Introduction to Abiquo and AWS
The Abiquo Amazon EC2 integration is a hybrid cloud feature that enables our customers to add Amazon public cloud regions to the Abiquo platform as part of our agnostic public cloud management. With the Abiquo hybrid cloud platform you will be able to offer a service that is a federation of Abiquo private clouds and the public cloud. Cloud tenants can deploy virtual resources in public cloud regions or in Abiquo datacenters through the same award-winning user interface. You can control the use of public cloud resources in the same way as in the Abiquo Datacenter (quotas, limits, etc).
Amazon Regions are added as Abiquo public cloud regions. Abiquo manages public cloud regions using four of the Abiquo Remote Services. The remote services used in a public cloud region can be shared with other datacenters or public cloud regions. No NFS repository is required to use with a public cloud region.
Each Abiquo public cloud region corresponds to a single Region in Amazon EC2. Each Abiquo enterprise using the Amazon public cloud region should have its own Amazon account. Abiquo will validate your Amazon credentials (Access Key ID and Secret Access Key) with AWS. Each enterprise may register ONE set of credentials for the enterprise's AWS account.
When users create a virtual datacenter in the public cloud region, Abiquo works with Amazon EC2. Abiquo creates a Virtual Private Cloud (VPC) for each Abiquo virtual datacenter. By default, for each Amazon VPC, Abiquo creates a public subnet and a private subnet, which is a private connect network. The private subnet has an Internet gateway and access to the VPC from outside the cloud is through NAT or Elastic IPs via the public subnet. Elastic IPs are registered in Abiquo as floating IPs. Floating IPs are managed like public IPs but they do not belong to any Abiquo network. Within your virtual datacenter, you can create more Abiquo private networks (subnets in your VPC), which will enable you to deploy to different Availability Zones. The private subnets in the same availability zone as the public subnet will have internet access through the public subnet.
VMs deployed in the VPC virtual datacenter are Amazon Instances. Add your public key to your Abiquo user before you deploy a VM. Your Amazon instance will be created using your RSA public key to enable remote access. You will need the corresponding RSA private key to access the instance.
Manage Amazon Instances with Abiquo
Do not rename an Amazon instance in AWS or you will break the link between Abiquo and the VM. If the link is broken, you will not be able to manage the VM with Abiquo again. Do not delete the tags created by Abiquo.
If you need to manage your Abiquo Elastic IPs in Amazon, synchronize them to update changes in Abiquo or you may see unexpected results.How Abiquo Creates a Virtual Private Cloud
In the AWS integration, Abiquo creates VPCs with NAT support with a public subnet, and allows VMs on different subnets to be connected to the same load balancer. Abiquo now supports the AWS gateway address as the first address in the network.
Abiquo now configures VPC networking Scenario 2 as described in the AWS documentation http://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/VPC_Scenario2.html.
Under this configuration, users must attach Elastic IPs to VMs with a connection to the public subnet. And by default, VMs in private networks will have internet access through the public subnet. This is helpful for automation because a VM can now connect to the internet to download its configuration, for example, using Chef, without an Elastic IP.
VPC and Subnet
When you create an Abiquo virtual datacenter in an AWS public datacenter, Abiquo creates a VPC of size /16 and a subnet of size /24 (or as defined by the user). The default CIDR for the VPC and the subnet is 192.168.0.0, which is the default private network in Abiquo. You can set a custom private network in Abiquo and this network will be used to create the VPC and subnet in Abiquo. You can create multiple Abiquo private networks in different availability zones in the same VPC.
AWS Reserves IP Addresses
AWS reserves five IP addresses in your private networks. It reserves the first four IP addresses and the last IP address of the VPC private connect network. These IP addresses are not displayed or used by Abiquo. Therefore the first available IP address in a network that is defined to start with address 0, will be address 5, and the gateway address will be address 1.
For example, in the default_private_network with network address 192.168.0.0, the following addresses would be reserved or used as the gateway.
IP Address | Notes |
---|---|
192.168.0.1 | Reserved by AWS, default gateway address |
192.168.0.2 | Reserved by AWS |
192.168.0.3 | Reserved by AWS |
192.168.0.4 | Reserved by AWS |
192.168.0.254 | Reserved by AWS |
Internet Access
Abiquo creates a route table that is equivalent to the AWS route table with the values of the Abiquo private network. You can use the AWS NAT instance for Internet access from the Abiquo virtual datacenter private network. You can acquire floating public IPs for your virtual datacenter and in AWS, these will be created as Elastic IPs with public network addresses. Note that AWS may charge for Elastic IPs when they are NOT in use, i.e. when they are not assigned to a VM or when the VM is not deployed in AWS. You must assign the Elastic IPs to VMs with connections to the Public subnet. When creating a NAT gateway, Abiquo will reuse floating IPs that are not assigned to a VDC.
Security
By default Abiquo assigns instances to the default VPC security group. This means that by default, all outbound traffic from instances is allowed. Enterprise administrators should configure an Abiquo firewall. Abiquo will create an AWS Security group in the VPC when this firewall is assigned to a virtual datacenter. Users can synchronize their firewalls with AWS, which will import existing security groups. The most basic configuration is to allow SSH inbound traffic, for example, port 22, which will allow SSH connections to the machine through a public IP, NAT, or from a private IP within the virtual datacenter. See AWS Security Groups as Abiquo Firewalls.
Number of IP Addresses per VM
Abiquo supports multiple IP addresses in the AWS integration. You can synchronize existing VMs with multiple IP addresses and create multiple IP addresses through Abiquo, including multiple Elastic IPs.
Abiquo supports the number of IP addresses supported by the AWS hardware profile (instance type). See http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-eni.html#AvailableIpPerENI
If the user adds multiple IPs in the same subnet, Abiquo adds them to the same elastic network interface. And if the IPs are in a different subnet, Abiquo adds them to a different elastic network interface. For information about Elastic Network Interfaces, see http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-eni.html
AWS Features
This table describes AWS features offered in the public cloud integration as well as Abiquo features that add important multi-cloud functionality.
See AWS integration for full details of the Abiquo Amazon Web Services integration.
AWS feature | Support | Comments |
---|---|---|
Partner accounts | Add a partner account for each hierarchy of tenants | |
All regions | Amazon may require separate credentials for groups of regions. | |
Hardware profiles | Onboard hardware profile families and types | |
Pricing | Onboard prices for hardware profiles, manage a markup, and use prices in estimates, usage metering, and billing | |
Billing dashboard | Obtain and display the provider billing data including the latest bills and estimated bill. | |
Billing | Incorporate AWS billing data into a single bill for the multi-cloud platform | |
Configure and remove VMs | When you create a VM, select the hardware profile | |
Reconfigure VMs | ||
Power on VM | ||
Power off VM | ||
Reset VM | - | |
Pause and resume VM | - | |
Storage |
| |
Take a VM snapshot | The VM must be powered off in Abiquo, although the actual VM is not powered off. | |
Remote access | Open a console window to access your VM using your SSH key registered in Abiquo | |
Create and delete networks | Users can specify the network address space, and create private and public subnets | |
Create and delete VPNs | From private cloud (NSX-T) to AWS | |
Create and delete VPCs | ||
Create and manage firewall policies | AWS security groups | |
Use Chef | Enterprise Chef or your own server | |
Use Chef attributes | ||
VM bootstrap scripts | Users can work with shell scripts or cloud-init to automate VM configuration | |
VM variables | The variables are stored on the VM filesystem in | |
Load balancing | Abiquo supports Classic load balancers and Application load balancers | |
Import and synchronize |
| |
VM monitoring and metrics | With Abiquo monitoring and metrics server | |
Deploy AMI from AWS marketplace | - | Abiquo cannot deploy an AMI from the AWS marketplace because Abiquo cannot display the EULA to the end user. |
Import VM template | Use compatible templates prepared according to provider instructions. See VM Template Mobility | |
Automated actions | Abiquo can run action plans on VMs | |
Autoscaling | Abiquo can automatically clone VMs or undeploy VMs to match your changing application needs |
AWS Synchronization
AWS Firewalls and Load balancers
For general information, see Manage Firewalls and Manage Load Balancers
To configure the load balancer integration:
- Set Abiquo Configuration Properties#amazon for the healthy threshold of machines in AWS in the abiquo.properties file.
- The Load balancer UI options can be configured in the client-config-custom.json file. See Configure Abiquo UI
In AWS, the platform supports load balancers as described in the following table.
Abiquo supports AWS Classic load balancers and Application load balancers.
AWS Element | Notes |
---|---|
AWS documentation | https://docs.aws.amazon.com/ElasticLoadBalancing/latest/DeveloperGuide/SvcIntro.html |
Healthy threshold | AWS will assign a previously unhealthy machine a healthy status after a number of successful health checks. |
Load balancer name |
|
Algorithm |
|
Subnets |
|
High availability | For high availability, create private networks (subnets) in different availability zones in your virtual datacenter |
Routing rules |
|
Routing rule protocol in | AWS accepts HTTP, HTTPS, TCP |
Routing rule port in | AWS accepts 80, 443 and 1024-65535 inclusive |
SSL certificate | Can be a new certificate or an existing one registered in AWS with an ARN.
|
Health check |
|
Firewalls | If a firewall does not display, it may not have been properly synchronized. In this case, you will need to click Cancel, synchronize firewalls and start again creating a new load balancer |