Cloud Remote 

Overview

The Cloud Remote component is deployed on a per cloud region basis if communication between the CloudCenter Suite cluster and the target cloud region is restricted. More specifically, it is needed when

  • Communication between the CloudCenter Suite cluster and the API endpoint of your private cloud region is restricted.
    or

  • Communication between the CloudCenter Suite cluster and worker VMs in your VM-based cloud region is restricted.  

When Cloud Remote is used to support communications with a VM-based cloud region, it is installed as a virtual appliance launched in that region.  When it is used to support communications with a Kubernetes cloud, it is installed as a virtual appliance in a network accessible from that Kubernetes cloud.

Cloud Remote can run as a single appliance or it can scale up to multiple appliances working as a single cluster. 

Cloud Remote includes the following services running as containers:

  • AMQP server for communicating with the CloudCenter Suite cluster and with worker VMs

  • Script execution engine for executing external lifecycle action scripts

  • Proxy server for communicating with the script execution engine and the cloud API endpoint

  • Guacamole server for encapsulating SSH or RDP sessions to worker VMs in a browser window

Some typical network configurations involving Cloud Remote are as follows:

Use CaseNetwork ConnectivityNetwork Diagram
CloudCenter Suite in a private network connecting to a public cloud regionWorker VMs Directly Connect with CloudCenter Suite = No
AND
CloudCenter Suite Directly Accessible from Cloud Remote = No

CloudCenter Suite in a public network connecting to a private VM-based cloud regionCloud Endpoint Directly Accessible = No
AND
Worker VMs Directly Connect with CloudCenter Suite = No
AND
CloudCenter Suite Directly Accessible from Cloud Remote = Yes


CloudCenter Suite in a public network connecting to a private Kubernetes cloud region
Cloud Endpoint Directly Accessible = No
AND
CloudCenter Suite Directly Accessible from Cloud Remote = Yes

The remaining sections describe how to acquire and configure Cloud Remote, and how to scale Cloud Remote.

Install Cloud Remote

Cloud Remote is installed as a virtual appliance obtained from Cisco. The procedure to obtain, launch and configure Cloud Remote depends on:

  • The VM-based cloud in which Cloud Remote will be deployed.
    and

  • The overall networking constraints of the CloudCenter Suite cluster and the target cloud region.

Prior to installing Cloud Remote, make sure you have already added the cloud to CloudCenter Suite, and if a multi-region cloud, you added the first region. Then, use one of the following procedures corresponding to where Cloud Remote will be deployed and whether it will be used to support VM-based workloads in that cloud region or Kubernetes container workloads in a Kubernetes cloud hosted in that region.

 Cloud Remote for vCenter

Configure Cloud Remote in a vCenter Region

Configure Cloud Remote in a vCenter region as follows.

Download and Launch the Cloud Remote Appliance in vCenter

  1. From your local computer, download the Cloud Remote appliance OVA from software.cisco.com.

  2. Log in to the vCenter console using the vSphere web client with Flash, or with the vSphere Windows client. Do not use the HTML5 web client.

  3. Navigate to the folder or resource pool where you want to deploy the OVA. Right click on that resource pool or folder and select Deploy OVF Template.

  4. From the Deploy OVF Template dialog box, for Source, select Local file and click Browse to find the OVA file you downloaded in step 1.

  5. Complete the fields for Name and location, Host / Cluster, Resource Pool, Storage, and Disk Format appropriate for your environment.

  6. For the Network Mapping section, make sure to properly map the Management network (public) and VM Network network (private) to the appropriate network names in your environment.

  7. For the Properties section, make sure to check the box labeled Does the VM need a second interface? if the Cloud Remote appliance needs to be multi-homed on a public network and a private network.

  8. Confirm your settings and click Finish to launch the VM.

  9. Optional but recommended for production environments: Deploy two additional instances of the appliance to form a cluster for HA. Cloud Remote includes support for clustering of multiple nodes. You will "add" these two additional instances to the first instance after the first instance is configured. See Cloud Remote (Conditional) > Scaling for details.

  10. Once the first instance of the appliance has been launched, use the vSphere client to note its IP public and private addresses. You will need this information later on in order login to the Cloud Remote web UI and to complete the Region Connectivity settings in the CloudCenter Suite Web UI. Also, note the IP addresses of any other appliances you launch.

Setup Cloud Remote Firewall Rules for a VM-based Cloud Region

After you deploy the Cloud Remote appliance, you will need to open various ports on each instance of the appliance. To do this, use the tools provided by the cloud provider to create a new security group for your Cloud Remote cluster; then, associate each appliance in the cluster with that security group. Use the tables below for guidance on what port rules should be added to that security group.

Port rules for a single node Cloud Remote deployment:

PortProtocolSourceUsage
22TCPLimit to address space of users needing SSH access for debugging and changing default portsSSH
443TCPLimit to address space of users needing access to the Cloud Remote web UI for setup and scalingHTTPS (Cloud Remote web UI)
8443TCPLimit to address space of users needing SSH or RDP access to their managed VMsUser to Guacamole
5671TCPLimit to address space of the managed VMs and the address of the CloudCenter Suite cluster's local AMQP serviceAMQP
15671TCPLimit to address space of users needing web access for debugging the remote AMQP serviceHTTPS (AMQP Management)
7789TCPLimit to address space of the managed VMsWorker VM to Guacamole

The Cloud Remote web UI, User-to-Guacamole, and AMQP ports listed above are the defaults used by Cloud Remote. You may change these port numbers using the Change Ports shell script (see Cloud Remote (Conditional) > Custom Port Numbers (Conditional)) once the appliance is fully configured and communicating with the CloudCenter Suite cluster. If you plan to modify any of these three port numbers, update the firewall rules accordingly.

For a multi-node Cloud Remote cluster deployment, these additional port rules should be added to the same security group used for the single node configuration:

PortProtocolSource
2377TCP<cr_sec_group> *
25672TCP<cr_sec_group>
7946UDP<cr_sec_group>
4369TCP<cr_sec_group>
9010TCP<cr_sec_group>
4789UDP<cr_sec_group>

 * <cr_sec_group> represents the security group that all Cloud Remote nodes are joined to.

Specify AMQP and Guacamole Addresses for Supporting Cloud Remote

From the CloudCenter Suite UI, for the cloud region requiring Cloud Remote, navigate to the corresponding Regions or Details tab. Click the Configure Region link in the upper left of the Region Connectivity section to bring up the Configure Region dialog box. The toggle settings should be the same as when you set them in the connectivity page of the Add Cloud dialog box. You must update some of the address fields in the dialog box according to the scenarios summarized in the table below.

Toggle SettingsFieldValue

Worker VMs Directly Connect with CloudCenter = No
AND
CloudCenter Directly Accessible from Cloud Remote = Yes

Local AMQP IP Address

Pre-populated with the address and port number of the "local" AMQP server running in the CloudCenter Suite cluster. This address must be accessible to Cloud Remote

If Cloud Remote is accessing the CloudCenter Suite cluster through a user-supplied proxy server or NAT firewall, overwrite this field with the corresponding local AMQP IP address and port number provided by the user-supplied proxy server or NAT firewall and accessible to Cloud Remote.

Worker VMs Directly Connect with CloudCenter = No
AND
CloudCenter Directly Accessible from Cloud Remote = No
Remote AMQP IP Address

Enter <Cloud_Remote_IP>:<amqp_port>, where
<Cloud_Remote_IP> = the IP address Cloud Remote which is accessible to the CloudCenter Suite cluster, and
<amqp_port> = 5671 OR the custom AMQP port number you would later set with the Change Ports shell script on the Cloud Remote appliance (see Cloud Remote (Conditional) >
Custom Port Numbers (Conditional)).

If there is no user-supplied NAT firewall or proxy server between the CloudCenter Suite cluster and Cloud Remote, the IP address would be the public IP address of Cloud Remote.

If there is a NAT firewall or proxy server between the CloudCenter Suite cluster and Cloud Remote, instead, enter the corresponding public IP address and port number that the firewall or proxy server presents to the internet on behalf of the "remote" AMQP server running in Cloud Remote.


Worker VMs Directly Connect with CloudCenter = NoWorker AMQP IP Address

Enter <Cloud_Remote_IP>:<amqp_port>, where
<Cloud_Remote_IP> = the Cloud Remote IP address accessible to the worker VMs, and
<amqp_port> = 5671 OR the custom AMQP port number you would later set with the Change Ports shell script on the Cloud Remote appliance (see Cloud Remote (Conditional) > Custom Port Numbers (Conditional)).

Worker VMs Directly Connect with CloudCenter = NoGuacamole Public IP and PortEnter <Cloud_Remote_IP>:<guac_port>, where
<Cloud_Remote_IP> = the Cloud Remote IP address accessible to CloudCenter Suite users, and
<guac_port> = 8443 OR the custom Guacamole port number you would later set with the Change Ports shell script on the Cloud Remote appliance (see Cloud Remote (Conditional) > Custom Port Numbers (Conditional)).
Worker VMs Directly Connect with CloudCenter = NoGuacamole IP Address and Port for Application VMsEnter <Cloud_Remote_IP>:<guac_port>, where
<Cloud_Remote_IP> = the Cloud Remote IP address accessible to worker VMs, and
<guac_port> = 7789

When done, click OK to save the setting and dismiss the dialog box.

Download Region Connectivity Settings and Upload to Cloud Remote

Cloud Remote uses the region connectivity settings set in the Workload Manager or Cost Optimizer UI. After saving the Region Configuration settings in the Workload Manager or Cost Optimizer UI, you must download them and to your local computer and then upload them to Cloud Remote as follows.

Click the Download Configuration link in the upper right of the Region Connectivity section, as shown in the figure below.

Clicking Download Configuration causes two things to happen:

  • An encrypted zip file named artifacts.zip will be downloaded by your browser. Make note of the location of this zip file as you will need to upload it to Cloud Remote through the Cloud Remote web UI (see below).

  • The Region Connectivity section header updates to display a Copy Encryption Key link, as shown in figure below. 

Click the Copy Encryption Key link to save the key to your clipboard. A success message will be display temporarily above the Region Connectivity section header. Make sure not to overwrite the clipboard with other data. You will need the key when you upload the configuration zip file to Cloud Remote.

If you change the connectivity settings in the CloudCenter Suite UI and need to again download the zip file, a new encryption key is automatically created and can be copied to the clipboard by clicking the Copy Encryption Key link again.

After you have downloaded the zip file and copied the encryption key to your clipboard, login to Cloud Remote web UI.

  1. Open another browser tab and login to https://<Cloud Remote_ip> with the default credentials: admin / cisco. 
  2. You will immediately be required to change your password. Do so. 
  3. You are now brought to the Cloud Remote home page as shown in the figure below.
  4. Click the Apply Configuration button in the page header. This prompts you to select a configuration file and enter the encryption key as shown in the figure below.
  5. Paste the encryption key that was copied to the clipboard into the Encryption Key field in the dialog box.
  6. Click Select File and browse to the artifacts.zip file that you downloaded through the CloudCenter Suite web UI and select it.
  7. Click Confirm.
  8. Once the zip file is successfully transmitted and accepted, the Cloud Remote appliance attempts to establish communication with the CloudCenter Suite cluster and the Cloud Remote web UI home page is updated to show the name of the region it is connecting to in the upper right (see figure below).

Switch your focus back to the Region Connectivity section of the target cloud region in the CloudCenter Suite web UI. The status indicator in the Region Connectivity section header will change from Not Configured to Running once connectivity between  Cloud Remote and the CloudCenter Suite cluster is completely established (see figure below).

After completing these steps, Workload Manager and Cost Optimizer can use Cloud Remote for communicating with the target cloud region.


 Cloud Remote in a vCenter cloud for a Kubernetes cloud

Configure Cloud Remote in a vCenter Region for a Kubernetes Cloud

Configure Cloud Remote in a vCenter region to support a Kubernetes target cloud as follows.

Download and Launch the Cloud Remote Appliance in vCenter

  1. From your local computer, download the Cloud Remote appliance OVA from software.cisco.com.

  2. Log in to the vCenter console using the vSphere web client with Flash, or with the vSphere Windows client. Do not use the HTML5 web client.

  3. Navigate to the folder or resource pool where you want to deploy the OVA. Right click on that resource pool or folder and select Deploy OVF Template.

  4. From the Deploy OVF Template dialog box, for Source, select Local file and click Browse to find the OVA file you downloaded in step 1.

  5. Complete the fields for Name and location, Host / Cluster, Resource Pool, Storage, and Disk Format appropriate for your environment.

  6. For the Network Mapping section, make sure to properly map the Management network (public) and VM Network network (private) to the appropriate network names in your environment.

  7. For the Properties section, make sure to check the box labeled Does the VM need a second interface? if the Cloud Remote appliance needs to be multi-homed on a public network and a private network.

  8. Confirm your settings and click Finish to launch the VM.

  9. Optional but recommended for production environments: Deploy two additional instances of the appliance to form a cluster for HA. Cloud Remote includes support for clustering of multiple nodes. You will "add" these two additional instances to the first instance after the first instance is configured. See Cloud Remote (Conditional) > Scaling for details.

  10. Once the first instance of the appliance has been launched, use the vSphere client to note its IP public and private addresses. You will need this information later on in order login to the Cloud Remote web UI and to complete the Region Connectivity settings in the CloudCenter Suite Web UI. Also, note the IP addresses of any other appliances you launch.

Setup Cloud Remote Firewall Rules for a Kubernetes Cloud

After you deploy the Cloud Remote appliance, you will need to open various ports on each instance of the appliance. To do this, use the tools provided by the cloud provider to create a new security group for your Cloud Remote cluster; then, associate each appliance in the cluster with that security group. Use the tables below for guidance on what port rules should be added to that security group.

Port rules for a single node Cloud Remote deployment:

PortProtocolSourceUsage
22TCPLimit to address space of users needing SSH access for debugging and changing default portsSSH
443TCPLimit to address space of users needing access to the Cloud Remote web UI for setup and scalingHTTPS (Cloud Remote web UI)
5671TCPLimit to address of the CloudCenter Suite cluster's local AMQP serviceAMQP
15671TCPLimit to address space of users needing web access for debugging the remote AMQP serviceHTTPS (AMQP Management)

The Cloud Remote web UI and AMQP ports listed above are the defaults used by Cloud Remote. You may change these port numbers using the Change Ports shell script (see Cloud Remote (Conditional) > Custom Port Numbers (Conditional)) once the appliance is fully configured and communicating with the CloudCenter Suite cluster. If you plan to modify any of these three port numbers, update the firewall rules accordingly.

For a multi-node Cloud Remote cluster deployment, these additional port rules should be added to the same security group used for the single node configuration:

PortProtocolSource
2377TCP<cr_sec_group> *
25672TCP<cr_sec_group>
7946UDP<cr_sec_group>
4369TCP<cr_sec_group>
9010TCP<cr_sec_group>
4789UDP<cr_sec_group>

 * <cr_sec_group> represents the security group that all Cloud Remote nodes are joined to.

Specify AMQP Addresses for Supporting Cloud Remote for a Kubernetes Cloud

From the CloudCenter Suite UI, for the Kubernetes cloud requiring Cloud Remote, navigate to the corresponding Details tab. Click the Configure Region link in the upper left of the Region Connectivity section to bring up the Configure Region dialog box. 

The toggle settings should be the same as when you set them in the connectivity page of the Add Cloud dialog box. You may need to update the Local AMQP IP Address or the Remote AMQP IP Address fields per the table below.

Toggle SettingsFieldValue

Cloud Endpoint Directly Accessible = No
AND
CloudCenter Directly Accessible from Cloud Remote = Yes

Local AMQP IP Address

Pre-populated with the address and port number of the "local" AMQP server running in the CloudCenter Suite cluster.

If Cloud Remote is accessing the CloudCenter Suite cluster through a user-supplied proxy server or NAT firewall, overwrite this field with the corresponding local AMQP IP address and port number provided by the user-supplied proxy server or NAT firewall and accessible to Cloud Remote.

Cloud Endpoint Directly Accessible = No
AND
CloudCenter Directly Accessible from Cloud Remote = No
Remote AMQP IP Address

Enter <Cloud_Remote_IP>:<amqp_port>, where
<Cloud_Remote_IP> = the IP address Cloud Remote which is accessible to the CloudCenter Suite cluster, and
<amqp_port> = 5671 OR the custom AMQP port number
you would later set with the Change Ports shell script on the Cloud Remote appliance (see Cloud Remote (Conditional) > Custom Port Numbers (Conditional)).

If there is no user-supplied NAT firewall or proxy server between the CloudCenter Suite cluster and Cloud Remote, the IP address would be the public IP address of Cloud Remote.

If there is a NAT firewall or proxy server between the CloudCenter Suite cluster and Cloud Remote, instead, enter the corresponding public IP address and port number that the firewall or proxy server presents to the internet on behalf of the "remote" AMQP server running in Cloud Remote.

When done, click OK to save the setting and dismiss the dialog box.

Download Region Connectivity Settings and Upload to Cloud Remote

Cloud Remote uses the region connectivity settings set in the Workload Manager or Cost Optimizer UI. After saving the Region Configuration settings in the Workload Manager or Cost Optimizer UI, you must download them and to your local computer and then upload them to Cloud Remote as follows.

Click the Download Configuration link in the upper right of the Region Connectivity section, as shown in the figure below.

Clicking Download Configuration causes two things to happen:

  • An encrypted zip file named artifacts.zip will be downloaded by your browser. Make note of the location of this zip file as you will need to upload it to Cloud Remote through the Cloud Remote web UI (see below).

  • The Region Connectivity section header updates to display a Copy Encryption Key link, as shown in figure below. 

Click the Copy Encryption Key link to save the key to your clipboard. A success message will be display temporarily above the Region Connectivity section header. Make sure not to overwrite the clipboard with other data. You will need the key when you upload the configuration zip file to Cloud Remote.

If you change the connectivity settings in the CloudCenter Suite UI and need to again download the zip file, a new encryption key is automatically created and can be copied to the clipboard by clicking the Copy Encryption Key link again.

After you have downloaded the zip file and copied the encryption key to your clipboard, login to Cloud Remote web UI.

  1. Open another browser tab and login to https://<Cloud Remote_ip> with the default credentials: admin / cisco. 
  2. You will immediately be required to change your password. Do so. 
  3. You are now brought to the Cloud Remote home page as shown in the figure below.
  4. Click the Apply Configuration button in the page header. This prompts you to select a configuration file and enter the encryption key as shown in the figure below.
  5. Paste the encryption key that was copied to the clipboard into the Encryption Key field in the dialog box.
  6. Click Select File and browse to the artifacts.zip file that you downloaded through the CloudCenter Suite web UI and select it.
  7. Click Confirm.
  8. Once the zip file is successfully transmitted and accepted, the Cloud Remote appliance attempts to establish communication with the CloudCenter Suite cluster and the Cloud Remote web UI home page is updated to show the name of the region it is connecting to in the upper right (see figure below).

Switch your focus back to the Region Connectivity section of the target cloud region in the CloudCenter Suite web UI. The status indicator in the Region Connectivity section header will change from Not Configured to Running once connectivity between  Cloud Remote and the CloudCenter Suite cluster is completely established (see figure below).

After completing these steps, Workload Manager and Cost Optimizer can use Cloud Remote for communicating with the target cloud region.

 Cloud Remote for OpenStack

Configure Cloud Remote in an OpenStack Region

Configure Cloud Remote in an OpenStack region as follows.

Download and Launch the Cloud Remote Appliance in OpenStack

  1. Download the Cloud Remote appliance qcow2 file from software.cisco.com.

  2. Through the OpenStack console, import and launch the Cloud Remote appliance. This process is similar to importing and launching the CloudCenter Suite installer appliance for OpenStack.

    Do not add ‘Network Ports’ while launching a Cloud Remote instance in OpenStack.

  3. Optional but recommended for production environments: Deploy two additional instances of the appliance to form a cluster for HA. Cloud Remote includes support for clustering of multiple nodes. You will "add" these two additional instances to the first instance after the first instance is configured. See Cloud Remote (Conditional) > Scaling for details.

  4. Once the first instance of the appliance has been launched, use the OpenStack console to note its IP public and private addresses. You will need this information later on in order login to the Cloud Remote web UI and to complete the Region Connectivity settings in the CloudCenter Suite Web UI. Also, note the IP addresses of any other appliances you launch.


Setup Cloud Remote Firewall Rules for a VM-based Cloud Region

After you deploy the Cloud Remote appliance, you will need to open various ports on each instance of the appliance. To do this, use the tools provided by the cloud provider to create a new security group for your Cloud Remote cluster; then, associate each appliance in the cluster with that security group. Use the tables below for guidance on what port rules should be added to that security group.

Port rules for a single node Cloud Remote deployment:

PortProtocolSourceUsage
22TCPLimit to address space of users needing SSH access for debugging and changing default portsSSH
443TCPLimit to address space of users needing access to the Cloud Remote web UI for setup and scalingHTTPS (Cloud Remote web UI)
8443TCPLimit to address space of users needing SSH or RDP access to their managed VMsUser to Guacamole
5671TCPLimit to address space of the managed VMs and the address of the CloudCenter Suite cluster's local AMQP serviceAMQP
15671TCPLimit to address space of users needing web access for debugging the remote AMQP serviceHTTPS (AMQP Management)
7789TCPLimit to address space of the managed VMsWorker VM to Guacamole

The Cloud Remote web UI, User-to-Guacamole, and AMQP ports listed above are the defaults used by Cloud Remote. You may change these port numbers using the Change Ports shell script (see Cloud Remote (Conditional) > Custom Port Numbers (Conditional)) once the appliance is fully configured and communicating with the CloudCenter Suite cluster. If you plan to modify any of these three port numbers, update the firewall rules accordingly.

For a multi-node Cloud Remote cluster deployment, these additional port rules should be added to the same security group used for the single node configuration:

PortProtocolSource
2377TCP<cr_sec_group> *
25672TCP<cr_sec_group>
7946UDP<cr_sec_group>
4369TCP<cr_sec_group>
9010TCP<cr_sec_group>
4789UDP<cr_sec_group>

 * <cr_sec_group> represents the security group that all Cloud Remote nodes are joined to.

Specify AMQP and Guacamole Addresses for Supporting Cloud Remote

From the CloudCenter Suite UI, for the cloud region requiring Cloud Remote, navigate to the corresponding Regions or Details tab. Click the Configure Region link in the upper left of the Region Connectivity section to bring up the Configure Region dialog box. The toggle settings should be the same as when you set them in the connectivity page of the Add Cloud dialog box. You must update some of the address fields in the dialog box according to the scenarios summarized in the table below.

Toggle SettingsFieldValue

Worker VMs Directly Connect with CloudCenter = No
AND
CloudCenter Directly Accessible from Cloud Remote = Yes

Local AMQP IP Address

Pre-populated with the address and port number of the "local" AMQP server running in the CloudCenter Suite cluster. This address must be accessible to Cloud Remote

If Cloud Remote is accessing the CloudCenter Suite cluster through a user-supplied proxy server or NAT firewall, overwrite this field with the corresponding local AMQP IP address and port number provided by the user-supplied proxy server or NAT firewall and accessible to Cloud Remote.

Worker VMs Directly Connect with CloudCenter = No
AND
CloudCenter Directly Accessible from Cloud Remote = No
Remote AMQP IP Address

Enter <Cloud_Remote_IP>:<amqp_port>, where
<Cloud_Remote_IP> = the IP address Cloud Remote which is accessible to the CloudCenter Suite cluster, and
<amqp_port> = 5671 OR the custom AMQP port number you would later set with the Change Ports shell script on the Cloud Remote appliance (see Cloud Remote (Conditional) >
Custom Port Numbers (Conditional)).

If there is no user-supplied NAT firewall or proxy server between the CloudCenter Suite cluster and Cloud Remote, the IP address would be the public IP address of Cloud Remote.

If there is a NAT firewall or proxy server between the CloudCenter Suite cluster and Cloud Remote, instead, enter the corresponding public IP address and port number that the firewall or proxy server presents to the internet on behalf of the "remote" AMQP server running in Cloud Remote.


Worker VMs Directly Connect with CloudCenter = NoWorker AMQP IP Address

Enter <Cloud_Remote_IP>:<amqp_port>, where
<Cloud_Remote_IP> = the Cloud Remote IP address accessible to the worker VMs, and
<amqp_port> = 5671 OR the custom AMQP port number you would later set with the Change Ports shell script on the Cloud Remote appliance (see Cloud Remote (Conditional) > Custom Port Numbers (Conditional)).

Worker VMs Directly Connect with CloudCenter = NoGuacamole Public IP and PortEnter <Cloud_Remote_IP>:<guac_port>, where
<Cloud_Remote_IP> = the Cloud Remote IP address accessible to CloudCenter Suite users, and
<guac_port> = 8443 OR the custom Guacamole port number you would later set with the Change Ports shell script on the Cloud Remote appliance (see Cloud Remote (Conditional) > Custom Port Numbers (Conditional)).
Worker VMs Directly Connect with CloudCenter = NoGuacamole IP Address and Port for Application VMsEnter <Cloud_Remote_IP>:<guac_port>, where
<Cloud_Remote_IP> = the Cloud Remote IP address accessible to worker VMs, and
<guac_port> = 7789

When done, click OK to save the setting and dismiss the dialog box.

Download Region Connectivity Settings and Upload to Cloud Remote

Cloud Remote uses the region connectivity settings set in the Workload Manager or Cost Optimizer UI. After saving the Region Configuration settings in the Workload Manager or Cost Optimizer UI, you must download them and to your local computer and then upload them to Cloud Remote as follows.

Click the Download Configuration link in the upper right of the Region Connectivity section, as shown in the figure below.

Clicking Download Configuration causes two things to happen:

  • An encrypted zip file named artifacts.zip will be downloaded by your browser. Make note of the location of this zip file as you will need to upload it to Cloud Remote through the Cloud Remote web UI (see below).

  • The Region Connectivity section header updates to display a Copy Encryption Key link, as shown in figure below. 

Click the Copy Encryption Key link to save the key to your clipboard. A success message will be display temporarily above the Region Connectivity section header. Make sure not to overwrite the clipboard with other data. You will need the key when you upload the configuration zip file to Cloud Remote.

If you change the connectivity settings in the CloudCenter Suite UI and need to again download the zip file, a new encryption key is automatically created and can be copied to the clipboard by clicking the Copy Encryption Key link again.

After you have downloaded the zip file and copied the encryption key to your clipboard, login to Cloud Remote web UI.

  1. Open another browser tab and login to https://<Cloud Remote_ip> with the default credentials: admin / cisco. 
  2. You will immediately be required to change your password. Do so. 
  3. You are now brought to the Cloud Remote home page as shown in the figure below.
  4. Click the Apply Configuration button in the page header. This prompts you to select a configuration file and enter the encryption key as shown in the figure below.
  5. Paste the encryption key that was copied to the clipboard into the Encryption Key field in the dialog box.
  6. Click Select File and browse to the artifacts.zip file that you downloaded through the CloudCenter Suite web UI and select it.
  7. Click Confirm.
  8. Once the zip file is successfully transmitted and accepted, the Cloud Remote appliance attempts to establish communication with the CloudCenter Suite cluster and the Cloud Remote web UI home page is updated to show the name of the region it is connecting to in the upper right (see figure below).

Switch your focus back to the Region Connectivity section of the target cloud region in the CloudCenter Suite web UI. The status indicator in the Region Connectivity section header will change from Not Configured to Running once connectivity between  Cloud Remote and the CloudCenter Suite cluster is completely established (see figure below).

After completing these steps, Workload Manager and Cost Optimizer can use Cloud Remote for communicating with the target cloud region.


 Cloud Remote in an OpenStack region for a Kubernetes cloud

Configure Cloud Remote in an OpenStack Region for a Kubernetes Cloud

Configure Cloud Remote in a OpenStack region to support a Kubernetes target cloud as follows.

Download and Launch the Cloud Remote Appliance in OpenStack

  1. Download the Cloud Remote appliance qcow2 file from software.cisco.com.

  2. Through the OpenStack console, import and launch the Cloud Remote appliance. This process is similar to importing and launching the CloudCenter Suite installer appliance for OpenStack.

    Do not add ‘Network Ports’ while launching a Cloud Remote instance in OpenStack.

  3. Optional but recommended for production environments: Deploy two additional instances of the appliance to form a cluster for HA. Cloud Remote includes support for clustering of multiple nodes. You will "add" these two additional instances to the first instance after the first instance is configured. See Cloud Remote (Conditional) > Scaling for details.

  4. Once the first instance of the appliance has been launched, use the OpenStack console to note its IP public and private addresses. You will need this information later on in order login to the Cloud Remote web UI and to complete the Region Connectivity settings in the CloudCenter Suite Web UI. Also, note the IP addresses of any other appliances you launch.


Setup Cloud Remote Firewall Rules for a Kubernetes Cloud

After you deploy the Cloud Remote appliance, you will need to open various ports on each instance of the appliance. To do this, use the tools provided by the cloud provider to create a new security group for your Cloud Remote cluster; then, associate each appliance in the cluster with that security group. Use the tables below for guidance on what port rules should be added to that security group.

Port rules for a single node Cloud Remote deployment:

PortProtocolSourceUsage
22TCPLimit to address space of users needing SSH access for debugging and changing default portsSSH
443TCPLimit to address space of users needing access to the Cloud Remote web UI for setup and scalingHTTPS (Cloud Remote web UI)
5671TCPLimit to address of the CloudCenter Suite cluster's local AMQP serviceAMQP
15671TCPLimit to address space of users needing web access for debugging the remote AMQP serviceHTTPS (AMQP Management)

The Cloud Remote web UI and AMQP ports listed above are the defaults used by Cloud Remote. You may change these port numbers using the Change Ports shell script (see Cloud Remote (Conditional) > Custom Port Numbers (Conditional)) once the appliance is fully configured and communicating with the CloudCenter Suite cluster. If you plan to modify any of these three port numbers, update the firewall rules accordingly.

For a multi-node Cloud Remote cluster deployment, these additional port rules should be added to the same security group used for the single node configuration:

PortProtocolSource
2377TCP<cr_sec_group> *
25672TCP<cr_sec_group>
7946UDP<cr_sec_group>
4369TCP<cr_sec_group>
9010TCP<cr_sec_group>
4789UDP<cr_sec_group>

 * <cr_sec_group> represents the security group that all Cloud Remote nodes are joined to.

Specify AMQP Addresses for Supporting Cloud Remote for a Kubernetes Cloud

From the CloudCenter Suite UI, for the Kubernetes cloud requiring Cloud Remote, navigate to the corresponding Details tab. Click the Configure Region link in the upper left of the Region Connectivity section to bring up the Configure Region dialog box. 

The toggle settings should be the same as when you set them in the connectivity page of the Add Cloud dialog box. You may need to update the Local AMQP IP Address or the Remote AMQP IP Address fields per the table below.

Toggle SettingsFieldValue

Cloud Endpoint Directly Accessible = No
AND
CloudCenter Directly Accessible from Cloud Remote = Yes

Local AMQP IP Address

Pre-populated with the address and port number of the "local" AMQP server running in the CloudCenter Suite cluster.

If Cloud Remote is accessing the CloudCenter Suite cluster through a user-supplied proxy server or NAT firewall, overwrite this field with the corresponding local AMQP IP address and port number provided by the user-supplied proxy server or NAT firewall and accessible to Cloud Remote.

Cloud Endpoint Directly Accessible = No
AND
CloudCenter Directly Accessible from Cloud Remote = No
Remote AMQP IP Address

Enter <Cloud_Remote_IP>:<amqp_port>, where
<Cloud_Remote_IP> = the IP address Cloud Remote which is accessible to the CloudCenter Suite cluster, and
<amqp_port> = 5671 OR the custom AMQP port number
you would later set with the Change Ports shell script on the Cloud Remote appliance (see Cloud Remote (Conditional) > Custom Port Numbers (Conditional)).

If there is no user-supplied NAT firewall or proxy server between the CloudCenter Suite cluster and Cloud Remote, the IP address would be the public IP address of Cloud Remote.

If there is a NAT firewall or proxy server between the CloudCenter Suite cluster and Cloud Remote, instead, enter the corresponding public IP address and port number that the firewall or proxy server presents to the internet on behalf of the "remote" AMQP server running in Cloud Remote.

When done, click OK to save the setting and dismiss the dialog box.

Download Region Connectivity Settings and Upload to Cloud Remote

Cloud Remote uses the region connectivity settings set in the Workload Manager or Cost Optimizer UI. After saving the Region Configuration settings in the Workload Manager or Cost Optimizer UI, you must download them and to your local computer and then upload them to Cloud Remote as follows.

Click the Download Configuration link in the upper right of the Region Connectivity section, as shown in the figure below.

Clicking Download Configuration causes two things to happen:

  • An encrypted zip file named artifacts.zip will be downloaded by your browser. Make note of the location of this zip file as you will need to upload it to Cloud Remote through the Cloud Remote web UI (see below).

  • The Region Connectivity section header updates to display a Copy Encryption Key link, as shown in figure below. 

Click the Copy Encryption Key link to save the key to your clipboard. A success message will be display temporarily above the Region Connectivity section header. Make sure not to overwrite the clipboard with other data. You will need the key when you upload the configuration zip file to Cloud Remote.

If you change the connectivity settings in the CloudCenter Suite UI and need to again download the zip file, a new encryption key is automatically created and can be copied to the clipboard by clicking the Copy Encryption Key link again.

After you have downloaded the zip file and copied the encryption key to your clipboard, login to Cloud Remote web UI.

  1. Open another browser tab and login to https://<Cloud Remote_ip> with the default credentials: admin / cisco. 
  2. You will immediately be required to change your password. Do so. 
  3. You are now brought to the Cloud Remote home page as shown in the figure below.
  4. Click the Apply Configuration button in the page header. This prompts you to select a configuration file and enter the encryption key as shown in the figure below.
  5. Paste the encryption key that was copied to the clipboard into the Encryption Key field in the dialog box.
  6. Click Select File and browse to the artifacts.zip file that you downloaded through the CloudCenter Suite web UI and select it.
  7. Click Confirm.
  8. Once the zip file is successfully transmitted and accepted, the Cloud Remote appliance attempts to establish communication with the CloudCenter Suite cluster and the Cloud Remote web UI home page is updated to show the name of the region it is connecting to in the upper right (see figure below).

Switch your focus back to the Region Connectivity section of the target cloud region in the CloudCenter Suite web UI. The status indicator in the Region Connectivity section header will change from Not Configured to Running once connectivity between  Cloud Remote and the CloudCenter Suite cluster is completely established (see figure below).

After completing these steps, Workload Manager and Cost Optimizer can use Cloud Remote for communicating with the target cloud region.

 Cloud Remote for AWS

Configure Cloud Remote in an AWS Region

Configure Cloud Remote in an AWS region as follows.

Obtain and Launch the Cloud Remote Appliance in AWS

  1. Obtain the Cloud Remote shared AMI form Cisco support and launch it. Follow the same guidance for obtaining and launching the CloudCenter Suite installer appliance for AWS.

  2. Optional but recommended for production environments: Deploy two additional instances of the appliance to form a cluster for HA. Cloud Remote includes support for clustering of multiple nodes. You will "add" these two additional instances to the first instance after the first instance is configured.  See Cloud Remote (Conditional) > Scaling for details.

  3. Once the first instance of the appliance has been launched, use your cloud console to note its IP public and private addresses. You will need this information later on in order login to the Cloud Remote web UI and to complete the Region Connectivity settings in the CloudCenter Suite Web UI. Also, note the IP addresses of any other instances you launch.

Setup Cloud Remote Firewall Rules for a VM-based Cloud Region

After you deploy the Cloud Remote appliance, you will need to open various ports on each instance of the appliance. To do this, use the tools provided by the cloud provider to create a new security group for your Cloud Remote cluster; then, associate each appliance in the cluster with that security group. Use the tables below for guidance on what port rules should be added to that security group.

Port rules for a single node Cloud Remote deployment:

PortProtocolSourceUsage
22TCPLimit to address space of users needing SSH access for debugging and changing default portsSSH
443TCPLimit to address space of users needing access to the Cloud Remote web UI for setup and scalingHTTPS (Cloud Remote web UI)
8443TCPLimit to address space of users needing SSH or RDP access to their managed VMsUser to Guacamole
5671TCPLimit to address space of the managed VMs and the address of the CloudCenter Suite cluster's local AMQP serviceAMQP
15671TCPLimit to address space of users needing web access for debugging the remote AMQP serviceHTTPS (AMQP Management)
7789TCPLimit to address space of the managed VMsWorker VM to Guacamole

The Cloud Remote web UI, User-to-Guacamole, and AMQP ports listed above are the defaults used by Cloud Remote. You may change these port numbers using the Change Ports shell script (see Cloud Remote (Conditional) > Custom Port Numbers (Conditional)) once the appliance is fully configured and communicating with the CloudCenter Suite cluster. If you plan to modify any of these three port numbers, update the firewall rules accordingly.

For a multi-node Cloud Remote cluster deployment, these additional port rules should be added to the same security group used for the single node configuration:

PortProtocolSource
2377TCP<cr_sec_group> *
25672TCP<cr_sec_group>
7946UDP<cr_sec_group>
4369TCP<cr_sec_group>
9010TCP<cr_sec_group>
4789UDP<cr_sec_group>

 * <cr_sec_group> represents the security group that all Cloud Remote nodes are joined to.

Specify AMQP and Guacamole Addresses for Supporting Cloud Remote

From the CloudCenter Suite UI, for the cloud region requiring Cloud Remote, navigate to the corresponding Regions or Details tab. Click the Configure Region link in the upper left of the Region Connectivity section to bring up the Configure Region dialog box. The toggle settings should be the same as when you set them in the connectivity page of the Add Cloud dialog box. You must update some of the address fields in the dialog box according to the scenarios summarized in the table below.

Toggle SettingsFieldValue

Worker VMs Directly Connect with CloudCenter = No
AND
CloudCenter Directly Accessible from Cloud Remote = Yes

Local AMQP IP Address

Pre-populated with the address and port number of the "local" AMQP server running in the CloudCenter Suite cluster. This address must be accessible to Cloud Remote

If Cloud Remote is accessing the CloudCenter Suite cluster through a user-supplied proxy server or NAT firewall, overwrite this field with the corresponding local AMQP IP address and port number provided by the user-supplied proxy server or NAT firewall and accessible to Cloud Remote.

Worker VMs Directly Connect with CloudCenter = No
AND
CloudCenter Directly Accessible from Cloud Remote = No
Remote AMQP IP Address

Enter <Cloud_Remote_IP>:<amqp_port>, where
<Cloud_Remote_IP> = the IP address Cloud Remote which is accessible to the CloudCenter Suite cluster, and
<amqp_port> = 5671 OR the custom AMQP port number you would later set with the Change Ports shell script on the Cloud Remote appliance (see Cloud Remote (Conditional) >
Custom Port Numbers (Conditional)).

If there is no user-supplied NAT firewall or proxy server between the CloudCenter Suite cluster and Cloud Remote, the IP address would be the public IP address of Cloud Remote.

If there is a NAT firewall or proxy server between the CloudCenter Suite cluster and Cloud Remote, instead, enter the corresponding public IP address and port number that the firewall or proxy server presents to the internet on behalf of the "remote" AMQP server running in Cloud Remote.


Worker VMs Directly Connect with CloudCenter = NoWorker AMQP IP Address

Enter <Cloud_Remote_IP>:<amqp_port>, where
<Cloud_Remote_IP> = the Cloud Remote IP address accessible to the worker VMs, and
<amqp_port> = 5671 OR the custom AMQP port number you would later set with the Change Ports shell script on the Cloud Remote appliance (see Cloud Remote (Conditional) > Custom Port Numbers (Conditional)).

Worker VMs Directly Connect with CloudCenter = NoGuacamole Public IP and PortEnter <Cloud_Remote_IP>:<guac_port>, where
<Cloud_Remote_IP> = the Cloud Remote IP address accessible to CloudCenter Suite users, and
<guac_port> = 8443 OR the custom Guacamole port number you would later set with the Change Ports shell script on the Cloud Remote appliance (see Cloud Remote (Conditional) > Custom Port Numbers (Conditional)).
Worker VMs Directly Connect with CloudCenter = NoGuacamole IP Address and Port for Application VMsEnter <Cloud_Remote_IP>:<guac_port>, where
<Cloud_Remote_IP> = the Cloud Remote IP address accessible to worker VMs, and
<guac_port> = 7789

When done, click OK to save the setting and dismiss the dialog box.

Download Region Connectivity Settings and Upload to Cloud Remote

Cloud Remote uses the region connectivity settings set in the Workload Manager or Cost Optimizer UI. After saving the Region Configuration settings in the Workload Manager or Cost Optimizer UI, you must download them and to your local computer and then upload them to Cloud Remote as follows.

Click the Download Configuration link in the upper right of the Region Connectivity section, as shown in the figure below.

Clicking Download Configuration causes two things to happen:

  • An encrypted zip file named artifacts.zip will be downloaded by your browser. Make note of the location of this zip file as you will need to upload it to Cloud Remote through the Cloud Remote web UI (see below).

  • The Region Connectivity section header updates to display a Copy Encryption Key link, as shown in figure below. 

Click the Copy Encryption Key link to save the key to your clipboard. A success message will be display temporarily above the Region Connectivity section header. Make sure not to overwrite the clipboard with other data. You will need the key when you upload the configuration zip file to Cloud Remote.

If you change the connectivity settings in the CloudCenter Suite UI and need to again download the zip file, a new encryption key is automatically created and can be copied to the clipboard by clicking the Copy Encryption Key link again.

After you have downloaded the zip file and copied the encryption key to your clipboard, login to Cloud Remote web UI.

  1. Open another browser tab and login to https://<Cloud Remote_ip> with the default credentials: admin / cisco. 
  2. You will immediately be required to change your password. Do so. 
  3. You are now brought to the Cloud Remote home page as shown in the figure below.
  4. Click the Apply Configuration button in the page header. This prompts you to select a configuration file and enter the encryption key as shown in the figure below.
  5. Paste the encryption key that was copied to the clipboard into the Encryption Key field in the dialog box.
  6. Click Select File and browse to the artifacts.zip file that you downloaded through the CloudCenter Suite web UI and select it.
  7. Click Confirm.
  8. Once the zip file is successfully transmitted and accepted, the Cloud Remote appliance attempts to establish communication with the CloudCenter Suite cluster and the Cloud Remote web UI home page is updated to show the name of the region it is connecting to in the upper right (see figure below).

Switch your focus back to the Region Connectivity section of the target cloud region in the CloudCenter Suite web UI. The status indicator in the Region Connectivity section header will change from Not Configured to Running once connectivity between  Cloud Remote and the CloudCenter Suite cluster is completely established (see figure below).

After completing these steps, Workload Manager and Cost Optimizer can use Cloud Remote for communicating with the target cloud region.


 Cloud Remote in an AWS region for a Kubernetes cloud

Configure Cloud Remote in an AWS Region for a Kubernetes Cloud

Configure Cloud Remote in an AWS region to support a Kubernetes target cloud as follows.

Obtain and Launch the Cloud Remote Appliance in AWS

  1. Obtain the Cloud Remote shared AMI form Cisco support and launch it. Follow the same guidance for obtaining and launching the CloudCenter Suite installer appliance for AWS.

  2. Optional but recommended for production environments: Deploy two additional instances of the appliance to form a cluster for HA. Cloud Remote includes support for clustering of multiple nodes. You will "add" these two additional instances to the first instance after the first instance is configured.  See Cloud Remote (Conditional) > Scaling for details.

  3. Once the first instance of the appliance has been launched, use your cloud console to note its IP public and private addresses. You will need this information later on in order login to the Cloud Remote web UI and to complete the Region Connectivity settings in the CloudCenter Suite Web UI. Also, note the IP addresses of any other instances you launch.

Setup Cloud Remote Firewall Rules for a Kubernetes Cloud

After you deploy the Cloud Remote appliance, you will need to open various ports on each instance of the appliance. To do this, use the tools provided by the cloud provider to create a new security group for your Cloud Remote cluster; then, associate each appliance in the cluster with that security group. Use the tables below for guidance on what port rules should be added to that security group.

Port rules for a single node Cloud Remote deployment:

PortProtocolSourceUsage
22TCPLimit to address space of users needing SSH access for debugging and changing default portsSSH
443TCPLimit to address space of users needing access to the Cloud Remote web UI for setup and scalingHTTPS (Cloud Remote web UI)
5671TCPLimit to address of the CloudCenter Suite cluster's local AMQP serviceAMQP
15671TCPLimit to address space of users needing web access for debugging the remote AMQP serviceHTTPS (AMQP Management)

The Cloud Remote web UI and AMQP ports listed above are the defaults used by Cloud Remote. You may change these port numbers using the Change Ports shell script (see Cloud Remote (Conditional) > Custom Port Numbers (Conditional)) once the appliance is fully configured and communicating with the CloudCenter Suite cluster. If you plan to modify any of these three port numbers, update the firewall rules accordingly.

For a multi-node Cloud Remote cluster deployment, these additional port rules should be added to the same security group used for the single node configuration:

PortProtocolSource
2377TCP<cr_sec_group> *
25672TCP<cr_sec_group>
7946UDP<cr_sec_group>
4369TCP<cr_sec_group>
9010TCP<cr_sec_group>
4789UDP<cr_sec_group>

 * <cr_sec_group> represents the security group that all Cloud Remote nodes are joined to.

Specify AMQP Addresses for Supporting Cloud Remote for a Kubernetes Cloud

From the CloudCenter Suite UI, for the Kubernetes cloud requiring Cloud Remote, navigate to the corresponding Details tab. Click the Configure Region link in the upper left of the Region Connectivity section to bring up the Configure Region dialog box. 

The toggle settings should be the same as when you set them in the connectivity page of the Add Cloud dialog box. You may need to update the Local AMQP IP Address or the Remote AMQP IP Address fields per the table below.

Toggle SettingsFieldValue

Cloud Endpoint Directly Accessible = No
AND
CloudCenter Directly Accessible from Cloud Remote = Yes

Local AMQP IP Address

Pre-populated with the address and port number of the "local" AMQP server running in the CloudCenter Suite cluster.

If Cloud Remote is accessing the CloudCenter Suite cluster through a user-supplied proxy server or NAT firewall, overwrite this field with the corresponding local AMQP IP address and port number provided by the user-supplied proxy server or NAT firewall and accessible to Cloud Remote.

Cloud Endpoint Directly Accessible = No
AND
CloudCenter Directly Accessible from Cloud Remote = No
Remote AMQP IP Address

Enter <Cloud_Remote_IP>:<amqp_port>, where
<Cloud_Remote_IP> = the IP address Cloud Remote which is accessible to the CloudCenter Suite cluster, and
<amqp_port> = 5671 OR the custom AMQP port number
you would later set with the Change Ports shell script on the Cloud Remote appliance (see Cloud Remote (Conditional) > Custom Port Numbers (Conditional)).

If there is no user-supplied NAT firewall or proxy server between the CloudCenter Suite cluster and Cloud Remote, the IP address would be the public IP address of Cloud Remote.

If there is a NAT firewall or proxy server between the CloudCenter Suite cluster and Cloud Remote, instead, enter the corresponding public IP address and port number that the firewall or proxy server presents to the internet on behalf of the "remote" AMQP server running in Cloud Remote.

When done, click OK to save the setting and dismiss the dialog box.

Download Region Connectivity Settings and Upload to Cloud Remote

Cloud Remote uses the region connectivity settings set in the Workload Manager or Cost Optimizer UI. After saving the Region Configuration settings in the Workload Manager or Cost Optimizer UI, you must download them and to your local computer and then upload them to Cloud Remote as follows.

Click the Download Configuration link in the upper right of the Region Connectivity section, as shown in the figure below.

Clicking Download Configuration causes two things to happen:

  • An encrypted zip file named artifacts.zip will be downloaded by your browser. Make note of the location of this zip file as you will need to upload it to Cloud Remote through the Cloud Remote web UI (see below).

  • The Region Connectivity section header updates to display a Copy Encryption Key link, as shown in figure below. 

Click the Copy Encryption Key link to save the key to your clipboard. A success message will be display temporarily above the Region Connectivity section header. Make sure not to overwrite the clipboard with other data. You will need the key when you upload the configuration zip file to Cloud Remote.

If you change the connectivity settings in the CloudCenter Suite UI and need to again download the zip file, a new encryption key is automatically created and can be copied to the clipboard by clicking the Copy Encryption Key link again.

After you have downloaded the zip file and copied the encryption key to your clipboard, login to Cloud Remote web UI.

  1. Open another browser tab and login to https://<Cloud Remote_ip> with the default credentials: admin / cisco. 
  2. You will immediately be required to change your password. Do so. 
  3. You are now brought to the Cloud Remote home page as shown in the figure below.
  4. Click the Apply Configuration button in the page header. This prompts you to select a configuration file and enter the encryption key as shown in the figure below.
  5. Paste the encryption key that was copied to the clipboard into the Encryption Key field in the dialog box.
  6. Click Select File and browse to the artifacts.zip file that you downloaded through the CloudCenter Suite web UI and select it.
  7. Click Confirm.
  8. Once the zip file is successfully transmitted and accepted, the Cloud Remote appliance attempts to establish communication with the CloudCenter Suite cluster and the Cloud Remote web UI home page is updated to show the name of the region it is connecting to in the upper right (see figure below).

Switch your focus back to the Region Connectivity section of the target cloud region in the CloudCenter Suite web UI. The status indicator in the Region Connectivity section header will change from Not Configured to Running once connectivity between  Cloud Remote and the CloudCenter Suite cluster is completely established (see figure below).

After completing these steps, Workload Manager and Cost Optimizer can use Cloud Remote for communicating with the target cloud region.

 Cloud Remote for AzureRM

Cloud Remote for AzureRM

Follow these steps to obtain, launch and configure Cloud Remote for an AzureRM region.

Download and Launch the Cloud Remote Appliance in AzureRM

  1. Download the Cloud Remote appliance for AzureRM as zip file from software.cisco.com and then unzip it to reveal the VHD file.

  2. Upload the Cloud Remote appliance VHD file to AzureRM using the AzureRM CLI, then launch the appliance from the AzureRM console web UI. This process is similar to uploading and launching the CloudCenter Suite installer appliance for AzureRM.

    You must use the AzureRM CLI to perform this upload.

  3. Optional but recommended for production environments: Deploy two additional instances of the appliance to form a cluster for HA. Cloud Remote includes support for clustering of multiple nodes. You will "add" these two additional instances to the first instance after the first instance is configured.  See Cloud Remote (Conditional) > Scaling for details.

  4. Once the first instance of the appliance has been launched, use the AzureRM console to note its IP public and private addresses. You will need this information later on in order login to the Cloud Remote web UI and to complete the Region Connectivity settings in the CloudCenter Suite Web UI. Also, note the IP addresses of any other appliances you launch.

Setup Cloud Remote Firewall Rules for a VM-based Cloud Region

After you deploy the Cloud Remote appliance, you will need to open various ports on each instance of the appliance. To do this, use the tools provided by the cloud provider to create a new security group for your Cloud Remote cluster; then, associate each appliance in the cluster with that security group. Use the tables below for guidance on what port rules should be added to that security group.

Port rules for a single node Cloud Remote deployment:

PortProtocolSourceUsage
22TCPLimit to address space of users needing SSH access for debugging and changing default portsSSH
443TCPLimit to address space of users needing access to the Cloud Remote web UI for setup and scalingHTTPS (Cloud Remote web UI)
8443TCPLimit to address space of users needing SSH or RDP access to their managed VMsUser to Guacamole
5671TCPLimit to address space of the managed VMs and the address of the CloudCenter Suite cluster's local AMQP serviceAMQP
15671TCPLimit to address space of users needing web access for debugging the remote AMQP serviceHTTPS (AMQP Management)
7789TCPLimit to address space of the managed VMsWorker VM to Guacamole

The Cloud Remote web UI, User-to-Guacamole, and AMQP ports listed above are the defaults used by Cloud Remote. You may change these port numbers using the Change Ports shell script (see Cloud Remote (Conditional) > Custom Port Numbers (Conditional)) once the appliance is fully configured and communicating with the CloudCenter Suite cluster. If you plan to modify any of these three port numbers, update the firewall rules accordingly.

For a multi-node Cloud Remote cluster deployment, these additional port rules should be added to the same security group used for the single node configuration:

PortProtocolSource
2377TCP<cr_sec_group> *
25672TCP<cr_sec_group>
7946UDP<cr_sec_group>
4369TCP<cr_sec_group>
9010TCP<cr_sec_group>
4789UDP<cr_sec_group>

 * <cr_sec_group> represents the security group that all Cloud Remote nodes are joined to.

Specify AMQP and Guacamole Addresses for Supporting Cloud Remote

From the CloudCenter Suite UI, for the cloud region requiring Cloud Remote, navigate to the corresponding Regions or Details tab. Click the Configure Region link in the upper left of the Region Connectivity section to bring up the Configure Region dialog box. The toggle settings should be the same as when you set them in the connectivity page of the Add Cloud dialog box. You must update some of the address fields in the dialog box according to the scenarios summarized in the table below.

Toggle SettingsFieldValue

Worker VMs Directly Connect with CloudCenter = No
AND
CloudCenter Directly Accessible from Cloud Remote = Yes

Local AMQP IP Address

Pre-populated with the address and port number of the "local" AMQP server running in the CloudCenter Suite cluster. This address must be accessible to Cloud Remote

If Cloud Remote is accessing the CloudCenter Suite cluster through a user-supplied proxy server or NAT firewall, overwrite this field with the corresponding local AMQP IP address and port number provided by the user-supplied proxy server or NAT firewall and accessible to Cloud Remote.

Worker VMs Directly Connect with CloudCenter = No
AND
CloudCenter Directly Accessible from Cloud Remote = No
Remote AMQP IP Address

Enter <Cloud_Remote_IP>:<amqp_port>, where
<Cloud_Remote_IP> = the IP address Cloud Remote which is accessible to the CloudCenter Suite cluster, and
<amqp_port> = 5671 OR the custom AMQP port number you would later set with the Change Ports shell script on the Cloud Remote appliance (see Cloud Remote (Conditional) >
Custom Port Numbers (Conditional)).

If there is no user-supplied NAT firewall or proxy server between the CloudCenter Suite cluster and Cloud Remote, the IP address would be the public IP address of Cloud Remote.

If there is a NAT firewall or proxy server between the CloudCenter Suite cluster and Cloud Remote, instead, enter the corresponding public IP address and port number that the firewall or proxy server presents to the internet on behalf of the "remote" AMQP server running in Cloud Remote.


Worker VMs Directly Connect with CloudCenter = NoWorker AMQP IP Address

Enter <Cloud_Remote_IP>:<amqp_port>, where
<Cloud_Remote_IP> = the Cloud Remote IP address accessible to the worker VMs, and
<amqp_port> = 5671 OR the custom AMQP port number you would later set with the Change Ports shell script on the Cloud Remote appliance (see Cloud Remote (Conditional) > Custom Port Numbers (Conditional)).

Worker VMs Directly Connect with CloudCenter = NoGuacamole Public IP and PortEnter <Cloud_Remote_IP>:<guac_port>, where
<Cloud_Remote_IP> = the Cloud Remote IP address accessible to CloudCenter Suite users, and
<guac_port> = 8443 OR the custom Guacamole port number you would later set with the Change Ports shell script on the Cloud Remote appliance (see Cloud Remote (Conditional) > Custom Port Numbers (Conditional)).
Worker VMs Directly Connect with CloudCenter = NoGuacamole IP Address and Port for Application VMsEnter <Cloud_Remote_IP>:<guac_port>, where
<Cloud_Remote_IP> = the Cloud Remote IP address accessible to worker VMs, and
<guac_port> = 7789

When done, click OK to save the setting and dismiss the dialog box.

Download Region Connectivity Settings and Upload to Cloud Remote

Cloud Remote uses the region connectivity settings set in the Workload Manager or Cost Optimizer UI. After saving the Region Configuration settings in the Workload Manager or Cost Optimizer UI, you must download them and to your local computer and then upload them to Cloud Remote as follows.

Click the Download Configuration link in the upper right of the Region Connectivity section, as shown in the figure below.

Clicking Download Configuration causes two things to happen:

  • An encrypted zip file named artifacts.zip will be downloaded by your browser. Make note of the location of this zip file as you will need to upload it to Cloud Remote through the Cloud Remote web UI (see below).

  • The Region Connectivity section header updates to display a Copy Encryption Key link, as shown in figure below. 

Click the Copy Encryption Key link to save the key to your clipboard. A success message will be display temporarily above the Region Connectivity section header. Make sure not to overwrite the clipboard with other data. You will need the key when you upload the configuration zip file to Cloud Remote.

If you change the connectivity settings in the CloudCenter Suite UI and need to again download the zip file, a new encryption key is automatically created and can be copied to the clipboard by clicking the Copy Encryption Key link again.

After you have downloaded the zip file and copied the encryption key to your clipboard, login to Cloud Remote web UI.

  1. Open another browser tab and login to https://<Cloud Remote_ip> with the default credentials: admin / cisco. 
  2. You will immediately be required to change your password. Do so. 
  3. You are now brought to the Cloud Remote home page as shown in the figure below.
  4. Click the Apply Configuration button in the page header. This prompts you to select a configuration file and enter the encryption key as shown in the figure below.
  5. Paste the encryption key that was copied to the clipboard into the Encryption Key field in the dialog box.
  6. Click Select File and browse to the artifacts.zip file that you downloaded through the CloudCenter Suite web UI and select it.
  7. Click Confirm.
  8. Once the zip file is successfully transmitted and accepted, the Cloud Remote appliance attempts to establish communication with the CloudCenter Suite cluster and the Cloud Remote web UI home page is updated to show the name of the region it is connecting to in the upper right (see figure below).

Switch your focus back to the Region Connectivity section of the target cloud region in the CloudCenter Suite web UI. The status indicator in the Region Connectivity section header will change from Not Configured to Running once connectivity between  Cloud Remote and the CloudCenter Suite cluster is completely established (see figure below).

After completing these steps, Workload Manager and Cost Optimizer can use Cloud Remote for communicating with the target cloud region.


 Cloud Remote in an AzureRM region for a Kubernetes cloud

Configure Cloud Remote in an AzureRM Region for a Kubernetes Cloud

Configure Cloud Remote in an AzureRM region to support a Kubernetes target cloud as follows.

Download and Launch the Cloud Remote Appliance in AzureRM

  1. Download the Cloud Remote appliance for AzureRM as zip file from software.cisco.com and then unzip it to reveal the VHD file.

  2. Upload the Cloud Remote appliance VHD file to AzureRM using the AzureRM CLI, then launch the appliance from the AzureRM console web UI. This process is similar to uploading and launching the CloudCenter Suite installer appliance for AzureRM.

    You must use the AzureRM CLI to perform this upload.

  3. Optional but recommended for production environments: Deploy two additional instances of the appliance to form a cluster for HA. Cloud Remote includes support for clustering of multiple nodes. You will "add" these two additional instances to the first instance after the first instance is configured.  See Cloud Remote (Conditional) > Scaling for details.

  4. Once the first instance of the appliance has been launched, use the AzureRM console to note its IP public and private addresses. You will need this information later on in order login to the Cloud Remote web UI and to complete the Region Connectivity settings in the CloudCenter Suite Web UI. Also, note the IP addresses of any other appliances you launch.

Setup Cloud Remote Firewall Rules for a Kubernetes Cloud

After you deploy the Cloud Remote appliance, you will need to open various ports on each instance of the appliance. To do this, use the tools provided by the cloud provider to create a new security group for your Cloud Remote cluster; then, associate each appliance in the cluster with that security group. Use the tables below for guidance on what port rules should be added to that security group.

Port rules for a single node Cloud Remote deployment:

PortProtocolSourceUsage
22TCPLimit to address space of users needing SSH access for debugging and changing default portsSSH
443TCPLimit to address space of users needing access to the Cloud Remote web UI for setup and scalingHTTPS (Cloud Remote web UI)
5671TCPLimit to address of the CloudCenter Suite cluster's local AMQP serviceAMQP
15671TCPLimit to address space of users needing web access for debugging the remote AMQP serviceHTTPS (AMQP Management)

The Cloud Remote web UI and AMQP ports listed above are the defaults used by Cloud Remote. You may change these port numbers using the Change Ports shell script (see Cloud Remote (Conditional) > Custom Port Numbers (Conditional)) once the appliance is fully configured and communicating with the CloudCenter Suite cluster. If you plan to modify any of these three port numbers, update the firewall rules accordingly.

For a multi-node Cloud Remote cluster deployment, these additional port rules should be added to the same security group used for the single node configuration:

PortProtocolSource
2377TCP<cr_sec_group> *
25672TCP<cr_sec_group>
7946UDP<cr_sec_group>
4369TCP<cr_sec_group>
9010TCP<cr_sec_group>
4789UDP<cr_sec_group>

 * <cr_sec_group> represents the security group that all Cloud Remote nodes are joined to.

Specify AMQP Addresses for Supporting Cloud Remote for a Kubernetes Cloud

From the CloudCenter Suite UI, for the Kubernetes cloud requiring Cloud Remote, navigate to the corresponding Details tab. Click the Configure Region link in the upper left of the Region Connectivity section to bring up the Configure Region dialog box. 

The toggle settings should be the same as when you set them in the connectivity page of the Add Cloud dialog box. You may need to update the Local AMQP IP Address or the Remote AMQP IP Address fields per the table below.

Toggle SettingsFieldValue

Cloud Endpoint Directly Accessible = No
AND
CloudCenter Directly Accessible from Cloud Remote = Yes

Local AMQP IP Address

Pre-populated with the address and port number of the "local" AMQP server running in the CloudCenter Suite cluster.

If Cloud Remote is accessing the CloudCenter Suite cluster through a user-supplied proxy server or NAT firewall, overwrite this field with the corresponding local AMQP IP address and port number provided by the user-supplied proxy server or NAT firewall and accessible to Cloud Remote.

Cloud Endpoint Directly Accessible = No
AND
CloudCenter Directly Accessible from Cloud Remote = No
Remote AMQP IP Address

Enter <Cloud_Remote_IP>:<amqp_port>, where
<Cloud_Remote_IP> = the IP address Cloud Remote which is accessible to the CloudCenter Suite cluster, and
<amqp_port> = 5671 OR the custom AMQP port number
you would later set with the Change Ports shell script on the Cloud Remote appliance (see Cloud Remote (Conditional) > Custom Port Numbers (Conditional)).

If there is no user-supplied NAT firewall or proxy server between the CloudCenter Suite cluster and Cloud Remote, the IP address would be the public IP address of Cloud Remote.

If there is a NAT firewall or proxy server between the CloudCenter Suite cluster and Cloud Remote, instead, enter the corresponding public IP address and port number that the firewall or proxy server presents to the internet on behalf of the "remote" AMQP server running in Cloud Remote.

When done, click OK to save the setting and dismiss the dialog box.

Download Region Connectivity Settings and Upload to Cloud Remote

Cloud Remote uses the region connectivity settings set in the Workload Manager or Cost Optimizer UI. After saving the Region Configuration settings in the Workload Manager or Cost Optimizer UI, you must download them and to your local computer and then upload them to Cloud Remote as follows.

Click the Download Configuration link in the upper right of the Region Connectivity section, as shown in the figure below.

Clicking Download Configuration causes two things to happen:

  • An encrypted zip file named artifacts.zip will be downloaded by your browser. Make note of the location of this zip file as you will need to upload it to Cloud Remote through the Cloud Remote web UI (see below).

  • The Region Connectivity section header updates to display a Copy Encryption Key link, as shown in figure below. 

Click the Copy Encryption Key link to save the key to your clipboard. A success message will be display temporarily above the Region Connectivity section header. Make sure not to overwrite the clipboard with other data. You will need the key when you upload the configuration zip file to Cloud Remote.

If you change the connectivity settings in the CloudCenter Suite UI and need to again download the zip file, a new encryption key is automatically created and can be copied to the clipboard by clicking the Copy Encryption Key link again.

After you have downloaded the zip file and copied the encryption key to your clipboard, login to Cloud Remote web UI.

  1. Open another browser tab and login to https://<Cloud Remote_ip> with the default credentials: admin / cisco. 
  2. You will immediately be required to change your password. Do so. 
  3. You are now brought to the Cloud Remote home page as shown in the figure below.
  4. Click the Apply Configuration button in the page header. This prompts you to select a configuration file and enter the encryption key as shown in the figure below.
  5. Paste the encryption key that was copied to the clipboard into the Encryption Key field in the dialog box.
  6. Click Select File and browse to the artifacts.zip file that you downloaded through the CloudCenter Suite web UI and select it.
  7. Click Confirm.
  8. Once the zip file is successfully transmitted and accepted, the Cloud Remote appliance attempts to establish communication with the CloudCenter Suite cluster and the Cloud Remote web UI home page is updated to show the name of the region it is connecting to in the upper right (see figure below).

Switch your focus back to the Region Connectivity section of the target cloud region in the CloudCenter Suite web UI. The status indicator in the Region Connectivity section header will change from Not Configured to Running once connectivity between  Cloud Remote and the CloudCenter Suite cluster is completely established (see figure below).

After completing these steps, Workload Manager and Cost Optimizer can use Cloud Remote for communicating with the target cloud region.

 Cloud Remote for Google

Configure Cloud Remote in a Google Region

Configure Cloud Remote in a Google region as follows.

Obtain and Launch the Cloud Remote Appliance in Google

  1. Request the Cloud Remote shared VMI form Cisco support by opening a CloudCenter Support case. In your request, specify the following details:

    1. Your GCP account number

    2. Your GCP project ID number
    3. Your CloudCenter Suite version

    4. Your Customer ID (CID)

    5. Your customer name

    6. Specify if your setup is in production or for a POC

    7. Your Contact Email

  2. After you open a case, your support case is updated with the shared VMI ID. Proceed to the next step only after your support case is updated with the VMI ID.

  3. Navigate to the GCP dashboard and search for the VMI ID name provided in the CloudCenter Support case in the list of images for your project.

  4. Launch an instance using the shared VMI. 

    1. Click on the image name. This takes you to the page for the image


    2. Click on Create Instance to display the Instance properties page

    3. Complete these fields:

      1. Instance name

      2. Region and zone

      3. Machine type: select 2 vCPU, 7.5 GB RAM

      4. Click the checkbox to allow HTTPS access

      5. Click the Security tab (under the Allow HTTPS traffic checkbox). In the SSH key field, add your organization's public ssh key followed by a space and then the username you want to use to login to the Cloud Remote appliance. Click the Add Item button when done.

    4. Click Create to launch the instance.

  5. Optional but recommended for production environments: Deploy two additional instances of the appliance to form a cluster for HA. Cloud Remote includes support for clustering of multiple nodes. You will "add" these two additional instances to the first instance after the first instance is configured. See Cloud Remote > Scaling for details.

  6. Once the first instance of the appliance has been launched, use the GCP console to note its IP public and private addresses. You will need this information later on in order login to the Cloud Remote web UI and to complete the Region Connectivity settings in the CloudCenter Suite Web UI. Also, note the IP addresses of any other appliances you launch.

Setup Cloud Remote Firewall Rules for a VM-based Cloud Region

After you deploy the Cloud Remote appliance, you will need to open various ports on each instance of the appliance. To do this, use the tools provided by the cloud provider to create a new security group for your Cloud Remote cluster; then, associate each appliance in the cluster with that security group. Use the tables below for guidance on what port rules should be added to that security group.

Port rules for a single node Cloud Remote deployment:

PortProtocolSourceUsage
22TCPLimit to address space of users needing SSH access for debugging and changing default portsSSH
443TCPLimit to address space of users needing access to the Cloud Remote web UI for setup and scalingHTTPS (Cloud Remote web UI)
8443TCPLimit to address space of users needing SSH or RDP access to their managed VMsUser to Guacamole
5671TCPLimit to address space of the managed VMs and the address of the CloudCenter Suite cluster's local AMQP serviceAMQP
15671TCPLimit to address space of users needing web access for debugging the remote AMQP serviceHTTPS (AMQP Management)
7789TCPLimit to address space of the managed VMsWorker VM to Guacamole

The Cloud Remote web UI, User-to-Guacamole, and AMQP ports listed above are the defaults used by Cloud Remote. You may change these port numbers using the Change Ports shell script (see Cloud Remote (Conditional) > Custom Port Numbers (Conditional)) once the appliance is fully configured and communicating with the CloudCenter Suite cluster. If you plan to modify any of these three port numbers, update the firewall rules accordingly.

For a multi-node Cloud Remote cluster deployment, these additional port rules should be added to the same security group used for the single node configuration:

PortProtocolSource
2377TCP<cr_sec_group> *
25672TCP<cr_sec_group>
7946UDP<cr_sec_group>
4369TCP<cr_sec_group>
9010TCP<cr_sec_group>
4789UDP<cr_sec_group>

 * <cr_sec_group> represents the security group that all Cloud Remote nodes are joined to.

Specify AMQP and Guacamole Addresses for Supporting Cloud Remote

From the CloudCenter Suite UI, for the cloud region requiring Cloud Remote, navigate to the corresponding Regions or Details tab. Click the Configure Region link in the upper left of the Region Connectivity section to bring up the Configure Region dialog box. The toggle settings should be the same as when you set them in the connectivity page of the Add Cloud dialog box. You must update some of the address fields in the dialog box according to the scenarios summarized in the table below.

Toggle SettingsFieldValue

Worker VMs Directly Connect with CloudCenter = No
AND
CloudCenter Directly Accessible from Cloud Remote = Yes

Local AMQP IP Address

Pre-populated with the address and port number of the "local" AMQP server running in the CloudCenter Suite cluster. This address must be accessible to Cloud Remote

If Cloud Remote is accessing the CloudCenter Suite cluster through a user-supplied proxy server or NAT firewall, overwrite this field with the corresponding local AMQP IP address and port number provided by the user-supplied proxy server or NAT firewall and accessible to Cloud Remote.

Worker VMs Directly Connect with CloudCenter = No
AND
CloudCenter Directly Accessible from Cloud Remote = No
Remote AMQP IP Address

Enter <Cloud_Remote_IP>:<amqp_port>, where
<Cloud_Remote_IP> = the IP address Cloud Remote which is accessible to the CloudCenter Suite cluster, and
<amqp_port> = 5671 OR the custom AMQP port number you would later set with the Change Ports shell script on the Cloud Remote appliance (see Cloud Remote (Conditional) >
Custom Port Numbers (Conditional)).

If there is no user-supplied NAT firewall or proxy server between the CloudCenter Suite cluster and Cloud Remote, the IP address would be the public IP address of Cloud Remote.

If there is a NAT firewall or proxy server between the CloudCenter Suite cluster and Cloud Remote, instead, enter the corresponding public IP address and port number that the firewall or proxy server presents to the internet on behalf of the "remote" AMQP server running in Cloud Remote.


Worker VMs Directly Connect with CloudCenter = NoWorker AMQP IP Address

Enter <Cloud_Remote_IP>:<amqp_port>, where
<Cloud_Remote_IP> = the Cloud Remote IP address accessible to the worker VMs, and
<amqp_port> = 5671 OR the custom AMQP port number you would later set with the Change Ports shell script on the Cloud Remote appliance (see Cloud Remote (Conditional) > Custom Port Numbers (Conditional)).

Worker VMs Directly Connect with CloudCenter = NoGuacamole Public IP and PortEnter <Cloud_Remote_IP>:<guac_port>, where
<Cloud_Remote_IP> = the Cloud Remote IP address accessible to CloudCenter Suite users, and
<guac_port> = 8443 OR the custom Guacamole port number you would later set with the Change Ports shell script on the Cloud Remote appliance (see Cloud Remote (Conditional) > Custom Port Numbers (Conditional)).
Worker VMs Directly Connect with CloudCenter = NoGuacamole IP Address and Port for Application VMsEnter <Cloud_Remote_IP>:<guac_port>, where
<Cloud_Remote_IP> = the Cloud Remote IP address accessible to worker VMs, and
<guac_port> = 7789

When done, click OK to save the setting and dismiss the dialog box.

Download Region Connectivity Settings and Upload to Cloud Remote

Cloud Remote uses the region connectivity settings set in the Workload Manager or Cost Optimizer UI. After saving the Region Configuration settings in the Workload Manager or Cost Optimizer UI, you must download them and to your local computer and then upload them to Cloud Remote as follows.

Click the Download Configuration link in the upper right of the Region Connectivity section, as shown in the figure below.

Clicking Download Configuration causes two things to happen:

  • An encrypted zip file named artifacts.zip will be downloaded by your browser. Make note of the location of this zip file as you will need to upload it to Cloud Remote through the Cloud Remote web UI (see below).

  • The Region Connectivity section header updates to display a Copy Encryption Key link, as shown in figure below. 

Click the Copy Encryption Key link to save the key to your clipboard. A success message will be display temporarily above the Region Connectivity section header. Make sure not to overwrite the clipboard with other data. You will need the key when you upload the configuration zip file to Cloud Remote.

If you change the connectivity settings in the CloudCenter Suite UI and need to again download the zip file, a new encryption key is automatically created and can be copied to the clipboard by clicking the Copy Encryption Key link again.

After you have downloaded the zip file and copied the encryption key to your clipboard, login to Cloud Remote web UI.

  1. Open another browser tab and login to https://<Cloud Remote_ip> with the default credentials: admin / cisco. 
  2. You will immediately be required to change your password. Do so. 
  3. You are now brought to the Cloud Remote home page as shown in the figure below.
  4. Click the Apply Configuration button in the page header. This prompts you to select a configuration file and enter the encryption key as shown in the figure below.
  5. Paste the encryption key that was copied to the clipboard into the Encryption Key field in the dialog box.
  6. Click Select File and browse to the artifacts.zip file that you downloaded through the CloudCenter Suite web UI and select it.
  7. Click Confirm.
  8. Once the zip file is successfully transmitted and accepted, the Cloud Remote appliance attempts to establish communication with the CloudCenter Suite cluster and the Cloud Remote web UI home page is updated to show the name of the region it is connecting to in the upper right (see figure below).

Switch your focus back to the Region Connectivity section of the target cloud region in the CloudCenter Suite web UI. The status indicator in the Region Connectivity section header will change from Not Configured to Running once connectivity between  Cloud Remote and the CloudCenter Suite cluster is completely established (see figure below).

After completing these steps, Workload Manager and Cost Optimizer can use Cloud Remote for communicating with the target cloud region.

 Cloud Remote in a Google Cloud region for a Kubernetes cloud

Configure Cloud Remote in a Google Region for a Kubernetes Cloud

Configure Cloud Remote in a Google region to support a Kubernetes target cloud as follows.

Obtain and Launch the Cloud Remote Appliance in Google

  1. Request the Cloud Remote shared VMI form Cisco support by opening a CloudCenter Support case. In your request, specify the following details:

    1. Your GCP account number

    2. Your GCP project ID number
    3. Your CloudCenter Suite version

    4. Your Customer ID (CID)

    5. Your customer name

    6. Specify if your setup is in production or for a POC

    7. Your Contact Email

  2. After you open a case, your support case is updated with the shared VMI ID. Proceed to the next step only after your support case is updated with the VMI ID.

  3. Navigate to the GCP dashboard and search for the VMI ID name provided in the CloudCenter Support case in the list of images for your project.

  4. Launch an instance using the shared VMI. 

    1. Click on the image name. This takes you to the page for the image


    2. Click on Create Instance to display the Instance properties page

    3. Complete these fields:

      1. Instance name

      2. Region and zone

      3. Machine type: select 2 vCPU, 7.5 GB RAM

      4. Click the checkbox to allow HTTPS access

      5. Click the Security tab (under the Allow HTTPS traffic checkbox). In the SSH key field, add your organization's public ssh key followed by a space and then the username you want to use to login to the Cloud Remote appliance. Click the Add Item button when done.

    4. Click Create to launch the instance.

  5. Optional but recommended for production environments: Deploy two additional instances of the appliance to form a cluster for HA. Cloud Remote includes support for clustering of multiple nodes. You will "add" these two additional instances to the first instance after the first instance is configured. See Cloud Remote > Scaling for details.

  6. Once the first instance of the appliance has been launched, use the GCP console to note its IP public and private addresses. You will need this information later on in order login to the Cloud Remote web UI and to complete the Region Connectivity settings in the CloudCenter Suite Web UI. Also, note the IP addresses of any other appliances you launch.

Setup Cloud Remote Firewall Rules for a Kubernetes Cloud

After you deploy the Cloud Remote appliance, you will need to open various ports on each instance of the appliance. To do this, use the tools provided by the cloud provider to create a new security group for your Cloud Remote cluster; then, associate each appliance in the cluster with that security group. Use the tables below for guidance on what port rules should be added to that security group.

Port rules for a single node Cloud Remote deployment:

PortProtocolSourceUsage
22TCPLimit to address space of users needing SSH access for debugging and changing default portsSSH
443TCPLimit to address space of users needing access to the Cloud Remote web UI for setup and scalingHTTPS (Cloud Remote web UI)
5671TCPLimit to address of the CloudCenter Suite cluster's local AMQP serviceAMQP
15671TCPLimit to address space of users needing web access for debugging the remote AMQP serviceHTTPS (AMQP Management)

The Cloud Remote web UI and AMQP ports listed above are the defaults used by Cloud Remote. You may change these port numbers using the Change Ports shell script (see Cloud Remote (Conditional) > Custom Port Numbers (Conditional)) once the appliance is fully configured and communicating with the CloudCenter Suite cluster. If you plan to modify any of these three port numbers, update the firewall rules accordingly.

For a multi-node Cloud Remote cluster deployment, these additional port rules should be added to the same security group used for the single node configuration:

PortProtocolSource
2377TCP<cr_sec_group> *
25672TCP<cr_sec_group>
7946UDP<cr_sec_group>
4369TCP<cr_sec_group>
9010TCP<cr_sec_group>
4789UDP<cr_sec_group>

 * <cr_sec_group> represents the security group that all Cloud Remote nodes are joined to.

Specify AMQP Addresses for Supporting Cloud Remote for a Kubernetes Cloud

From the CloudCenter Suite UI, for the Kubernetes cloud requiring Cloud Remote, navigate to the corresponding Details tab. Click the Configure Region link in the upper left of the Region Connectivity section to bring up the Configure Region dialog box. 

The toggle settings should be the same as when you set them in the connectivity page of the Add Cloud dialog box. You may need to update the Local AMQP IP Address or the Remote AMQP IP Address fields per the table below.

Toggle SettingsFieldValue

Cloud Endpoint Directly Accessible = No
AND
CloudCenter Directly Accessible from Cloud Remote = Yes

Local AMQP IP Address

Pre-populated with the address and port number of the "local" AMQP server running in the CloudCenter Suite cluster.

If Cloud Remote is accessing the CloudCenter Suite cluster through a user-supplied proxy server or NAT firewall, overwrite this field with the corresponding local AMQP IP address and port number provided by the user-supplied proxy server or NAT firewall and accessible to Cloud Remote.

Cloud Endpoint Directly Accessible = No
AND
CloudCenter Directly Accessible from Cloud Remote = No
Remote AMQP IP Address

Enter <Cloud_Remote_IP>:<amqp_port>, where
<Cloud_Remote_IP> = the IP address Cloud Remote which is accessible to the CloudCenter Suite cluster, and
<amqp_port> = 5671 OR the custom AMQP port number
you would later set with the Change Ports shell script on the Cloud Remote appliance (see Cloud Remote (Conditional) > Custom Port Numbers (Conditional)).

If there is no user-supplied NAT firewall or proxy server between the CloudCenter Suite cluster and Cloud Remote, the IP address would be the public IP address of Cloud Remote.

If there is a NAT firewall or proxy server between the CloudCenter Suite cluster and Cloud Remote, instead, enter the corresponding public IP address and port number that the firewall or proxy server presents to the internet on behalf of the "remote" AMQP server running in Cloud Remote.

When done, click OK to save the setting and dismiss the dialog box.

Download Region Connectivity Settings and Upload to Cloud Remote

Cloud Remote uses the region connectivity settings set in the Workload Manager or Cost Optimizer UI. After saving the Region Configuration settings in the Workload Manager or Cost Optimizer UI, you must download them and to your local computer and then upload them to Cloud Remote as follows.

Click the Download Configuration link in the upper right of the Region Connectivity section, as shown in the figure below.

Clicking Download Configuration causes two things to happen:

  • An encrypted zip file named artifacts.zip will be downloaded by your browser. Make note of the location of this zip file as you will need to upload it to Cloud Remote through the Cloud Remote web UI (see below).

  • The Region Connectivity section header updates to display a Copy Encryption Key link, as shown in figure below. 

Click the Copy Encryption Key link to save the key to your clipboard. A success message will be display temporarily above the Region Connectivity section header. Make sure not to overwrite the clipboard with other data. You will need the key when you upload the configuration zip file to Cloud Remote.

If you change the connectivity settings in the CloudCenter Suite UI and need to again download the zip file, a new encryption key is automatically created and can be copied to the clipboard by clicking the Copy Encryption Key link again.

After you have downloaded the zip file and copied the encryption key to your clipboard, login to Cloud Remote web UI.

  1. Open another browser tab and login to https://<Cloud Remote_ip> with the default credentials: admin / cisco. 
  2. You will immediately be required to change your password. Do so. 
  3. You are now brought to the Cloud Remote home page as shown in the figure below.
  4. Click the Apply Configuration button in the page header. This prompts you to select a configuration file and enter the encryption key as shown in the figure below.
  5. Paste the encryption key that was copied to the clipboard into the Encryption Key field in the dialog box.
  6. Click Select File and browse to the artifacts.zip file that you downloaded through the CloudCenter Suite web UI and select it.
  7. Click Confirm.
  8. Once the zip file is successfully transmitted and accepted, the Cloud Remote appliance attempts to establish communication with the CloudCenter Suite cluster and the Cloud Remote web UI home page is updated to show the name of the region it is connecting to in the upper right (see figure below).

Switch your focus back to the Region Connectivity section of the target cloud region in the CloudCenter Suite web UI. The status indicator in the Region Connectivity section header will change from Not Configured to Running once connectivity between  Cloud Remote and the CloudCenter Suite cluster is completely established (see figure below).

After completing these steps, Workload Manager and Cost Optimizer can use Cloud Remote for communicating with the target cloud region.

The Cloud Remote Artifacts

The Cloud Remote artifacts mentioned in Conditional Component Appliance Images is called ccs-cloudremote-artifacts-<release.tag>-YYYYMMDD.0.zip and contains the following items:

  • Installer script – Only applicable for IBM Cloud and vCD Cloud.

  • Upgrade script – Applicable for all supported clouds.

  • The proxy service script for the CloudCenter Suite cluster – Applicable for all supported clouds.

The items from this artifact are used in the procedures provided in this section.

Install Cloud Remote on a Custom CentOS7 VM

Verify the following requirements to run the installer script on a custom CentOS7 VM:

  • This procedure is only applicable to CentOS7 VMs.

  • The VM should have 2 CPUs, 8GB Memory and 30G storage.

  • Run yum update on the VM.

  • Run the following commands to update the kernel:

    sudo rpm --import https://www.elrepo.org/RPM-GPG-KEY-elrepo.org
    sudo rpm -Uvh http://www.elrepo.org/elrepo-release-7.0-3.el7.elrepo.noarch.rpm
    sudo yum --disablerepo='*' --enablerepo='elrepo-kernel' list available
    sudo yum --enablerepo=elrepo-kernel -y install kernel-ml
    sudo grub2-set-default 0
    sudo grub2-mkconfig -o /boot/grub2/grub.cfg
    sudo reboot

To install Cloud Remote in your custom CentOS system, follow this procedure.

This procedure is only applicable for IBM Cloud and vCD.

  1. Locate the Cloud Remote installer script (available in the Cloud Remote artifact mentioned in the section above) at software.cisco.com and copy it to a directory in your Cloud Remote instance.

  2. Establish a terminal session to the Cloud Remote instance and navigate to the directory containing the installer script.

  3. Run the following commands from the Cloud Remote command prompt.

    [root@centos7cpsgcore ~]# ./cloudRemote5.1.0.bin 
    Verifying archive integrity... All good.
    Uncompressing cloud remote 5.1.0 installer  100%  
    Usage: ./INSTALLER_FILE -- [--host-ip 'PRIVATE NETWORK IP ADDRESS'] 
    example: ./cloudRemote5.1.0-20190614.0.bin -- --host-ip '1.2.3.4'      >>> Please note the extra -- before --host-ip 
    [root@centos7cpsgcore ~]#
  4. Confirm the successful execution of the script.

Upgrade an Existing Cloud Remote Installation

To upgrade Cloud Remote (script available in the Cloud Remote artifact file mentioned in the section above) in your Workload Manager or Cost Optimizer system, follow this procedure for each instance of Cloud Remote.

  1. Locate the Cloud Remote upgrade script at software.cisco.com and copy it to a directory in your Cloud Remote instance.

  2. Establish a terminal session to the Cloud Remote instance and navigate to the directory containing the upgrade script.

  3. Run the following commands from the Cloud Remote command prompt.

    chmod +x UPGRADE_FILE
    sudo ./ UPGRADE_FILE
  4. Confirm the successful execution of the script.

Scaling

After your initial Cloud Remote instance is launched and configured, it is recommended that you can add two additional nodes to form a cluster. When scaling up or down it is recommended not to run your cluster continuously with only two nodes. Follow this procedure:

  1. Deploy a new instance of the appliance in the same network as the first appliance. Record its IP address. Alternatively, if you have another instance of Cloud Remote that you launched previously but stopped, restart that instance.

  2. At the home page of the Cloud Remote web UI for the initial instance, click the tile with the plus icon. After clicking the plus icon, the tile will change and show an Add IP field as shown in the figure below. Enter the address of your newly launched (or restarted) instance in this field and then click Done.

Your new instance will become part of the cluster. There is no need to login to the new instance to set configuration. The cluster can be managed through the first instance's Web UI. 

You can scale down the cluster in two steps:

  1. From the Cloud Remote web UI home page, take note of the IP address of the node you want to remove from the cluster. Then remove it by hovering over its tile and clicking the trash icon.

  2. Login to the cloud console for your target cloud and find the VM with the IP address of the node you just removed from the cluster. Stop that VM.

Custom Port Numbers (Conditional)

If firewall settings prevent you from using standard port numbers for HTTPS, AMQP, and Guacamole protocols, you can specify custom port numbers for those protocol using a Change Ports shell script that is included in the Cloud Remote appliance. Otherwise, Cloud Remote will use the standard port numbers as shown in the table below.

ServiceDefault Port
HTTPS (web UI)443
AMQP (Rabbit MQ)5671
Guacamole8443
  • The Guacamole service is only needed for user access to VM-based deployments. Therefore, there is no need to create a custom port number for the Guacamole service if this Cloud Remote cluster is used to support connectivity to a Kubernetes target cloud.

  • Only run the script after you have downloaded the artifacts.zip file (mentioned in the section above) from the region connectivity settings section of the Regions tab in the Workload Manager or Cost Optimizer UI, and then uploaded that file to Cloud Remote through the Cloud Remote web UI. In addition, if you later need to upload a new artifacts.zip file to Cloud Remote, the custom port settings will be erased and you will need to run the Change Ports script again.

Follow these steps to run the script:

  1. Establish an ssh session to master (initial) Cloud Remote instance.

  2. Navigate to the directory: /opt/cisco/pilot/builds/<pilot folder>/bin

  3. Run the shell script: 

    changeports.sh
  4. You are first prompted to see if you want to change the web UI port number. Type Y or N

    1. If you enter Y, you are prompted for:

      1. Current port number. Type any number and then ENTER. 

      2. New port number.  Type the new port number and then ENTER. The script will attempt to change the port number on this node and then on all other nodes in your Cloud Remote cluster. When done, you are prompted whether you want to change the value of the next port.

    2. If you enter Nyou are prompted whether you want to change the value of the next port.

  5. When you are prompted for the Rabbit MQ port number, type Y and enter the old and then new port numbers as above, or type N, whichever is appropriate.

  6. When you are prompted for the Guacamole port number, type Y and enter the old and then new port numbers as above, or type N, whichever is appropriate. If the target cloud is a Kubernetes cloud, the Guacamole server is not used and you would, therefore, enter N.

Navigating Cloud Remote through Proxy

Be sure to verify that your proxy can access Cloud Remote's Port 5671 (RabbitMQ). If you've changed Cloud Remote's RabbitMQ port to 443, then the proxy must be able to access Cloud Remote's Port 443.

If your proxy restricts outbound ports, then you must configure Cloud Remote's's RabbitMQ port to one of the accessible ports (usually 443) using the changeports.sh script as listed in the Custom Port Numbers (Conditional) section.

The Cloud Remote can communicate with the CloudCenter Suite server by using the Cisco proxy to access outbound environments. Effective CloudCenter Suite 5.1, you can enable direct connectivity between CloudCenter Suite and Cloud Remote using a script that is included with the Cloud Remote artifact file mentioned in the section above. This script is backwards compatible and works with any CloudCenter Suite 5x version. This allows users to avoid the using the Cisco proxy for external communications wen using the CloudCenter Suite.

This section directly relates to the setting when you specify the AMQP and Guacamole Addresses for Supporting Cloud Remote or when you specify the AMQP Addresses for Supporting Cloud Remote for a Kubernetes Cloud. This setting is highlighted in the following screenshots for a private (screenshot on the left) and private (right screenshot on the right) clouds: 

     

Depending on the environment, users may need the proxy service to be on the Cloud Remote or the CloudCenter Suite cluster.

Proxy Service on the Cloud Remote Instance

For this scenario, the CloudCenter Suite resides on one cloud (for example, VMware datacenter/Private cloud) and the Cloud Remote resides on another cloud (for example, GKE/SaaS/Public cloud). When you configure the region for a cloud in this scenario and you toggle the Is CloudCenter Suite Directly Accessible from Your Cloud Remote setting to Yes, then this setting is indicative of the CCS to Cloud Remote communication going through a AMQP instance.

To enable the proxy service on the Cloud Remote instance, follow this procedure.

  1. Establish an SSH session to the master (initial) Cloud Remote instance.

  2. Navigate to the directory: /opt/cisco/pilot/builds/<pilot folder>/bin folder. For example:

    cd /opt/cisco/pilot/builds/pilot_5.1.0-PILOTVERSION/bin/config_crproxy.bin 
  3. SSH into the Cloud Remote instance and run the CR proxy installer that is located in the directory that you set in Step 2 above.

  4. Here is the sample usage and output.

    crproxy cisco$ ./config_crproxy.bin 
    Verifying archive integrity... All good.
    Uncompressing configure cloud remote proxy  100%  
    Usage:
    ./config_crproxy.bin
     -- --proxy-host 'PROXY HOST' --proxy-port 'PROXY PORT' 
    --target-amqp-host 'TARGET AMQP IP' --target-amqp-port 'TARGET AMQP 
    PORT' [--proxy-user 'PROXY USERNAME' --proxy-passwd 'PROXY PASSWORD']  
    No Authentication example: ./config_crproxy.bin -- --proxy-host proxy.example.com --proxy-port 80 --target-amqp-host 1.2.3.4 --target-amqp-port 443 
    With Authentication example: ./config_crproxy.bin -- --proxy-host proxy.example.com --proxy-port 80 --target-amqp-host 1.2.3.4 --target-amqp-port 443 --proxy-user 'user' --proxy-passwd 'password'
    
    
    [root ~]# ./config_crproxy.bin -- --proxy-host proxy-wsa.esl.cisco.com --proxy-port 80 --target-amqp-host 35.192.78.25 --target-amqp-port 443     
    
    
    <<<<<<<<<<<<<<<<<NOTE the two dashes in the above command. The additional double -- after the config_crproxy.bin IS necessary.<<<<<<<<<<<<<<<<<
    
    
    
    
    
    Verifying archive integrity... All good.
    Uncompressing configure cloud remote proxy  100%  
    proxy-wsa.esl.cisco.com 80 35.192.78.25 443
    bcf2f368fe23: Loading layer [==================================================>] 5.792MB/5.792MB
    acd77b3805b5: Loading layer [==================================================>] 1.319MB/1.319MB
    aa001c749f38: Loading layer [==================================================>] 5.955MB/5.955MB
    4a48848d697f: Loading layer [==================================================>] 652.8kB/652.8kB
    bb96ba085f75: Loading layer [==================================================>] 2.048kB/2.048kB
    e2dcb1f2f020: Loading layer [==================================================>] 2.048kB/2.048kB
    Loaded image: crproxy:latest
    Creating service pilot_crproxysvc
    sleep 5s
    time elapsed - 5 seconds
    sleep 5s
    time elapsed - 10 seconds
    sleep 5s
    time elapsed - 15 seconds
    sleep 5s
    time elapsed - 20 seconds
    sleep 5s
    time elapsed - 25 seconds
    sleep 5s
    time elapsed - 30 seconds
    sleep 5s
    time elapsed - 35 seconds
    sleep 5s
    time elapsed - 40 seconds
    sleep 5s
    time elapsed - 45 seconds
    sleep 5s
    time elapsed - 50 seconds
    a05d55a3f4da 
           crproxy:latest       "/script.sh"             36 seconds ago    
     Up 33 seconds (healthy)   80/tcp, 
    12850/tcp  pilot_crproxysvc.4cbvin2wyuliw0waaqtko3kad.hy1ylu6smy1goumt37gvingqe
    This Cloud Remote has been configured to use <pilot_crproxysvc:12850> proxy.
    Please follow below steps to setup connectivity between Cloud Remote and CloudCenter Suite:
    1) Login to CloudCenter Suite and navigate to corresponding Cloud Region page.
    2) Click 'Edit Connectivity' link.
    3) Set value of ”Local AMQP IP” field to pilot_crproxysvc:12850
    4) Download and apply configuration to the Cloud Remote and wait for the Region status to change to ‘Running’.
    [root ~]# 
    

    You have now enabled the proxy service on the Cloud Remote instance. You can verify the connectivity in the region settings Connectivity section as displayed in the following screenshot.

Proxy Service on the CloudCenter Suite Cluster

For this scenario, the CloudCenter Suite resides on one cloud (for example, GKE/SaaS/Public cloud) and the Cloud Remote resides on another cloud (for example, VMware datacenter/Private cloud). When you configure the region for a cloud in this scenario and you toggle the Is CloudCenter Suite Directly Accessible from Your Cloud Remote setting to No, then this setting is indicative of the CloudCenter Suite to Cloud Remote communication going through an AMQP instance.

To enable the proxy service on the CloudCenter Suite cluster, follow this procedure.

  1. Make sure KUBECONFIG environment variable is set. The user must have the applicable permissions to create Kubernetes services and deployments.

    kubectl get svc 
    
    #The above command should return all the services in your Cisco CloudCenter Suite cluster. 
  2. Locate and download the ccs-cloudremote-artifacts-5.1.0-20190816.1.zip from software.cisco.com.

  3. Locate and copy the config_k8scrproxy.bin file from the ccs-cloudremote-artifacts-5.1.0-20190816.1.zip file to a directory in your Cloud Remote instance, and execute it.

  4. Here is the sample usage and output.

    CISCO-M-K192:crproxy cisco$ ./config_k8scrproxy.bin 
    Verifying archive integrity...  100%   All good.
    Uncompressing Proxy for cloudremote in K8S cluster  100%  
    Usage:
    ./config_k8scrproxy.bin
     -- --namespace 'K8S NAMESPACE' --region-id 'CLOUD REGION ID' 
    --proxy-host 'PROXY HOST' --proxy-port 'PROXY PORT' --target-amqp-host 
    'CLOUD REMOTE IP' --target-amqp-port 'CLOUD REMOTE AMQP PORT' 
    [--docker-image-url 'DOCKER IMAGE URL of CRPROXY' --proxy-user 'PROXY 
    USERNAME' --proxy-passwd 'PROXY PASSWORD'] 
    if option --docker-image-url is not provided, predefined image will be used
    No Authentication example: ./config_k8scrproxy.bin -- --namespace cisco --region-id 28 --proxy-host proxy.example.com --proxy-port 80 --target-amqp-host 1.2.3.4 --target-amqp-port 443
    With Authentication and non-default docker image url example: ./config_k8scrproxy.bin -- --namespace cisco --region-id 28 --proxy-host proxy.example.com --proxy-port 80 --target-amqp-host 1.2.3.4 --target-amqp-port 443 --proxy-user 'user' --proxy-passwd 'password' --docker-image-url devhub.example.com/crproxy:latest
    
    
    CISCO-M-K192:crproxy cisco$ ./config_k8scrproxy.bin -- --namespace cisco --region-id 28 --proxy-host proxy.example.com --proxy-port 80 --target-amqp-host 1.2.3.4 --target-amqp-port 443 --docker-image-url dockerhub.cisco.com/cloudcenter-dev-docker/custom/cloudcenter/crproxy:latest
    Verifying archive integrity...  100%   All good.
    Uncompressing Proxy for cloudremote in K8S cluster  100%  
    cisco 28 dockerhub.cisco.com/cloudcenter-dev-docker/custom/cloudcenter/crproxy:latest proxy.example.com 80 1.2.3.4 443 
    service "cloudcenter-blade-crproxy-28" deleted
    deployment.extensions "cloudcenter-blade-crproxy-28" deleted
    service "cloudcenter-blade-crproxy-28" created
    deployment.apps "cloudcenter-blade-crproxy-28" created
    cloudcenter-blade-crproxy-28                    
     ClusterIP   xx.xxx.xx.xxx    <none>        
    12850/TCP                                                    0s
    socat TCP4-LISTEN:12850,reuseaddr,fork PROXY:proxy.example.com:1.2.3.4:443,proxyport=80
     
  5. In this sample procedure, the Cloud Remote is configured to use <cloudcenter-blade-crproxy-28:12850> proxy. You must now setup connectivity between Cloud Remote and the CloudCenter Suite cluster:

    1. Login to the CloudCenter Suite and navigate to the corresponding cloud Region page.

    2. Click the Edit Connectivity link.

    3. Set the value of the Remote AMQP IP field to cloudcenter-blade-crproxy-28:12850.

    4. Download and apply the configuration to the Cloud Remote and wait for the Region Connectivity status to change to Running.

  6. You have now enabled the proxy service on the Cloud Remote instance. You can verify the connectivity in the region settings Connectivity section as displayed in the following screenshot.

Troubleshooting Cloud Remote Issues

When you install Cloud Remote, you may sometimes see the following issues:

  1. The Cloud Remote UI does not render even after a long time.

  2. The Cloud Remote installer continues to poll after the installation.

In both situations, follow this procedure to address the issue.

  1. Run the following command to verify if the Pilot/Babl container is crashing.

    docker ps
  2. If it is crashing, run following command.

    docker service update --health-interval=30s --health-retries=1000 pilot_babl

    This command can take up to 5 minutes to complete.

  3. After applying the configuration, if the Pilot/RabbitMQ container continues to crash, run the following additional command.

    docker service update --health-interval=30s --health-retries=1000 pilot_rabbitmq


  • No labels

2 Comments

  1. Navigating through Proxy
  2. In some environments, there could be a HTTP(S) proxy server between CCS and Cloud Remote. The Cloud Remote can communicate with the CloudCenter Suite server by using the Cisco proxy to access outbound environments. Effective CloudCenter Suite 5.1, you can enable direct connectivity between CloudCenter Suite and Cloud Remote using a script that is included with the Cloud Remote installer. This script is backwards compatible and works with any CloudCenter Suite 5x version. This allows users to avoid the using the Cisco proxy for external communications wen using the CloudCenter Suite.
© 2017-2019 Cisco Systems, Inc. All rights reserved