Documentation Center

Viz Now Administrator Guide

Version 1.2 | Published April 09, 2024 ©

Introduction to Onboarding

This section provides an overview to the onboarding process and clarifies the terms used.

Once a new organization is set up and an organization admin assigned, the new admin has to go through the onboarding process to set up the Viz Now account.

  • Vizrt Support does not have login access to the target AWS account, the user needs to perform this action.

  • During onboarding, Viz Now is granted access to the target account using IAM roles that it is allowed to assume. This enables Viz Now to deploy infrastructure on the AWS account.

  • These steps are described in detail in the UI and it should be possible for most users with the necessary AWS privileges to complete this. If issues or problems occur during onboarding, please contact Vizrt Support.

Region and Provider

  1. The first step of the onboarding process is setting the domain name and CIDR range.

    images/download/attachments/134785196/okEU.png

  2. Use only lowercase letters a-z and avoid using any special characters.

  3. The domain name is used to automatically issue domain certificates for apps within your organization.

  4. The CIDR range should be specified using CIDR block notation.

    Info: What is CIDR? - CIDR Blocks and Notation Explained - AWS (amazon.com)

    Viz Now selects unique IP addresses within this range when deploying.

  5. You need to select the regions where Viz Now should deploy its content.

    1. Viz Now deploys spaces on your AWS account to any of the selected regions, depending on the availability of the necessary instance types.

    2. You can order the regions by preference, with the topmost region being the first choice.

    3. With the Refresh button, you can automatically select the three closest regions.

Deploy Role and Manage Role

The AWS integration for Viz Now allows it to assume an IAM role in your AWS account and generate temporary credentials to perform tasks such as installing and configuring a new space.

The Deployment agent is used by a third party tool and you should not need to refer to its documentation, as everything is handled by Viz Now. It performs tasks like:

  • Creating infrastructure using VPC and EC2.

  • Configuring domain routes using Route53.

  • Creating S3 buckets with associated IAM users.

  • Creating NACLs and Security Groups.

  • Creating Cloudwatch log groups used by VPCs

The Manage role is used by Viz Now to simplify deployments on your behalf. The AWS integration for Viz Now allows it to perform tasks like:

  • Increasing the quota.

  • Reserving EC2 instance types.

  • Managing S3 buckets and security groups.

  • Creating and accepting VPC peerings.

  • Starting and stopping EC2 instances, and destroying EC2 instances.

To Set up the Integration

The deployment Agent needs to assume an IAM role in your organization's AWS account.

  1. Make sure you have an AWS account set up and are logged in as a user with the neccessary AWS rights.

  2. You need to create this role in the AWS Console and provide Viz Now with the necessary information. The roles needs privileges to manage iam, s3, kms, route53, sts, ec2, tag, and logs. The policy needed can be found as part of the guide on the site.

    Note: If this role requirement conflicts with your company policy, contact Vizrt Support for advice on how to proceed with more granular AWS policies.

  3. Follow the steps in the Viz Now onboarding UI and click the link to create a new IAM roles in your AWS account.

  4. Once the roles are created, copy the ARN code and paste it into the Viz Now form to enable Viz Now to deploy instances in your environment.

Licensing

The final step of the onboarding process involves deploying a License server. Once this is successful, your Viz Now account is ready for use.