Overview of support for Amazon Web Services
BMC Cloud Lifecycle Management supports the external cloud provider Amazon Web Services (AWS). This topic provides an overview of what is supported by BMC Cloud Lifecycle Management and also provides a list of limitations to the support.
The topic includes the following sections:
BMC Cloud Lifecycle Management uses the AWS Java SDK. See the Amazon Web Services online technical documentation for more information about using the SDKs.
With this API, you can provision Amazon Machine Images (AMIs) available from Amazon Marketplace. AMIs with preconfigured stacks (with application installed) are available from the Amazon Marketplace for IAAS, PAAS, and SAAS. You can provision any appliance from the Marketplace, which appears in the console as a compute node.
For example, a checkpoint firewall provisioned from the Amazon Marketplace appears as a compute VM in the BMC Cloud Lifecycle Management console. You can then add Day 2 operations, such as adding memory, CPU, and start/stop options. Note that no firewall artifacts are generated for this type of resource.
Amazon EC2 (Elastic Cloud Computing) instances, similar to virtual servers, that can run applications. Instances are created from an Amazon AMI.
|Amazon Machine Image (AMI)|
A template that contains a software configuration, including an operating system, which defines your operating environment. You can use generic public AMIs or you can customize a public AMI.
A distinct location within an AWS geographic Region. A Region can contain multiple Availability Zones. An Availability Zone is designed to be isolated so that a failure in another Availability Zone does not impact its instances. A subnet resides in only one Availability Zone.
Virtual Private Cloud (VPC)
A virtual network dedicated to your AWS account that is logically isolated from other virtual networks in the AWS cloud. A VPC creates a separate section of the AWS cloud with its own virtual network topology. You can create multiple VPCs in the AWS cloud.
|Logical hosting environment (LHE)||A generic BMC Cloud Lifecycle Management construct. In the AWS context, a LHE can be either a VPC or an Availability Zone.|
A firewall policy that is applied to provisioned virtual machines. A security group consists of rules that control inbound and outbound network traffic. You can assign virtual machine instances to multiple security groups.
SSH key pair
A public/private key pair that enables remote access to your virtual machine instances. Use this key to gain SSH access to Linux instances and Remote Desktop access to Windows instances.
BMC Server Automation Agent
A software package that you can install on an AMI instance to enable the BMC Server Automation use cases on virtual machine instances.
|Logical data center|
A generic construct that absorbs the key artifacts of any isolated network topology.
The logical data center references Logical Distributed Firewalls, Logical Perimeter Firewalls, Logical Data Stores, and Logical Load Balancers.
|Logical load balancer|
A Logical Load Balancer represents an Elastic Load Balancer. The Logical Load Balancer has IPV4 and IPV6 DNS names to accomodate IPV6 clients. The cloud administrator has the ability to decide the probing protocol and the probing path. For example, a webserver instance listening to traffic on port 80 would have a probing path similar to xxxxx:80/index.html.
|Logical perimeter firewall|
A construct within the Logical Data Center that provides security at the perimeter of the data center, even though the physical layout is not exposed. Packets coming in from the internet must traverse
|Logical distributed firewall|
A construct within the Logical Data Center that provides security between VLANs. These firewalls are additive to the logical perimeter firewalls and are usually tightly integrated at the hypervisor layer. These firewalls can be associated with elastic load balancers.
|Logical data store|
A construct within the Logical Data Center that provides a virtual data store.
Mapping of AWS constructs with BMC Cloud Lifecycle Management objects
The following table identifies the correlations between the main AWS constructs and their BMC Cloud Lifecycle Management counterparts:
BMC Cloud Lifecycle Management object
Logical Hosting Environment
|Virtual Private Cloud||Logical Hosting Environment|
Amazon Machine Image
Template for a provisioning instance
Virtual Private Cloud subnet
Elastic Load Balancers
|Logical Load Balancers|
|Logical Distributed Firewalls|
|Logical Perimeter Firewalls|
Elastic Block Storage
Support for Availability Zones and VPCs
BMC Cloud Lifecycle Management allows you to provision virtual machine (VM) instances to Availability Zones or VPCs.
An Availability Zone is a distinct location within an AWS geographic Region. A Region can contain multiple Availability Zones. Availability Zones are designed to be isolated so that a failure in one Availability Zone does not impact instances in another. For more information, see the AWS documentation on Regions and Availability Zones.
Unlike Availability Zones, which are predefined, VPCs are created to delineate a section of the AWS cloud for your use. Within this section you can launch Amazon AWS instances with private, instead of public, IP addresses that lie within a user-defined range. Within the VPC, you can create subnets to group similar AWS instances according to a private IP address range. The following example shows a VPC with four subnets:
The VPC is designated by the address 192.168.24.0/24. The subnets are designated by the following addresses:
You can assign elastic IP addresses to the private address instances in the VPC. Elastic IP addresses are static, public addresses that, once assigned, enable the instances in the VPC to be reached from external networks.
You can onboard your existing VPCs and Availability Zones as Logical Data Centers to BMC Cloud Lifecycle Management. See Onboarding and offboarding Logical Data Centers for Amazon Web Services.
For instructions about how to create a VPC using BMC Cloud Lifecycle Management, see Creating a Logical Data Center for Amazon Web Services.
Limitations to the support
The following table itemizes the limitations to the current BMC Cloud Lifecycle Management support for AWS.
|Onboarded Availability Zones|
Load Balancer and Firewall management is not supported for Availability Zone-based LDCs.
IPAM is also not supported for an onboarded Availability Zone (which is onboarded as an LDC).
In an AWS environment, some Availability Zones do not support an AMI with a type General Purpose (SSD) volume for provisioning. This behavior is as designed by AWS.
If this occurs, BMC Cloud Lifecycle Management displays the following error when trying to provision an instance in the Availability Zone.
To work around this issue, provision the AWS instance in a different Availability Zone.
|VPCs (onboarded or created)|
The BMC Cloud Management console does not support LHE Offboard. Therefore, all of the VPC-based LHEs are deleted from both the Cloud database and AWS when you select Decommission in the BMC Cloud Management console, including the onboarded VPC-based LHEs where the VPCs were created in AWS.
LHE Offboard is supported only using the API.
|Firewall Rules / Network Paths|
|Scaling||Scaling up (adding CPU or memory) or scaling down an Amazon EC2 node is tied to the source instance family, as defined by the AWS SDK. However, if the source instance is a micro instance, a scale-up operation could allow an EC2 node to cross the instance type family boundary from micro to general purpose. Scale-down operations are strictly within an instance family.|
Where to go from here
To start your Amazon Web Services implementation, see Configuring the infrastructure for Amazon Web Services support.