Create a Deployment Environment
To create a new deployment environment, click the New Environment button in the upper right of the Environments page. This displays the Add Deployment Environment form which contains three tabs for setting the following parameters:
General Settings: Name, Description, Tags, Enable ServiceNow integration, Require approval to deploy, Available cloud region-account combinations.
Cloud Settings: For each region-account combination: Available instance types, Available deployment resources including per NIC network resources where applicable, Optional resource allocation and resource validation scripts, Optional alternate SSH key behavior for CloudCenter Suite to application VM communication.
Policy Settings: Allowed aging, suspension and security policies, Require a suspension policy, Allow terminate/suspend protection.
Follow the steps for each tab described below.
General Settings Tab
To configure details in the General Settings tab, follow this procedure.
Provide the deployment environment Name
(Optional) Provide a Description.
(Optional) Configure a tag association for this deployment. See System Tags for additional details.
Google Cloud Nuance
Google Cloud does not support the attachment of tags to VMs. Although the Workload Manager UI will allow tags to be specified and shows success, tags are not added.
(Optional) Specify a ServiceNow extension from the dropdown menu. See Extensions for additional details
(Optional) Toggle the Approval required to deploy to this environment switch.
ON: Approval of an authorized user is required for the deployment of any application to this deployment environment.
If you want tenant users or user groups to request approval before deploying the environment.
If an environment requires approval, users and groups with this right can approve or deny deployments. If a job is submitted but pending approval, it displays Pending in the Job Status column for this deployment. The approving user or admin can Approve or Reject the deployment by clicking the corresponding action in the Action List. Either way, a confirmation popup confirms the action. The Job Status changes from Pending to Submitted.
Only the creator of the deployment needs to be granted access directly to the cloud or clouds associated with the deployment environment. This allows you to restrict other users to only deploy to approve deployment groups.
OFF: (Default) Approval is not required.
In the Cloud Selection section, use the checkboxes to select the desired VM-based cloud regions and/or container clouds, and for each selected region select the available cloud accounts you want to make available at deploy time from the Cloud Account dropdown list. Click the pin icon in the dropdown list to select a default cloud account as shown in the screenshot below.
Address errors, if identified by Workload Manager, and then click Next to go to the Cloud Settings tab.
Cloud Settings Tab
The Cloud Settings tab contains two sections:
Default Tier Cloud Settings
Simplified Networks allows you to create multiple network maps, where each network map contains all of the details needed in specifying the Cloud Settings within the Default Tier Cloud Settings (see below). When simplified networks is enabled for the deployment environment, when a user deploys an application to that environment, Page 2 of the Deploy form will display a dropdown of the available network maps instead of showing the detailed cloud settings.
To enable simplified networks in the deployment environment, follow this procedure.
- Turn on the Use Simplified Networks toggle. This causes the simplified networks section to expand and the New Network Mapping link to be displayed.
- Click the New Network Mapping link to cause the New Network Mapping form to be displayed.
- Enter the required network mapping name and optional description.
- Enter the network settings for at least one permutation of cloud region and cloud account represented by the tabs on the left side of the Network Settings section. A sample Network Settings section for a network mapping involving AWS regions is shown in the screenshot below.
These network settings fields correspond exactly to the Cloud Setting fields in the Default Tier Cloud Settings section when the simplified networks toggle is turned off and will vary based on the cloud provider for the region. See Default Tier Cloud Settings > Cloud Settings, below, for details.
- Save the network mapping when done. This returns you to the deployment environment screen and your network mapping is displayed in the list of defined network mappings as shown in the screenshot below.
- Repeat steps 2 through 5 to add additional network mappings as needed. After adding your network mappings, you can later delete or edit them.
If you enable simplified networks and do not define at least one network mapping for a region-account combination in the deployment environment, users will not be able to deploy applications using that region-account combination if they select this deployment environment in Page 1 of the Deploy form.
Default Tier Cloud Settings
You must specify the default tier cloud settings for each permutation of cloud region and cloud account represented by the tabs on the left side of this section.
The Default Tier Cloud Settings section contains the following subsections:
Available instance types, including:
Visibility of instance type virtual hardware configuration
Visibility of instance type hourly cost
- Resource Validation
Available Instance Types
In the Instance Type subsection, select the instance type(s) that you would like to make available at deploy time.
The initial Instance type subsection display shows the All tab highlighted, followed by the Instance Type Filters, and below that, tiles representing instance types that may be made available at deploy time. However, no instance types are initially selected.
Use the Instance Type Filters to limit which instance type tiles are displayed below. You can select all instance types by setting the Select All toggle to ON (on the right side of the subsection below the instance type filers). Otherwise, you can select individual instance types by clicking on the corresponding instance type tiles. You must select at least one instance type.
If you do not see the required instance type listed in this subsection, make sure that this instance type appears in the Instance Type Section of the Regions tab for the cloud region. See Manage Instance Types for additional context.
When done selecting instance types, clicking the Selected tab at the top of the subsection. This causes a preview of the selected instance types to be displayed. This preview is comparable to what the user would see in Page 2 of the Deploy form. The following is a screenshot showing this preview after three instance types were selected.
By default, the hardware information (vCPU, memory, root disk) and pricing information (cost per hour) are displayed in the instance type tiles on Page 2 of the Deploy form. Turning the corresponding Hardware Info and Pricing Info toggles off hides this information from the Deploy form.
Resource Placement (AWS, OpenStack, vCenter Only)
If you are configuring default tier cloud settings for an AWS, OpenStack or vCenter region, you may invoke a resource placement script during deploy time by turning on the Resource Placement toggle. This will allow you to specify the source and name of the resource placement script to be executed. The script must allocate all of the resources that are required in the Cloud Settings subsection for that cloud family. The script is executed as part of the deployment of each VM. When you specify a resource placement script for a region-account combination, the Cloud Settings subsection and the Resource Validation script option are disabled and hidden. See Define Resource Placement for more details.
The Cloud Settings subsection lets you specify default values for cloud resources and network settings used by the VMs in deployed in that region
It contains two toggles for controlling editability and visibility of the cloud settings in Page 2 of the deploy form:
- ON (default): Users can see the cloud settings in the corresponding section of Page 2 of the Deploy form when this environment is selected.
- OFF: The cloud settings are not visible in the Deploy form when this environment is selected.
- Unlocked (default): Users can change the cloud settings in the corresponding section of Page 2 of the Deploy form when this environment is selected.
- Locked: Users cannot change the cloud settings displayed in the Deploy form when this environment is selected.
The visibility and editability toggles are disabled until you set all required fields in the Cloud Settings subsection.
The format of the rest of the Cloud Settings subsection depends on whether Simplified Networks is enabled for this environment.
If Simplified Networks is enabled for this environment, the rest of the Cloud Settings subsection displays a single Network Mapping dropdown field to select one of the network mappings created in the Simplified Networks section as shown in the screenshot below.
When you select a network mapping from the dropdown field, this network mapping will become the default network mapping for this region-account combination. If you have defined other network mappings, and the the Cloud Settings subsection is set as visible and editable, the user will be able to choose from any of the mappings in the corresponding dropdown field on Page 2 of the Deploy form.
If Simplified Networks is not enabled for this environment, all of the remaining fields in the Cloud Settings subsection depend on the cloud provider for the selected region as described below.
- IBM Cloud Cloud Settings
The following are the Cloud Settings fields for an IBM Cloud region. All fields are optional. The Public VLAN and Public Subnet fields are only visible after you select a private VLAN and the Assign Public IP toggle is left ON.
Field Notes Private VLAN Lists private VLANs that may be associated with this region-account combination. Private Subnet Lists private subnets that may be associated with this region-account combination. Assign Public IP ON (default): A public VLAN and public subnet is associated with VMs deployed using this region-account combination. OFF: Only a private VLAN and subnet is associated with VMs deployed using this region-account combination. Public VLAN Lists public VLANs that may be associated with this region-account combination. Public Subnet Lists public subnets that may be associated with this region-account combination.
- vCenter Cloud Settings
The following are the Cloud Settings fields for a vCenter region. Only the Datacenter and Cluster fields are required.
Enable Full Clone
OFF (default): Directs vCenter to create a thin clone which is faster but relies on the original VM disk being available in its original location. The format is the same as the source template/snapshot disk format (the default when you create a VM from the vCenter UI).
ON: Directs vCenter to create a full disk clone of the VM.
If you use VM template when configuring images for vCenter cloud environments, be aware of the following considerations.
Use if deploying to a different VMware cluster from the worker image.
- Use if you select an image that is mapped to a Template. Add this Template to the CliqrTemplates folder
- The full clone operation is performed on the source VM or VM template, the cloned VM can be on either datastore or datastore cluster that you specify.
- You can use the Full clone option for both Snapshots and Templates.
- Use if the image is mapped to a snapshot.
- Add a folder in vSphere (to store your CloudCenter snapshots), name it CliqrTemplates, and add this snapshot to the CliqrTemplatesfolder.
- At the time of deployment, deploy to the datastore where the snapshot is present.
When you use a Snapshot, both the Linked Clone and Full Clone options are possible settings.
Datacenter You must select the name of the datacenter where you want your VMs deployed. Cluster
After you select the datacenter, you must select a host cluster within that datacenter.
VM Group Optionally select one of the VM DRS Groups defined in vCenter. Datastore Cluster
Optionally select one of the datastore clusters defined in vCenter. If the Enable Full Clone toggle is turned OFF (linked clones are used), then this field is disabled. If the Enable Full Clone toggle is turned ON, and you select a datastore cluster, the Datastore data entry field appears below.
This field is only displayed after you select a datastore cluster from the field above. If DRS is disabled on the datastore cluster selected in the Datastore Cluster field above, this field displays a list of datastores associated with that datastore cluster and you may select a datastore from the list. If DRS is enabled on the datastore cluster selected in the Datastore Cluster field above, vCenter automatically chooses the datastore and this field is disabled.
The CloudCenter Suite supports clustered DS and manages this setting automatically.
Resource Pool Optionally select the resource pool you want your VMs to use. Target Deployment Folder
Optionally select the folder where you want your VMs deployed.
You must select a network from the dropdown for NIC 1. You may optionally add more NICs by clicking the Add Network Interface Controller link below the Network dropdown field.
- vCD Cloud Settings
The following are the Cloud Settings fields for a vCD region. All fields are required.
vCloud Org VDC The name of the Virtual Data Center (VDC) in vCloud Director. vCloud Storage Profiles The storage profiles to deploy the VMs. vCloud Org VDC Network Select a network for NIC 1 and for any additional NICs you add.
- OpenStack - Cloud Settings
The following are the Cloud Settings fields for an OpenStack region. All fields are required except Availability Zones.
Availability Zones You may select multiple default availability zones. Cloud Tenant Network Select for NIC 1 and for any additional NICs you add. Private IP Allocation Select for NIC 1 and for any additional NICs you add. Assign Public IP Select for NIC 1 and for any additional NICs you add. Default: ON Assign IPv6 Address Select for NIC 1 and for any additional NICs you add. Default: OFF
- Google Cloud Environment - Cloud Settings
The following are the Cloud Settings fields for a GCP region. All fields are required.
Project Zone Network Subnetwork Assign Public IP Default: ON IP Forwarding Default: OFF
- Container Clouds - Kubernetes Cloud Settings
A Kubernetes cloud has only one cloud setting field and it is mandatory: Namespace.
- AWS - Cloud Settings
The following are the Cloud Settings fields for an AWS region. All fields are required.
VPC Network Select a subnet for NIC 1 and for any additional NICs you add. If you select ALL for NIC 1, you will not be able to add additional NICs. Assign Public IP Select for NIC 1 and for any additional NICs you add. Default: ON Source / Destination Check Select for NIC 1 and for any additional NICs you add. Default: ON
- AzureRM - Cloud Settings
The following are the Cloud Settings fields for an AzureRM region. All dropdown fields are required except Storage Account and Diagnostics.
Subscription Resource Group Storage Account Diagnostics Enable Availability Set checkbox Default: unchecked Virtual Network Subnet Select a subnet for NIC 1 and for any additional NICs you add. Assign Public IP checkbox Defined per NIC. Default: checked.
You may invoke a resource validation script during deploy time by turning on the Resource Validation toggle and specifying the source and name of the script. A resource validation script is designed to prevent the deployment of an application to an environment if testing reveals that less than a certain amount of one or more resources is available for supporting the deployment. When this condition occurs, the validation script can output a message that specifies which resources were low and by how much. See Define Resource Validation for more details.
SSH options are on the bottom of the Per Tier Default Settings section and are preceded by a visibility toggle and and lock icon, as shown in the following image.
The visibility toggle is on by default and the lock icon is unlocked by default. This means that the SSH Options subsection will be visible on page 2 of the Deploy form and can be modified at deploy time. If the visibility toggle is on but the lock icon is locked, the pre-selected choice will be visible but cannot be changed at deploy time. If the visibility toggle is off, the SSH Options section is not shown in the Deploy form and the selection made in the Deployment Environment form is automatically applied at deploy time.
Set the SSH Option by selecting one of the three radio buttons as detailed in the following table.
|No Preference (default)|
Workload Manager will generate a private SSH key to allow secure communications between the CloudCenter Suite cluster (or Cloud Remote, if deployed) and the worker VMs, but this private key is not stored on the worker VMs.
If you use a custom key for deployments, you will not see the SSH or RDP connect buttons in your environment.
The SSH and RDP options are only visible when the deployments are submitted using the default No Preference option, in which case the Workload Manager uses the default keys to establish a secure connection with the VM instance.
Persist Private Key
The Workload Manager generated private key is stored on all worker VMs in this deployment. Use this option to allowing SSH communication between worker VMs.
Assign Public Key
Workload Manager will use a public key specified by you for Workload Manager-to-VM communications. This key is not stored on the worker VM and therefore cannot be used for secure VM-to-VM communication. When this option is selected, new data entry fields appear under the radio buttons as shown in the following screenshot.
Give the SSH key a name, then either load the key from a file on your PC or copy and paste the key form a text file.
The private or public key is not used to create the key pair on the cloud provider. Instead, it is used by the Workload Manager agent to configure the cliqruser and make the VM accessible through the cliqruser–private key combination.
The Workload Manager has no way of knowing the private key that is held by the user – Cisco only supports SSH keys that are implicitly injected by the Workload Manager
Policy Settings Tab
To configure details in the Policy Settings tab, follow this procedure
In the Policy Settings section, identify the following options for each policy setting, which also has the info icon displaying additional details that you may need for the next step. See Policy Management for additional details on each policy type.
You cannot configure policies settings in a purely container-based deployment environment – the Policy Settings tab is disabled and greyed out for deployment environments configured with only container clouds.
However, you can access and configure the Policy Settings information for hybrid cloud deployment environments that include containers.
New multi-select fields enable admins to restrict what policies and tags can be selected by end-users at deploy time. Admins can also set default values for policies or completely hide policy fields from users.
Identify if the following settings apply to the selected policy:
Should this be visible to users in your tenant (toggle switch)?
Will this be the default policy (pin icon)?
Do you want to make this policy Mandatory (toggle switch)?
Should the Terminate Protection configuration for this policy be visible in the Deploy form (toggle switch)?
In the Deploy Time Preview section, select the required time-based option for the required policies. Refer to the info icon for the required policy in the previous step to select the corresponding option. The Deploy Time Preview section is a read-only preview and only displays how the policy selection would appear during the deploy flow with the currently selected options. Users cannot perform any action using this section.
Click Done to save your new deployment environment.
- No labels