AWS News Blog

Setup Enhancements for AWS Management Portal for vCenter

My colleague Derek Lyon sent along a great guest post to introduce some important enhancements to the AWS Management Portal for vCenter.

Jeff;


We have recently added a number of new features to the AWS Management Portal for vCenter. These enhancements make it significantly easier for VMware professionals to setup the portal and start managing their AWS resources using their vSphere Client.

New Federation Proxy Option
We recently added a new setup option that significant reduces the complexity of setting-up the portal. You now have the option to use the portal without having to setup SAML integration yourself. To do this, you can use the AWS Connector as an authentication proxy. This provides an easy way to offer end-users federated access to your AWS resources via the portal. With the proxy option, your end-users will access the portal using the same credentials they use to login to vCenter, with support for both system domain users and directory users.

Previously, the portal only supported SAML-based authentication. This required you to setup Active Directory Federation Services (ADFS) or an equivalent SAML-based identity provider (IdP) for federating identity into AWS. The new SAML-based authentication provides a powerful tool for customers who want to manage their own single-sign on (SSO) infrastructure. However, it can also be challenging to set up if you are not familiar with these technologies, or if you do not already have a compatible Identity Provider (IdP) configured.

Now you have an alternative option. You can choose to have the AWS Connector act as an identity federation proxy. When you use this option, you eliminate the complexity that comes with configuring the single sign-on infrastructure yourself. This is significantly simpler to set up and will provide the best experience for customers who do not wish to manage their own IdP.

To set up the portal using the new federation proxy option, begin by visiting the AWS Management Portal for vCenters Setup Page.

After you click on Get started now you will be asked to pick the authentication provider that you would like to use. To use the new option, select AWS Connector as the authentication provider.

Next, you will need to provide the name of an IAM user that the AWS Connector will be able to use to access your account. You will be asked to authorize the AWS Management Portal for vCenter to create a trust role and service role, which it will use to authenticate users and to grant permission for users to take actions in your account when they use the portal. Because you have selected to use the federation proxy setup, AWS will handle the complexity of setting up the underlying trust relationships for you, as opposed to the SAML-based setup process where you need to configure these yourself. For more information on this portion of the setup process, please see the portals User Guide.

Next, you will add a set of users to act as Administrators for the AWS resources that you are managing through the portal. You will also create a key that will be used to pair your AWS Connector with your account. To complete the setup process, you will also need to deploy and configure the AWS Connector. You can learn more about that process from the User Guide.

Reset Configuration
We have also added a new option within the setup process to reset the portals configuration. If you have previously set up the portal using SAML and would like to switch to using the new federation proxy option, or if you would like to start the setup process over again from a clean slate, you can use this tool to reset your configuration. When you reset the configuration, will need to redo the setup process in order to use the portal again.

Manage Existing Instances
We have also recently added support for managing your existing Amazon Elastic Compute Cloud (EC2) instances using the AWS Management Portal for vCenter. If you are already using AWS and are looking to add the ability to manage your instances through the portal, this makes it easy to keep track of all of your instances, whether or not you created them through the portal.

Existing EC2 instances now show-up under your Default Environment in the portals dashboard. As with other instances, you can perform basic administrative tasks on you existing instances, including starting/stopping them, terminating them, or viewing monitoring information.

You can also manage permissions for the Default Environment, just like you do today for other environments. Simply click on the environment and navigate to the Permissions tab to manage which users have access to your existing instances.

Getting Started
If youre looking to get started with the AWS Management Portal for vCenter and want to take advantage of the new setup features, you can learn more in the User Guide.

— Derek Lyon, Principal Product Manager