Configure a Cloud and Cloud Account
This section provides a sample walk through to configure each supported cloud. Use each procedure as a guideline to configure the cloud of your choice.
- Configure a VMware Cloud
Configure a VMware Cloud
To configure the logical mapping for a VMware cloud, follow this process:
Access the CCM UI > Admin > Clouds > Add Cloud in the CCM UI main menu.
Select the VMware Private Cloud option, provide a Name and Description for this cloud, and click Save.
Locate the newly-added cloud and click Add Cloud Account button to add an account for this cloud family. The Add Cloud Account popup displays.
Assign a new cloud account Name.
- Select the check box to Track Cloud Costs.
Provide the vCenter account details.
Cloud Account Details Description vCenter Address The IP address to be configured for this account. vCenter User Name/Password The credentials to access this cloud account. See the next table for the required permissions. If vCenter users do not have full administrator rights, verify that each user (using CloudCenter) has the following permissions at a minimum:
vCenter Object Required Permission Reason Network Assign Network If the default network in a template/snapshot must be changed Datastore Allocate space
For persistent disk operation Browse datastore Low level file operations Remove file Folder Create folder For user folder creation Resource Apply recommendation
For datastore cluster support Assign VM to resource pool For resource pool selection Tasks Create task
For VM operation Update task Virtual Machine All permissions
Click Save and verify that the newly added cloud is displayed in the Cloud Configurations page.
Click the Regions tab to add a cloud region.
Click Add Cloud Regions.
Select the required regions for this cloud.
Add the Region Name and an optional Display Name for this cloud region.
Click Save.
(Optional) Click Edit Cloud Settings.
Caution
If you Edit Cloud Settings, you must save the changes to the CCO to ensure that these changes are also propagated to CCOs inside a firewall configuration.
If your CCO is already configured, you must re-register the CCO for these Cloud Settings to take effect.
To update the Instance Naming Strategy, the Instance IPAM Strategy, or the Node Name Config fields. The Region-Level Cloud Settings section provides more details on configuring these values.
To update the Windows Password Settings and Concurrent Node Launch, see Cloud Configuration.
To complete the cloud configuration, you must register the CCO with the CCM.
Register the CCO with the CCMRegister the CCO with the CCM
Cloud Region Nuances
Once you register a CCO with the CCM, the CCO only works for the registered cloud region.
CloudCenter
Once you register a CCO with the CCM, the CloudCenter platform considers this cloud region to be active and you can only delete the cloud region from the CloudCenter platform under specific conditions. See Cloud Region Configuration > Delete Cloud Region for additional details.
While the example provided references the AWS cloud, be aware that the screen captures may differ for each cloud.
Registration Process
To register the CCO with the CCM, follow this procedure:
In the Configure Orchestrator popup, provide the CCO IP address that is accessible by CCM and select the cloud account that is used to host the CCO:
If you are not already at this page, verify that you are in the Configure Regions page (Admin > Clouds > Configure Regions for the required cloud).
Click Configure Orchestrator in the Regions tab.
Orchestrator IP or DNS: Provide the IP or DNS address for the CCO server.
Remote Desktop Gateway DNS or IP: The IP address of the Guacamole server (enables browser-based access to the VMs). If the Guacamole component resides in the AMQP server, provide the IP address of the AMQP server.
Cloud Account: Select the cloud account that you want to use with this CCO.
Amazon Cloud Nuance
This setting is important if you have configured an IAM Role. Be sure to select the cloud account that contains this role.
Click Save. The CCM and CCO have now established a mutual trust relationship. The CloudCenter platform now manages the cloud region with the deployed CCO.
If in HA mode while registering, provide the IP or DNS of the CCO_LB server in the Orchestrator IP or DNS field and the AMQP_LB server IP or DNS in the Remote Desktop Gateway DNS or IP field.
You have registered the CCO VM and completed your configuration.
Next Steps
You have the following options at this point:
Add other cloud regions and register a CCO for each of these clouds. See Per Cloud Region (Required) for additional context.
Map your images. See Map Images for additional context.
If you need to grant permissions to launch images for your cloud account, see Image Launch Permissions.
Model, Deploy, and Manage Applications. See Application Profile for additional context.
Return to: Configure Cloud(s)
- Configure a vCD Cloud
Configure a vCD Cloud
Be aware that these screen captures may change based on the vCD changes. They are provided in this section as a point of reference.
Prerequisites
Before mapping a vCD cloud on the CloudCenter platform, verify the following requirements:
A valid vCD cloud account.
Launch the CCO in the same cloud region as the vCD cloud.
Follow this procedure to enable the vCD cloud provider in the CCO server – If you use the vCD cloud, you must configure the CCO servers.
To enable the vCD cloud provider in the CCO server, follow this procedure.
Copy the rest-api-schemas-8.10.0.jar and vcloud-java-sdk-8.10.0.jar files to the /usr/local/cliqr/lib directory.
Customers must use their copy of these libraries as these copies are not redistributable by Cisco. The 8.10.0 version is required.
Change the permission and owner for both jar files.
chmod 755 rest-api-schemas-8.10.0.jar vcloud-java-sdk-8.10.0.jar chown cliqruser:cliqruser rest-api-schemas-8.10.0.jar vcloud-java-sdk-8.10.0.jar
Restart the Gateway service so the CCO server automatically uses the vcloud-java-sdk and rest-api-schemas jar files.
systemctl restart gateway
Configuration Process
To configure the logical mapping for a vCD cloud, follow this procedure.
Access the CCM UI > Admin > Clouds > Add Cloud in the CCM UI main menu.
Select the VMware vCloud Director option, provide a Name and Description for this cloud, and click Save.
Locate the newly-added cloud and click Add Cloud Account to add an account for this cloud family. The Add Cloud Account popup displays.
Assign a new cloud account Name.
Select the check box to Track Cloud Costs.
Provide the vCD user details.
Cloud Account Details Description vCloud Organization Name The vCloud organization to which this account belongs. vCenter Username/Password The vCloud user name that you determined when you performed the site assessment. The vCloud Director user requires the App Author permissions for the desired organization in the vCD cloud in order to deploy applications using the CloudCenter platform.
Click Save and verify that the newly added cloud is displayed in the Cloud Configurations page.
Click the Regions tab to add a cloud region.
Click Add Region.
Select the required regions for this cloud.
Add the Region Name and an optional Display Name for this cloud region.
The Region Name must be the same as the Region Name provided in the vcdconfig file (referenced in the Prerequisites section above).
Click Save.
(Optional) Click Edit Cloud Settings to update the values in the Configure Cloud Settings popup.
Caution
If you Edit Cloud Settings, you must save the changes to the CCO to ensure that these changes are also propagated to CCOs inside a firewall configuration.
If your CCO is already configured, you must re-register the CCO for these Cloud Settings to take effect.
Field Description vCloud Endpoint URL The base vCD URL.
For example: https://vcd.example.com/The URL for org suffix is automatically added by the CloudCenter platform.
Instance Naming Strategy See Region-Level Cloud Settings for additional context. Node Name Config See Region-Level Cloud Settings for additional context. Instance IPAM Strategy See Region-Level Cloud Settings for additional context. To complete the cloud configuration, you must register the CCO with the CCM.
Register the CCO with the CCMRegister the CCO with the CCM
Cloud Region Nuances
Once you register a CCO with the CCM, the CCO only works for the registered cloud region.
CloudCenter
Once you register a CCO with the CCM, the CloudCenter platform considers this cloud region to be active and you can only delete the cloud region from the CloudCenter platform under specific conditions. See Cloud Region Configuration > Delete Cloud Region for additional details.
While the example provided references the AWS cloud, be aware that the screen captures may differ for each cloud.
Registration Process
To register the CCO with the CCM, follow this procedure:
In the Configure Orchestrator popup, provide the CCO IP address that is accessible by CCM and select the cloud account that is used to host the CCO:
If you are not already at this page, verify that you are in the Configure Regions page (Admin > Clouds > Configure Regions for the required cloud).
Click Configure Orchestrator in the Regions tab.
Orchestrator IP or DNS: Provide the IP or DNS address for the CCO server.
Remote Desktop Gateway DNS or IP: The IP address of the Guacamole server (enables browser-based access to the VMs). If the Guacamole component resides in the AMQP server, provide the IP address of the AMQP server.
Cloud Account: Select the cloud account that you want to use with this CCO.
Amazon Cloud Nuance
This setting is important if you have configured an IAM Role. Be sure to select the cloud account that contains this role.
Click Save. The CCM and CCO have now established a mutual trust relationship. The CloudCenter platform now manages the cloud region with the deployed CCO.
If in HA mode while registering, provide the IP or DNS of the CCO_LB server in the Orchestrator IP or DNS field and the AMQP_LB server IP or DNS in the Remote Desktop Gateway DNS or IP field.
You have registered the CCO VM and completed your configuration.
Next Steps
You have the following options at this point:
Add other cloud regions and register a CCO for each of these clouds. See Per Cloud Region (Required) for additional context.
Map your images. See Map Images for additional context.
If you need to grant permissions to launch images for your cloud account, see Image Launch Permissions.
Model, Deploy, and Manage Applications. See Application Profile for additional context.
Return to: Configure Cloud(s)
- Configure a SoftLayer Cloud
Configure a IBM Bluemix (SoftLayer) Cloud
Be aware that these screen captures may change based on the IBM Bluemix portal changes. They are provided in this section as a point of reference.
Prerequisites
Before mapping a IBM Bluemix cloud on the CloudCenter platform, verify the following IBM Bluemix requirements:
A valid IBM Bluemix PORTAL account.
IBM Bluemix Account Name: The exact name displayed in the Username column in the IBM Bluemix Portal's Users page. Copy the required Username and paste it in the CloudCenter CCM UI as specified during the Configuration Process identified below.
IBM Bluemix Account API Key: This is the API key for this user's account: If you do not have an API key for this account, retrieve the API key at this point.
Copy this API key and paste it in the CloudCenter CCM UI as specified during the Configuration Process identified below.Already Generated API Key: Access the IBM Bluemix Portal's Users page. Click View (in API Key column corresponding to the required user).
Not Generated an API Key: Access the IBM Bluemix Portal's Users page. Click Generate (in API Key column corresponding to the required user).
Device Name: This is the exact name displayed in the Device Name column in the IBM Bluemix Portal's Device List page. Copy the required Device name and paste it in the CloudCenter CCM UI as specified during the Configuration Process identified below.
You MUST launch the CCO in the same cloud region as this IBM Bluemix device – you cannot select different regions for the CCO and this device.
Images: CloudCenter 4.9.0 supports both Image ID and Image Template Name:
Image ID: This is the preferred option as it resolves image name conflicts caused by multiple images having the same name. To find the Image ID, navigate to the Bluemix Portal's Template page and copy the Image ID that similar to the ID highlighted in this URL example:
https://control.softlayer.com/devices/images/1838253?imageType=publicImage Template Name: This is the exact name displayed in the Image Template Details section in the IBM Bluemix Portal's Images page. Copy the required Image Name and paste it in the CloudCenter CCM UI as specified during the Configuration Process identified below.
Configuration Process
To configure the logical mapping for a IBM Bluemix cloud, follow this procedure.
- Access the CCM UI > Admin > Clouds > Add Cloud in the CCM UI main menu.
Select the IBM Bluemix an IBM Company option, provide a Name and Description for this cloud, and click Save.
Locate the newly-added cloud and click the Add Cloud Account link. The Add Cloud Account pop-up displays:
Assign a new cloud account name.
Tip
The name should not contain any space, dash, or special characters.
Add the following Cloud Credentials associated with your IBM Bluemix account and click Save.
IBM Bluemix Account Name: The IBM Bluemix Username identified in Prerequisites section above.
IBM Bluemix Account API Key: The IBM Bluemix API Key identified in Prerequisites section above.
Click the Regions tab to add a cloud region.
Click Add Cloud Regions.
Select the required regions for this cloud.
Add the Region Name and an optional Display Name for this cloud region.
Click Save.
The Instance Types, the Storage Types, and the Image Maps sections are automatically populated with as soon as you add the region.
(CloudCenter 4.8.2x and earlier) Click Edit Cloud Settings to update the IBM Bluemix cloud settings for each region.
This selection is not available in CloudCenter 4.9.0 and later. You can configure these VLAN and subnet settings on a per-deployment basis as listed in Environments and Deployment Environment Defaults.
DefaultprivateVlanNumber: Specifies the default IBM Bluemix private cloud network to which this CloudCenter instance must be launched.
Default publicVlanNumber: Specifies the default IBM Bluemix public cloud network to which this CloudCenter instance must be launched..
Click Save.
Caution
If you Edit Cloud Settings, you must save the changes to the CCO to ensure that these changes are also propagated to CCOs inside a firewall configuration.
If your CCO is already configured, you must re-register the CCO for these Cloud Settings to take effect
(Optional effective CloudCenter 4.9.0 and later) Click Edit Cloud Settings to update the Domain Name. In the IBM cloud console, the domain name is displayed next to the device name.
(Optional effective CloudCenter 4.9.0 and later) Update the Instance Naming Strategy, Instance IPAM Strategy, or the Node Name Config fields. The Region-Level Cloud Settings section provides more details on configuring these values.
Caution
If you Edit Cloud Settings, you must save the changes to the CCO to ensure that these changes are also propagated to CCOs inside a firewall configuration.
If your CCO is already configured, you must re-register the CCO for these Cloud Settings to take effect.
To complete the cloud configuration, you must register the CCO with the CCM.
Register the CCO with the CCMRegister the CCO with the CCM
Cloud Region Nuances
Once you register a CCO with the CCM, the CCO only works for the registered cloud region.
CloudCenter
Once you register a CCO with the CCM, the CloudCenter platform considers this cloud region to be active and you can only delete the cloud region from the CloudCenter platform under specific conditions. See Cloud Region Configuration > Delete Cloud Region for additional details.
While the example provided references the AWS cloud, be aware that the screen captures may differ for each cloud.
Registration Process
To register the CCO with the CCM, follow this procedure:
In the Configure Orchestrator popup, provide the CCO IP address that is accessible by CCM and select the cloud account that is used to host the CCO:
If you are not already at this page, verify that you are in the Configure Regions page (Admin > Clouds > Configure Regions for the required cloud).
Click Configure Orchestrator in the Regions tab.
Orchestrator IP or DNS: Provide the IP or DNS address for the CCO server.
Remote Desktop Gateway DNS or IP: The IP address of the Guacamole server (enables browser-based access to the VMs). If the Guacamole component resides in the AMQP server, provide the IP address of the AMQP server.
Cloud Account: Select the cloud account that you want to use with this CCO.
Amazon Cloud Nuance
This setting is important if you have configured an IAM Role. Be sure to select the cloud account that contains this role.
Click Save. The CCM and CCO have now established a mutual trust relationship. The CloudCenter platform now manages the cloud region with the deployed CCO.
If in HA mode while registering, provide the IP or DNS of the CCO_LB server in the Orchestrator IP or DNS field and the AMQP_LB server IP or DNS in the Remote Desktop Gateway DNS or IP field.
You have registered the CCO VM and completed your configuration.
Next Steps
You have the following options at this point:
Add other cloud regions and register a CCO for each of these clouds. See Per Cloud Region (Required) for additional context.
Map your images. See Map Images for additional context.
If you need to grant permissions to launch images for your cloud account, see Image Launch Permissions.
Model, Deploy, and Manage Applications. See Application Profile for additional context.
Return to: Configure Cloud(s)
- Configure an OpenStack Cloud
Configure an OpenStack Cloud
To configure the logical mapping for an OpenStack cloud, follow this procedure.
Access the CCM UI > Admin > Clouds > Add Cloud in the CCM UI main menu.
Select OpenStack, provide a Name and Description for this cloud, and click Save.
Locate the newly-added cloud and click Add Cloud Account to add an account for this cloud family.
Click Add Cloud Account to add an account for this cloud family. The Add Cloud Account popup displays.
If OpenStack users do not have full administrator rights, verify that each user (using CloudCenter) has access credentials at a minimum.
Cloud Account Details Description OpenStack User Name/Password The credentials to access this cloud account. Default Domain Name (V3) Optional. When you add an OpenStack cloud account, you can choose V2 or V3 OpenStack endpoints: Not required if you use V2
If you use V3, provide either the default Domain ID or Default Domain Name.
The cloud region setting validates the region.
Default Domain ID (V3) Default Tenant Name (V3 Project Name)
Optional. The OpenStack project name.
Default Domain ID (V3 Project ID) Optional. If set, the Default Tenant ID (OpenStack setting in CloudCenter) has precedence over the Default Tenant Name. Assign a new cloud account Name.
Select the check box to Track Cloud Costs.
Provide the OpenStack user credentials.
Optional. You can add the Domain ID and Domain Name to configure an OpenStack domain that uses their V3 APIs. If you select a V3 API domain, provide the Domain ID or the Domain Name.
Click Save and verify that the newly added cloud account (see Cloud for additional context on terminology) is displayed in the Clouds page.
Click the Configure Cloud link. The Accounts tab in the Cloud Accounts page displays all configured cloud accounts.
- Click the Regions tab to add a cloud region.
- Click Add Cloud Regions.
- Select the required regions for this cloud.
- Add the Region Name and an optional Display Name for this cloud region.
Click Save.
Click the Edit Cloud Settings link to update the settings for each cloud region.
Required settings:
Region (the region must be a valid OpenStack region)
- OpenStack Keystone API Version (the dropdown list includes both v2 and v3 options – select one of these options)
OpenStack Keystone Authentication Endpoint (this setting is not available in the Cloud Account popup, it is only available in the Cloud Region popup)
Optional settings:
The Instance Naming Strategy, the Instance IPAM Strategy, or the Node Name Config fields. The Region-Level Cloud Settings section provides more details on configuring these values.
Caution
If you Edit Cloud Settings, you must save the changes to the CCO to ensure that these changes are also propagated to CCOs inside a firewall configuration.
If your CCO is already configured, you must re-register the CCO for these Cloud Settings to take effect.
To update the Use Config Drive and Nodes Per Batch fields, see Cloud Configuration.
Effective CloudCenter 4.8.2.1, you can also configure the Bootable Volume Mapping Required field.
This field has the following choices:Default: Use this option if your native OpenStack configuration supports the Create Servers OpenStack API.
No Blocked Device Mapping Required for Launch: Only use this option if OpenStack is configured along with a third-party infrastructure that is not visible to the CloudCenter platform – if your native OpenStack configuration does not support the Create Servers OpenStack API (with bootable volume mapping).
To complete the cloud configuration, you must register the CCO with the CCM.
Register the CCO with the CCMRegister the CCO with the CCM
Cloud Region Nuances
Once you register a CCO with the CCM, the CCO only works for the registered cloud region.
CloudCenter
Once you register a CCO with the CCM, the CloudCenter platform considers this cloud region to be active and you can only delete the cloud region from the CloudCenter platform under specific conditions. See Cloud Region Configuration > Delete Cloud Region for additional details.
While the example provided references the AWS cloud, be aware that the screen captures may differ for each cloud.
Registration Process
To register the CCO with the CCM, follow this procedure:
In the Configure Orchestrator popup, provide the CCO IP address that is accessible by CCM and select the cloud account that is used to host the CCO:
If you are not already at this page, verify that you are in the Configure Regions page (Admin > Clouds > Configure Regions for the required cloud).
Click Configure Orchestrator in the Regions tab.
Orchestrator IP or DNS: Provide the IP or DNS address for the CCO server.
Remote Desktop Gateway DNS or IP: The IP address of the Guacamole server (enables browser-based access to the VMs). If the Guacamole component resides in the AMQP server, provide the IP address of the AMQP server.
Cloud Account: Select the cloud account that you want to use with this CCO.
Amazon Cloud Nuance
This setting is important if you have configured an IAM Role. Be sure to select the cloud account that contains this role.
Click Save. The CCM and CCO have now established a mutual trust relationship. The CloudCenter platform now manages the cloud region with the deployed CCO.
If in HA mode while registering, provide the IP or DNS of the CCO_LB server in the Orchestrator IP or DNS field and the AMQP_LB server IP or DNS in the Remote Desktop Gateway DNS or IP field.
You have registered the CCO VM and completed your configuration.
Next Steps
You have the following options at this point:
Add other cloud regions and register a CCO for each of these clouds. See Per Cloud Region (Required) for additional context.
Map your images. See Map Images for additional context.
If you need to grant permissions to launch images for your cloud account, see Image Launch Permissions.
Model, Deploy, and Manage Applications. See Application Profile for additional context.
Return to: Configure Cloud(s)
- Configure a Kubernetes Cloud
Configure a Kubernetes Cloud
Be aware that these screen captures may change based on the Kubernetes container changes. They are provided in this section as a point of reference.
Prerequisites
Before mapping a Kubernetes cluster to a Kubernetes cloud in CloudCenter, verify the following Kubernetes requirements:
A valid Kubernetes service account.
A cluster-admin cluster role binding exists on the API server (see the Kubernetes Documentation).
A valid Service Account Token. You can retrieve the Service Account Token from Kubernetes using one of two methods:
Kubernetes Dashboard Method:
Access the Kubernetes web UI and scroll the left menu bar down to Config and Storage and click Secrets. The list of secrets for the cluster is shown on the right panel:
Click the link corresponding to the Service Account Token to view the token details screen:
Click the eyeball icon to the left of the token at the end of the Data section to reveal the token. Copy and paste to the Service Account Token field in the CloudCenter platform's Add Cloud Account pop-up.
The service account token must be in base64 format before pasting into the Add Cloud Accounts page. Retrieving the token form the Kubernetes Web UI assures this to be true.
The kubectl Command Method:
Issue the following commands in sequence – the last command returns the token.
Copy and paste this token to the Service Account Token field in the CloudCenter platform's Add Cloud Account pop-up.
export NAMESPACE="default" export SERVICE_ACCOUNT_NAME="bob-the-bot3" kubectl create serviceaccount $SERVICE_ACCOUNT_NAME -n $NAMESPACE serviceaccount "bob-the-bot3" created kubectl create clusterrolebinding <name> --clusterrole=cluster-admin -serviceaccount=$NAMESPACE:$SERVICE_ACCOUNT_NAME export SECRET_NAME=$(kubectl get serviceaccount $SERVICE_ACCOUNT_NAME -n $NAMESPACE -o 'jsonpath={.secrets[0].name}' 2>/dev/null) kubectl get secret $SECRET_NAME -n $NAMESPACE -o "jsonpath={.data.token}" | openssl enc -d -base64 -
API Endpoint URL for the service account – you can retrieve this information using the following command:
kubectl cluster-info
To further debug and diagnose cluster-related problems, you can additionally use the following command:
kubectl cluster-info dump
API Version: By default, this setting is optional and not required.
You may need to configure it based on your Kubernetes cluster settings.Default API Version (Optional) – The API version of the Kubernetes cluster.
API Override Version (Optional) – When creating resources like network policy or persistent volume claim in a Kubernetes cluster, you may be using a specific API version that is different from the default API version. To address this difference, add an entry in this field using the following examples as guidance, where custom_api_version should be replaced by the specific API version in your environment:
Example 1:
Secret:custom_api_version;Service:custom_api_version;PersistentVolumeClaim:custom_api_version;NetworkPolicy:custom_api_version;Pod:custom_api_version;Deployment:custom_api_versionExample 2:
PersistentVolumeClaim:custom_api_version;NetworkPolicy:custom_api_version;Pod:custom_api_version;Deployment:custom_api_versionExample 3:
PersistentVolumeClaim:custom_api_version;NetworkPolicy:custom_api_version
Configuration Process
To configure the logical mapping for a Kubernetes cloud, follow this procedure.
Access the CCM UI > Admin > Clouds > Add Cloud in the CCM UI main menu.
Select the Kubernetes option, provide a Name and Description for this cloud, and click OK.
Locate the newly-added cloud and click the Add Cloud Account link. The Add Cloud Account pop-up displays:
Assign a new cloud account name.
Tip
The name should not contain any space, dash, or special characters.
Add the following Cloud Credentials associated with your Kubernetes cluster and click Save.
Field
Description
Service Account Name
The email address or username that you used to login to the Kubernetes cluster.
Service Account Token
The token used to access the Kubernetes service account as specified in the Prerequisites section above.
Add the Kubernetes API endpoint information:
Click the Details tab for this Kubernetes cloud:
Click the Edit Kubernetes Settings link to bring up the Configure Cloud Settings pop-up page:
Add the API Endpoint URL and optional Default API Version and/or API Version Override, if applicable, then click Save. The API endpoint URL can be obtained by running the kubectl cluster-info command on the master node. (See the Prerequisites section above).
Add instance types to the cloud. From the details tab, click Add Instance Types. This brings up the Add Instance Types pop-up page. Populate the required fields and click Save. Repeat this process for all instance types you need to specify.
You must explicitly create the Instance Types as required. See Manage Instance Types for additional context.
The Instance Type reflects MilliCPUs for a Kubernetes container and (Virtual) CPUs for all other clouds.
To complete the cloud configuration, you must register the CCO with the CCM.
Register the CCO with the CCMRegister the CCO with the CCM
Cloud Region Nuances
Once you register a CCO with the CCM, the CCO only works for the registered cloud region.
CloudCenter
Once you register a CCO with the CCM, the CloudCenter platform considers this cloud region to be active and you can only delete the cloud region from the CloudCenter platform under specific conditions. See Cloud Region Configuration > Delete Cloud Region for additional details.
While the example provided references the AWS cloud, be aware that the screen captures may differ for each cloud.
Registration Process
To register the CCO with the CCM, follow this procedure:
In the Configure Orchestrator popup, provide the CCO IP address that is accessible by CCM and select the cloud account that is used to host the CCO:
If you are not already at this page, verify that you are in the Configure Regions page (Admin > Clouds > Configure Regions for the required cloud).
Click Configure Orchestrator in the Regions tab.
Orchestrator IP or DNS: Provide the IP or DNS address for the CCO server.
Remote Desktop Gateway DNS or IP: The IP address of the Guacamole server (enables browser-based access to the VMs). If the Guacamole component resides in the AMQP server, provide the IP address of the AMQP server.
Cloud Account: Select the cloud account that you want to use with this CCO.
Amazon Cloud Nuance
This setting is important if you have configured an IAM Role. Be sure to select the cloud account that contains this role.
Click Save. The CCM and CCO have now established a mutual trust relationship. The CloudCenter platform now manages the cloud region with the deployed CCO.
If in HA mode while registering, provide the IP or DNS of the CCO_LB server in the Orchestrator IP or DNS field and the AMQP_LB server IP or DNS in the Remote Desktop Gateway DNS or IP field.
You have registered the CCO VM and completed your configuration.
Next Steps
You have the following options at this point:
Add other cloud regions and register a CCO for each of these clouds. See Per Cloud Region (Required) for additional context.
Map your images. See Map Images for additional context.
If you need to grant permissions to launch images for your cloud account, see Image Launch Permissions.
Model, Deploy, and Manage Applications. See Application Profile for additional context.
Caution
If you Edit Kubernetes Settings, you must save the changes to the CCO to ensure that these changes are also propagated to CCOs inside a firewall configuration.
If your CCO is already configured, you must re-register the CCO for these Cloud Settings to take effect.
Return to: Configure Cloud(s)
- Configure Google Cloud
Configure Google Cloud
Be aware that these screen captures may change based on the Google Cloud platform changes. They are provided in this section as a point of reference.
Prerequisites
Before mapping a Google cloud on the CloudCenter platform, verify the following Google requirements:
A valid Google Cloud Platform account with Project Owner permissions
If using the Shared VPC network feature, you also required Shared VPC Admin permissions (see https://cloud.google.com/vpc/docs/provisioning-shared-vpc for additional context).
The CloudCenter platform appends the network name with an unique ID to form the firewall rule name, the network name can be a maximum of 24 (network name) + 39 (unique ID) = 63 total characters. For example: abcdefghijklmnopqrstuvwx-c3f-462828f37a06acd3ee194716bfe10de0
Enable the following APIs for each Google cloud account where you will be adding to CloudCenter platform:
Google Compute Engine API
Google Cloud Resource Manager API
The following image depicts the Google portal to enabled APIs:
Launch the CCO in the same cloud region as the Google cloud and create an Instance in the Google cloud on the Google Cloud Platform console:
Select CentOS7 as the OS image in the Boot Disk field and increase the Size of the disk as required (see Phase 1: Prepare Infrastructure > Hardware Requirements for additional context).
Access the newly-created instance and edit it to add Custom metadata.
Google Instances are identified by their instanceName, projectId, and zone in a CloudCenter configuration.
The nodeId is used for the instanceName
The instance metadata contains the projectId, zone, and vmId.
The vmId is a unique identifier but it is not used for any VM operation, just for the metadata purposes. See VM Management for additional context.
Navigate to the following screen on the Google Cloud Platform:
Name: Provide any name as required.
Network: Default (CloudCenter does not support Custom networks in this field).
Source IP ranges: 0.0.0.0/0 (this is an example, be sure to provide secure IP ranges as required by your environment).
Allowed protocols and ports: tcp:80;tcp:443 (this is an example, be sure to provide the ports and protocols for your environment).
Target Tags: This field is REQUIRED for CloudCenter configurations. If you are launching the CCO instance, add cco as the tag.
Create the newly created firewall rule and ensure that it is added to the list:
In the Compute Engine Dashboard, access the VM instance that you launched and apply the firewall rule tag (in this example cco) to this VM Instance.
GCP Project ID: This is the project ID associated with the account used to log into GCP.
Effective CloudCenter 4.8.1
The Project ID for Google Cloud account setting is optional.
The Project ID selected in the cloud settings section of the Deploy form is where the VM is deployed.
The CloudCenter platform additionally supports Google's beta Shared VPC feature where you can share multiple projects across the same network. The typical use case for the Shared VPC support is multiple departments having their own projects across the same network. In this use case, one department creates the Shared VPC Host Project and network and then shares the network with the other departments (Shared VPC Service Projects).
The following is an example of a Shared VPC projects:
The following image depicts a Shared VPC host project and the orange rectangle highlights the shared networks:
The following image depicts a the Service projects that are attached to the host project.
The following image depicts a service project with the shared network:
The service projects must display the shared subnetworks.
GCP Service Account Email Address: The email address for the Service account associated with this project.
Retrieve Email AddressTo retrieve this email address, follow this procedure:
Navigate to the Google Cloud Platform's Manage project settings screen.
In the IAM & Admin section locate the required Service Account name.
If you do not have an existing Service account, create it now (when you select a role for this account, select Owner, to ensure that you have full access to all resources):
Identify the Service account ID as highlighted in the following image. This Service account ID is required for the GCP Service Account Email Address field in the CCM UI.
GCP Service Account PK Filename: Create a new key at this point and copy it as this key is never displayed again. This new name for the P12 file is required for the GCP Service Account PK Filename field in the CCM UI.
GCP Service Account PK Filename ReferenceFrom the IAM & Admin page, locate the Service account that you configured above:
Retrieve the key if it is already created. If it is not created, click the icon corresponding to this Service account ID and select the Create Key option:
Change the file format for this key to P12 and create the file for this private key.
Note the name that was automatically assigned for this file. If you do not note it down, you may need to create a new key.
Change the name of this file in your download location to ensure easy reference:
Based on the above prerequisites, note the following details and have them handy to enter into the CCM UI as specified during the Configuration Process identified below–these details will differ based on the project being a single project or a Shared VPC project:
The GCP Email Address (the email used to log into GCP)
The GCP Service Account Email Address (the Service account ID for this project)
If you use shared networks from the Shared VPC host project, be sure to add the following Google-specific roles to the service account on the Shared VPC host project: Compute Security Admin role and Compute Network User role. Both roles are mandatory.
The GCP Project ID for this account (the Project ID for this account)
The GCP Service Account PK Filename (the downloaded key file name)
Configuration Process
To configure the logical mapping for a Google cloud, follow this procedure.
Access the CCM UI > Admin > Clouds > Add Cloud in the CCM UI main menu.
Select the Google Cloud Platform option, provide a Name and Description for this cloud, and click Save.
Locate the newly-added cloud and click the Add Cloud Account link. The Add Cloud Account pop-up displays:
Assign a new cloud account name.
Tip
The name should not contain any space, dash, or special characters.
Add the following Cloud Credentials associated with your Google account and click Save.
These details will differ based on the project being a single project or a shared Shared VPC project.
The location of these details in GCP are identified in Prerequisites section above
Field
Description
GCP Email Address
The email address that you used to log into the GCP account.
GCP Service Account Email Address
The email address associated with your project(s).
GCP Service Account PK File Name
The P12 key associated with the Service Account.
GCP Project ID (optional)
Not used – as the project is selected during the CloudCenter application deployment.
User Network
Not used.
Click the Regions tab.
Before you add a new region, you need to add the Google Cloud Platform key in the CCO instance as well.
This step is important – each time you add an account to the Google Cloud Platform cloud, you must ensure to create a new key for that account in Google Cloud Platform and then add the P12 key to the CCO instance at this point, before configuring the region.
Navigate to the /usr/local/osmosix/ folder.
Create a folder called /gce
In the /usr/local/osmosix/gce folder, create a folder calls keys.
After you download the key (the P12 file mentioned in Step 3), ensure that the owner and group permissions for the folders and the p12 files are cliqruser and cliqruser.
chown –R cliqruser:cliqruser /usr/local/osmosix/gce
Click the Regions tab to add a cloud region.
Click Add Cloud Regions.
Select the required regions for this cloud.
Add the Region Name and an optional Display Name for this cloud region.
Click Save.
The Instance Types, the Storage Types, and the Image Maps sections are automatically populated with as soon as you add the region.
Click Edit Cloud Settings to update the Google cloud settings for each region.
Caution
If you Edit Cloud Settings, you must save the changes to the CCO to ensure that these changes are also propagated to CCOs inside a firewall configuration.
If your CCO is already configured, you must re-register the CCO for these Cloud Settings to take effect.
Assign the Cloud Credentials for each project as each project has its own credentials and these settings may differ between projects. These fields are already explained in Step 3 above.
Click Save.
To complete the cloud configuration, you must register the CCO with the CCM.
Register the CCO with the CCMRegister the CCO with the CCM
Cloud Region Nuances
Once you register a CCO with the CCM, the CCO only works for the registered cloud region.
CloudCenter
Once you register a CCO with the CCM, the CloudCenter platform considers this cloud region to be active and you can only delete the cloud region from the CloudCenter platform under specific conditions. See Cloud Region Configuration > Delete Cloud Region for additional details.
While the example provided references the AWS cloud, be aware that the screen captures may differ for each cloud.
Registration Process
To register the CCO with the CCM, follow this procedure:
In the Configure Orchestrator popup, provide the CCO IP address that is accessible by CCM and select the cloud account that is used to host the CCO:
If you are not already at this page, verify that you are in the Configure Regions page (Admin > Clouds > Configure Regions for the required cloud).
Click Configure Orchestrator in the Regions tab.
Orchestrator IP or DNS: Provide the IP or DNS address for the CCO server.
Remote Desktop Gateway DNS or IP: The IP address of the Guacamole server (enables browser-based access to the VMs). If the Guacamole component resides in the AMQP server, provide the IP address of the AMQP server.
Cloud Account: Select the cloud account that you want to use with this CCO.
Amazon Cloud Nuance
This setting is important if you have configured an IAM Role. Be sure to select the cloud account that contains this role.
Click Save. The CCM and CCO have now established a mutual trust relationship. The CloudCenter platform now manages the cloud region with the deployed CCO.
If in HA mode while registering, provide the IP or DNS of the CCO_LB server in the Orchestrator IP or DNS field and the AMQP_LB server IP or DNS in the Remote Desktop Gateway DNS or IP field.
You have registered the CCO VM and completed your configuration.
Next Steps
You have the following options at this point:
Add other cloud regions and register a CCO for each of these clouds. See Per Cloud Region (Required) for additional context.
Map your images. See Map Images for additional context.
If you need to grant permissions to launch images for your cloud account, see Image Launch Permissions.
Model, Deploy, and Manage Applications. See Application Profile for additional context.
Return to: Configure Cloud(s)
- Configure a Dimension Data Cloud
Configure a Dimension Data Cloud
Prerequisites
Before mapping a Dimension Data cloud on the CloudCenter platform, verify the following requirements:
A valid Dimension Data CloudControl account with the ability to launch VMs.
A network domain or domains is/are created in the desired datacenter, and at least one VLAN is created under the Network Domain(s).
At least one Public IPv4 address block has been added to the Network Domain and IP addresses are available to assign public IP to the worker VMs.
Configure a Dimension Data Cloud
To configure the logical mapping for a Dimension Data cloud, follow this process:
Access the CCM UI > Admin > Clouds > Add Cloud in the CCM UI main menu.
Select the Dimension Data option, provide a Name and Description for this cloud, and click Save.
Locate the newly-added cloud and click Add Cloud Account to add an account for this cloud family.
The Add Cloud Account popup displays.
Assign a cloud account Name.
Provide the Dimension Data cloud login credentials.
Opsource (Dimension Data) Account Name: The user name for your Dimension Data cloud account.
Password: The password from your Dimension Data account.
Click Save. The newly added cloud is displayed in the Cloud Configurations page.
Click the Regions tab to add a cloud region.
Click Add Cloud Regions.
Select the required regions for this cloud.
Add the Region Name and an optional Display Name for this cloud region.
Click Save.
The Instance Types, the Storage Types, and the Image Maps sections are automatically populated with as soon as you add the region.
(Optional) Click Edit Cloud Settings to update the Instance Naming Strategy, Instance IPAM Strategy, or the Node Name Config fields. The Region-Level Cloud Settings section provides more details on configuring these values.
Caution
If you Edit Cloud Settings, you must save the changes to the CCO to ensure that these changes are also propagated to CCOs inside a firewall configuration.
If your CCO is already configured, you must re-register the CCO for these Cloud Settings to take effect.
To complete the cloud configuration, you must register the CCO with the CCM.
Register the CCO with the CCMRegister the CCO with the CCM
Cloud Region Nuances
Once you register a CCO with the CCM, the CCO only works for the registered cloud region.
CloudCenter
Once you register a CCO with the CCM, the CloudCenter platform considers this cloud region to be active and you can only delete the cloud region from the CloudCenter platform under specific conditions. See Cloud Region Configuration > Delete Cloud Region for additional details.
While the example provided references the AWS cloud, be aware that the screen captures may differ for each cloud.
Registration Process
To register the CCO with the CCM, follow this procedure:
In the Configure Orchestrator popup, provide the CCO IP address that is accessible by CCM and select the cloud account that is used to host the CCO:
If you are not already at this page, verify that you are in the Configure Regions page (Admin > Clouds > Configure Regions for the required cloud).
Click Configure Orchestrator in the Regions tab.
Orchestrator IP or DNS: Provide the IP or DNS address for the CCO server.
Remote Desktop Gateway DNS or IP: The IP address of the Guacamole server (enables browser-based access to the VMs). If the Guacamole component resides in the AMQP server, provide the IP address of the AMQP server.
Cloud Account: Select the cloud account that you want to use with this CCO.
Amazon Cloud Nuance
This setting is important if you have configured an IAM Role. Be sure to select the cloud account that contains this role.
Click Save. The CCM and CCO have now established a mutual trust relationship. The CloudCenter platform now manages the cloud region with the deployed CCO.
If in HA mode while registering, provide the IP or DNS of the CCO_LB server in the Orchestrator IP or DNS field and the AMQP_LB server IP or DNS in the Remote Desktop Gateway DNS or IP field.
You have registered the CCO VM and completed your configuration.
Next Steps
You have the following options at this point:
Add other cloud regions and register a CCO for each of these clouds. See Per Cloud Region (Required) for additional context.
Map your images. See Map Images for additional context.
If you need to grant permissions to launch images for your cloud account, see Image Launch Permissions.
Model, Deploy, and Manage Applications. See Application Profile for additional context.
Return to: Configure Cloud(s)
- Configure a Cisco UCSD Cloud
Configure a Cisco UCSD Cloud
The CloudCenter platform provides Cisco Unified Computing Systems Director (UCSD) integration that enables you to invoke UCSD callout workflows. Users can drag and drop the Cisco UCSD service into the CloudCenter Topology Modeler and create a topology with single or multiple UCSD callouts. This allows enterprises to create a mixed topology of applications using UCSD callouts and provides the following benefits:
- Enterprises can use CloudCenter for governance as well as workflow management.
- SysAdmins can use UCSD to provision physical storage.
Limitations
Be aware of the following limitations if you decide to use this integration:
The CloudCenter platform does not support HA environments for UCSD workflows.
See Phase 1: Prepare Infrastructure for release compatibility details.
This implementation of the UCSD integration allows you to provision your storage setup on network appliances (tested and verified for the CloudCenter platform).
UCSD currently allows VM provisioning.
This feature has been tested and implemented for select customers.
This CloudCenter release only supports the version that is explicitly listed in Datacenters and Private Clouds.
Worker1 appliances are not required for this integration.
CCM and CCO appliances are not available for this integration.
When you create an External Initialization Script (see External Service) for a cloud region and launch a UCSD workflow from the CCM, the workflow is executed but the region-level External Initialization Script is not executed. This is because the External Initialization Script (PreVM init) is generally executed before a VM is launched and there is no VM being launched in UCSD.
Even if you have multiple UCSD accounts in CloudCenter when modeling an application, the CloudCenter platform does not allow you to select a specific region of UCSD. Essentially, you can only have one UCSD account for each CloudCenter platform.
Integration Requirements
To integrate with Cisco UCSD, the CloudCenter SysAdmin must adhere to the following requirements:
Administrator ability to access to the Cisco UCSD account and environment.
If you intend to integrate UCSD in your enterprise, the CloudCenter platform requires access to the UCSD environment to provide end-to-end deployment.
Knowledge of the list of UCSD workflows to be called by the CloudCenter platform.
The CloudCenter platform abstracts the orchestration process to use the callout flows exposed by UCSD. The CloudCenter platform merely uses exposed UCSD parameters for cloud governance and management purposes.
Each Cisco UCSD instance must be associated with a CCO before you Model an Application.
Currently, one CloudCenter platform supports one UCSD instance.
Each CloudCenter UCSD implementation requires an associated physical image entry in the CloudCenter platform (this is a dummy placeholder – even if a logical Image is not used).
If using a VMware Appliance Setup, you can enable the UCSD cloud provider in the CCO server by following this procedure.
SSH to the CCO and navigate to the directory /usr/local/osmosix/etc in each CCO .
Ensure that CiscoUCSD is displayed in its contents.
[root@ucsd65-cco-49 Jul9-4.9.1]# cat /usr/local/osmosix/etc/cloud CiscoUCSD
Ensure that the cloud value is set to CiscoUCSD in its contents.
[root@ucsd65-cco-49 Jul9-4.9.1]# cat /usr/local/osmosix/etc/profile.properties cloud=CiscoUCSD
Restart the Gateway service so the CCO server automatically uses Cisco UCSD in its configuration.
systemctl restart gateway
UCSD Workflow Support
UCSD has the concept of workflows. These workflows differ between enterprises and deployments. An example of such a workflow is when you provision storage using the UCSD integration, CloudCenter currently calls the following workflows:
Create a new storage space or VM (generally referred to as resource)
Validate the existence of a storage space
Update an existing storage space
Delete a storage space
Retrieve information about a storage space
UCSD Workflow Requirements from CloudCenter Perspective
The CloudCenter platform requires the following UCSD IDs:
Service Request ID: This ID is generated by the UCSD workflow. The CloudCenter platform uses this ID.
Resource ID: In the Deployment workflow when you create a new storage space or VM, the CloudCenter platform expects to receive the resource ID (the ID of the provisioned resource) of the UCSD workflow as an output parameter.
The CloudCenter termination workflow (that a UCSD user sets up) should typically use this Resource ID to refer to the originally provisioned entity and remove that entity as required.
For example:
If your workflow needs to provision a storage system, your workflow should return a Storage ID as the Resource ID.
If your workflow needs to launch a VM, it could return the VM ID as the Resource ID.
The following is a basic sample script to return a Resource ID from a UCSD workflow task.
//// return value for Cisco CloudCenter // var srid=ctxt.getSrId(); logger.addInfo("SR ID: " + srid); json_output="{"resourceId":"" + srid + ""}"; logger.addInfo("json_output: " + json_output); output.JSON_OUTPUT=json_output;
Configure UCSD as a Custom Service
The current UCSD workflows are specific to the creation and maintenance of additional storage work spaces for enterprises. As UCSD is associated with one CCO, each time you access information about the storage space, the CCO retrieves the permitted UCSD workflows.
To configure, define, and use UCSD as a custom service, follow this process:
Access the CCM UI > Admin > Clouds > Add Cloud in the CCM UI main menu.
Select the Cisco UCSD option, provide a Name and Description for this cloud, and click Save.
Locate the newly-added cloud and click Add Cloud Account to add an account for this cloud family. The Add Cloud Account popup displays.
Assign a new cloud account Name.
Select the check box to Track Cloud Costs.
Provide the UCSD Cloud details.
Click Save and verify that the newly added cloud is displayed in the Cloud Configurations page.
Click the Regions tab to add a cloud region.
Click Add Region.
Select the required regions for this cloud.
Add the Region Name and an optional Display Name for this cloud region.
To complete the cloud configuration, you must register the CCO with the CCM.
Register the CCO with the CCMRegister the CCO with the CCM
Cloud Region Nuances
Once you register a CCO with the CCM, the CCO only works for the registered cloud region.
CloudCenter
Once you register a CCO with the CCM, the CloudCenter platform considers this cloud region to be active and you can only delete the cloud region from the CloudCenter platform under specific conditions. See Cloud Region Configuration > Delete Cloud Region for additional details.
While the example provided references the AWS cloud, be aware that the screen captures may differ for each cloud.
Registration Process
To register the CCO with the CCM, follow this procedure:
In the Configure Orchestrator popup, provide the CCO IP address that is accessible by CCM and select the cloud account that is used to host the CCO:
If you are not already at this page, verify that you are in the Configure Regions page (Admin > Clouds > Configure Regions for the required cloud).
Click Configure Orchestrator in the Regions tab.
Orchestrator IP or DNS: Provide the IP or DNS address for the CCO server.
Remote Desktop Gateway DNS or IP: The IP address of the Guacamole server (enables browser-based access to the VMs). If the Guacamole component resides in the AMQP server, provide the IP address of the AMQP server.
Cloud Account: Select the cloud account that you want to use with this CCO.
Amazon Cloud Nuance
This setting is important if you have configured an IAM Role. Be sure to select the cloud account that contains this role.
Click Save. The CCM and CCO have now established a mutual trust relationship. The CloudCenter platform now manages the cloud region with the deployed CCO.
If in HA mode while registering, provide the IP or DNS of the CCO_LB server in the Orchestrator IP or DNS field and the AMQP_LB server IP or DNS in the Remote Desktop Gateway DNS or IP field.
You have registered the CCO VM and completed your configuration.
Next Steps
You have the following options at this point:
Add other cloud regions and register a CCO for each of these clouds. See Per Cloud Region (Required) for additional context.
Map your images. See Map Images for additional context.
If you need to grant permissions to launch images for your cloud account, see Image Launch Permissions.
Model, Deploy, and Manage Applications. See Application Profile for additional context.
(Optional) Click Edit Cloud Settings to update the values in the Configure Cloud Settings popup.
Caution
If you Edit Cloud Settings, you must save the changes to the CCO to ensure that these changes are also propagated to CCOs inside a firewall configuration.
If your CCO is already configured, you must re-register the CCO for these Cloud Settings to take effect.
Orchestrator IP or DNS: The IP address or DNS of the CCO.
Remote Desktop Gateway IP or DNS: The IP address or DNS of the HTML5 to access the VMs.
Cloud Account: Enter the cloud you configured above.
Edit or create the instance type using the following details. See Manage Instance Types for additional context.
Edit or create the cloud mapping using the following details. See Map Images for additional context.
To complete the cloud configuration, you must register the CCO with the CCM.
Register the CCO with the CCMRegister the CCO with the CCM
Cloud Region Nuances
Once you register a CCO with the CCM, the CCO only works for the registered cloud region.
CloudCenter
Once you register a CCO with the CCM, the CloudCenter platform considers this cloud region to be active and you can only delete the cloud region from the CloudCenter platform under specific conditions. See Cloud Region Configuration > Delete Cloud Region for additional details.
While the example provided references the AWS cloud, be aware that the screen captures may differ for each cloud.
Registration Process
To register the CCO with the CCM, follow this procedure:
In the Configure Orchestrator popup, provide the CCO IP address that is accessible by CCM and select the cloud account that is used to host the CCO:
If you are not already at this page, verify that you are in the Configure Regions page (Admin > Clouds > Configure Regions for the required cloud).
Click Configure Orchestrator in the Regions tab.
Orchestrator IP or DNS: Provide the IP or DNS address for the CCO server.
Remote Desktop Gateway DNS or IP: The IP address of the Guacamole server (enables browser-based access to the VMs). If the Guacamole component resides in the AMQP server, provide the IP address of the AMQP server.
Cloud Account: Select the cloud account that you want to use with this CCO.
Amazon Cloud Nuance
This setting is important if you have configured an IAM Role. Be sure to select the cloud account that contains this role.
Click Save. The CCM and CCO have now established a mutual trust relationship. The CloudCenter platform now manages the cloud region with the deployed CCO.
If in HA mode while registering, provide the IP or DNS of the CCO_LB server in the Orchestrator IP or DNS field and the AMQP_LB server IP or DNS in the Remote Desktop Gateway DNS or IP field.
You have registered the CCO VM and completed your configuration.
Next Steps
You have the following options at this point:
Add other cloud regions and register a CCO for each of these clouds. See Per Cloud Region (Required) for additional context.
Map your images. See Map Images for additional context.
If you need to grant permissions to launch images for your cloud account, see Image Launch Permissions.
Model, Deploy, and Manage Applications. See Application Profile for additional context.
Add UCSD as the deployment environment. See Deployment Environments.
Edit the Cisco UCSD service to define the allowed UCSD workflow parameters. See Custom Service Definition.
Model a new N-tier application to use the Cisco UCSD service. See Model an Application for additional context.
The defined UCSD service parameters are displayed within the Custom Service section in the Topology Modeler > Services page (on the right pane), when you select the UCSD service.
- Save and deploy the UCSD application.
You have now configured and launched UCSD as a custom service.
Sample UCSD Workflows
These workflow are merely samples – Be aware that the workflow will differ based on your local environment!
This is a sample of a custom task that returns the instance ID.
This is a sample of the global output:
This is the sample of a custom task mapping within the workflow for the Service Request ID to be returned to the CloudCenter platform:
This is the sample of a Resource ID being returned to the CloudCenter platform – When talking to UCSD, the CloudCenter platform requires the last task to report a Resource ID back to the CloudCenter platform. This resource ID can be the UCSD Service Request ID. A custom task must provide this function.
This is a sample termination workflow:
The same sample workflow from the CloudCenter perspective:Cisco CloudCenter expects the termination workflow to have that input label (the Resource ID) as it injects the ID that was returned from the original JSON output.
This is a sample workflow input:
This is a sample termination and rollback in UCSD:
Return to: Configure Cloud(s)
- Configure an AWS Cloud
Configure an Amazon Cloud
To configure the logical mapping for an Amazon Web Services (AWS) cloud, follow this process:
Access the CCM UI > Admin > Clouds > Add Cloud in the CCM UI main menu.
Select the Amazon Web Services option, provide a Name and Description for this cloud, and click Save.
Locate the newly-added cloud and click Add Cloud Account to add an account for this cloud family. The Add Cloud Account popup displays.
Assign a cloud account Name.
Provide the AWS cloud credentials.
- AWS Email Address: The email address associated with your AWS cloud family account.
- Use IAM Role:
IAM Role
Identity and Access Management (IAM) Role and Security Token Service (STS) are supported by the CloudCenter platform.
Feature Depedency
These two features are dependent on the CCO being launched (and establishing a trust relationship in AWS) using an IAM role. See http://docs.aws.amazon.com for additional details.
To use IAM roles, you must launch the CCO VM using the admin role so you can use the IAM role at any point in the future. Launching a CCO VM with the admin role allows you to use either the IAM role or the classic key/secret key access at any time.
For IAM role-based accounts, the CloudCenter platform requires the EC2fullAccess role (minimum requirement). If using the CloudCenter RDS out-of-box service, your account additionally requires RDSfullAccess as well.
The CloudCenter platform requires that you launch a PaaS service using a non-IAM cloud account.
You cannot launch an AWS PaaS service using an IAM cloud account!
Instead of specifying the access key and secret key and so forth, you can manage instance types by using an IAM role. By default, this feature is disabled and you must explicitly enable the IAM role by toggling this button to ON when you configure an AWS Cloud.
Tips to use IAM roles in the CloudCenter platform:
You can launch RDS instances using IAM role-based accounts if you meet the following requirements:
If a Docker container is not part of the CCO, then you must assign the Docker container VM to the same IAM role as the CCO server.
Be sure to attach the following sts:GetFederationToken custom policy to IAM roles (with RDSfullAccess):
{ "Version": "2012-10-17", "Statement": [{ "Effect": "Allow", "Action": ["sts:GetFederationToken"], "Resource": "*" }] }
You can assign an AWS ARN in the instance profile field in the Deployment Environments form by adding the iam:PassRole to the role used to launch the CCO VM.
{ "Version": "2012-10-17", "Statement": [{ "Effect": "Allow", "Action": ["iam:PassRole"], "Resource": "*" }] }
Back to: AWS Configurations
AWS Account Number: The account number from your AWS account.
AWS Access Key and Secret Key: The security credentials to access this AWS account.
- Click Save. The newly added cloud is displayed in the Cloud Configurations page.
- Click the Regions tab to add a cloud region.
- Click Add Cloud Regions.
- Select the required regions for this cloud.
- Add the Region Name and an optional Display Name for this cloud region.
Click Save.
The Instance Types, the Storage Types, and the Image Maps sections are automatically populated with as soon as you add the region.
(Optional) Click Edit Cloud Settings to update the Instance Naming Strategy, Instance IPAM Strategy, or the Node Name Config fields. The Region-Level Cloud Settings section provides more details on configuring these values.
Caution
If you Edit Cloud Settings, you must save the changes to the CCO to ensure that these changes are also propagated to CCOs inside a firewall configuration.
If your CCO is already configured, you must re-register the CCO for these Cloud Settings to take effect.
To complete the cloud configuration, you must register the CCO with the CCM.
Register the CCO with the CCMRegister the CCO with the CCM
Cloud Region Nuances
Once you register a CCO with the CCM, the CCO only works for the registered cloud region.
CloudCenter
Once you register a CCO with the CCM, the CloudCenter platform considers this cloud region to be active and you can only delete the cloud region from the CloudCenter platform under specific conditions. See Cloud Region Configuration > Delete Cloud Region for additional details.
While the example provided references the AWS cloud, be aware that the screen captures may differ for each cloud.
Registration Process
To register the CCO with the CCM, follow this procedure:
In the Configure Orchestrator popup, provide the CCO IP address that is accessible by CCM and select the cloud account that is used to host the CCO:
If you are not already at this page, verify that you are in the Configure Regions page (Admin > Clouds > Configure Regions for the required cloud).
Click Configure Orchestrator in the Regions tab.
Orchestrator IP or DNS: Provide the IP or DNS address for the CCO server.
Remote Desktop Gateway DNS or IP: The IP address of the Guacamole server (enables browser-based access to the VMs). If the Guacamole component resides in the AMQP server, provide the IP address of the AMQP server.
Cloud Account: Select the cloud account that you want to use with this CCO.
Amazon Cloud Nuance
This setting is important if you have configured an IAM Role. Be sure to select the cloud account that contains this role.
Click Save. The CCM and CCO have now established a mutual trust relationship. The CloudCenter platform now manages the cloud region with the deployed CCO.
If in HA mode while registering, provide the IP or DNS of the CCO_LB server in the Orchestrator IP or DNS field and the AMQP_LB server IP or DNS in the Remote Desktop Gateway DNS or IP field.
You have registered the CCO VM and completed your configuration.
Next Steps
You have the following options at this point:
Add other cloud regions and register a CCO for each of these clouds. See Per Cloud Region (Required) for additional context.
Map your images. See Map Images for additional context.
If you need to grant permissions to launch images for your cloud account, see Image Launch Permissions.
Model, Deploy, and Manage Applications. See Application Profile for additional context.
Return to: Configure Cloud(s)
- Configure an Azure Stack Cloud
Configure an Azure Stack Cloud
Be aware that these screen captures may change based on the Azure portal changes. They are provided in this section as a point of reference.
Prerequisites
Before mapping an Azure Stack cloud, verify the following requirements:
You have a valid Windows Azure Stack account.
The CloudCenter platform supports both Azure Stack Development Kit and Azure Stack Integrated Setup models. The CloudCenter documentation reflects screen captures of both portals.
The Azure Stack portal is similar to https://portal.local.azurestack.external.
The Azure Stack endpoints differs based on your Azure Stack launch mode (online of offline). The endpoint is similar to https://management.local.azurestack.external. Be aware that you can change the endpoint after you configure the cloud settings as well.
Online Setup: The AD endpoint authentication request is routed via the login.windows.net endpoint.
Offline Setup: In this setup, the ADFS authentication is completely disconnected from the Internet.
The Azure Stack endpoint differs based on your Azure Stack launch mode (online of offline) – issue the following API (similar to the endpoint highlighted in the orange rectangle) to retrieve the endpoint (highlighted in blue – the AD Resource is required for authentication). The audiences parameter contains the AD Resource ID.
The Region entry is highlighted in the orange rectangle in the Azure Stack Dashboard image provided below – this region information is required when you configure the Azure Stack cloud in the CloudCenter platform,
You must use this same region name when configuring the Region Name in the Regions tab Cloud Settings as highlighted in the orange rectangle in the following image:
You can retrieve the Suffix from the following location in the Azure Stack portal (Virtual machines > Disks > OS Disks):
Use the same Default API version that is used in your current setup for the Microsoft.Resource and locate the Resource Type Name (see https://docs.microsoft.com/en-us/azure/azure-stack/user/azure-stack-vm-considerations for additional details).
For the VM Extension Version fields (Linux Custom Script, Windows Custom Script, and Linux Diagnostic), use only the first two numbers (just the major version number and the minor version number, not the maintenance version nor the build version numbers) in the version string – if you use earlier or later versions or additional numbers, the configuration may not succeed.
Register the required Azure providers from the Azure Stack portal:
Configuration Process
To configure the logical mapping for an Azure Stack cloud, follow this procedure.
Access the CCM UI > Admin > Clouds > Add Cloud in the side pane.
Select the Microsoft Azure Stack option, provide a Name and Description for this cloud, and click Save.
Locate the newly-added cloud and click the Add Cloud Account link. The Add Cloud Account pop-up displays:
Assign a new cloud account name.
Tip
The name should not contain any space, dash, or special characters.
Add the following Cloud Credentials associated with your Azure account.
Azure Login ID: The email address used to login to your Azure Stack cloud account
Azure Subscription ID: To retrieve the Subscription ID, toggle to the Azure Portal Interface as described in the Prerequisites section above and access Settings:
Tenant ID: The UUID identified in the VIEW ENDPOINTS bullet in the Prerequisites section above.
Client ID: The UUID identified in the blue icon bullet in the Prerequisites section above.
Client Key: As identified in the keys bullet in the Prerequisites section above.
Click Save and verify that the newly added cloud account (see Cloud for additional context on terminology) is displayed in the Clouds page.
Click the Configure Cloud link. The Accounts tab in the Cloud Accounts page displays all configured cloud accounts.
Click the Regions tab to add a cloud region.
Click Add Cloud Regions.
Select the required regions for this cloud.
Add the Region Name and an optional Display Name for this cloud region.
Click Save.
The Instance Types, the Storage Types, and the Image Maps sections are automatically populated with as soon as you add the region.
(Optional) Click the Edit Cloud Settings link to update the required settings for each cloud region.
Use the default values and avoid making changes unless advised by a CloudCenter expert.
Caution
If you Edit Cloud Settings, you must save the changes to the CCO to ensure that these changes are also propagated to CCOs inside a firewall configuration.
If your CCO is already configured, you must re-register the CCO for these Cloud Settings to take effect.
Azure Stack Region Name: The Region entry in the Azure Stack Dashboard image. In the example provided in the Prerequisites section above, this entry displays local.
Azure Stack RM Endpoint: The Azure Stack endpoints differs based on your Azure Stack launch mode (online of offline). The endpoint is similar to https://management.local.azurestack.external. You can change the endpoint after you configure the cloud settings as well.
Azure Stack AD Endpoint: The AD endpoint authentication request is routed via the login.windows.net endpoint.
Azure Stack AD Resource: The audiences parameter explained in the Prerequisites section above contains the AD Resource ID.
Azure Stack Storage Endpoint Suffix: The Suffix from the Azure Stack portal explained in the Prerequisites section above.
Default API version: The same API version that is used in your current setup as explained in the Prerequisites section above.
Linux Custom Script Extension Version: Use only the first two numbers (just the major version number and the minor version number, not the maintenance version nor the build version numbers) in the version string as explained in the Prerequisites section above.
Windows Custom Script Extension Version: Use only the first two numbers (just the major version number and the minor version number, not the maintenance version nor the build version numbers) in the version string as explained in the Prerequisites section above.
Linux Diagnostics Extension Version: Not Supported.
Windows Diagnostics Extension Version: Use only the first two numbers (just the major version number and the minor version number, not the maintenance version nor the build version numbers) in the version string as explained in the Prerequisites section above.
Instance Naming Strategy and Node Name Config: The Region-Level Cloud Settings section provides more details on configuring these values. The instances are directly pulled from the Azure Stack instance. You can Manage Instance Types as required by you environment.
Click Save.
To complete the cloud configuration, you must register the CCO with the CCM.
Register the CCO with the CCMRegister the CCO with the CCM
Cloud Region Nuances
Once you register a CCO with the CCM, the CCO only works for the registered cloud region.
CloudCenter
Once you register a CCO with the CCM, the CloudCenter platform considers this cloud region to be active and you can only delete the cloud region from the CloudCenter platform under specific conditions. See Cloud Region Configuration > Delete Cloud Region for additional details.
While the example provided references the AWS cloud, be aware that the screen captures may differ for each cloud.
Registration Process
To register the CCO with the CCM, follow this procedure:
In the Configure Orchestrator popup, provide the CCO IP address that is accessible by CCM and select the cloud account that is used to host the CCO:
If you are not already at this page, verify that you are in the Configure Regions page (Admin > Clouds > Configure Regions for the required cloud).
Click Configure Orchestrator in the Regions tab.
Orchestrator IP or DNS: Provide the IP or DNS address for the CCO server.
Remote Desktop Gateway DNS or IP: The IP address of the Guacamole server (enables browser-based access to the VMs). If the Guacamole component resides in the AMQP server, provide the IP address of the AMQP server.
Cloud Account: Select the cloud account that you want to use with this CCO.
Amazon Cloud Nuance
This setting is important if you have configured an IAM Role. Be sure to select the cloud account that contains this role.
Click Save. The CCM and CCO have now established a mutual trust relationship. The CloudCenter platform now manages the cloud region with the deployed CCO.
If in HA mode while registering, provide the IP or DNS of the CCO_LB server in the Orchestrator IP or DNS field and the AMQP_LB server IP or DNS in the Remote Desktop Gateway DNS or IP field.
You have registered the CCO VM and completed your configuration.
Next Steps
You have the following options at this point:
Add other cloud regions and register a CCO for each of these clouds. See Per Cloud Region (Required) for additional context.
Map your images. See Map Images for additional context.
If you need to grant permissions to launch images for your cloud account, see Image Launch Permissions.
Model, Deploy, and Manage Applications. See Application Profile for additional context.
Return to: Configure Cloud(s)
- Configure an AzureRM Cloud
Configure an AzureRM Cloud
Be aware that these screen captures may change based on the Azure portal changes. They are provided in this section as a point of reference.
Prerequisites
Before mapping an Azure Resource Manager cloud, verify the following requirements:
You have a valid Windows Azure Resource Manager account.
Register the required Azure providers from the Azure portal:
Previously, you could only perform this procedure using Azure CLIs.
Now, you can use the UI to register (see Steps 1 - 5 indicated in the image) the following Azure providers:
Microsoft.Compute (displayed in the following image)
Microsoft.Storage (displayed in the following image)
Microsoft.Network (displayed in the following image)
Microsoft.Resources
Microsoft.Authorization
In the Azure Resource Manager Portal, navigate to Azure Active Directory page:
Select App Registration and click Add.
Provide the Name, Sign-On URL, and Create the application. This value must be a standard URL and is required by the AzureRM cloud configuration – it is not used by the CloudCenter platform.
In the following screenshot, the Sign-On URL displays http://www.cliqr.com. This is just an example.
Be sure to provide the base URL for your application using the required protocol (HTTP or HTTPS) – for example:
http://<YourLocalHost or YourAppURL>
Select the newly created application.
Note down the Application ID, it is required to create a Cloud Account in CloudCenter – this is the Client ID.
If you prefer to use Certificate Based Authentication, see the related bullet further in this section.
Click All Settings.
Select Required Permission under API Access and click Add.
- Select Windows Azure Service Management API.
- Select permissions as Delegated Permission and click Done.
Select Keys under API Access.
Specify the Description, Expires, and click Save.
Note down the key after you click save – this key cannot be retrieved later from the portal and it is used by CloudCenter as the Client Key when creating the cloud account.
Select App Registration and click Endpoints.
Note down the Tenant-ID from the OAuth 2.0 Authorization Endpoint – this ID is used by CloudCenter when creating cloud account.
Certificate Based Authentication – In earlier CloudCenter releases, the CloudCenter platform only supported client key authentication for AzureRM environments. Effective CloudCenter 4.9.1, users can select either key-based authentication or the more secure certificate-based authentication.
The certificate used can either be one of the following options – You can create either type using the openssl command from the command prompt of any Linux system:
A self-signed certificate: See the following example.
Remember this password as you will need to enter it in the CloudCenter UI's Certificate and Password fields when you create or edit the Cloud Account.
Generate a key and certificate.
openssl req -newkey rsa:2048 -nodes -keyout key.pem -x509 -days 365 -out certificate.pem
Convert the certificate.pem to PKCS 12 format.
openssl pkcs12 -inkey key.pem -in certificate.pem -export -out certificate.p12
Provide a password to this command when prompted.
A Certificate Authority (CA) signed certificate – Generate a key and CSR, send/receive the certificate.csr file(s) to the signature authority, convert the signed-certificate.pem to PKCS 12 format, and provide a password to this command when prompted.
Remember this password as you will need to enter it in the CloudCenter UI's Certificate and Password fields when you create or edit the Cloud Account
Convert the PKCS formatted certificate (certificate.p12 or signed-certificate.p12) to base64 format using the tool at https://www.base64encode.org/.
Enter the base64 formatted certificate, and the export password used to create the PKCS formatted certificate, in the corresponding fields in the CloudCenter Add or Edit Cloud Account dialog box.
Login to Azure Resource Manager Portal to upload the certificate PEM file (Azure Active Directory > AppRegistrations > Settings > keys > Upload public key) and save.
The corresponding public key for the certificate must be uploaded to the Azure RM portal for the Application Registration that user must add to the CloudCenter cloud account.
In the Azure Resource Manager Portal, configure the user role settings for your web application:
Select Subscription > Valid subscription (this is the subscription you want to manage).
Click Access control (IAM).
Click the +Add icon at the top right corner of the managed subscription pane.
Click Add users and select the OWNER role. You can also select other roles for more granular management.
This role should be able to access and manage AzureRM resources like storage, compute, network, keyvault, and so forth to configure AzureRM for the CloudCenter platform.
In the User search box, enter the web application name you defined earlier. In this example, it is CliQrCCO.
Click OK to save your settings.
Configuration Process
To configure the logical mapping for an Azure Resource Manager cloud, follow this procedure.
Access the CCM UI > Admin > Clouds > Add Cloud in the side pane.
Select the Microsoft AzureRM option, provide a Name and Description for this cloud, and click Save.
Locate the newly-added cloud and click the Add Cloud Account link. The Add Cloud Account pop-up displays:
Assign a new cloud account name.
Tip
The name should not contain any space, dash, or special characters.
Add the following Cloud Credentials associated with your Azure account.
Azure Login ID: The email address used to login to your Azure Resource Manager cloud account
Azure Subscription ID: To retrieve the Subscription ID, toggle to the Azure Portal Interface as described in the Prerequisites section above and access Settings:
Tenant ID: The UUID identified in the VIEW ENDPOINTS bullet in the Prerequisites section above.
Client ID: The UUID identified in the blue icon bullet in the Prerequisites section above.
If you enable Use Cert Based Auth, the Client ID field is hidden and the following fields are displayed:
Certificate– The certificate in PKCS 12 format as Base64 text as identified in the Certificate Based Authentication bullet in the Prerequisites section above.
Password – Enter the password used to create the certificate as identified in the Certificate Based Authentication bullet in the Prerequisites section above.
Client Key: As identified in the keys bullet in the Prerequisites section above.
Click Save and verify that the newly added cloud account (see Cloud for additional context on terminology) is displayed in the Clouds page.
Click the Configure Cloud link. The Accounts tab in the Cloud Accounts page displays all configured cloud accounts.
Click the Regions tab to add a cloud region.
Click Add Cloud Regions.
Select the required regions for this cloud.
Add the Region Name and an optional Display Name for this cloud region.
Click Save.
The Instance Types, the Storage Types, and the Image Maps sections are automatically populated with as soon as you add the region.
(Optional) Click the Edit Cloud Settings link to update the required settings for each cloud region.
Use the default values and avoid making changes unless advised by a CloudCenter expert.Caution
If you Edit Cloud Settings, you must save the changes to the CCO to ensure that these changes are also propagated to CCOs inside a firewall configuration.
If your CCO is already configured, you must re-register the CCO for these Cloud Settings to take effect.
Azure Resource Manager Url: The service endpoint for AzureRM. For non-government cloud and non-China, regions, the URL is https://management.azure.com/.
Azure Active Directory Url: The azure active directory URL provided by Microsoft and used to authenticate credentials. For non-government cloud, or non-China region, the URL is https://login.microsoftonline.com/.
Linux Custom Script Extension Version: The custom script extension provided by Microsoft to perform dynamic bootstrapping. Specify the version to be used.
Windows Custom Script Extension Version: The custom script extension provided by Microsoft to perform dynamic bootstrapping. Specify the version to be used.
Linux Diagnostics Extension Version: The diagnostics extension provided by Microsoft to perform metrics monitoring. Specify the version to be used.
Windows Diagnostics Extension Version: The diagnostics extension provided by Microsoft to perform metrics monitoring. Specify the version to be used.
Instance Naming Strategy, Instance IPAM Strategy, and Node Name Config: The Region-Level Cloud Settings section provides more details on configuring these values.
Click Save.
To complete the cloud configuration, you must register the CCO with the CCM.
Register the CCO with the CCMRegister the CCO with the CCM
Cloud Region Nuances
Once you register a CCO with the CCM, the CCO only works for the registered cloud region.
CloudCenter
Once you register a CCO with the CCM, the CloudCenter platform considers this cloud region to be active and you can only delete the cloud region from the CloudCenter platform under specific conditions. See Cloud Region Configuration > Delete Cloud Region for additional details.
While the example provided references the AWS cloud, be aware that the screen captures may differ for each cloud.
Registration Process
To register the CCO with the CCM, follow this procedure:
In the Configure Orchestrator popup, provide the CCO IP address that is accessible by CCM and select the cloud account that is used to host the CCO:
If you are not already at this page, verify that you are in the Configure Regions page (Admin > Clouds > Configure Regions for the required cloud).
Click Configure Orchestrator in the Regions tab.
Orchestrator IP or DNS: Provide the IP or DNS address for the CCO server.
Remote Desktop Gateway DNS or IP: The IP address of the Guacamole server (enables browser-based access to the VMs). If the Guacamole component resides in the AMQP server, provide the IP address of the AMQP server.
Cloud Account: Select the cloud account that you want to use with this CCO.
Amazon Cloud Nuance
This setting is important if you have configured an IAM Role. Be sure to select the cloud account that contains this role.
Click Save. The CCM and CCO have now established a mutual trust relationship. The CloudCenter platform now manages the cloud region with the deployed CCO.
If in HA mode while registering, provide the IP or DNS of the CCO_LB server in the Orchestrator IP or DNS field and the AMQP_LB server IP or DNS in the Remote Desktop Gateway DNS or IP field.
You have registered the CCO VM and completed your configuration.
Next Steps
You have the following options at this point:
Add other cloud regions and register a CCO for each of these clouds. See Per Cloud Region (Required) for additional context.
Map your images. See Map Images for additional context.
If you need to grant permissions to launch images for your cloud account, see Image Launch Permissions.
Model, Deploy, and Manage Applications. See Application Profile for additional context.
Return to: Configure Cloud(s)
- Configure an Azure Pack Cloud
Configure an Azure Pack Cloud
Be aware that these screen captures may change based on the Azure portal changes. They are provided in this section as a point of reference.
Prerequisites
Before mapping an Azure Pack cloud on the CloudCenter platform, verify the following Azure Pack requirements:
A valid Windows Azure Pack account with access to:
Azure Pack Console – Azure Pack Service Management Portal
SCVMM – System Center Virtual Machine Manager Console
An Azure Pack cloud account, network and image. If you do not have these requirements configured, do so now by connecting via RDP to the SCVMM Administrator:
Azure Pack Clouds (cloud account):
Azure Pack VM Networks (network):
One Azure Pack Cloud Libraries VHDX image for each OS (image) – The CloudCenter Custom Image Installation must include these custom images.
- An Azure Pack Login ID and Subscription ID: Have these IDs ready. If you do not have these IDs ready, find them now by accessing the Azure Pack Service Management Portal:
- Azure Pack Login ID: The ID that you use to access the Azure Pack Service Management Portal.
- Azure Pack Subscription ID: The Subscription ID from this page.
- Management Certificate: Upload the azure-certificate.cer file (generated by Cisco) to Azure Console > Settings > Manage Certificates.
SSH keys and management certificate for this account.
Be aware that OpenSSL that is not from MacPorts, specifically OpenSSL 1.0.1f 6 Jan 2014 does not seem to create a valid SSH key-pair. Another option is FWIW.
Generate SSH keys using OpenSSL:
# You may want to use another dir than /tmp cd /tmp openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout azure- private.key -out azure-certificate.pem chmod 600 azure-private.key azure-certificate.pem openssl x509 -outform der -in azure-certificate.pem -out azure- certificate.cer
Generate a keystore which will be used by the plugin to authenticate with a certificate for all Azure API calls:
# Generate a keystore (azurekeystore.pkcs12) # Transform private key to PEM format openssl pkcs8 -topk8 -nocrypt -in azure-private.key -inform PEM -out azure-pk.pem -outform PEM # Transform certificate to PEM format openssl x509 -inform der -in azure-certificate.cer -out azure-cert.pem cat azure-cert.pem azure-pk.pem > azure.pem.txt # You MUST enter a password! openssl pkcs12 -export -in azure.pem.txt -out azurekeystore.pkcs12 -name azure -noiter -nomaciter
Fill out the Upload Management Certificate dialog information and press the done Checkmark.
When you create the Azure Pack Region in the CCM UI, you will need to upload these files to Azure so you can run the commands from your local device or a device from which you can easily copy files.
Configuration Process
To configure the logical mapping for an Azure Pack cloud, follow this procedure.
Access the CCM UI > Admin > Clouds > Add Cloud in the CCM UI main menu.
Select the Windows Azure Pack option, provide a Name and Description for this cloud, and click Save.
Locate the newly-added cloud and click the Add Cloud Account link. The Add Cloud Account pop-up displays:
Assign a new cloud account name.
Tip
The name should not contain any space, dash, or special characters.
Add the following Cloud Credentials associated with your Azure Pack account.
Azure Pack Login ID: The email address used to login to your Azure Pack cloud account
Tenant ID: The UUID identified in the VIEW ENDPOINTS bullet in the Prerequisites section above.
Private Key in PEM Format: Copy and paste the key information from the Azure Pack Service Management Portal identified in the Prerequisites section at the beginning of this procedure.
Certificate in PEM Format: Copy and paste the certificate information from the Azure Pack Service Management Portal identified in the Prerequisites section at the beginning of this procedure.
Click the Regions tab to add a cloud region.
Click Add Cloud Regions.
Select the required regions for this cloud.
Add the Region Name and an optional Display Name for this cloud region.
Click Save.
Click the Edit Cloud Settings link to configure the required settings for each cloud region.
Use the default values and avoid making changes unless advised by a CloudCenter expert.
Azure Pack Network: The SCVMM console's Azure Pack VM Networks (network) listing identified in the Prerequisites section above. Copy the name exactly as displayed in the SCVMM console and paste it into this field. This field is deprecated in CloudCenter 4.9.0.
Azure Pack Data Disk: The SCVMM console's Azure Pack Cloud Libraries VHDX (image) data disk listing identified in the Prerequisites section above.
This Data Disk configuration is only required if you are configuring additional volumes.
Image Mapping
These instructions are for a blank diskFor Azure Pack, you cannot specify Multiple Volumes in the Application Tier Properties (General Settings) Default Volume Size field. Instead, you must use a Blank Disk (you cannot change the size) as follows:
Access the SCVMM console's Azure Pack Cloud Library
Click Library Servers.
Click the VHDX folder
Identify the required Blank Disk.
Right-click this Blank Disk and select Properties. The Properties popup for this Blank Disk displays.
The name is automatically displayed.
In the Family field, you must assign a name of your choice – If you do not provide this format the configuration does not complete successfully.
In the Release field, you must provide 4 numbers separated by three periods (for example: 1.2.3.4). This precise format is required as the identifier for this disk – If you do not provide this format the configuration does not complete successfully.
In the Operating system field, you must select CentOS6.
This precise format is required when you Map Images – You must provide the exact OS specified in this field. If you do not provide this format the image mapping configuration does not complete successfully.
Click OK to save your changes.
The SCVMM console's Equivalency Information section is updated with this new information.
In the CCM UI's Azure Pack Data Disk field, you need to add these two details in the following format:
BlankDisk:0.0.0.0
If you do not provide this format the configuration does not complete successfully.
These instructions are for a normal diskTo map images for a normal disk, follow this procedure.
Access the SCVMM console's Azure Pack Cloud Library
Click Library Servers.
Click the VHDX folder
Identify the required Disk.
Right-click this Disk and select Properties. The Properties popup for this Disk displays.
The name is automatically displayed.
In the Family field, you must assign a name of your choice – If you do not provide this format the configuration does not complete successfully.
In the Release field, you must provide 4 numbers separated by three periods (for example: 1.2.3.4). This precise format is required as the identifier for this disk – If you do not provide this format the configuration does not complete successfully.
In the Operating system field, you must select CentOS6.
This precise format is required when you Map Images – You must provide the exact OS specified in this field. If you do not provide this format the image mapping configuration does not complete successfully.
- Click OK to save your changes.
- The SCVMM console's Equivalency Information section is updated with this new information.
- In the CCM UI's Azure Pack Data Disk field, you need to add these two details in the following format:
Exact_Family_Name:Release
If you do not provide this format the configuration does not complete successfully. - Add the Exact_Family_Name:Release details as the Cloud Image ID in the CCM UI.
Endpoint: The exact DNS name and the port used for the SCVMM console.
For example: wap1.dcv.svpod:30006Metadata Server: You can use the default metadata server provided by Cisco (mds.cliqrtech.com) or build and use your own metadata server.
Domain: The domain in which the Azure Pack server resides. Check with your Azure Pack domain admin for the exact name for this domain.
To complete the cloud configuration, you must register the CCO with the CCM.
Register the CCO with the CCMRegister the CCO with the CCM
Cloud Region Nuances
Once you register a CCO with the CCM, the CCO only works for the registered cloud region.
CloudCenter
Once you register a CCO with the CCM, the CloudCenter platform considers this cloud region to be active and you can only delete the cloud region from the CloudCenter platform under specific conditions. See Cloud Region Configuration > Delete Cloud Region for additional details.
While the example provided references the AWS cloud, be aware that the screen captures may differ for each cloud.
Registration Process
To register the CCO with the CCM, follow this procedure:
In the Configure Orchestrator popup, provide the CCO IP address that is accessible by CCM and select the cloud account that is used to host the CCO:
If you are not already at this page, verify that you are in the Configure Regions page (Admin > Clouds > Configure Regions for the required cloud).
Click Configure Orchestrator in the Regions tab.
Orchestrator IP or DNS: Provide the IP or DNS address for the CCO server.
Remote Desktop Gateway DNS or IP: The IP address of the Guacamole server (enables browser-based access to the VMs). If the Guacamole component resides in the AMQP server, provide the IP address of the AMQP server.
Cloud Account: Select the cloud account that you want to use with this CCO.
Amazon Cloud Nuance
This setting is important if you have configured an IAM Role. Be sure to select the cloud account that contains this role.
Click Save. The CCM and CCO have now established a mutual trust relationship. The CloudCenter platform now manages the cloud region with the deployed CCO.
If in HA mode while registering, provide the IP or DNS of the CCO_LB server in the Orchestrator IP or DNS field and the AMQP_LB server IP or DNS in the Remote Desktop Gateway DNS or IP field.
You have registered the CCO VM and completed your configuration.
Next Steps
You have the following options at this point:
Add other cloud regions and register a CCO for each of these clouds. See Per Cloud Region (Required) for additional context.
Map your images. See Map Images for additional context.
If you need to grant permissions to launch images for your cloud account, see Image Launch Permissions.
Model, Deploy, and Manage Applications. See Application Profile for additional context.
Return to: Configure Cloud(s)
- Configure an Alibaba Cloud
Configure an Alibaba Cloud
Be aware that these screen captures may change based on the Alibaba Cloud Platform changes. They are provided in this section as a point of reference.
Prerequisites
Before mapping an Alibaba cloud on the CloudCenter platform, verify the following Alibaba requirements:
A valid Alibaba Cloud Platform account.
- Access to the following services (highlighted in orange rectangles in the image above, you must enable these services in the Alibaba cloud console):
- Elastic Compute Service
- Virtual Private Cloud
- Elastic IP Address
- Elastic Compute Service
- Access to ID and Access Keys: Alibaba Cloud Console's AccessKeys screen:
- Access ID: The Alibaba Cloud access key ID is the identification proof of your access to Alibaba Cloud APIs.
- Access Keys: The 28 character, Alibaba cloud access key secret to identify this account's access parameters.
- Account ID: Alibaba Cloud Console's Security Settings screen: This setting is required to link accounts and to download images.
Restrictions
Be aware of the following restrictions/limitations when configuring the Alibaba cloud:
- The instances supported for each region differs from region to region. The Alibaba SDK and the Alibaba Web Interface differs in the instances listed for each zone. You can add new instances using the CCM UI – see Manage Instance Types for additional context.
Alibaba Cloud does not currently allow querying/setting user data on custom images.
The CloudCenter platform relies on a hosted metadata service from Cisco (mds.cliqrtech.com) to fetch user data for each instance. This requires a public IP address.
If the admin uses Alibaba Public Images, then the CloudCenter platform uses Alibaba’s metadata service to fetch these images.
The CloudCenter platform currently supports the Ultra Cloud Disks for the OS (system disks) – the Cloud Efficiency Disk configuration (this is the default setting for the Alibaba cloud). The SSD Cloud Disks option is currently not supported by the CloudCenter platform for system disks.
However, when deploying storage types for data disks, the CloudCenter platform supports both options:- The CloudCenter platform supports public IP only using Elastic IP addresses. This allows users to select 0 Mbps bandwidth. When creating the Elastic IP Pool, the admin can assign maximum bandwidth for the account according to the application requirements. In the Alibaba console, select the required zone and configure this setting as required for your environment.
- Alibaba Cloud in any region may run out of resources and is then marked sold-out (or in the case of APIs, the resource has run out) CloudCenter users must check their Alibaba’s Console and retry the operation once resource are available.
- All instances are priced using the Pay-As-You-Go model. The CloudCenter platform does not support Alibaba’s Subscription-based Pricing Model.
The Instance Charge Type is always Post-Paid based on the Pay-As-You-Go model. - The CloudCenter platform assumes that all instances are I/O optimized (default in most configurations and cannot be configured).
- The CloudCenter platform does not support the Alibaba Classic Network Type – and only supports the VPC Network Type.
- The CloudCenter platform only supports image names suffixed as follows:
Configuration Process
To configure the logical mapping for a Alibaba cloud, follow this procedure.
- Access the CCM UI > Admin > Clouds > Add Cloud in the CCM UI main menu.
- Select the Alibaba Cloud Platform option, provide a Name and Description for this cloud, and click Save.
- Locate the newly-added cloud and click the Add Cloud Account link. The Add Cloud Account pop-up displays:
Assign a new cloud account name.
Add the following Cloud Credentials associated with your Alibaba account and click Save.
Account Email: The email address that you used to log into the Alibaba Cloud Platform account.
Account Id: The Alibaba account ID for the Alibaba account as identified in Prerequisites section above.
- Access Id: The 16-character Alibaba Access Key ID for the Alibaba account as identified in Prerequisites section above.
- Access Key: The 28-character API Access Secret for the Alibaba account as identified in the Prerequisites section above.
Click the Regions tab.
Click the Regions tab to add a cloud region.
- Click Add Cloud Regions.
- Select the required regions for this cloud.
- Add the Region Name and an optional Display Name for this cloud region.
Click Save.
The Instance Types, the Storage Types, and the Image Maps sections are automatically populated with as soon as you add the region.
(Optional) Click Edit Cloud Settings to update the Alibaba cloud settings for each region.
Region Endpoint: Auto-populated with the selected region name.
Instance Naming Strategy and Instance IPAM Strategy: See the Region-Level Cloud Settings section for more details on configuring these values.
Caution
If you Edit Cloud Settings, you must save the changes to the CCO to ensure that these changes are also propagated to CCOs inside a firewall configuration.
If your CCO is already configured, you must re-register the CCO for these Cloud Settings to take effect.
To complete the cloud configuration, you must register the CCO with the CCM.
Register the CCO with the CCMRegister the CCO with the CCM
Cloud Region Nuances
Once you register a CCO with the CCM, the CCO only works for the registered cloud region.
CloudCenter
Once you register a CCO with the CCM, the CloudCenter platform considers this cloud region to be active and you can only delete the cloud region from the CloudCenter platform under specific conditions. See Cloud Region Configuration > Delete Cloud Region for additional details.
While the example provided references the AWS cloud, be aware that the screen captures may differ for each cloud.
Registration Process
To register the CCO with the CCM, follow this procedure:
In the Configure Orchestrator popup, provide the CCO IP address that is accessible by CCM and select the cloud account that is used to host the CCO:
If you are not already at this page, verify that you are in the Configure Regions page (Admin > Clouds > Configure Regions for the required cloud).
Click Configure Orchestrator in the Regions tab.
Orchestrator IP or DNS: Provide the IP or DNS address for the CCO server.
Remote Desktop Gateway DNS or IP: The IP address of the Guacamole server (enables browser-based access to the VMs). If the Guacamole component resides in the AMQP server, provide the IP address of the AMQP server.
Cloud Account: Select the cloud account that you want to use with this CCO.
Amazon Cloud Nuance
This setting is important if you have configured an IAM Role. Be sure to select the cloud account that contains this role.
Click Save. The CCM and CCO have now established a mutual trust relationship. The CloudCenter platform now manages the cloud region with the deployed CCO.
If in HA mode while registering, provide the IP or DNS of the CCO_LB server in the Orchestrator IP or DNS field and the AMQP_LB server IP or DNS in the Remote Desktop Gateway DNS or IP field.
You have registered the CCO VM and completed your configuration.
Next Steps
You have the following options at this point:
Add other cloud regions and register a CCO for each of these clouds. See Per Cloud Region (Required) for additional context.
Map your images. See Map Images for additional context.
If you need to grant permissions to launch images for your cloud account, see Image Launch Permissions.
Model, Deploy, and Manage Applications. See Application Profile for additional context.
Return to: Configure Cloud(s)
Caution
If you Edit Cloud Settings on the Cloud Region page (CCM UI > Admin > Clouds > Configure Region), you must save the changes to the CCO by clicking Configure Orchestrator and then Save to ensure that these changes are also propagated to CCOs.