...
The Abiquo Amazon EC2 integration is a multi-cloud feature that enables our customers to add Amazon public cloud regions to the Abiquo platform as part of our agnostic public cloud management. With the Abiquo platform you will be able to offer a service that is a federation of Abiquo private clouds and the public cloud. Cloud tenants can deploy virtual resources in public cloud regions or in Abiquo datacenters using the same award-winning Abiquo user interface.
You can control the use of public cloud resources in the same way as in the Abiquo datacenter (quotas, limits, viewer roles, etc). And users can also work with Abiquo multi-cloud features such as workload automation with action plans and autoscaling in public cloud. And the platform also obtains price lists and billing data from the provider to use in features such as billing dashboards , cost estimates, and budgets with action plans, and lets you create a single bill for each cloud tenantcustomer. And Abiquo supports reseller accounts in the AWS Partner Network for use with tenant hierarchies.
...
Administrators add Amazon regions to the platform as Abiquo public cloud regions. Abiquo manages public cloud regions using a set of the Abiquo Remote Services. The You can share the remote services used in a public cloud region can be shared region with other datacenters or public cloud regions. Abiquo caches the details of AMI templates but it does not store without storing their disks, so no NFS repository is required for a public cloud region. Each Abiquo public cloud region corresponds to a single Region in Amazon EC2. Multiple cloud tenants can then access this region.
...
...
Tenants and AWS credentials
Each Abiquo enterprise using the Amazon public cloud region should have its own AWS account. Abiquo will validate your the Amazon credentials (Access Key ID and Secret Access Key) with AWS. Each enterprise may register ONE set of credentials for the enterprise's AWS account. You cannot register another set of credentials for the same account in another enterprise. In the case of a tenant hierarchy, the reseller may register the credentials of their partner account. Then each customer will have compute and/or billing credentials. You can also register an AWS organization under a reseller, and each enterprise under the organization will have its own credentials.
...
An AWS account may also have access to pricing data. If you register pricing credentials, the platform can onboard public cloud price lists for use with features such as cost estimates for users, budgets, and billing. If you also enable programmatic billing in Amazon and register the S3 bucket where you are saving billing reports, the platform can display provider billing data on the dashboard. The platform can aggregate this data at the customer level for a set of related tenants, as well as at the reseller level.
Some regions, such as those in China, may require separate credentials, and for these regions, the administrator must select a separate provider, for example, "AWS (China)".
...
Abiquo VDCs and VMs in Amazon
...
| Warning |
|---|
Manage Amazon Instances with AbiquoDo not rename an Amazon instance in AWS or you will break the link between Abiquo and the VM. If the link is broken, you will not be able to manage the VM with Abiquo again. Do not delete the tags created by Abiquo. If you need to manage your Abiquo Elastic IPs in Amazon, synchronize them to update changes in Abiquo or you may see unexpected results. |
...
Abiquo networking options in AWS
When you create a virtual datacenter in Abiquo, you have the following options to create a network:
Defaultprivate networkNone (Abiquo 6.1.2+)
Customprivate network
Abiquo will create an AWS VPC according to these options as described in the following section
...
How Abiquo creates a virtual private cloud
When you select Default private network or Custom private network, Abiquo configures VPC networking Scenario 2 as described in the AWS documentation. See https://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/VPC_Scenario2.html.
...
The primary private IP of the NAT gateway is automatically assigned by AWS. In Abiquo we always set the first IP as the gateway, because according to the documentation, it is reserved for the VPC router. See https://docs.aws.amazon.com/vpc/latest/userguide/subnet-sizing.html.
In Abiquo the public IP of the NAT gateway enables access to the internet from the private subnet, but it does not allow incoming connections.
...
When you create a VPC in Abiquo, it does not onboard the IPs of the private subnets. You need to synchronize each network to onboard its IPs.
Abiquo can create a VPC with no network
In Abiquo 6.1.2+, the user can now choose not to create networks when they create the VDC. In this case, Abiquo will create an AWS VPC with no public subnet, internet gateway, or the NAT gateway (and no expensive elastic IP!). Abiquo will still create an address range for the VPC, and the user should enter these details before creating a VDC.
If you do not create the networks when you create the VDC, you cannot connect to your VMs or use NAT for outward internet connectivity.
To connect to a VM in an AWS VDC with the None option for networks:
In your virtual datacenter, go to Network → Private
Click + add and complete the dialog, selecting the Internet gateway checkbox.
Edit your VM and add an IP from the public subnet
Connect to your VM as usual. For more details, see How to deploy a VM in AWS using Abiquo.
| Info |
|---|
When you create a public subnet, if there is no internet gateway, the platform creates a new one and associates it with a new route table. If an internet gateway exists but it is not associated with a route table with a destination of 0.0.0.0/0, then the platform creates a new route table. |
To allow outward NAT connectivity from VMs in an AWS VDC with the None option for networks:
Create a public subnet in your VDC (as described above)
Create a private network in your VDC
Manually create the NAT gateway in the AWS console (see AWS documentation at Create a NAT gateway)
Edit the main route table to add a new route with
target = igwanddestination 0.0.0.0/0.
...
...
Technical notes about AWS networks
The following notes describe how Abiquo manages AWS networks in VDCs with a Default private network or Custom private network, where Abiquo configures VPC networking Scenario 2.
When creating a NAT gateway, Abiquo will reuse floating IPs that are not assigned to a VDC.
VMs in private networks will have internet access through the public subnet.
Users can create public subnets and Abiquo will assign them to route tables with a route to the internet gateway.
When Abiquo creates new public subnets, it will not create any new NAT gateways.
If users delete the original public subnet, this will also delete the original NAT gateway. But Abiquo will replace all the routes in the main route table that route traffic to the deleted NAT gateway with a new rule to route traffic to the internet gateway.
Abiquo users must attach Elastic IPs to VMs with a connection to a public subnet.
Note that AWS may charge for Elastic IPs when they are NOT in use, i.e. when they are not assigned to a VM or when the VM is not deployed in AWS.
The private subnet is a private connect network.
To deploy to different Availability zones, create a private networks (VPC subnet) for each zone.
The private subnets in the same availability zone as a public subnet will have internet access through the public subnet.
Abiquo creates a VPC with a minimum network size of /16 and a subnet of size /24, or with the sizes defined by the user.
You can set a custom private network in Abiquo and this network will be used to create the VPC and subnet in Abiquo.
You can create multiple address spaces (called Abiquo address ranges) and Abiquo private networks in different availability zones in the same VPC.
AWS reserves the first four IP addresses and the last IP address of a VPC private connect network.
For a network that is defined to start with address 0, the first available IP address will be address 4 and the gateway address is address 1.
You can synchronize existing VMs and create new IP addresses through Abiquo, including multiple Elastic IPs.
The maximum number of IP addresses is determined by the AWS hardware profile (instance type). See https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-eni.html#AvailableIpPerENI
Abiquo adds IPs in the same subnet to the same elastic network interface.
For information about Elastic Network Interfaces, see https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-eni.html
...