Public Cloud VM Setup

There are a few details to keep in mind when configuring a VM in a public cloud for hosting a Bayware Agent or Engine. This next section comments on those points generally and subsequent sections reference public cloud providers more specifically.

This guide does not replace public cloud provider documentation. Users should follow steps provided by their cloud provider when spinning up a VM while ensuring VMs meet Bayware requirements.

Agent Installation Requirements

Public IP Address

The Controller must be reachable by both Agent and Engine via IP. If this is possible with a private IP address, a public IP address is not required.

Any required public IP address may be dynamic.

Private IP Address

The Controller must be reachable by both Agent and Engine via IP. If this is possible with a private IP address, this is usually a more affordable option.

A private IP address may be dynamic.

IP Forwarding

IP Forwarding is generally disabled by default on new images. Agents do not require IP Forwarding so it should be disabled.

Security

Ingress ports UDP:4500 and UDP:500 must be opened up on firewalls for all VMs.

Hostname

VMs are identified by hostname by both Agent and Engine. Modifying hostname causes certificates to be regenerated.

Public Cloud Provider Tips for Agent Installation

Amazon Web Services

Follow AWS instructions for using public and private IP addresses and opening firewall ports.

You can set the hostname on a RHEL/CentOS VM after instance creation by executing the following Linux command with root privileges

hostnamectl set-hostname --static <new_hostname>

Then modify /etc/cloud/cloud.cfg by adding the line preserve_hostname: true to the end of the file. Restart the VM for changes to take effect.

Microsoft Azure

Follow Azure instructions for using public and private IP addresses and opening firewall ports.

Be sure to set desired hostname during instance creation. This cannot be changed later.

Google Cloud Platform

GCP requires all recommended settings to be configured during instance creation.

Engine Installation Requirements

Public IP Address

The Controller must be reachable by both Agent and Engine via IP. If this is possible with a private IP address, a public IP address is not required.

Any required public IP address must be static.

Private IP Address

The Controller must be reachable by both Agent and Engine via IP. If this is possible with a private IP address, this is usually a more affordable option.

A private IP address must be static.

IP Forwarding

IP Forwarding must be enabled on all Engines.

Security

Ingress ports UDP:4500 and UDP:500 must be opened up on firewalls for all VMs.

Hostname

VMs are identified by hostname by both Agent and Engine. Modifying hostname causes certificates to be regenerated.

Public Cloud Provider Tips for Engine Installation

Amazon Web Services

Follow AWS instructions for using public and private IP addresses and opening firewall ports.

You can set the hostname on a RHEL/CentOS VM after instance creation by executing the following Linux command with root privileges

hostnamectl set-hostname --static <new_hostname>

Then modify /etc/cloud/cloud.cfg by adding the line preserve_hostname: true to the end of the file. Restart the VM for changes to take effect.

To enable IP Forwarding, select the VM instance then navigate to Actions->Networking->Change Source/Dst. Check. Disable source/destination check.

Microsoft Azure

Follow Azure instructions for using public and private IP addresses and opening firewall ports.

Be sure to set desired hostname during instance creation. This cannot be changed later.

Enable IP Forwarding after instance creation by selecting the interface and going to its IP Configuration menu. Turn IP Forwarding ON.

Google Cloud Platform

GCP requires all recommended settings to be configured during instance creation.