As the IT professional setting up a proof of concept environment to evaluate vRealize Automation, you want to temporarily configure network-to-Amazon VPC connectivity to support the vRealize Automation Software feature.

Network-to-Amazon VPC connectivity is only required if you want to use the guest agent to customize provisioned machines, or if you want to include Software components in your blueprints. For a production environment, you would configure this connectivity officially through Amazon Web Services, but because you are working in a proof of concept environment, you want to create temporary network-to-Amazon VPC connectivity. You establish the SSH tunnel and then configure an Amazon reservation in vRealize Automation to route through your tunnel.


  • Install and fully configure vRealize Automation. See Install and Configure a vRealize Automation Proof of Concept Deployment for Rainpole.

  • Create an Amazon AWS security group called TunnelGroup and configure it to allow access on port 22.

  • Create or identify a CentOS machine in your Amazon AWS TunnelGroup security group and note the following configurations:

    • Administrative user credentials, for example root.

    • Public IP address.

    • Private IP address.

  • Create or identify a CentOS machine on the same local network as your vRealize Automation installation.

  • Install OpenSSH SSHD Server on both tunnel machines.


  1. Log in to your Amazon AWS tunnel machine as the root user or similar.
  2. Disable iptables.
    # service iptables save
    # service iptables stop
    # chkconfig iptables off
  3. Edit /etc/ssh/sshd_config to enable AllowTCPForwarding and GatewayPorts.
  4. Restart the service.
    /etc/init.d/sshd restart
  5. Log in to the CentOS machine on the same local network as your vRealize Automation installation as the root user.
  6. Invoke the SSH Tunnel from the local network machine to the Amazon AWS tunnel machine.
    ssh -N -v -o "ServerAliveInterval 30" -o "ServerAliveCountMax 40" -o "TCPKeepAlive yes” \
        -R 1442:vRealize_automation_appliance_fqdn:5480 \
        -R 1443:vRealize_automation_appliance_fqdn:443 \
        -R 1444:manager_service_fqdn:443 \
        User of Amazon tunnel machine@Public IP Address of Amazon tunnel machine

    You configured port forwarding to allow your Amazon AWS tunnel machine to access vRealize Automation resources, but your SSH tunnel does not function until you configure an Amazon reservation to route through the tunnel.

What to do next

  1. Install the software bootstrap agent and the guest agent on a Windows or Linux reference machine to create an Amazon Machine Image that your IaaS architects can use to create blueprints. See Preparing for Software Provisioning.

  2. Configure your Amazon reservation in vRealize Automation to route through your SSH tunnel. See Scenario: Create an Amazon Reservation for a Proof of Concept Environment.