Configuring VCAC for AWS Provisioning

Video coming soon!

One of the great benefits of VCAC is the ability to provide your users with that “one-stop-shopping” experience via the self-service portal. Administrators can create Blueprints for a variety of services whether they be virtual, physical, or cloud service providers such as Amazon. This gives organizations the ability to have visibility and control into all of their different platforms; while providing end-users with the self-service and expedient delivery they need. 

In this article, we will walk through the requirements and configuration for setting up AWS provisioning in  VCAC. 

AWS Pre-Requisites

  • Ensure the DEM Worker has both HTTP and HTTPS access to aws.amazon.com. This includes all appropriate regions such as ec2.us-east-1.amazonaws.com. 
  • Have access to an AWS account including the Access Key ID and Secret Access Key
  • Access to Key Pairs in order to provide instance access for users including *.pem files
 

Configure Credentials

Steps:
1. Login to vCAC as Administrator and navigate to vCAC Administrator and choose “Credentials”
2. Click the “New Credentials” link
3. Provide a name and description

 Connect vCAC to AWS
4. For username and password you must provide the Access Key ID and Secret Access Key for the AWS account. Do NOT provide the username and password for the account. The easiest method is to login to your AWS account via the AWS console at https://console.aws.amazon.com.  Select your name in the upper right and choose Security Credentials. You may copy and paste the credentials from there
5. Click the green check mark to save the credentials
 

Create an AWS endpoint

Steps:
1. Navigate to vCAC Administrator and choose “Endpoints”
2. Click the New Endpoint link and choose “Amazon EC2”
3. Provide a name and description 
4. Click the ellipsis and choose the credentials you created in the previous step
5. Click “OK”
6. If there is a proxy server required for DEM internet access you can check the box and provide the necessary information
7. Click “OK” to complete the creation of the AWS endpoint

 Connect vCAC to AWS

Assign Compute Resources to an Enterprise Group

After creating an AWS endpoint it is necessary to assign Compute resources to an Enterprise Group. This will allow for data collection and configuration of AWS regions

Steps:
1. Navigate to vCAC Administrator and choose “Enterprise Groups”
2. Choose a group to edit such as “Server Ops”
3. Select the AWS regions that you plan to provision instances into 

Connect vCAC to AWS
4. Click “OK” to complete this step
5. Navigate to Enterprise Administrator and choose “Compute Resources”
6. Your AWS regions/resources will now show in the list
7. You may check the status of the data collectoin by hovering on a resource and choosing “Data Collection” 
8. Ensure Data Collection is successful before proceeding to the next step
Connect vCAC to AWS

Configuring Key Pairs

Key pairs are required to access AWS machines. Your existing Key pairs will be discovered upon successful data collection however, you must still upload the *.pem file Secret Key

Steps:
1. Navigate to Enterprise Administrator and choose “Key Pairs”
2. Click the pencil to edit a discovered key pair
3. Browse to the *.pem file for your key pair and choose “Upload” 

  • If you have not yet created an AWS key pair you may create one by logging in to the AWS management console at https://console.aws.amazon.com and choosing “EC2” and then “Key Pairs”
  • Choose Create Key Pair and save the *.pem file for safe keeping
4. Click the green check mark  to complete the process
Connect vCAC to AWS

Create a Cloud Reservation

The next step is to create a Cloud Reservation for the Compute Resource you created above

Steps:
1. Navigate to Enterprise Administrator and choose “Reservation”
2. Click on “New Reservation” and choose Cloud
3. Select the appropriate Compute Resource from the drop-down list
4. Change the Name if you like
5. Select a Provisioning Group for this Reservation
6. Leave Reservation policy blank for now
7. Enter a machine quota and priority
8. Click on the “Resources” tab 
9. Select “Specific Key Pair” and click on the ellipsis to choose a discovered Key Pair

  • You should see the Secret Key field with asterisks if you completed the previous step successfully
10. Select a Location and Security Group
11. Click “OK”
Connect vCAC to AWS

Create an AWS Cloud Blueprint

1. Navigate to Enterprise Administrator and choose “Global Blueprints”

  • You may optionally create a Blueprint for a specific Provisioning Group
2. Choose a “New Blueprint” and select “Cloud”
3. Provide a name, description, and select the Provisioning Groups to assign this Blueprint 
4. Select a Display Icon. For some nice icons please refer to http://www.vcacteam.info/index.php/articles/vcac-customization/configurable/31-vcac-icon-pack 
5. Choose a Machine Prefix and Approval Policy
6. Ensure the Blueprint is enabled
7. Assign a max # of instances and Cost
8. Click the “Build Information” tab
9. Blueprint type should be “Server” and leave the Provisioning Workflow at “CloudProvisioningWorkflow”
10. Click the ellipsis for AMI and filter for the instances available in this Blueprint  
  • It’s easiest to copy the AMI ID from your AWS account and filter this way
11. Select the AMI after filtering and Click “OK”
12. Leave Key pair at “Not Specified”
13. Leave “Enable Amazon network options on machine” un-checked 
  • For VPC, ELB, and Elastic IPs you may select this option

14. For Instance Types, if you have selected multiple instances in the above AMI field, you may check the appropriate boxes. This will in turn allow your users to select instance types from the Self Service Portal when requesting an AWS Blueprint. You must select at least one type
15. Machine Resources Min and Max will changed based on the Instance types selected above

  • Please note it is not necessary to update/create new Instance Types in vCAC. They are provided for you out of the box
16. If desired, Click the Security tab and select/de-select Machine Operations
17. Click “OK” to save the Blueprint

Connect vCAC to AWS
Connect vCAC to AWS

Login to the Self Service Portal and Request

Steps:
1. Connect to http://VCACserverURL/DCACSelfService/ (for vCAC 5.1) https://VCACserverURL/VCACSelfService/ (for vCAC 5.2)
2. Click on “New Request” and select your AWS Blueprint 
3. Enjoy!

Connect vCAC to AWS