Requirements"
-metaTitle: "On-premise System Requirements"
-metaDescription: "An overview of On-premise System Requirements"
+metaTitle: "System Requirements"
+metaDescription: "An overview of the self-hosted Palette system requirements."
icon: ""
hideToC: true
fullWidth: false
@@ -16,22 +16,22 @@ import Tooltip from "shared/components/ui/Tooltip";
# System Requirements
-The Spectro Cloud Palette SaaS platform is available as a self-hosted, on-prem deployment. The on-prem version is a dedicated instance of the platform hosted in a VMware environment or in an existing Kubernetes cluster. Palette on-prem is available in three modes:
+Palette is available as a self-hosted application that you install in your environment. The self-hosted version is a dedicated Palette environment hosted on VMware instances or in an existing Kubernetes cluster. Self-hosted Palette is available in the following three modes:
-| **On-premise Modes** | **Description** |
+| **Self-Hosted Modes** | **Description** |
| --------------------- | --------------------------------------------------------------------------------- |
| **VMWare Enterprise Mode** | A multi-node, highly available version for production purposes. |
| **VMWare Quick Start Mode** | A single VM deployment of the platform that is ideal for use in Proofs of Concept (PoCs). |
| **Helm Chart Mode** | Install Palette in an existing Kubernetes cluster using a Helm Chart. |
-The sections below describe the standard requirements and highlight specific requirements for both deployment modes.
+The next sections describe specific requirements for all modes.
## Prerequisites
The following are prerequisites for deploying a Kubernetes cluster in VMware:
-* vCenter version 6.7U3 or above is recommended.
+* vCenter version 7.0 or above is required. vSphere 6.7 is supported but not recommended.
* Configuration Requirements - A Resource Pool needs to be configured across the hosts, onto which the workload clusters will be provisioned. Every host in the Resource Pool will need access to shared storage, such as vSAN, to use high-availability control planes. Network Time Protocol (NTP) must be configured on each ESXi host.
@@ -87,7 +87,7 @@ The following are prerequisites for deploying a Kubernetes cluster in VMware:
**Note**: The exact values for the kubernetes-region and kubernetes-zone tags can be different from the ones described in the example above, as long as these are unique.
-### Naming conventions for vSphere Region and Zone Tags
+### Tag Requirements
The following points needs to be taken care while creating the Tags:
* A valid tag must consist of alphanumeric characters
* The tag must start and end with an alphanumeric characters
@@ -102,21 +102,455 @@ The following points needs to be taken care while creating the Tags:
-## Privileges
+## VMware Privileges
+The vSphere user account that is deploying Palette must have the following minimum vSphere privileges. The **Administrator** role provides super-user access to all vSphere objects. For users without the **Administrator** role, one or more custom roles can be created based on the tasks being performed by the user.
+Permissions and privilieges vary depending on the vSphere version you are using.
-The vSphere user account used in the various Palette tasks must have the minimum vSphere privileges required to perform the task. The **Administrator** role provides super-user access to all vSphere objects. For users without the **Administrator** role, one or more custom roles can be created based on the tasks being performed by the user.
+Select the tab that corresponds with your vSphere versions.
+
+
+
+
+
+
+## Root-Level Role Privileges
+
+
+
+The root-level role privileges are applied to root object and Datacenter objects only.
+
+|**vSphere Object**|**Privileges**|
+|---------------|----------|
+|**Cns**|Searchable|
+|**Datastore**|Browse datastore
+|**Host**|Configuration
+|| Storage partition configuration
+|**vSphere** **Tagging**|Create vSphere Tag|
+||Edit vSphere Tag|
+|**Network**|Assign network|
+|**Sessions**|Validate session|
+|**VM Storage Policies**|View VM storage policies|
+|**Storage views**|View|
+
+
+
+## Spectro Role Privileges
+
+
+
+
+
+
+#### Cns Privileges
+ - Searchable
+
+
+
+
+
+#### Datastore Privileges
+ - Allocate Space
+ - Browse Datastore
+ - Low level file operations
+ - Remove file
+ - Update virtual machine files
+ - Update virtual machine metadata
+
+
+
+
+
+
+ #### Folder Privileges
+ - Create folder
+ - Delete folder
+ - Move folder
+ - Rename folder
+
+
+
+
+
+ #### Host Privileges
+ - Local Operations
+ * Reconfigure virtual machine
+
+
+
+
+
+
+
+
+
+If the network is a Distributed Port Group under a vSphere Distributed Switch (VDS), ReadOnly access to the VDS without “Propagate to children” needs to be provided.
+
+
+
+
+
+ #### Network Privileges
+
+ - Assign Network
+
+
+
+
+
+ #### Resource Privileges
+
+ - Apply recommendation
+ - Assign virtual machine to resource pool
+ - Migrate powered off virtual machine
+ - Migrate powered on virtual machine
+ - Query vMotion
+
+
+
+
+
+ #### Sessions Privileges
+ - Validate session
+
+
+
+
+
+ #### VM Storage Policies Privileges
+
+ - View access for VM storage policies is required. Ensure the privilege `StorageProfile.View` is available. Refer to the [VM Storage Policies Privileges](https://docs.vmware.com/en/VMware-vSphere/8.0/vsphere-security/GUID-DECEAE60-58CB-4B30-8874-FA273573E6B5.html) resource to learn more.
+
+
+
+
+
+ #### Storage Views Privileges
+ - View
+
+
+
+
+
+
+ #### Task Privileges
+
+ - Create task
+ - Update task
+
+
+
+
+
+ #### vApp Privileges
+
+ - Import
+ - View OVF environment
+ - vApp application configuration
+ - vApp instance configuration
+
+
+
+
+
+ #### vSphere Tagging
+
+ - Create vSphere Tag
+ - Edit vSphere Tag
+
+
+
+
+
+
+ #### Virtual Machines Privileges
+
+
+
+
+| | | |
+| ------------------------- | ------------------------------------------- | ------------------------------------- |
+| **Change Configuration** | | |
+| | Change Settings | Extend virtual disk |
+| | Change Swapfile Placement | Modify device settings |
+| | Configure host USB device | Query Fault Tolerance compatibility |
+| | Configure raw device | Query unowned files |
+| | Add existing disk | Reload from path |
+| | Add new disk | Remove disk |
+| | Add or remove device | Rename |
+| | Change resource | Reset guest information |
+| | Configure managedBy | Set annotation |
+| | Display connection settings | Toggle fork parent |
+| | Advanced configuration | Upgrade virtual machine compatibility |
+| | Change CPU count | |
+| **Guest operations** | | |
+| | Guest operation alias modification | Guest operation alias query |
+| | Guest operation modifications | Guest operation queries |
+| | Guest operation program execution | |
+| **Interaction** | | |
+| | Power off | Power on |
+| **Inventory** | | |
+| | Create from existing | Move |
+| | Create new | Remove |
+| **Provisioning** | | |
+| | Allow disk access | Customize guest |
+| | Allow file access | Deploy template |
+| | Allow read-only disk access | Mark as template |
+| | Allow virtual machine download | Mark as virtual machine |
+| | Allow virtual machine files upload | Modify customization specification |
+| | Clone template | Promote disks |
+| | Clone virtual machine | Read customization specifications |
+| | Create template from virtual machine | |
+| **Service Configuration** | | |
+| | Allow notifications | Modify service configuration |
+| | Allow polling of global event notifications | Query service configurations |
+| | Manage service configurations | Read service configuration |
+| **Snapshot Management** | | |
+| | Create snapshot | Remove snapshot |
+| | Rename snapshot | Revert to snapshot |
+| **vSphere Replication** | | |
+| | Configure replication | Monitor replication |
+| | Monitor replication | |
+
+
+
+
+
+
+ #### vSAN
+
+ - Cluster
+ * ShallowRekey
+
+
+
+
+
+
+
+
+
+
+## Root-Level Role Privileges
+
+
+
+The root-level role privileges are applied to root object and Datacenter objects only.
+
+|**vSphere Object**|**Privileges**|
+|---------------|----------|
+|**Cns**|Searchable|
+|**Datastore**|Browse datastore
+|**Host**|Configuration
+|| Storage partition configuration
+|**vSphere** **Tagging**|Create vSphere Tag|
+||Edit vSphere Tag|
+|**Network**|Assign network|
+|**Sessions**|Validate session|
+|**Profile-driven storage**|Profile-driven storage view|
+|**Storage views**|View|
+
+
+
+## Spectro Role Privileges
+
+
+
+
+
+
+#### Cns Privileges
+ - Searchable
+
+
+
+
+
+#### Datastore Privileges
+ - Allocate Space
+ - Browse Datastore
+ - Low level file operations
+ - Remove file
+ - Update virtual machine files
+ - Update virtual machine metadata
+
+
+
+
+
+
+ #### Folder Privileges
+ - Create folder
+ - Delete folder
+ - Move folder
+ - Rename folder
+
+
+
+
+
+ #### Host Privileges
+ - Local Operations
+ * Reconfigure virtual machine
+
+
+
+
+
+
If the network is a Distributed Port Group under a vSphere Distributed Switch (VDS), ReadOnly access to the VDS without “Propagate to children” needs to be provided.
-## Privileges Under Root-Level Role
+ #### Network Privileges
+
+ - Assign Network
+
+
+
+
+
+ #### Resource Privileges
+
+ - Apply recommendation
+ - Assign virtual machine to resource pool
+ - Migrate powered off virtual machine
+ - Migrate powered on virtual machine
+ - Query vMotion
+
+
+
+
+
+ #### Sessions Privileges
+ - Validate session
+
+
+
+
+
+ #### Profile Driven Storage
+ - Profile-driven storage view
+
+
+
+
+
+ #### Storage Views Privileges
+ - View
+
+
+
+
+
+
+ #### Task Privileges
+
+ - Create task
+ - Update task
+
+
+
+
+
+ #### vApp Privileges
+
+ - Import
+ - View OVF environment
+ - vApp application configuration
+ - vApp instance configuration
+
+
+
+
+
+ #### vSphere Tagging
+
+ - Create vSphere Tag
+ - Edit vSphere Tag
+
+
+
+
+
+
+ #### Virtual Machines Privileges
+
+
+
+
+| | | |
+| ------------------------- | ------------------------------------------- | ------------------------------------- |
+| **Change Configuration** | | |
+| | Change Settings | Extend virtual disk |
+| | Change Swapfile Placement | Modify device settings |
+| | Configure host USB device | Query Fault Tolerance compatibility |
+| | Configure raw device | Query unowned files |
+| | Add existing disk | Reload from path |
+| | Add new disk | Remove disk |
+| | Add or remove device | Rename |
+| | Change resource | Reset guest information |
+| | Configure managedBy | Set annotation |
+| | Display connection settings | Toggle fork parent |
+| | Advanced configuration | Upgrade virtual machine compatibility |
+| | Change CPU count | |
+| **Guest operations** | | |
+| | Guest operation alias modification | Guest operation alias query |
+| | Guest operation modifications | Guest operation queries |
+| | Guest operation program execution | |
+| **Interaction** | | |
+| | Power off | Power on |
+| **Inventory** | | |
+| | Create from existing | Move |
+| | Create new | Remove |
+| **Provisioning** | | |
+| | Allow disk access | Customize guest |
+| | Allow file access | Deploy template |
+| | Allow read-only disk access | Mark as template |
+| | Allow virtual machine download | Mark as virtual machine |
+| | Allow virtual machine files upload | Modify customization specification |
+| | Clone template | Promote disks |
+| | Clone virtual machine | Read customization specifications |
+| | Create template from virtual machine | |
+| **Service Configuration** | | |
+| | Allow notifications | Modify service configuration |
+| | Allow polling of global event notifications | Query service configurations |
+| | Manage service configurations | Read service configuration |
+| **Snapshot Management** | | |
+| | Create snapshot | Remove snapshot |
+| | Rename snapshot | Revert to snapshot |
+| **vSphere Replication** | | |
+| | Configure replication | Monitor replication |
+| | Monitor replication | |
+
+
+
+
+
+
+ #### vSAN
+
+ - Cluster
+ * ShallowRekey
+
+
+
+
+
+
+
+
+
+
+
+
+## Root-Level Role Privileges
@@ -127,7 +561,7 @@ The root-level role privileges are applied to root object and Datacenter objects
|**Cns**|Searchable|
|**Datastore**|Browse datastore
|**Host**|Configuration
-||* Storage partition configuration
+|| Storage partition configuration
|**vSphere** **Tagging**|Create vSphere Tag|
||Edit vSphere Tag|
|**Network**|Assign network|
@@ -137,7 +571,7 @@ The root-level role privileges are applied to root object and Datacenter objects
-## Privileges Under the Spectro Role
+## Spectro Role Privileges
@@ -182,6 +616,14 @@ The root-level role privileges are applied to root object and Datacenter objects
+
+
+
+
+If the network is a Distributed Port Group under a vSphere Distributed Switch (VDS), ReadOnly access to the VDS without “Propagate to children” needs to be provided.
+
+
+
#### Network Privileges
- Assign Network
@@ -318,6 +760,17 @@ The root-level role privileges are applied to root object and Datacenter objects
+
+
+
+
+
+
+
+
+
+---
+
## Network Requirements
* Outgoing access from the platform VMs to the internet either directly or via a proxy.
@@ -373,11 +826,12 @@ The following section provides the hardware requirements for Palette Platform VM
+
The size of the Tenant Cluster, in terms of the number of nodes or size of the nodes, does not impact the capacity guidance below.
-## On-premise Configurations
+## Self-Hosted Configuration
| **Configuration Name** | **Concurrent
Cluster
Launch** | **Max Nodes** | **CPUs** | **Memory** | **Storage** | **MongoDB Limit** | **Running Workload** |
| ---------------------- | ------------------------------------------- | ------------- | -------- | ---------- | ----------- | ---------------------- | ------------------------------------------------- |