You can deploy VMware Tanzu Operations Manager on Amazon Web Services (AWS).

Before you deploy Tanzu Operations Manager, see the preparation steps in Preparing to Deploy Tanzu Operations Manager on AWS.

After you complete this procedure, follow the instructions in Configuring BOSH Director on AWS.

Step 1: Launch an Tanzu Operations Manager AMI

To launch an Amazon Machine Image (AMI) for Tanzu Operations Manager:

  1. Go to the Tanzu Operations Manager section of VMware Tanzu Network.

  2. Click the version of Tanzu Operations Manager you want to install from the Releases drop-down menu.

  3. In the Release Download Files, click the file named Tanzu Operations Manager for AWS to download a PDF.

  4. Open the PDF and identify the AMI ID for your region.

  5. Return to the EC2 Dashboard.

  6. Click AMIs from the Images menu.

  7. Using the Owned by me drop-down filter, click Public images .

  8. Paste the AMI ID for your region into the search bar and press enter.

    There is a different AMI for each region. If you cannot locate the AMI for your region, verify that you have set your AWS Management Console to your desired region. Additionally, AWS automatically deprecates public AMIs 2 years after they are published, including the AMIs for Tanzu Operations Manager and stemcells. These Tanzu Operations Manager AMIs do not appear in AMI searches, but can still be launched using the aws CLI or Platform Automation. Deploying a deprecated light stemcell using AWS CPI v100 or below will result in an error.

  9. (Optional) If you want to encrypt the VM that runs Tanzu Operations Manager with AWS Key Management Service (KMS), perform the following additional steps:

    1. Right-click the row that lists your AMI and click Copy AMI.
    2. Click your Destination region.
    3. Click Encryption. For more information about AMI encryption, see Encryption and AMI Copy from the Copying an AMI topic in the AWS documentation.
    4. Click your Master Key. To create a new custom key, see Creating Keys in the AWS documentation.
    5. Click Copy AMI. You can use the new AMI you copied for the following steps.
  10. Click the row that lists your Tanzu Operations Manager AMI and click Launch instance from AMI.

  11. On the Launch an instance page, for Name, enter a name for the Tanzu Operations Manager VM. For example, enter pcf-ops-manager.

  12. Click m5.large for your instance type.

  13. Click the pcf-ops-manager-key key pair, and confirm that you have access to the private key file. You use this key pair to access the Tanzu Operations Manager VM.

  14. In the Network settings section, click Edit and configure the following for your instance:

    • Network: Click the VPC that you created.
    • Subnet: Click pcf-public-subnet-az0 to allow traffic from public IP addresses, or pcf-management-subnet-az0 to allow traffic only from private IP addresses.
    • Auto-assign for Public IP: Click Enable to allow traffic from public IP addresses, or Disable to allow traffic only from private IP addresses.
    • Firewall (security groups): Click Select an existing security group and click the pcf-ops-manager-security-group that you created in Configure a Security Group for Tanzu Operations Manager in Preparing to Deploy Tanzu Operations Manager on AWS.
    • For all other fields, accept the default values.
  15. In the Configure storage section, adjust the Size (GiB) value. The default persistent disk value is 8 GB. VMware recommends increasing this value to a minimum of 100 GB.

  16. (Optional) If you are using IAM roles, perform the following additional steps:

    1. Click Advanced details to expand the section.
    2. Click the IAM role associated with the role created in Create an IAM Role or User for Tanzu Operations Manager in Preparing to Deploy Tanzu Operations Manager.
    3. For all other fields, accept the default values.
  17. In the Summary section, ensure that the number of instances is 1.

  18. Click Launch instance.

  19. Click View all instances to access the Instances page on the EC2 Dashboard.

Step 2: Create web load balancer

  1. On the EC2 Dashboard, click Load Balancers.

  2. Click Create Load Balancer.

  3. Under Application Load Balancer, click Create.

  4. For Step 1: Configure Load Balancer:

    1. Under Basic Configuration:
      • For Name, enter pcf-web-elb.
      • For Scheme, click internet-facing to allow traffic from public IP addresses, or internal to allow traffic only from private IP addresses.
      • For IP address type, click the type of IP addresses that you want to allow.
    2. Under Listeners, click Add listener. For Load Balancer Protocol, click HTTPS.
    3. Under Availability Zones, click your VPC.
    4. Check all availability zones. For each availability zone, click pcf-public-subnet-az0 to allow traffic from public IP addresses, or pcf-management-subnet-az0 to allow traffic only from private IP addresses.
    5. Click Next: Configure Security Settings.
  5. For Step 2: Configure Security Settings, do the following:

    1. Under Select default certificate, do one of the following:

      • If you already have a certificate from AWS Certificate Manager (ACM), click Choose a certificate from ACM.
      • If you do not have a certificate from ACM, click Upload a certificate to ACM. For more information, see Importing Certificates into AWS Certificate Manager in the AWS documentation.

      For a production or production-like environment, use a certificate from a Certificate Authority (CA). This can be an internal certificate or a purchased certificate. For a sandbox environment, you can use a self-signed certificate, leaving the Certificate chain entry blank.

    2. Click Next: Configure Security Groups.

  6. For Step 3: Configure Security Groups, do the following:

    1. Under Assign a security group, click Select an existing security group.
    2. From the list of security groups, click the pcf-web-elb-security-group security group that you configured in Configure a Security Group for the Web ELB in Preparing to Deploy Tanzu Operations Manager on AWS.
    3. Click Next: Configure Routing.
  7. For Step 4: Configure Routing, do the following:

    1. Under Target Group, enter the following values:

      • Name: Enter pcf-web-elb-target-group.
      • Target type: Click Instance.
      • Protocol: Click HTTP.
      • Port: Enter 80.
    2. Under Health checks, enter the following values:

      • Protocol: Click HTTP.
      • Path: Enter /health.
    3. Under Advanced health check settings, enter the following values:

      • Port: Click override and enter 8080.
      • Healthy threshold: Enter 6.
      • Unhealthy threshold: Enter 3.
      • Timeout: Enter 3.
      • Interval: Enter 5.
      • Success codes: Enter 200.
    4. Click Next: Register Targets.

  8. For Step 5: Register Targets, accept the default values and click Next: Review.

  9. For Step 6: Review, review the load balancer details and then click Create. A message appears to confirm that AWS has successfully created the load balancer.

Step 3: Create SSH load balancer

  1. From the Load Balancers page, click Create Load Balancer.

  2. Click Network Load Balancer.

  3. For Step 1: Configure Load Balancer, do the following:

    1. Under Basic Configuration, do the following:

      • For Name, enter pcf-ssh-elb.
      • For Scheme, click internet-facing to allow traffic from public IP addresses, or internal to allow traffic only from private IP addresses.
      • For IP address type, click the type of IP addresses that you want to allow.
    2. Under Listeners, edit the existing listener. For Load Balancer Protocol, click TCP, for Load Balancer Port, enter 2222.

    3. Under Availability Zones, click your VPC.
    4. Check all availability zones. For each availability zone, click pcf-public-subnet-az0 to allow traffic from public IP addresses, or pcf-management-subnet-az0 to allow traffic only from private IP addresses.
    5. Click Next: Configure Security Settings.
  4. On the Configure Security Settings page, ignore the Improve your load balancer’s security error message and click Next: Configure Routing.

  5. For Step 3: Configure Routing, do the following:

    1. Under Target Group, enter the following values:

      • Name: Enter pcf-ssh-elb-target-group.
      • Target type: Click Instance.
      • Protocol: Click TCP.
      • Port: Enter 2222.
    2. Under Health checks, enter the following values:

      • Protocol: Click TCP.
    3. Under Advanced health check settings, enter the following values:

      • Port: Click traffic port.
      • Healthy threshold: Enter 6.
      • Interval: Click 10 seconds.
    4. Click Next: Register Targets.

  6. For Step 4: Register Targets, accept the default values and click Next: Review.

  7. For Step 5: Review, review the load balancer details and then click Create. A message appears to confirm that AWS has successfully created the load balancer.

Step 4: Create TCP load balancer

  1. On the Load Balancers page, click Create Load Balancer.

  2. Click Classic Load Balancer.

  3. Define the load balancer with the following information:

    • Load Balancer name: Enter pcf-tcp-elb.
    • Create LB Inside: Click the pcf-vpc VPC that you created in Create a VPC in Preparing to Deploy Tanzu Operations Manager on AWS.
    • If you want to allow traffic from public IP addresses, ensure that the Create an internal load balancer check box is not selected. If you want to allow traffic only from private IP addresses, you must click this check box.
  4. Under Listener Configuration, add the following rules:

    Load balancer protocol Load balancer port Instance protocol Instance port
    TCP 1024 TCP 1024
    TCP 1025 TCP 1025
    TCP 1026 TCP 1026
    ... ... ... ...
    TCP 1123 TCP 1123

    The ... entry indicates that you must add listening rules for each port between 1026 and 1123.

  5. Under Select Subnets, click either the public or private subnets you configured in Create a VPC in Preparing to Deploy Tanzu Operations Manager on AWS, and click Next: Assign Security Groups.

  6. On the Assign Security Groups page, click the security group pcf-tcp-elb-security-group you configured in Configure a Security Group for the TCP ELB in Preparing to Deploy Tanzu Operations Manager on AWS, and click Next: Configure Security Settings.

  7. On the Configure Security Settings page, ignore the Improve your load balancer’s security error message and click Next: Configure Health Check.

  8. On the Configure Health Check page, enter the following values:

    • Ping Protocol: Click TCP.
    • Ping Port: Set to 80.
    • Response Timeout: Set to 3 seconds.
    • Interval: Set to 5 seconds.
    • Unhealthy threshold: Set to 3.
    • Health threshold: Set to 6.
  9. Click Next: Add EC2 Instances.

  10. Accept the defaults on the Add EC2 Instances page and click Next: Add Tags.

  11. Accept the defaults on the Add Tags page and click Review and Create.

  12. Review and confirm the load balancer details, and click Create.

Step 5: Configure DNS records

  1. Perform the following steps for all three of the load balancers you created in previous steps, named pcf-web-elb, pcf-ssh-elb, and pcf-tcp-elb:

    1. From the Load Balancers page, click the load balancer.
    2. On the Description tab, locate the Basic Configuration section and record the DNS name of the load balancer.
  2. Click Instances on the navigational menu to view your EC2 instances.

  3. Click the pcf-ops-manager instance created in Step 1: Launch an Tanzu Operations Manager AMI.

  4. On the Description tab, record the value for IPv4 Public IP.

  5. Go to your DNS provider and create the following CNAME and A records:

    • CNAME: *.apps.DOMAIN.com and *.system.DOMAIN.com points to the DNS name of the pcf-web-elb load balancer.
    • CNAME: ssh.system.DOMAIN.com points to the DNS name of the pcf-ssh-elb load balancer.
    • CNAME: tcp.system.DOMAIN.com points to the DNS name of the pcf-tcp-elb load balancer.
    • A: pcf.DOMAIN.com points to the public IP address of the pcf-ops-manager EC2 instance.

    Where DOMAIN is a domain name. VMware recommends that you use the same domain name for each record.

  6. Click Assign Security Groups.

Step 6: Create RDS subnet group

  1. Go to the RDS Dashboard.

  2. Perform the following steps to create a RDS Subnet Group for the two RDS subnets:

    1. Click Subnet Groups>Create DB Subnet Group.
    2. Enter the following values:

      • Name: Enter pcf-rds-subnet-group.
      • Description: Enter a description to identify this subnet group.
      • VPC ID: Click pcf-vpc.
      • Availability Zone and Subnet ID: Choose the AZ and subnet for pcf-rds-subnet-az0 and click Add.
    3. Repeat the preceding steps to add pcf-rds-subnet-az1 and pcf-rds-subnet-az2 to the group.

    4. Click Create. On the Subnet Group page, you might need to refresh the page to view the new group.

Step 7: Create a MySQL database using AWS RDS

Important You must have an empty MySQL database when you install or reinstall Tanzu Operations Manager on AWS.

  1. Go to the RDS Dashboard.

  2. Click Create database to launch the wizard.

  3. Under Engine type, click MySQL.

  4. Under Templates, click Production to create a database for production environments.

  5. Specify the following database details:

    • Multi-AZ deployment: Click Multi-AZ DB instance.
    • DB cluster identifier: Enter pcf-ops-manager-director.
    • Enter a secure Master username and Master password. Record the username and password. You need these credentials later when configuring the Director Config page in the BOSH Director tile.
    • DB instance class: Click db.m5.large - 2 vCPUs, 8 GiB RAM.
    • Storage type: Click Provisioned IOPS SSD (io1).
    • Allocated storage: Enter 100 GiB.
  6. In the Connectivity section, enter the following values:

    • Virtual private cloud (VPC): Click pcf-vpc.
    • DB subnet group: Click the pcf-rds-subnet-group you created in Step 6: Create RDS Subnet Group.
    • Public access: Click No.
    • VPC security group (firewall): Click the pcf-mysql-security-group that you created in Configure a Security Group for MySQL in Preparing to Deploy Tanzu Operations Manager on AWS.
    • Accept the default values for the remaining fields.
  7. In the Additional configuration section, enter the following values:

    • Initial database name: Enter bosh.
    • Accept the default values for the remaining fields.
  8. Click Create database. Creating the database might take several minutes.

Next steps

When the instance has run, do the following:

check-circle-line exclamation-circle-line close-line
Scroll to top icon