Cloud Credentials
When using Traffic Manager software in a cloud environment, the Traffic Manager might require authentication credentials in order to make API calls to the cloud provider. Primarily, pools set to use autoscaling will require API credentials to enable the scaling mechanism within the cloud. This section allows you to record such credentials in a catalog object, based on the requirements of the chosen cloud provider API. For more details about pool autoscaling, see Autoscaling.
The Traffic Manager provides a number of built-in cloud API’s upon which to base your credential set:
•VMware vSphere
•Amazon EC2
•Rackspace Cloud
Additional custom cloud APIs can be added by uploading appropriate executable scripts through the Catalogs > Extra Files facility. Refer to the Traffic Manager section of the Pulse Community website (https://community.pulsesecure.net) for further details.
To create a new set of cloud credentials:
1.Click Catalogs > Cloud Credentials.
2.Enter a name in the Name field.
3.Select the Cloud API you wish to use.
4.The remaining fields differ depending on the API chosen. They typically include an ID, password/passcode, and additional authentication information.
5.Click Create Cloud Credentials.
The table below provides details for each of the fields presented when you create a new set of credentials:
|
Setting |
Description |
|
Name |
The name used to identify this set of credentials within the Traffic Manager's configuration. |
|
Cloud API |
The selected cloud provider API. |
|
ID / Name (cred1) |
The username or ID of the cloud provider account to be used for API calls. |
|
Auth Key / Password (cred2) |
The password associated with the username/ID. |
|
Token / Server (cred3) |
Some cloud providers also require an authentication token or additional item in order to make API calls. VMware vSphere requires a vCenter hostname/IP to accept API calls. This extra information can be specified here. |
|
update_interval |
The Traffic Manager periodically queries the cloud provider for the status of all instances running on behalf of the user. This is necessary in order to be up-to-date when nodes are added or removed by external systems. The update_interval determines how often (in seconds) these status calls are made. Note that some clouds impose a limit on the number of such calls that can be made per minute. |
|
change_process_timeout |
The maximum amount of time (in seconds) a change process can take. For example, when a request is made to the cloud API for node creation/destruction, this setting specifies how long to wait for the request to complete. |
IAM Roles in Amazon EC2 Credentials
Amazon EC2 instances use Identity and Access Management (IAM) roles in place of locally stored credentials. IAM roles are required for deployments that use Traffic IP addresses, auto-scaling, or appliance network management.
When you launch a new virtual machine instance in Amazon EC2, you specify the IAM role you want the instance to assume.
For more information on IAM roles, including how to create and manage roles, see the AWS documentation at http://aws.amazon.com/documentation/.