Important Notes
This is the first release of Oxide Computer Model 0, also known as the “0x1” rack. In future release notes, we will include detailed changelogs for each software component to highlight changes such as new features, bug fixes, and upgrade impact.
System Requirements
Oxide Computer is an appliance built with tightly integrated hardware and software components. It requires the following supporting services external to the rack for it to be operational:
L2 network that supports bidirectional port forwarding
NTP service for system time synchronization
Domain name service and a delegated subdomain for use by the rack
Identity provider that supports SAML authentication
Supported systems for the official clients:
Browsers for web console: Chrome, Edge, Firefox, Safari
OSes for CLI: Linux, macOS, Windows
Installation
Oxide Computer Model 0 must be installed and configured under the guidance of Oxide technicians. The requirement may change in future releases.
Features
The Oxide rack covers the complete hardware and software stack for deploying and managing virtual machine instances and related virtualized resources such as
persistent block storage in the form of detachable virtual disks
snapshots and disk images
private network interface for intra-subnet access
public network interface for inbound access
built-in NAT service for outbound public network access
virtual private cloud (VPC) and firewall capabilities
Many of the popular Linux distros such as Ubuntu, Debian and CentOS are supported as the guest operating systems for VM instances. Microsoft Windows server and desktop operating systems will be fully supported soon in the upcoming releases.
The key features for operators and administrators include:
organizing and isolating virtual resources by tenants and by projects
integrating with SAML-based identity provider for identity and access management
managing IP address allocation
basic metrics and visualizations for capacity utilization
The key management features for end-users include:
self-service orchestration via the web console and API
command-line tools including Oxide CLI and Terraform
capabilities to build custom integration tools using Oxide SDK
project-level resource utilization and disk I/O metrics
The rack also comes with built-in security features to ensure all hardware and software are genuine Oxide products:
purpose-built hardware root of trust (RoT) – present on every Oxide server and switch – cryptographically validates that its own firmware is genuine and unmodified
encryption of data at rest via internal key management system built on the RoT
trust quorum establishment at boot time to ensure the cryptographically-derived rack secret is verified before unlocking storage
More details about Oxide Computer can be found in the product documentation.
Known Behavior and Limitations
End-user features
| Feature Area | Known Issue/Limitation | Issue Number |
|---|---|---|
Firewall rules | Firewall rules using VPC as target should allow/deny traffic based on an instance’s private IP only and not apply the rules against the instance’s public IP. As a workaround, use subnet as target to permit only intra-subnet traffic without allowing inbound traffic from other IP addresses on the same public network as the instance. | |
Image/snapshot management | Image upload sometimes stalls with HTTP/2. | |
Image/snapshot management | Unable to create snapshots for disks attached to stopped instances. | |
Image/snapshot management | Spurious errors after snapshot or disk deletion has been completed successfully. | |
Image/snapshot management | The ability to delete images is not available at this time. | |
Image/snapshot management | The ability to modify image metadata is not available at this time. | |
Instance orchestration | The maximum instance size is currently limited to 32 vcpus and 64 GiB of memory, and up to seven 1023 GiB disks. | |
Instance orchestration | The ability to select which SSH keys to be passed to a new instance is not available at this time. | |
Instance orchestration | Concurrent instance provisioning requests (e.g., as typically happens with programmatic orchestration such as Terraform) may return 500 errors. Users can reduce the concurrency level to avoid the error or retry the failed requests. | |
Instance orchestration | Instance or disk provisioning requests may fail due to unhandled sled or storage failure on rare occasions. Users can retry the requests to work around the failures. | |
Telemetry | Guest VM cpu and memory metrics are unavailable at this time. | - |
VPC and routing | Inter-subnet traffic routing is not available by default. Router and routing rules will be supported in future releases. |
Operator features
| Feature Area | Known Issue/Limitation | Issue Number |
|---|---|---|
Access control | Device tokens do not expire. | |
Control plane | Sled and physical storage availability status are not available in the inventory UI and API yet. | |
Control plane | Operator-driven software update is currently unavailable. All updates need to be performed by Oxide technicians. | - |
Control plane | Operator-driven instance migration across sleds is currently unavailable. Instance migrations need to be performed by Oxide technicians. | - |
Network management | Public IP addresses used for VM instances are currently assigned from a single pool named “default”. End-users do not have the ability to see the names of other IP pools. The ability to set up and query per-project IP pools will be available soon in future releases. | |
Network management | Routing between the rack and on-premise L2 networks is currently restricted to static routes only. The use of Border Gateway Protocol (BGP) for dynamic route configuration will be supported in upcoming releases. | |
Telemetry | Hardware metrics such as temperatures, fan speeds, and power consumption are not exposed to the control plane at this time. | - |
User management | User offboarding from the rack is not supported at this time. Apart from updating the identity provider to remove obsolete users from the relevant groups, operators will need to remove any IAM roles granted directly to those users in silos and projects. |