You can deploy VMware Tanzu Operations Manager on Amazon Web Services (AWS).
Before you deploy Tanzu Operations Manager using the procedure in this topic, complete the preparation steps in Preparing to Deploy Tanzu Operations Manager on AWS.
To launch an Amazon Machine Image (AMI) for Tanzu Operations Manager:
Go to the Tanzu Operations Manager section of Broadcom Support portal.
Click the version of Tanzu Operations Manager you want to install from the Release list.
In the Release Download Files, click the file named Tanzu Operations Manager for AWS to download a PDF.
Open the PDF and identify the AMI ID for your region.
Return to the EC2 Dashboard.
Click AMIs from the Images menu.
Using the Owned by me drop-down filter, click Public images .
Paste the AMI ID for your region into the search bar and press enter.
There is a different AMI for each region. If you cannot locate the AMI for your region, verify that you have set your AWS Management Console to your desired region. Additionally, AWS automatically deprecates public AMIs 2 years after they are published, including the AMIs for Tanzu Operations Manager and stemcells. These Tanzu Operations Manager AMIs do not appear in AMI searches, but can still be launched using the aws
CLI or Platform Automation. Deploying a deprecated light stemcell using AWS CPI v100 or below results in an error.
(Optional) If you want to encrypt the VM that runs Tanzu Operations Manager with AWS Key Management Service (KMS), perform the following additional steps:
Click the row that lists your Tanzu Operations Manager AMI and click Launch instance from AMI.
On the Launch an instance page, for Name, enter a name for the Tanzu Operations Manager VM. For example, enter pcf-ops-manager
.
Click m5.large for your instance type.
Click the pcf-ops-manager-key
key pair, and confirm that you have access to the private key file. You use this key pair to access the Tanzu Operations Manager VM.
In the Network settings section, click Edit and configure the following for your instance:
pcf-public-subnet-az0
to allow traffic from public IP addresses, or pcf-management-subnet-az0
to allow traffic only from private IP addresses.pcf-ops-manager-security-group
that you created in Configure a Security Group for Tanzu Operations Manager in Preparing to Deploy Tanzu Operations Manager on AWS.In the Configure storage section, adjust the Size (GiB) value. The default persistent disk value is 8 GB. VMware recommends increasing this value to a minimum of 100 GB.
(Optional) If you are using IAM roles, perform the following additional steps:
In the Summary section, ensure that the number of instances is 1.
Click Launch instance.
Click View all instances to access the Instances page on the EC2 Dashboard.
On the EC2 Dashboard, click Load Balancers.
Click Create Load Balancer.
Under Application Load Balancer, click Create.
For Step 1: Configure Load Balancer, do the following:
Under Basic Configuration, do the following:
pcf-web-elb
.pcf-public-subnet-az0
to allow traffic from public IP addresses, or pcf-management-subnet-az0
to allow traffic only from private IP addresses.For Step 2: Configure Security Settings, do the following:
Under Select default certificate, do one of the following:
For a production or production-like environment, use a certificate from a Certificate Authority (CA). This can be an internal certificate or a purchased certificate. For a sandbox environment, you can use a self-signed certificate, leaving the **Certificate chain** entry blank.
Click Next: Configure Security Groups.
For Step 3: Configure Security Groups, do the following:
pcf-web-elb-security-group
security group that you configured in Configure a Security Group for the Web ELB in Preparing to Deploy Tanzu Operations Manager on AWS.For Step 4: Configure Routing, do the following:
Under Target Group, enter the following values:
pcf-web-elb-target-group
.80
.Under Health checks, enter the following values:
/health
.Under Advanced health check settings, enter the following values:
8080
.6
.3
.3
.5
.200
.Click Next: Register Targets.
For Step 5: Register Targets, accept the default values and click Next: Review.
For Step 6: Review, review the load balancer details and then click Create. A message appears to confirm that AWS has successfully created the load balancer.
From the Load Balancers page, click Create Load Balancer.
Click Network Load Balancer.
For Step 1: Configure Load Balancer, do the following:
Under Basic Configuration, do the following:
pcf-ssh-elb
.Under Listeners, edit the existing listener. For Load Balancer Protocol, click TCP, and for Load Balancer Port, enter 2222
.
pcf-public-subnet-az0
to allow traffic from public IP addresses, or pcf-management-subnet-az0
to allow traffic only from private IP addresses.On the Configure Security Settings page, ignore the Improve your load balancer’s security error message.
Click Next: Configure Routing.
For Step 3: Configure Routing, do the following:
Under Target Group, enter the following values:
pcf-ssh-elb-target-group
.2222
.Under Health checks, enter the following values:
Under Advanced health check settings, enter the following values:
6
.10 seconds
.Click Next: Register Targets.
For Step 4: Register Targets, accept the default values and click Next: Review.
For Step 5: Review, review the load balancer details and then click Create. A message appears to confirm that AWS has successfully created the load balancer.
On the Load Balancers page, click Create Load Balancer.
Click Classic Load Balancer.
Configure the load balancer with the following information:
pcf-tcp-elb
.pcf-vpc
VPC that you created in Create a VPC in Preparing to Deploy Tanzu Operations Manager on AWS.Under Listener Configuration, add the following rules:
Load balancer protocol | Load balancer port | Instance protocol | Instance port |
---|---|---|---|
TCP | 1024 | TCP | 1024 |
TCP | 1025 | TCP | 1025 |
TCP | 1026 | TCP | 1026 |
... | ... | ... | ... |
TCP | 1123 | TCP | 1123 |
The ...
entry above indicates that you must add listening rules for each port between 1026 and 1123.
Under Select Subnets, click either the public or private subnets you configured in Create a VPC in Preparing to Deploy Tanzu Operations Manager on AWS, and click Next: Assign Security Groups.
On the Assign Security Groups page, click the security group pcf-tcp-elb-security-group
that you configured in Configure a Security Group for the TCP ELB in Preparing to Deploy Tanzu Operations Manager on AWS, and click Next: Configure Security Settings.
On the Configure Security Settings page, ignore the Improve your load balancer’s security error message.
Click Next: Configure Health Check.
On the Configure Health Check page, enter the following values:
TCP
.80
.3
seconds.5
seconds.3
.6
.Click Next: Add EC2 Instances.
Accept the defaults on the Add EC2 Instances page, and click Next: Add Tags.
Accept the defaults on the Add Tags page, and click Review and Create.
Review and confirm the load balancer details, and click Create.
Complete the following steps for all three of the load balancers you created in previous steps, named pcf-web-elb
, pcf-ssh-elb
, and pcf-tcp-elb
:
Click Instances on the navigational menu to view your EC2 instances.
Click the pcf-ops-manager
instance created in Step 1: Launch an Tanzu Operations Manager AMI.
On the Description tab, record the value for IPv4 Public IP.
Go to your DNS provider and create the following CNAME
and A
records:
*.apps.DOMAIN.com
and *.system.DOMAIN.com
point to the DNS name of the pcf-web-elb
load balancer.ssh.system.DOMAIN.com
points to the DNS name of the pcf-ssh-elb
load balancer.tcp.system.DOMAIN.com
points to the DNS name of the pcf-tcp-elb
load balancer.pcf.DOMAIN.com
points to the public IP address of the pcf-ops-manager
EC2 instance.Where DOMAIN
is a domain name. VMware recommends that you use the same domain name for each record.
Click Assign Security Groups.
Perform the following steps to create a RDS Subnet Group for the two RDS subnets.
Go to the RDS Dashboard.
Click Subnet Groups, then Create DB Subnet Group.
Enter the following values:
pcf-rds-subnet-group
.pcf-vpc
.pcf-rds-subnet-az0
and click Add.Repeat the preceding steps to add pcf-rds-subnet-az1
and pcf-rds-subnet-az2
to the group.
Click Create.
On the Subnet Group page, you might need to refresh the page to view the new group.
Important You must have an empty MySQL database when you install or reinstall Tanzu Operations Manager on AWS.
Go to the RDS Dashboard.
Click Create database to launch the wizard.
Under Engine type, click MySQL.
Under Templates, click Production to create a database for production environments.
Specify the following database details:
pcf-ops-manager-director
.Provisioned IOPS SSD
.In the Connectivity section, enter the following values:
pcf-vpc
.pcf-rds-subnet-group
you created in Step 6: Create RDS Subnet Group.pcf-mysql-security-group
that you created in Configure a Security Group for MySQL in Preparing to Deploy Tanzu Operations Manager on AWS.In the Additional configuration section, enter the following values:
bosh
.Click Create database. Creating the database might take several minutes.
When the instance has launched, do the following: