- Adds a public cloud region to the platform and imports templates into the Apps library
- Describes how to create a virtual datacenter and configure and deploy a Linux VM in public cloud
This walkthrough assumes that:
- The Abiquo platform has been configured
- The user has a public cloud account for Amazon and/or Azure and/or GCP and/or OCI with API credentials.
- See Obtain AWS credentials or Obtain Azure ARM credentials or Obtain Azure ARM credentials for CSP (for partner accounts) or Obtain Google Cloud Platform credentials or Obtain OCI credentials.
- The examples in this walkthrough generally use Amazon and a Linux VM.
1. Log In
Log in as Cloud Administrator using the default account with the following data:
- Username: admin
- Password: (Your demo password supplied by Customer Service)
2. Configure your user account
To configure a user for public cloud:
- Click the username icon in the bottom left corner of the screen to open the menu and select Edit user
- OR go to Users view → Users → select and edit a user
- Add an Email address and Phone number to receive notifications from the platform
- To be able to connect to your VMs in public cloud, go to Advanced and add an SSH public key
3. Create a public cloud region
The cloud administrator creates public cloud regions to configure public cloud providers for users.
- Open Infrastructure View by clicking the servers icon at the top of the main menu
- Go to Public
- Click the + add button at the bottom of the Public cloud regions list
- Enter the Name of your public cloud region
- Select the Provider
- Select the Region to add. You can add more than one region, and the platform will add a suffix to the region name
- Click Next
- Select the Remote services. Abiquo uses Remote services to connect to the providers and manage the cloud.
- In the first IP address box, click the down arrow and select the Remote service URL from the pull-down list
- Then click the link to Duplicate IP addresses at the top of the popup
- Click Check all to check the connection to the remote serivces
- Click Save
Click the help button in the top left-hand side of a pop-up to view the help screen for that pop-up.
4. Optionally allow other tenants to use a public cloud region
The tenant that creates a public cloud region can automatically use it. If you are working in the same tenant that you created the public cloud region with, then you can skip this step. For all other tenants, you must allow them access.
- Open the Users view by clicking the users icon
- From the Enterprises list, select the tenant to allow access. Or create a new tenant, entering the Name and selecting Global scope.
- Tip: When you are creating or editing an enterprise, you can restrict the tenant's resources with Allocation limits!
- At the bottom of the Enterprises list, click the pencil edit button.
- To allow users to deploy in the public cloud region, enable the region datacenter for the enterprise. Go to Datacenters, select the public cloud region, and drag it to the Allowed datacenters list.
Note: You don't need to save the tenant yet, because in the next step you will also change the tenant.
5. Add tenant credentials for the public cloud provider
Each cloud tenant will require their own set of public cloud credentials. Note that you can also register your tenants as the customer of a cloud reseller that is using the platform.
- Edit tenant enterprise and go to Credentials
- Select the Provider
- Enter the Access key and the Secret access key. For more details, see Obtain AWS credentials and Obtain Azure ARM credentials.
- Click Add account
- When you have entered all cloud provider credentials, click Save
The tenant's account will be added for the provider and displayed in the public cloud view of the Infrastructure tab.
6. Add VM templates to the Apps library in public cloud
The Appliance library (Apps library) stores VM templates so that users can easily create VMs from them. In public cloud, the platform stores VM template details and then deploys from the public cloud templates. The Apps library templates are available to users in their virtual datacenters.
- Open the Apps library view by clicking the apps library icon
- Go to Public
- Select the public cloud region
- Click the import template button
- Enter the ID of a template to import, or a Name text, for example "Linux" because we recommend that you use a Linux template. In Azure, optionally filter by template providers, for example, use the Canonical provider and search for an "ubuntu" template.
- Tip: In Amazon in the EC2 console, you can easily find a few basic templates with IDs in the launch wizard!
- Click Search
- Select a Template to import and click the import symbol beside the template
The imported templates will be added to the Apps library. Note that you may not be able to accept an end-user license agreement outside of the public cloud interface, so for example, to deploy an AMI from the Amazon Marketplace, you will need to accept the EULA in AWS before you can deploy in Abiquo.
7. Edit the VM templates to add a password
The VM template will have a default user, and you should add a password for this user.
- Go to Apps library → Public → select region → Templates
- Select and edit the template
- Go to Advanced
- Select the template operating system, for example, LINUX_64
- For Azure enter a Username and for Windows on Azure enter a Password
- For Linux, note the username that the platform has obtained from the Azure template
- For Windows, enter a valid username and password. See Azure Portal and documentation about usernames at https://docs.microsoft.com/en-us/azure/virtual-machines/windows/faq#what-are-the-username-requirements-when-creating-a-vm. The RDP password must be more than 12 characters long. It should contain at least one each of uppercase character, lowercase character, number, and special character. See https://docs.microsoft.com/en-us/azure/virtual-machines/windows/faq#what-are-the-password-requirements-when-creating-a-vm
If you do not add a user and password to the template, the platform will use the default set in Abiquo Configuration Properties.
- For AWS enter a Username
- For Linux, see Amazon default instance users table. If necessary, enter the Username
- For Windows, enter "Administrator"
- Click Save
8. In Azure and OCI create a resource group
In order to create a virtual datacenter in Azure or OCI, you must first create a resource group. You can use resource groups to manage groups of related resources in the cloud provider.
To create a resource group:
- Go to Virtual datacenters by clicking the cloud button
- Go to Global → select the cloud provider
- Go to Resource groups
- Click the + add button
- Complete the dialog and click Save
Screenshot: Create a resource group in Azure
Screenshot: Create a resource group in OCI
The name of the resource group. We recommend that you check the provider documentation, because if the name is invalid, the platform will return the provider's error.
In Azure, the Name must be unique in the subscription, which means in the enterprise
The provider where that platform will create the resource group
Azure: the public cloud region where the platform will store the resource group's metadata
|Parent||OCI: the resource group above this resource group in the OCI hierarchy|
When you create a resource group, OCI may take some time to create it, so please be patient.
9. In Google Cloud Platform create a global network
In the Google Cloud Platform integration there are two new types of networks: global networks and their subnets. Global networks are private VPC networks that span different regions. So each global network may be available in different cloud locations. When you onboard or synchronize a region, the platform will update all global networks and all the subnets from the synchronized region.
In order to deploy a VM in the Google Cloud Platform, users must add an IP in a subnet of a global network, and this means that each virtual datacenter must have a subnet.
To create a global network:
- Go to myCloud virtual datacenters view → Global
- Select a Google provider
- On the Global networks page, click the + add button and complete the dialog
|Name||The name of the global network|
|Description||This will display beneath the network name in the list|
|Routing mode||Select Regional or Global.|
Automatic subnet creation
Select to automatically create subnets in all regions of Google Cloud Platform. This option is recommended for test environments only. To onboard the subnet for a region synchronize the global network and select the region. The subnets will have an address in CIDR notation of 10.172.0.0/20
10. Create a virtual datacenter in public cloud
Virtual datacenters contain the virtual resources for providing the cloud service. From here users can create VMs in virtual appliances and the Abiquo platform will deploy them to the infrastructure. Within virtual datacenters, users can manage their VMs, networks, storage, and more.
- Open the Virtual datacenters view by clicking the cloud icon
- Click the + add button at the top of the Virtual Datacenters list and select Create virtual datacenter
- Enter a Name, and select the Public cloud region
- If required, select a resource group
11. In Google Cloud assign a subnet to the virtual datacenter
- In Virtual datacenters view, go to Global
- Select the public cloud provider → Global networks
- Select a global network
- To onboard existing subnets, click the round arrow synchronize button and select the public cloud region
- In Global view or Locations view:
- Select a subnet and click the pencil edit button OR
- Create a subnet. See Create a subnet
- When you edit or create the subnet, select the Virtual datacenter you created earlier
12. Create a virtual appliance in public cloud
A virtual appliance is a container for a group of VMs running in a virtual datacenter. It is like a folder that can contain a related set of VMs that are used to provide a service. For example, a web stack. At the virtual appliance level, you can deploy these VMs together, view their performance statistics, create anti-affinity layers for VM high availability, and so on.
To manage a new group of VMs, create a virtual appliance:
- Select the Virtual datacenter in public cloud
- In the Virtual Appliances pane, click the + add button and enter the Name of the virtual appliance then click Save.
The virtual appliance you create will display in the Virtual Appliances list. For more details, see Manage Virtual Appliances .
13. Add VM templates to create VMs in public cloud
The list of available and compatible templates displays in the left pane of the virtual appliance.
- Click on the Virtual appliance name to open your virtual appliance
- To create a VM, click Create virtual machine and select a VM template
- For the Label, enter a user-friendly name for the VM that meets provider criteria, then click Save
- For each template, select an appropriate Hardware profile. You can enter a text string to search for specific profiles.
14. Configure the VM network connections
If you would like to connect to a VM in public cloud, you will need to add a public IP address, as well as a private IP address in a public subnet (in AWS and OCI). If you don't configure the network, by default Abiquo will add a private IP address only and you probably won't be able to connect to your VM.
- On the VM icon from the options menu, select Edit
- Click Network → select Private networks. Select a Private network.
In Amazon select subnet-xxxx, which is the public subnet. In OCI, also select a public subnet, which has an internet gateway. In GCP, select the subnet of the global network.
- Drag the Auto-generated IP label into the NICs pane.
- Click Network → Public → Purchase public IP
- Then on the Purchase public IPs popup, click the + add button
- Select an IP address and click Add
- Drag the public IP into the NICs pane
15. Configure the VM firewall for public cloud
To connect to a VM in public cloud, create a firewall to allow access. Because this VM will only be active for a very short time, we will use basic default settings.
- For a Linux VM, use an SSH connection to port 22.
- For a Windows VM, use a standard RDP connection to port 3389
Create a firewall in AWS, Azure, or OCI
- Go to Virtual datacenters → Networks → Firewalls
- Click the + add button to create a firewall for connections and enter the Name, and select the Location and Virtual datacenter
- Edit the Firewall rules and select Inbound, then from Common protocols, select SSH for a Linux VM or RDP for a Windows VM. Or for convenience, you could allow both in a test system
- In this example, we allowed connections, but you should allow only incoming connections from your IP address.
- Click Add, then click Save.
Note that AWS will not allow you to create duplicate firewall rules.
Create a firewall policy in GCP
In GCP, the platform can create firewall policies in virtual datacenters or in global networks, to later attach to VMs.
Privilege: Manage firewall, Manage global networks
To create a new firewall, do these steps:
- Go to Virtual datacenters → Network → Firewalls
or go to myCloud → Global → select the GCP provider → Network → Firewalls
- Click the Add button
- Enter the firewall details and select the direction
Name of the firewall policy. See GCP entity naming conventions
Optionally select a virtual datacenter. This option is useful in recommending firewalls for your users and to enable you to set a default firewall. If you do not select a virtual datacenter, the platform will still create the firewall in the provider and users can still attach this firewall to their VMs
|Direction||Select INGRESS for incoming traffic or EGRESS for outgoing traffic|
Sources or Targets
Enter a list of comma separated values in CIDR format
|Priority||The default is 1000 and lower numbers have higher priority|
|Allow||If selected, allow traffic; if unselected, deny traffic|
|Disabled||If selected, disable the firewall|
|Logs activated||If selected, activate firewall rule logs in GCP|
- Go to Inbound or Outbound and add firewall rules
Optionally select from a predefined common protocol to automatically complete the Protocol and default Ports
Enter the protocol
|Ports||Enter a list of ports, separated by commas, and/or a port range, separated with a dash (e.g. 80,8000-8009)|
Click Add to add the rule.
- After you finish adding rules, click Save
The platform will create your firewall in the provider.
Attach the firewall to the VM
- Go to Virtual appliances → click on the Name to open the virtual appliance → Edit the VM
- Go to Networks → Firewall
- Select the firewall you created and click Save. Note that the provider may limit the number of firewall policies that you can apply to a VM
16. Deploy the virtual appliance in public cloud
Click the Deploy virtual appliance button to deploy the virtual appliance.
The platform will deploy all the VMs and power them on. You can select the VMs and manage them with the control buttons in the lower right corner of the screen.
Now you can relax and give your VM some time to start up.
17. Connect to your VM
You can connect using SSH or RDP or another appropriate method.
- Go to Virtual datacenters and open the Virtual appliance
- Select the VM
- To obtain the default username and password, go the General tab of the VM control panel and click Default credentials
- To open the connection, click the console icon
- A console should open to allow you to log in to your VM. The platform will automatically complete the Username
- For Windows VMs on Azure, enter the Password
- For all Linux VMs and for Windows VMs on AWS, enter the SSH private key (also called the Decryption key)
If you cannot connect due to an unsecured certificate error, open a new tab in the same browser, enter the host IP of the VM, and accept the certificate.