AWS Management Portal for VMware vCenter
Amazon Web Services (AWS) have announced a Management Portal plugin for VMware’s vCenter. The plugin allows public cloud EC2 instances to be managed alongside of private VMware instances using the same administration console. The aim of the plugin is to make it simple for VMware customers to build hybrid clouds that span from their private environments to Amazon’s public services.
Use of the AWS plugin to create hybrid clouds will compete against VMware’s own vCloud Hybrid Service (vCHS), which it launched in August 2013. So far vCHS has only been available with a reserved instance pricing model where customers must pay in advance for the capacity they will use. In a recent vCHS team Reddit AMA on demand pricing was the most popular topic, and a pay as you go offering has been promised for the second half of 2014.
VMware has had its own hybrid cloud orchestration, that includes interoperability with Amazon services, since its acquisition of DynamicOps in 2012. That platform has been rebranded as vCloud Automation Center (vCAC), and works across multiple types of virtual infrastructure, private clouds and public clouds. In a pointed blog post ‘Don’t Be Fooled By Import Tools Disguised as Hybrid Cloud Management’ VMware’s Americas CTO Chris Wolf makes the point that customers can get more abstraction from a suite like vCAC than they can from the AWS plugin in vCenter. The product stratification between vCenter and vCAC does however represent differing levels of sophistication within VMware’s customer base, and Amazon have chosen to attack at the low end.
Image import is one part of the plugin’s capability, and sits on top of Amazon’s existing VM import capability that supports VMware and other popular virtual infrastructure file types. The vCenter integration will make import of enterprise tailored operating systems images into AWS a point and click operation. Basic instance life cycle management - start, stop, reboot are taken care of.
The plugin only works with instances within Amazon’s Virtual Private Cloud (VPC), leaving EC2 classic unsupported. This follows the recent doctrine of VPC by default, and use of VPC by enterprises is a reasonable expectation as that’s how Amazon provide connectivity by IPsec or Direct Connect. Configuration of VPCs, their subnets and associated security groups is facilitated by the plugin. The plugin doesn’t provide configuration of IPsec connections (or Direct Connect), which implies some out of band activity if instances deployed to EC2 need connectivity to VMs or other services in the enterprise.
Role based access control is also provided by the plugin, allowing administrative control over who can do what with AWS from within vCenter. The plugin is presently limited to a single identity provider (directory) at the enterprise end, and a single AWS account. Identities must be created in the enterprise directory and AWS Identity and Access Management (IAM) as part of the installation process for the plugin. SSH keypairs can also be managed in the plugin, though the relationship between keypairs in AWS metadata, and imported images that might use them isn’t explained in the plugin documentation (and is only partially covered in the VM import documentation).
Amazon are providing the plugin itself free of charge, with usage of AWS billed at the usual rates. The plugin doesn’t provide any of the billing management or forecasting features that might be seen in some of the more sophisticated cloud orchestration tools on the market.
Tom Gilb & Kai Gilb Jan 26, 2015