Setting Up AWS Management Portal for vCenter
When you set up the management portal, you enable users in your organization to access your AWS resources. The process involves creating accounts, setting up trust between the management portal and your authentication provider, and deploying and configuring the connector.
To set up the management portal, complete the following tasks:
Installing and Configuring AWS Management Portal for vCenter
You can choose one of two authentication providers: the AWS Connector for vCenter or an identity provider (IdP) that supports SAML 2.0. The setup process for the management portal differs based on the authentication provider that you choose. The following table describes your options. Follow the directions for the authentication provider that you chose.
You can configure the connector to authenticate users. There are no prerequisites for this option. As part of the setup process, you'll set up a trust relationship between the management portal and the connector.
This option is provided for organizations that aren't using an IdP that supports SAML 2.0.
SAML 2.0 provides an open standard specifically designed for single sign-on (SSO). This enables users who have been authenticated by your IdP to access the management portal. To use this option, you must first set up an IdP for your organization. As part of the setup process, you'll set up a SAML provider and configure a trust relationship between the management portal and AWS.
For more information about the benefits of SAML, see Advantages of SAML.
After you select an authentication provider, complete the setup process. To select a different authentication provider, return to the first page of the setup program and then click Reset Trust Relationship, or expand Reset Trust Relationship on the summary page, click I acknowledge that I want to reset my trust relationships configuration, and then click Reset Trust Relationship.
Configuring Time Synchronization
The connector virtual appliance synchronizes its time with the time of its ESX/ESXi server. The connector requires that the Network Time Protocol (NTP) is configured on the ESXi server where it is deployed.
If the setup program fails to register your credentials, it's possible that this is a
time synchronization issue. To verify, open
debug-file.log and search
for the following string:
ntpdate, -qv, pool.ntp.org. If the offset is
greater than 15 seconds, configure NTP on the ESX/ESXi server and restart the connector.
(Optional) Configuring Network Settings
You can configure various network settings using the connector command line interface (CLI).
To update your network settings using the connector CLI
Locate the connector VM in the vSphere client, right-click it, and select Open Console.
Log in as
ec2-userwith the password
Run the sudo setup.rb command. This command displays the following menu:Copy
Choose one of the following options 1. Reset password 2. Reconfigure network settings 3. Restart services 4. Factory reset 5. Delete unused upgrade-related files 6. Enable/disable SSL certificate validation 7. Display connector's SSL certificate 8. Generate log bundle 9. Exit Please enter your option [1-9]:
2, and then press Enter. The command displays the following menu:Copy
Reconfigure your network: 1. Renew or acquire a DHCP lease 2. Set up a static IP 3. Set up a web proxy for AWS communication 4. Set up a DNS suffix search list 5. Exit Please enter your option [1-5]:
Use these options to complete the following tasks:
Renew your DHCP lease, or re-enable DHCP after setting up a static IP address.
Set up a static IP address for the connector. When prompted, enter the static IP address, netmask, gateway, and DNS servers.
Configure the connector to use a corporate web proxy. When prompted, enter the proxy IP address, port, and an optional user name and password to log in to the proxy. If you need to use authentication for the web proxy, note that the connector supports only password-based authentication.
This option requires that you've set your initial password by logging into the connector using https://ip_address/, where ip_address is the IP address of the connector management console
Configure the DNS suffix search list so that connector can migrate VMs from the ESX host. You do not need to do this if vCenter displays all ESX hosts using fully-qualified domain names or IP addresses.
If the IP address changes or the proxy settings change, re-register the connector as follows:
Using a web browser, open the connector management console.
From the dashboard, click Register the Connector.
Follow the directions to complete the registration wizard.