This guide describes the requirements and prerequisites for installing VMware Tanzu Operations Manager (Ops Manager) on Amazon Web Services (AWS).
You can install Ops Manager on AWS with either the VMware Tanzu Application Service for VMs (TAS for VMs) or VMware Tanzu Kubernetes Grid Integrated Edition (TKGI) runtime. There are resource requirements specific to each runtime. Ensure you meet the requirements for your runtime and the requirements specific to AWS before installing Ops Manager on AWS.
This section lists the following resource requirements for installing Ops Manager on AWS:
General Ops Manager resource requirements. For more information, see Ops Manager Resource Requirements.
AWS-specific resource requirements. For more information, see AWS Resource Requirements.
This section lists resource requirements for installing Ops Manager on AWS. It includes links to general resource requirements for both the TAS for VMs and TKGI runtimes.
See one of the following topics, depending on the runtime you plan to install using Ops Manager:
The following are AWS-specific resource requirements for installing Ops Manager on AWS with an external database and external file storage:
Installing Ops Manager on AWS requires a minimum of the following VM instance limits in your AWS account. The number of VMs required depends on the number of tiles and availability zones (AZs) you plan to deploy. The following VM guidelines apply to the TAS for VMs, Small Footprint TAS for VMs, and TKGI runtimes:
TAS for VMs: At a minimum, a new AWS deployment requires the following VMs for TAS for VMs:
| AWS Requirements | VM Name | VM Type | Default VM Count | Required or Optional VM |
|---|---|---|---|---|
| TAS for VMs | NATS | t3.micro | 2 | Required |
| File Storage | m5.large | 1 | Optional | |
| MySQL Proxy | t3.micro | 2 | Optional | |
| MySQL Server | r5.large | 3 | Optional | |
| Backup Restore Node | t3.micro | 1 | Optional | |
| Diego BBS | t3.micro | 3 | Required | |
| UAA | m5.large | 2 | Required | |
| Cloud Controller | m5.large | 2 | Required | |
| HAProxy | t3.micro | 0 | Optional | |
| Router | t3.micro | 3 | Required | |
| MySQL Monitor | t3.micro | 1 | Optional | |
| Clock Global | t3.medium | 2 | Required | |
| Cloud Controller Worker | t3.micro | 2 | Required | |
| Diego Brain | t3.small | 3 | Required | |
| Diego Cell | r5.xlarge | 3 | Required | |
| Loggregator Traffic Controller | t3.micro | 2 | Required | |
| Doppler Server | m5.large | 3 | Required | |
| TCP Router | t3.micro | 0 | Optional | |
| CredHub | r5.large | 2 | Optional | |
| Istio Router | r5.large | 0 | Optional | |
| Istio Control | r5.large | 0 | Optional | |
| Route Syncer | r5.large | 0 | Optional | |
| Ops Manager | BOSH Director | m5.large | 1 | Required |
Note: If you are deploying a test or sandbox deployment that does not require high availability, then you can scale down the number of VM instances in your deployment. For more information, see Scaling TAS for VMs.
Small Footprint TAS for VMs: To run Small Footprint TAS for VMs, a new AWS deployment requires:
| AWS Requirements | VM Name | VM Type | Default VM Count | Minimum HA VM Count | Required or Optional VM |
|---|---|---|---|---|---|
| Small Footprint TAS for VMs | Compute | r5.xlarge | 1 | 3 | Required |
| Control | r5.xlarge | 1 | 2 | Required | |
| Database | r5.large | 1 | 3 | Required | |
| Router | t3.micro | 1 | 3 | Required | |
| File Storage | m5.large | 1 | N/A | Optional | |
| Backup Restore Node | t3.micro | 1 | 1 | Optional | |
| MySQL Monitor | t3.micro | 1 | 1 | Optional | |
| HAProxy | t3.micro | 0 | 2 | Optional | |
| TCP Router | t3.micro | 0 | 1 | Optional | |
| Istio Router | r5.large | 0 | 1 | Optional | |
| Istio Control | r5.large | 0 | 2 | Optional | |
| Route Syncer | r5.large | 0 | 1 | Optional | |
| Ops Manager | BOSH Director | m5.large | 1 | N/A | Required |
TKGI: See AWS Prerequisites and Resource Requirements.
The following AWS resources are required for installing Ops Manager on AWS with TAS for VMs:
To install Ops Manager on AWS, you must:
Increase or remove the VM instance limits in your AWS account. Installing Ops Manager requires more than the default 20 concurrent instances. For more information about VM resource requirements, see Requirements, above.
Configure your AWS account with the appropriate AWS region. For more information about selecting the correct region for your deployment, see Region and Availability Zone Concepts in the AWS documentation.
Install the AWS CLI. Configure the AWS CLI with the user credentials that have admin access to your AWS account. To download the AWS CLI, see AWS CLI.
Configure an AWS EC2 key pair to use with your Ops Manager deployment. For more information, see Creating an EC2 Key Pair in the AWS documentation.
Register a wildcard domain for your Ops Manager installation. For more information, see Create an HTTPS listener for your Application Load Balancer in the AWS documentation.
Create an SSL certificate for your Ops Manager domain. For more information, see the AWS documentation about SSL certificates.
Note: To deploy Ops Manager to a production environment, you must obtain a certificate from a certificate authority. VMware recommends using a self-signed certificate generated by Ops Manager for development and testing purposes only.
(TAS for VMs only) Configure sufficient IP allocation. For more information about IP allocation requirements, see TAS for VMs Resource Requirements above.
(Optional) (TAS for VMs only) Configure external storage. VMware recommends using external storage if possible. For more information about how file storage location affects platform performance and stability during upgrades, see Configure File Storage in Configuring TAS for VMs for Upgrades.
(Optional) (TAS for VMs and Ops Manager only) Configure external databases. VMware recommends using external databases in production deployments for BOSH Director and TAS for VMs. An external database must be configured to use the UTC timezone.
(Optional) (TAS for VMs and Ops Manager only) Configure external user stores. When you deploy Ops Manager, you can select a SAML user store for Ops Manager or a SAML or LDAP user store for TAS for VMs, to integrate existing user accounts.
To install Ops Manager on AWS, see Installing Ops Manager on AWS.
The following are additional resources related to installing Ops Manager on AWS:
For information about AWS identity and access management, see What is IAM? in the AWS documentation.
For information about users, groups, and roles in AWS, see Identities (Users, Groups, and Roles) in the AWS documentation.
For best practices for managing IaaS users and permissions, see Temporary Security Credentials in the AWS documentation.
For recommendations on how to create and scope AWS accounts for Ops Manager, see AWS Permissions Guidelines.
