Setup Enhancements for #AWS Management Portal for #vCenter

My colleague
Derek Lyon
sent along a great guest post to introduce some important enhancements to
the Management Portal for .

Jeff;


We have recently added a number of new features to the
AWS Management Portal for vCenter. These enhancements make it significantly easier for VMware
professionals to setup the portal and start managing their AWS
resources using their vSphere Client.

New Federation Proxy Option
We recently added a new setup option that significant reduces the
complexity of setting-up the portal. You now have the option to use
the portal without having to setup SAML integration yourself. To do
this, you can use the AWS Connector as an authentication proxy. This
provides an easy way to offer end-users federated access to your AWS
resources via the portal. With the proxy option, your end-users will
access the portal using the same credentials they use to login to
vCenter, with support for both system domain users and directory
users.

Previously, the portal only supported SAML-based authentication.
This required you to setup Active Directory Federation Services
(ADFS) or an equivalent SAML-based identity provider (IdP) for
federating identity into AWS. The new SAML-based authentication
provides a powerful tool for
customers who want to manage their own single-sign on
(SSO) infrastructure. However, it can also be challenging to set up if you are
not familiar with these technologies, or if you do not already have
a compatible Identity Provider (IdP) configured.

Now you have an alternative option. You can choose to have the
AWS Connector act as an identity federation proxy. When you use
this option, you eliminate the complexity that comes with configuring the single
sign-on infrastructure yourself. This is significantly simpler to
set up and will provide the best experience for customers who do not
wish to manage their own IdP.

To set up the portal using the new federation proxy option, begin by
visiting the AWS Management Portal for vCenter’s
Setup Page.

After you click on Get started now you will be
asked to pick the authentication provider that you would like to
use. To use the new option, select
AWS Connector as the authentication provider.

Next, you will need to provide the name of an IAM user that the AWS
Connector will be able to use to access your account. You will
be asked to authorize the AWS Management Portal for vCenter to
create a trust role and service role, which it will use to
authenticate users and to grant permission for users to take actions
in your account when they use the portal. Because you have selected
to use the federation proxy setup, AWS will handle the complexity of
setting up the underlying trust relationships for you, as opposed to
the SAML-based setup process where you need to configure these
yourself. For more information on this portion of the setup
process, please see the portal’s
User Guide.

Next, you will add a set of users to act as Administrators for the AWS
resources that you are managing through the portal. You will also
create a key that will be used to pair your AWS Connector with your
account. To complete the setup process, you will also need to deploy
and configure the AWS Connector. You can learn more about that
process from the
User Guide.

Reset Configuration
We have also added a new option within the setup process to reset the
portal’s configuration. If you have previously set up the portal using
SAML and would like to switch to using the new federation proxy
option, or if you would like to start the setup process over again
from a clean slate, you can use this tool to reset your configuration.
When you reset the configuration, will need to redo the setup process
in order to use the portal again.

Manage Existing Instances
We have also recently added support for managing your existing Amazon Elastic Compute Cloud (EC2)
instances using the AWS Management Portal for vCenter. If you are
already using AWS and are looking to add the ability to manage your
instances through the portal, this makes it easy to keep track of all
of your instances, whether or not you created them through the portal.

Existing EC2 instances now show-up under your
Default Environment
in the portal’s dashboard. As with other instances, you can perform
basic administrative tasks on you existing instances, including
starting/stopping them, terminating them, or viewing monitoring
information.

You can also manage permissions for the Default Environment, just
like you do today for other environments. Simply click on the
environment and navigate to the Permissions tab to manage which
users have access to your existing instances.

Getting Started

If you’re looking to get started with the AWS Management Portal for
vCenter and want to take advantage of the new setup features, you can
learn more in the
User Guide.

— Derek Lyon, Principal Product Manager

Related posts