Setting Up AWS Management Portal for vCenter
When you set up the management portal, you enable users in your organization to access your AWS resources. The process involves creating accounts, setting up trust between the management portal and your authentication provider, and deploying and configuring the connector.
To set up the management portal, complete the following tasks:
You can choose one of two authentication providers: the AWS Connector for vCenter or an identity provider (IdP) that supports SAML 2.0. The setup process for the management portal differs based on the authentication provider that you choose. The following table describes your options. Follow the directions for the authentication provider that you chose.
|Federation authentication proxy||You can configure the connector to authenticate users. There are no prerequisites for this option. As part of the setup process, you’ll set up a trust relationship between the management portal and the connector.
This option is provided for organizations that aren’t using an IdP that supports SAML 2.0.
|SAML-based authentication||SAML 2.0 provides an open standard specifically designed for single sign-on (SSO). This enables users who have been authenticated by your IdP to access the management portal. To use this option, you must first set up an IdP for your organization. As part of the setup process, you’ll set up a SAML provider and configure a trust relationship between the management portal and AWS.|
After you select an authentication provider, complete the setup process. To select a different authentication provider, return to the first page of the setup program and then click Reset Trust Relationship, or expand Reset Trust Relationship on the summary page, click I acknowledge that I want to reset my trust relationships configuration, and then click Reset Trust Relationship.
By default, the connector is configured to synchronize its clock with the ESX/ESXi server that it is deployed on. The connector requires that this server is configured to synchronize its clock using the Network Time Protocol (NTP).
If the setup program fails to register your credentials, it’s possible that this is a time synchronization issue. To verify, open
debug-file.log and search for the following string:
ntpdate, -qv, pool.ntp.org. If the offset is greater than 15 seconds, configure NTP on the ESX/ESXi server and restart the connector.
You can configure various network settings using the connector command line interface (CLI).
To update your network settings using the connector CLI
- Locate the connector VM in the vSphere client, right-click it, and select Open Console.
- Log in as
ec2-userwith the password
- Run the following command:
The command displays the following menu:
Choose one of the following options 1. Reset password 2. Reconfigure network settings 3. Restart services 4. Factory reset 5. Delete unused upgrade-related files 6. Enable/disable SSL certificate validation 7. Display connector's SSL certificate 8. Generate log bundle 9. Exit Please enter your option [1-9]:
2, and then press Enter. The command displays the following menu:
Reconfigure your network: 1. Renew or acquire a DHCP lease 2. Set up a static IP 3. Set up a web proxy for AWS communication 4. Set up a DNS suffix search list 5. Exit Please enter your option [1-5]:
Use these options to complete the following tasks:
- Renew your DHCP lease, or re-enable DHCP after setting up a static IP address.
- Set up a static IP address for the connector. When prompted, enter the static IP address, netmask, gateway, and DNS servers.
- Configure the connector to use a corporate web proxy. When prompted, enter the proxy IP address, port, and an optional user name and password to log in to the proxy. If you need to use authentication for the web proxy, note that the connector supports only password-based authentication.
This option requires that you’ve set your initial password by logging into the connector using https://ip_address/, where ip_address is the IP address of the connector management console
- Configure the DNS suffix search list so that connector can migrate VMs from the ESX host. You do not need to do this if vCenter displays all ESX hosts using fully-qualified domain names or IP addresses.