Creating a Virtual Lab Policy for Amazon

To set up Virtual Labs for Amazon clients, you must create a VM Lifecycle Management Policy and a Dev-Test group so that end users can create their own virtual labs on Web Console.

Before You Begin

  • If you do not have a Web Server and Web Console installed, Installing the Command Center.
  • Create an Amazon Virtual Private Cloud (VPC) with the prefix: LAB_VPC. Any supported characters following the prefix, "LAB_VPC" are acceptable. For example: LAB_VPCEasternDivision.

    All VPCs that do not follow this naming convention are ignored and cannot be selected in the Virtual Lab Policy wizard. For information and instructions about creating a VPC, see the Amazon Virtual Private Cloud (VPC) User Guide.

  • Create an Amazon Client.
  • Refresh Amazon Regions.
  • Enable the regions you will use for virtual machines in your Amazon account.
  • Decide which Amazon instance types that you want to make available to virtual machine users.

    Amazon instance types define the available CPU cores and memory available for each virtual machine. Pricing for virtual machines is determined by the instance type. For information about Amazon instance types and pricing, see the Amazon Elastic Compute Cloud Documentation.

  • Create Security groups on Amazon’s EC2 console site.

    Security groups include the ports that will be opened and available to virtual machines. Available ports must include ports for RDP (Remote Desktop Protocol for Windows) and SSH (Secure Shell for Unix), so that virtual machine users can access their virtual machines.

  • Create the key pair and download the RSA key file from the Amazon EC2 console.

    You will need the key pair and RSA key file to obtain passwords for the user-created virtual machines. Key Pairs appear in the Amazon EC2 Console under Region > Key Pair. For instructions on obtaining Amazon access keys, see Amazon Elastic Compute Cloud Documentation.

  • When using the access key and secret key for an IAM user, the user must have AmazonEC2 full access permissions to access AWS resources.


  1. In the CommCell Browser, expand Policies, right-click Virtual Machine Policies and then click Create New Policy.
  2. In the Virtual Machine Policy Options dialog box, select the vendor and policy options:
    1. From the Virtualization Vendor list, select Amazon.
    2. From the Policy Type list, select Clone from Template.
    3. Click Next.

    The VM Lifecycle Policy dialog box appears.

  3. On the Enter the Policy Name and Description page, name the policy and configure advanced settings:
    1. In the Policy Name box, enter a name for the policy.
    2. In the Quota box, type or select the VM limit per user.
    3. Optional: Configure the period of time before a VM is decommissioned and then deleted. Select Enable Decommission, and then configure the time period:
      • In the Decommission VM after list, select or type a number of days.
      • In the Deletion grace period list, select or type a number of days.
    4. In the Description box, enter a description for the policy.
    5. Click Next.
  4. On the Select the Instance and the Region page, configure the client and region:
    1. In the Client list, select the name of the Amazon client where you want end users to create virtual labs.
    2. In the Region list, select the region you want to make available to users.

      If the region you select is not enabled in your Amazon account, then no Availability Zones will appear in the next step and you will not be able to proceed.

    3. Optional: Click Advanced Policy Features, and then configure any of the available settings in the Advanced Policy Features dialog box:
      • To specify the client group that can use this policy, select Associated Client Group, and then select a client group name from the list.
      • To configure email addresses for the people who will be notified about VM operations, in the E-mail addresses to notify box, enter email addresses separated by commas.
      • To configure the email sender's address, in the Sender's email address box, type an email address.
      • If you don't want to notify users about VM operations that succeeded, select Disable e-mail notifications for successful VM operations.
      • Click OK to close the Advanced Policy Features dialog box.
    4. Optional: If you want to refresh Amazon Regions, click Update region information.

      We recommend that you update region information before you create the Virtual Lab Policy, at the instance level, when you create the Amazon client, so that the Client and Region lists contain all of the clients and regions you want to use.

    5. Click Next.
  5. On the Enter the Availability Zones page, from the Availability Zone list, select the zone that you want to make available to users, and then click Next.
  6. On the Select the Instance Types page, select the instance types that you want to make available to users:
    1.  From the Available list, select one or more instance types.
    2. Click Add.
    3. Click Next.
  7. On the Network & Security page, specify the security group and key pair required for each virtual machine:
    1. Select Create An Isolated Network, and next to Virtual Private Cloud click the ellipse button , and then select a VPC.
    2. In the Security Groups list, select the Amazon security group to use for the virtual machines.
    3. In the Key Pair list, select the name of the key pair for user authentication, click Assign RSA Key, and then specify the key pair file settings:
      • In the Browse to add a Key Pair file dialog box, select Use Local Disk or use Network Share.
      • In the Key Pair File box, specify the location of the .PEM file that matches the Key Pair name.
      • Optional: Specify another set of credentials for accessing the key pair file. Click Change, and then enter the credentials in the Change User Account dialog box.
      • Click OK to close the Browse to add a Key Pair file dialog box.

      Note: Key Pairs appear in the Amazon EC2 Console under Region | Key Pair.

    4. Click Next.
  8. On the Enter Storage Information page, specify the settings for volume type, number, and space:
    1. Next to Volume Type, select the type of volume that you want to make available to users.

      Select provisioned IOPS storage for fast, consistent performance. You can set up a higher limit on the IOPS value.

    2. Next to Number of Volumes, set the maximum number of allowed volumes.
    3. Next to Volume Space, enter the minimum and maximum amount of space allowed for each volume, and the cost per GB.
    4. Click Next.
  9. On the Enter the Naming Pattern for Instances page, create a naming pattern for virtual machines.This pattern will be used when users name a new virtual machine.
    1. In the Instance Naming Pattern box, type text and numbers that will appear in every virtual machine name.

      Use the asterisk (*) to require at least one additional character in a portion of each virtual machine name. For example, the default value, VM*Eng, requires each virtual machine name to contain at least one additional character following the text, VM, and before the text, Eng. Therefore, users could give names to their virtual machines such as VMBobEng or VMJane1Eng.

    2. Click Next.
  10. On the Select User Membership page, select the user groups that will have access to the Virtual Machines module:
    1. From the Available list, select one or more user groups
    2. Click Add.
    3. Click Next.
  11. On the Summary page, click Finish.

What To Do Next

Creating Dev-Test Groups for Amazon Virtual Labs

Last modified: 6/19/2019 2:02:27 PM