AWS VPC and GovCloud Requirements for DynaCenter
Reference Number: AA-00364 Views: 5001 Created: 12-28-2015 07:59 Last Updated: 12-28-2015 11:51

Applies To:

DynaCenter 6.0 and later

Background: 

Customers often ask for a broad overview of what kind of access DynaCenter needs to onboard to an Amazon VPC environment. The goal of this document is to provide that information in a one-page, easily digestible format.

Resolution: 

Access

DynaCenter requires API credentials (access and secret keys) for an AWS account that has the minimum actions outlined in https://racemi.host4kb.com/article/AA-00281.

Provide the necessary access in one of the following ways:


Configuration

Two subnets, which are both in the same Availability Zone:

  • Deploy subnet - The deploy subnet has outbound access to the Internet over ports 80 and 443. It is temporarily attached to the target server during deploy, and detached after the migration is complete.
  • Destination subnet - The destination subnet is the final location of the new AWS server.


Networking

  • Source servers need outbound access to the DynaCenter Management Workstation over HTTPS port 443.
  • DynaCenter needs inbound access from the target server, through port 443.
  • The "deploy subnet" requires outbound access to the Internet over ports 80 and 443 so that DynaCenter can make API calls to AWS and, in specific cases, access the AWS yum repository (when on-boarding Linux systems). The "deploy subnet" also requires outbound access over HTTPS port 443 to the DynaCenter Management Workstation and outbound access on ports 53 (DNS) and 123 (NTP).