Overview of support for Amazon Web Services

BMC Cloud Lifecycle Management supports the external cloud provider Amazon Web Services (AWS). This topic provides an overview of what is supported by BMC Cloud Lifecycle management and also provides a list of limitations to the support.

The topic includes the following sections:

API/SDK support

BMC Cloud Lifecycle Management uses the AWS Java SDK 1.6.2. See the Amazon Web Services online technical documentation for more information on using the SDKs.

With this API, you can provision Amazon Machine Images (AMIs) available from Amazon Marketplace. AMIs with preconfigured stacks (with application installed) are available from the Amazon Marketplace for IAAS, PAAS, and SAAS. You can provision any appliance from the Marketplace, which appears in the console as a compute node.

For example, a checkpoint firewall provisioned from the Amazon Marketplace appears as a compute VM in the BMC Cloud Lifecycle Management console. You can then add Day 2 operations, such as adding memory, CPU, and start/stop options. Note that no firewall artifacts are generated for this type of resource.

Key terminology

Term	Description
EC2 instance	Amazon EC2 (Elastic Cloud Computing) instances are similar to virtual servers that can run applications. Instances are created from an Amazon AMI.
Amazon Machine Image (AMI)	A template that contains a software configuration, including an operating system, which defines your operating environment. You can use generic public AMIs or you can customize a public AMI.
Availability Zone	A distinct location within an AWS geographic Region. A Region can contain multiple Availability Zones. An Availability Zone is designed to be isolated so that a failure in another Availability Zone does not impact its instances. A subnet resides in only one Availability Zone. The BMC Cloud Lifecycle Management pod is mapped to an Availability Zone. Consequently, Availability Zones are onboarded as pods.
Virtual Private Cloud (VPC)	A virtual network dedicated to your AWS account that is logically isolated from other virtual networks in the AWS cloud. A VPC creates a separate section of the AWS cloud with its own virtual network topology. You can create multiple VPCs in the AWS cloud. A VPC is contained with an AWS geographic Region, and it can span multiple Availability Zones.
Logical hosting environment (LHE)	A generic BMC Cloud Lifecycle Management construct. In the AWS context, a LHE can be either a VPC or an Availability Zone.
Security Group	A firewall policy that is applied to provisioned virtual machines. A security group consist of rules that control inbound and outbound network traffic. You can assign virtual machine instances to multiple security groups.
SSH key pair	A public/private key pair that enables remote access to your virtual machine instances. Use this key to gain SSH access to Linux instances and Remote Desktop access to Windows instances.
BMC Server Automation Agent	A software package that you can install on an AMI instance to enable the BMC Server Automation use cases on virtual machine instances.
Logical data center	A generic construct that absorbs the key artifacts of any isolated network topology. The logical data center references Logical Distributed Firewalls, Logical Perimeter Firewalls, Logical Data Stores, and Logical Load Balancers.
Logical load balancer	A Logical Load Balancer represents an Elastic Load Balancer. The Logical Load Balancer has IPV4 and IPV6 DNS names to accomodate IPV6 clients. The cloud administrator has the ability to decide the probing protocol and the probing path. For example, a webserver instance listening to traffic on port 80 would have a probing path similar to xxxxx:80/index.html.
Logical perimeter firewall	A construct within the Logical Data Center that provides security at the perimeter of the data center, even though the physical layout is not exposed. Packets coming in from the internet must traverse through these firewalls before they can enter the Logical Data Center. These firewalls typically provide subnet level security.
Logical distributed firewall	A construct within the Logical Data Center that provides security between VLANs. These firewalls are additive to the logical perimeter firewalls and are usually tightly integrated at the hypervisor layer. These firewalls can be associated with elastic load balancers.
Logical data store	A construct within the Logical Data Center that provides a virtual data store.

Mapping of AWS constructs with BMC Cloud Lifecycle Management objects

The following table identifies the correlations between the main AWS constructs and their BMC Cloud Lifecycle Management counterparts:

AWS construct	BMC Cloud Lifecycle Management object
Availability Zone	Logical Hosting Environment
Virtual Private Cloud	Logical Hosting Environment
Amazon Machine Image	Template for a provisioning instance
Virtual Private Cloud subnet	Logical Network
Elastic Load Balancers	Logical Load Balancers
Security Groups	Logical Distributed Firewalls
Network ACL	Logical Perimeter Firewalls
Elastic Block Storage	Logical Datastore

Supported instance types

The following table identifies the AWS instance types supported by BMC Cloud Lifecycle Management.

Note

BMC Cloud Lifecycle Management uses vCPU, not ECU, for instance type selection.

Type	Arch	vCPU	Memory (MiB)	ECU	Memory (GiB)	Storage (GB)	EBS- opt avail	Network performance
General purpose instance family
m1.small	64-bit	1	1741	1	1.7	1x160	Low	-
m1.medium	64-bit	1	3840	2	3.75	1 x 410	-	Moderate
m1.large	64-bit	2	7680	4	7.5	2x420	Yes	Moderate
m1.xlarge	64-bit	4	15360	8	15	4x420	Yes	High
m3.xlarge	64-bit	4	15360	13	15	2x40 SSD*6	Yes	High
m3.2xlarge	64-bit	8	30720	26	30	2x80 SSD*6	Yes	High
Compute optimized instance family
c1.medium	64-bit	2	1741	5	1.7	1x350	-	Moderate
c1.xlarge	64-bit	8	7168	20	7	4x420	Yes	High
cc1.4xlarge	64-bit	16	23040	33.5	22.5	2x840	-	10 Gigabit4
cc2.8xlarge	64-bit	32	61952	88	60.5	4x840	-	10 Gigabit4
GPU instance family
cg1.4xlarge	64-bit	16	23040	33.5	22.5	2x840	-	10 Gigabit4
Memory optimized instance family
m2.xlarge	64-bit	2	17510	6.5	17.1	1x420	-	Moderate
m2.2xlarge	64-bit	4	35021	13	34.2	1x850	Yes	Moderate
m2.4xlarge	64-bit	8	70042	26	68.4	2x840	Yes	High
cr1.8xlarge	64-bit	32	249856	88	244	2x120 SSD	-	10 Gigabit4
Storage optimized instance family
hi1.4xlarge	64-bit	16	61952	35	60.5	2x1024 SSD2	-	10 Gigabit4
hs1.8xlarge	64-bit	16	119808	35	117	24 x 2,048 x 3	-	10 Gigabit4
Micro instances family
t1.micro	64-bit	1	630	Variable5	0.615	EBS only	-	Very low

Support for Availability Zones and VPCs

BMC Cloud Lifecycle Management allows you to provision virtual machine (VM) instances to Availability Zones or VPCs.

An Availability Zone is a distinct location within an AWS geographic Region. A Region can contain multiple Availability Zones. Availability Zones are designed to be isolated so that a failure in one Availability Zone does not impact instances in another. For more information, see the AWS documentation on Regions and Availability Zones.

Unlike Availability Zones, which are predefined, VPCs are created to delineate a section of the AWS cloud for your use. Within this section you can launch Amazon AWS instances with private, instead of public, IP addresses that lie within a user-defined range. Within the VPC, you can create subnets to group similar AWS instances according to a private IP address range. The following example shows a VPC with four subnets:

The VPC is designated by the address 192.168.24.0/24. The subnets are designated by the following addresses:
192.168.24.0/26
192.168.24.64/26
192.168.24.128/26
192.168.24.192/26

Note the following considerations:

You can assign elastic IP addresses to the private address instances in the VPC. Elastic IP addresses are static, public addresses that, once assigned, enable the instances in the VPC to be reached from external networks.
You can onboard your existing VPCs and Availability Zones as logical Data Centers to BMC Cloud Lifecycle Management. See Onboarding-and-offboarding-Logical-Data-Centers-for-Amazon-Web-Services.
For instructions on how to create a VPC using BMC Cloud Lifecycle Management, see Creating-a-Logical-Data-Center-for-Amazon-Web-Services.

Limitations to the support

The following table itemizes the limitations to the current BMC Cloud Lifecycle Management support for AWS.

Item	Limitation
Onboarded Availability Zones	Load Balancer and Firewall management is not supported for Availability Zone-based LDCs.
VPCs (onboarded or created)	The BMC Cloud Management console does not support LHE Offboard. Therefore, all of the VPC-based LHEs are deleted from both the Cloud database and AWS when you select Decommission in the BMC Cloud Management console, including the onboarded VPC-based LHEs where the VPCs were created in AWS. LHE Offboard is supported only using the API.
Firewall Rules / Network Paths	Firewalls: Outbound rules for Distributed Firewall cannot be viewed or created through the Firewall management UI. To view an outbound firewall rule, use the API. Network paths: The Create: Deny Network Paths are only valid between two networks (external or internal). If an endpoint is a Resource Set, the Network Path is invalid. Firewall and network paths: The only valid protocols for firewall rules and network paths are TCP or UDP. If you have multiple network paths, deleting a network path or SOI with a shared firewall rule deletes the rule. This may result in failures for other SOIs that also use the shared firewall rule. In the even of failure, you must recreate the network path to re-instantiate the firewall rule.
Scaling	Scaling up (adding CPU or memory) or scaling down an Amazon EC2 node is tied to the source instance family, as defined by the AWS SDK version 1.6.2. However, if the source instance is a micro instance, a scale up operation could allow an EC2 node to cross the instance type family boundary from micro to general purpose. Scale down operations are strictly within instance family.

Where to go from here

To start your Amazon Web Services implementation, see Configuring-the-infrastructure-for-Amazon-Web-Services-support.