Creating a Proxy ELB for Diego SSH

Page last updated:

If you want to allow SSH connections to application containers, you may want to use an Elastic Load Balancer (ELB) as the SSH proxy.

Perform the steps below to create this ELB:

  1. On the EC2 Dashboard, click Load Balancers.

  2. Click Create Load Balancer and configure a classic load balancer with the following information:

    AWS screenshot of 'Define Load Balancer' page with Basic Configuration and Select Subnets.

    • Enter a load balancer name.
    • Create LB Inside: Select the -vpc VPC where your Ops Manager installation lives.
    • Ensure that the Create an internal load balancer checkbox is not selected.
  3. Under Load Balancer Protocol, ensure that this ELB is listening on TCP port 2222 and forwarding to TCP port 2222.

  4. Under Select Subnets, select the public subnet.

  5. On the Assign Security Groups page, create a new Security Group. This Security Group should allow inbound traffic on TCP port 2222.

    'Create Security Group' window has an inbound Custom TCP rule with 2222 port range.

  6. The Configure Security Settings page displays a security warning because your load balancer is not using a secure listener. You can ignore this warning.

    Yellow warning is below 'Configure Security Settings' header. The warning is titled Improve your load balancer's security. Your load balancer is not using any secure listener.

  7. Click Next: Configure Health Check.

    'Configure Health Check' page has two Ping fields and several more under the 'Advanced Details' section.

  8. Select TCP in Ping Protocol on the Configure Health Check page. Ensure that the Ping Port value is 2222 and set the Health Check Interval to 30 seconds.

  9. Click Next: Add EC2 Instances.

  10. Accept the defaults on the Add EC2 Instances page and click Next: Add Tags.

  11. Accept the defaults on the Add Tags page and click Review and Create.

  12. Review and confirm the load balancer details and click Create.

  13. With your DNS service (for example, Amazon Route 53), create an ssh.system.YOUR-SYSTEM-DOMAIN DNS record that points to this ELB that you just created.

    'Create Record Set' form has a TTL of 300 and a value of 'your-elb-domain'.

  14. You can now use this ELB to the SSH Proxy of your VMware Tanzu Application Service for VMs (TAS for VMs) installation.

  15. In TAS for VMs, select Resource Config and enter the ELB that you just created in the Diego Brain row, under the Load Balancers column.

    Screenshot of a section of the Resource Config, where Diego Brain is between UAA and Diego Cell.