TAS for VMs supports SSH access into running apps to help troubleshoot apps hosted by a deployment. This topic describes how to configure a TAS for VMs deployment to allow SSH access to app instances, and how to configure load balancing for those app SSH sessions.
This section describes how to configure TAS for VMs to activate or deactivate deployment-wide SSH access to app instances. In addition to this deployment-wide configuration, Space Managers have SSH access control over their Space, and Space Developers have SSH access control to their apps. For details about SSH access permissions, see App SSH Overview.
To configure TAS for VMs SSH access for app instances:
Go to the Tanzu Operations Manager Installation Dashboard.
Click the TAS for VMs tile.
Select App Containers.
Activate or deactivate the Allow SSH access to app containers check box.
Optionally, select the Allow SSH when an app is created check box to activate SSH access for new apps by default in spaces that permit SSH. If you deselect this check box, developers can still activate SSH after pushing their apps by running cf enable-ssh APP-NAME
, where APP-NAME
is the name of the app for which they want to enable SSH.
For IaaSes where load-balancing is available as a service, you should provision a load balancer to balance load across SSH proxy instances. Configure this load balancer to forward incoming TCP traffic on port 2222 to a target pool where you deploy diego_brain
instances.
For AWS, Azure, and GCP IaaSes, you configure SSH load balancers in the Resource Config pane. To register SSH proxies with a load balancer:
Select Resource Config.
In the Diego Brain row, enter your load balancer name in the Load Balancers field.
Tanzu Operations Manager supports an API-only nsx_lbs
field. You can configure load balancers in vSphere using this field.