Provisioning Citrix ADC VPX Instances on AWS 编辑
Provisioning Citrix ADC VPX Instances on AWS
When you move your applications to the cloud, the components that are part of your application increase, become more distributed, and need to be dynamically managed.
With Citrix ADC VPX instances on AWS, you can seamlessly extend your L4-L7 network stack to AWS. With Citrix ADC VPX, AWS becomes a natural extension of your on-premises IT infrastructure. You can use Citrix ADC VPX on AWS to combine the elasticity and flexibility of the cloud, with the same optimization, security, and control features that support the most demanding websites and applications in the world.
With Citrix ADM monitoring your Citrix ADC instances, you gain visibility into the health, performance, and security of your applications. You can automate the setup, deployment, and management of your application delivery infrastructure across hybrid multi-cloud environments.
AWS terminology
The following section provides a brief description of the AWS terms used in this document:
Term | Definition |
---|---|
Amazon Machine Image (AMI) | A machine image, which provides the information required to launch an instance, which is a virtual server in the cloud. |
Elastic Compute Cloud (EC2) | A web service that provides secure, resizable compute capacity in the cloud. It is designed to make web-scale cloud computing easier for developers. |
Elastic network interface (ENI) | A virtual network interface that you can attach to an instance in a VPC. |
Instance type | Amazon EC2 provides a wide selection of instance types optimized to fit different use cases. Instance types comprise varying combinations of CPU, memory, storage, and networking capacity and give you the flexibility to choose the appropriate mix of resources for your applications. |
Identity and Access Management (IAM) role | An AWS identity with permission policies that determine what the identity can and cannot do in AWS. You can use an IAM role to enable applications running on an EC2 instance to securely access your AWS resources. |
Security groups | A named set of allowed inbound network connections for an instance. |
Subnets | A segment of the IP address range of a VPC that EC2 instances can be attached to. You can create subnets to group instances according to security and operational needs. |
Virtual Private Cloud (VPC) | A web service for provisioning a logically isolated section of the AWS cloud where you can launch AWS resources in a virtual network that you define. |
Prerequisites
This document assumes the following:
You possess an AWS account.
You have created the required VPC and selected the availability zones.
You have added the Citrix ADM agent in AWS.
For more information on how to create an account and other tasks, see AWS Documentation.
For more information on how to install Citrix ADM agent on AWS, see Installing Citrix ADM agent on AWS.
Architecture Diagram
The following image provides an overview of how Citrix ADM connects with AWS to provision Citrix ADC VPX instances in AWS.
Configuration tasks
Perform the following tasks on AWS before you provision Citrix ADC VPX instances in Citrix ADM:
Create subnets
Create security groups
Create an IAM role and define a policy
Perform the following tasks on Citrix ADM to provision the instances on AWS:
Create site
Provision Citrix ADC VPX instance on AWS
To create subnets
Create three subnets in your VPC. The three subnets that are required to provision Citrix ADC VPX instances in your VPC - are management, client, and server. Specify an IPv4 CIDR block from the range that is defined in your VPC for each of the subnets. Specify the availability zone in which you want the subnet to reside. Create all the three subnets in the same availability zone. The following image illustrates the three subnets created in your region and their connectivity to the client system.
For more information on VPC and subnets, see VPCs and Subnets.
To create security groups
Create a security group to control inbound and outbound traffic in the Citrix ADC VPX instance. A security group acts as a virtual firewall for your instance. Create security groups at the instance level, and not at the subnet level. It is possible to assign each instance in a subnet in your VPC to a different set of security groups. Add rules for each security group to control the inbound traffic that is passing through the client subnet to instances. You can also add a separate set of rules that control the outbound traffic that passes through the server subnet to the application servers. Although you can use the default security group for your instances, you might want to create your groups. Create three security groups - one for each subnet. Create rules for both incoming and outgoing traffic that you want to control. You can add as many rules as you want.
For more information on security groups, see Security Groups for your VPC.
To create an IAM role and define a policy
Create an IAM role so that you can establish a trust relationship between your users and the Citrix trusted AWS account and create a policy with Citrix permissions.
In AWS, click Services. In the left side navigation pane, select IAM > Roles, and click Create role.
You are connecting your AWS account with the AWS account in Citrix ADM. So, select Another AWS account to allow Citrix ADM to perform actions in your AWS account.
Type in the 12-digit Citrix ADM AWS account ID. The Citrix ID is 835822366011. You can also find the Citrix ID in Citrix ADM when you create the cloud access profile.
Enable Require external ID to connect to a third-party account. You can increase the security of your role by requiring an optional external identifier. Type an ID that can be a combination of any characters.
Click Permissions.
In the Attach permissions policies page, click Create policy.
You can create and edit a policy in the visual editor or by using JSON.
The list of permissions from Citrix is provided in the following box:
{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "ec2:DescribeInstances", "ec2:DescribeImageAttribute", "ec2:DescribeInstanceAttribute", "ec2:DescribeRegions", "ec2:DescribeDhcpOptions", "ec2:DescribeSecurityGroups", "ec2:DescribeHosts", "ec2:DescribeImages", "ec2:DescribeVpcs", "ec2:DescribeSubnets", "ec2:DescribeNetworkInterfaces", "ec2:DescribeAvailabilityZones", "ec2:DescribeNetworkInterfaceAttribute", "ec2:DescribeInstanceStatus", "ec2:DescribeAddresses", "ec2:DescribeKeyPairs", "ec2:DescribeTags", "ec2:DescribeVolumeStatus", "ec2:DescribeVolumes", "ec2:DescribeVolumeAttribute", "ec2:CreateTags", "ec2:DeleteTags", "ec2:CreateKeyPair", "ec2:DeleteKeyPair", "ec2:ResetInstanceAttribute", "ec2:RunScheduledInstances", "ec2:ReportInstanceStatus", "ec2:StartInstances", "ec2:RunInstances", "ec2:StopInstances", "ec2:UnmonitorInstances", "ec2:MonitorInstances", "ec2:RebootInstances", "ec2:TerminateInstances", "ec2:ModifyInstanceAttribute", "ec2:AssignPrivateIpAddresses", "ec2:UnassignPrivateIpAddresses", "ec2:CreateNetworkInterface", "ec2:AttachNetworkInterface", "ec2:DetachNetworkInterface", "ec2:DeleteNetworkInterface", "ec2:ResetNetworkInterfaceAttribute", "ec2:ModifyNetworkInterfaceAttribute", "ec2:AssociateAddress", "ec2:AllocateAddress", "ec2:ReleaseAddress", "ec2:DisassociateAddress", "ec2:GetConsoleOutput" ], "Resource": "*" } ] } <!--NeedCopy-->
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论