Deployment Guide for CloudBolt on AWS
Using CloudBolt to leverage resources in AWS provides a way to take advantage of the value of cloud-native resources that scale on demand as part of a comprehensive enterprise-wide strategy of self-service IT resources.
Follow this guide for more information about how to implement your strategy.
Customers use CloudBolt as an enterprise hybrid cloud platform that helps IT administrators deploy and manage simple to very complex IT resources that can be offered in a self-service portal for end users to consume easily. These resources can come from any public, private, or on-premises environment. For more information, see Resource Handlers.
CloudBolt works particularly well with AWS to make it easier for end users to utilize the richness of AWS services that have been curated specifically by the AWS experts within their organization. End users do not have to understand the backend complexity while getting the resources they need.
For more information about CloudBolt features and use cases for typical customers, see Features Overview.
For the complete CloudBolt product documentation, see Documentation.
Independent Software Vendors (ISVs) can provide an Amazon Machine Image (AMI) on the AWS Marketplace. The AMI can be used to create an Amazon EC2 instance for potential customers to try out a solution with a bring-your-own-license (BYOL) from CloudBolt. AWS also provides a way for ISVs to bill customers through AWS for other subscription-based licensing that the ISV offers. To get started with a CloudBolt AMI, visit CloudBolt on AWS.
NOTE: At this time, CloudBolt offers only the BYOL option on AWS. If a customer wants to run CloudBolt on AWS, they can begin with the free, BYOL option and then convert it to a paid license by contacting firstname.lastname@example.org.
CloudBolt and AWS Deployment
A CloudBolt virtual appliance can be run as an EC2 Instance on AWS or from any node on the network as an admin server. For example, CloudBolt can be installed as a virtual appliance on VMware or from any public or private cloud instance where you want to run and manage the administrative component of CloudBolt.
Once you have administrator access to CloudBolt running, you can configure one or more AWS Resource Handlers to manage specific AWS EC2 Instances and AWS services from a subscribed account where you have the proper AWS credentials.
The main components of the deployment architecture are listed here and shown in the CloudBolt and AWS Deployment Architecture diagram that follows this section:
- CloudBolt Admin EC2 Instance
- CloudBolt Web Client
- Managed EC2 Instances
- Managed AWS Services
- 3rd Party Orchestration/Integration
A CloudBolt administrator configures a Self-Service IT Portal as a CloudBolt Web Client to the CloudBolt Admin EC2 Instance that can be deployed from a CloudBolt AMI in the AWS Marketplace. CloudBolt Users who are configured and managed by the CloudBolt administrator can deploy Managed EC2 Instances and Managed AWS resources. CloudBolt can be configured to use 3rd Party Orchestration/Integration as appropriate.
Prerequisites and Recommendations
Before deploying CloudBolt with managed AWS resources, it is strongly recommended that you have a basic understanding of AWS and secure access for running EC2 Instances and AWS services.
For more information, see:
New to AWS? See AWS Getting Started Resource Center
CloudBolt connects to AWS subscription accounts using permissions based on AWS IAM users and Security Group authentication credentials to create, modify, or delete resources in AWS and connect to the AWS API. For more information, see Controlling Access with AWS Identity and Access Management.
CloudBolt provides secure, role-based access control (RBAC) user authentication to CloudBolt resources that can be further restricted to a “view only” role that is configured via the CloudBolt Admin page as a user with administrative privileges in CloudBolt. For more information about CloudBolt users, see the CloudBolt Documentation Users and Permissions.
During EC2 instance creation, you must specify an EC2 KeyPair name to authorize SSH access to the instances you plan to deploy and manage. If you do not already have a key pair, see Amazon EC2 Key Pair to create a new key pair.
Allowing access to the root user account in AWS is not recommended. Instead, consider using the features of AWS Identity and Access Management to make sure that you implement a “least privilege” approach to individuals in your organization who will be administering CloudBolt.
AWS provides a comprehensive, best-practice approach to security policies with specific guidance for storing and handling secrets, creating and rotating security keys and access, using roles to delegate permissions, and granting a “least privilege” approach to security management. For more information, see AWS Documentation IAM Best Practices.
For a more general overview of AWS security policies, see AWS Documentation Manage Permissions.
CloudBolt provides bidirectional tagging for AWS resources. For example, you can track AWS resource usage based on a cost center specified by a tag on AWS or you can create the cost center tag on CloudBolt and associate it with AWS resources. For more information about AWS tagging using CloudBolt, see Tags. For more information about tagging strategies on AWS, see AWS Tagging Strategies.
Costs and Licensing
A typical CloudBolt and AWS customer will have the monthly subscription fee from AWS for hundreds and thousands of IT resources and then add to that the licensing fee for CloudBolt.
A single CloudBolt EC2 instance running on AWS can easily manage up to 50,000 virtual servers. The cost for CloudBolt licensing is based on the number of managed virtual servers. Yearly subscriptions typically include 500 to 50,000 managed virtual servers.
NOTE: The subscription cost for running the specific, single CloudBolt Admin EC2 Instance on AWS is almost negligible compared to the overall cost of the enterprise deployment of AWS resources using CloudBolt.
For more information about CloudBolt pricing, contact email@example.com.
Backup and Recovery
AWS provides a convenient way to backup and restore EC2 instances using Amazon Elastic Block Storage (Amazon EBS) and can be leveraged for the AWS CloudBolt Admin EC2 Instance described in this deployment guide.
While configuring, managing, or running a CloudBolt Admin EC2 Instance, some aspects of its running state can become undesirable and cause a disruption in the way CloudBolt is functioning. For example, a change could be introduced to the file structure or an upgrade process of the CloudBolt software and other elements can cause an issue that cannot be addressed easily. It would be preferred to go back to a previous state of the desired configuration before the disruption occurred.
Amazon EBS can be used to take snapshots of the CloudBolt Admin EC2 Instance prior to introducing a significant change to the configuration. If a change does not go well, you can revert back to the snapshot instead of engaging in a troubleshooting scenario that is hard to manage.
Amazon EBS also provides a way to automate backups using its Automating the Amazon EBS Snapshot Lifecycle feature.
CloudBolt includes troubleshooting information during every step of configuring and managing any element of CloudBolt including comprehensive logging, warning confirmations, tooltips, and error messages with recommendations. For information about the system health of CloudBolt, log on as administrator and navigate to Admin > Support Tools > System Status. For more information about CloudBolt troubleshooting, see Troubleshooting Tips.
Follow the Launch CloudBolt from AWS Marketplace instructions in the next section to launch a CloudBolt instance from the AWS Marketplace and to begin a Free Trial using the BYOL option.
Launch CloudBolt from AWS Marketplace
Click TRY NOW! from www.cloudbolt.io
Scroll down to Step 2 and click AWS Marketplace
Starting the CloudBolt Instance
- On the CloudBolt Marketplace page, click Continue to Subscribe
- If you are not already logged in to AWS with your existing AWS account, you will have to register a new account with AWS or log in to an existing account.
- Next click Continue to Configuration
- You can then configure or accept the following default settings:
- Click Continue to Launch
- Accept the defaults on the “Launch this software” page. You might have to configure a key pair if you haven’t already.
If you have, you can use an existing key pair.
- Click Launch from the lower right corner.
- You should get confirmation that your EC2 instance has started
- Click the EC2 Console link in the confirmation dialogue and you should see your new instance running:
- Use the public IP address provided in this row and type in your web browser:
- Now you should have the license dialogue where you can either paste your BYOL license or upload the file.
- Enter the username and password: admin/admin and you will be guided to start using CloudBolt.
- If you do not have a license, click the license request page if you don’t have one already.
- You will then be guided to start using your Free Trial of CloudBolt. Contact firstname.lastname@example.org with any questions you have.
NOTE: AWS gives new users enough free credits to get started using CloudBolt and many other resources in their Free Tiers.
NOTE: You can view the CloudBolt documentation from the “Usage Instructions” that goes to the main documentation.
Upgrading CloudBolt on AWS
Keeping current with the latest enhancements and new features in CloudBolt is extremely easy. Find out what versions are available and how to perform an upgrade by logging on to CloudBolt as an administrator and navigating to Admin > Maintenance > Version & Upgrade Info. Once you download the upgrader file, you can run the upgrade script from an SSH client to the CloudBolt EC2 instance. For more information, see Connecting to Your Linux Instance Using SSH.
For more information about CloudBolt upgrades, see Upgrading CloudBolt.