To initially set up communication with a cloud provider, you must establish an account with the cloud provider and obtain the cloud provider credentials. You must then set up communication from ALM to your cloud provider, and define network settings for communicating with your cloud-based load generators.
Creation of Cloud Provider Account
You must first create a cloud provider account for using the cloud provider services.You need to provide credentials for storing and accessing resources on the cloud, such as:
- Amazon EC2 - Access Key, Secret Key, and Account Number
- Microsoft Azure - Subscription ID and Certificate File
Note: ALM only integrates with Microsoft Azure and Amazon EC2 cloud accounts.
For details about creating cloud provider accounts, see the documentation provided by your cloud provider.
Communication to Cloud Provider
When communicating with your cloud provider, you can choose to communicate directly or via a proxy.
The following diagram illustrates direct communication to a cloud provider:
The communication is initiated from the ALM server over the organization's firewall to the cloud provider. The ports are opened for outgoing requests only.
The following diagram illustrates communication to a cloud provider through a proxy server:
The communication is initiated from the ALM server to the defined proxy server using HTTP tunneling. The proxy server then runs over the organization's firewall and transfers outgoing requests to the cloud provider.
Communication to Cloud-based Load Generator
When communicating with your cloud-based hosts, you can choose to communicate directly or via a proxy.
Note:
- When the communication is through a proxy, SSL (Secure Socket Layer) is required
- ALM supports provisioning of Performance Center load generators only.
The following diagram illustrates direct communication to a cloud-based load generator:
The communication is initiated from the Performance Center server and the Controller over a firewall to the cloud-based load generator. Data is transmitted through TCP (Transmission Control Protocol) using ports. The ports are opened for outgoing requests. The ports can be reconfigured.
The following diagram illustrates communication to a cloud-based load generator through a proxy server:
The communication is initiated from the Performance Center server and the Controller to the defined proxy server. An HTTP Tunnel is used as a means for communicating from the Performance Center server and the Controller to the proxy server. The proxy server then runs over the firewall and transfers the data to the cloud-based load generator, going through the TCP ports.
Note: SSL is supported between the controller and the cloud-based load generator.
Configuration of Security Settings
Additional security features related to your cloud provider.
| Feature | Description |
|---|---|
|
Security Groups |
While access to hosts on your local network is typically controlled by a firewall, access to your cloud hosts is controlled using security groups. A security group specifies which protocols are allowed and which ports are open for incoming and outgoing traffic to a cloud host. For incoming traffic, you can restrict access to one or more IP addresses. Example: You need to connect to your cloud hosts via Remote Desktop. Therefore, you configure your security group to allow incoming traffic over TCP port 3389 (RDP). However, you only allow access for your company's IP addresses to prevent unauthorized access from the outside. Security groups are configured on the website of your cloud provider, and must be created separately for each region. You can create as many security groups as you need, up to the limit imposed by your cloud provider. You select a security group at the time you provision cloud hosts, and that security group applies until the hosts are terminated. Note: Not applicable for Microsoft Azure cloud accounts. |
|
Key pairs are necessary if you intend to connect remotely to a cloud host created from a public image. A key pair consists of a public key and a private key. The public key is saved to the cloud host and the private key is saved locally on your computer or network. Caution: When creating a new key pair, you are prompted to save the private key. Make sure to save it in a secure location. Without the private key, you cannot log into your hosts! The private key is used differently for Windows and Linux hosts: Window hosts. When connecting remotely to a Windows host, you need the administrator password. The administrator password is generated on the website of your cloud provider by uploading the private key. Linux hosts. The private key itself is used when connecting to a Linux host. Key pairs are created on the website of your cloud provider, and must be created separately for each region. You can create as many key pairs as you need for your different testing teams, up to the limit imposed by your cloud provider. You select a key pair at the time you provision cloud hosts, and that key pair applies until the hosts are terminated. Note: If you provision hosts from a custom image, the administrator password (Windows machines) or public key (Linux machines) is taken from the computer where the image was created. If you need the administrator password or private key, contact the person who manages your custom images. Note: Not applicable for Microsoft Azure cloud accounts. |
|
|
Elastic IP Addresses |
This cloud provider feature enables you to define static IP addresses for your provisioned hosts. You can use elastic IP addresses for opening firewall settings to provision host machines without having the need to use different IP addresses each time. To do so, you can build and use a static pool of IP addresses for granting firewall access that are reserved only for your account. This pool of IP addresses remains associated with your cloud account until you choose to explicitly release it. Note: Not applicable for Microsoft Azure cloud accounts. |
| Certificate Files |
Certificates are a key component of Windows Azure security. There are two different kinds of certificates that play a role in securing your applications or services, service certificates and management certificates. You must provide Windows Azure service certificates in the Personal Information Exchange (.pfx) format for use in ALM. You must provide Windows Azure management certificates in X.509 (.cer) format and upload them to Azure. Note: Only applicable for Microsoft Azure cloud accounts. |
For details on security groups, key pairs, elastic IP addresses, and certificate files, see the documentation provided by your cloud provider.
For task details on how to initially set up communication, see How to Initially Set Up Communication with the Cloud.
