- Getting Started
- Features and Functionality
- Security and Compliance
- Service Level Agreements
- Billing and Payments
- Support and Troubleshooting
- Terms of Service
- Feedback and Suggestions
VM Management is an add-on service that leverages a set of automation processes and tools to enable traditional hosting style services such as (1) OS administration, (2) monitoring, (3) patching, and (4) antivirus services for the operating systems of customer selected guest VMs that have been created in or migrated to the private cloud. The purpose of this handbook is to provide our customers with the information they need to extract value from the platform and achieve the desired outcomes.
Before proceeding, verify that you have the necessary resources to complete integration between your cloud and Rackspace.
Review the following list of prerequisites:
- You have administrator access to your Rackspace Customer Portal.
- You have any necessary permissions at your company.
- You have administrator access at your cloud provider.
- Your VM operating system is on the compatibility list. Windows | Linux
- The following software is required on each server where the SSM Agent will be installed:
o Linux - curl and/or wget, python3 or python
o Windows - PowerShell v3 or greater
Network Connectivity Requirements(Egress):
|https//:ssm.REGION.amazonaws.com||Access to the core Systems Manager API endpoints|
|https://ssmmessages.REGION.amazonaws.com||Access to API operations for AWS Session Manager|
|https://ec2messages.REGION.amazonaws.com||Access to API operations for Amazon Message Delivery Service|
|Access to S3 APIs used to log Systems Manager operations|
|https://amazon-ssm-REGION.s3.amazonaws.com||Hosts the Systems Manager Agent installer|
|https://add-ons.api.manage.rackspace.com||This endpoint manages the deployment of agents to supported devices and triggers enrollment into various services (e.g.Passport)|
|https://add-ons.manage.rackspace.com||This endpoint hosts automation scripts that are used during the device enrollment process.|
|https://logs.REGION.amazonaws.com||Storing SSM agent logs for commands run on a server|
|https://kms.REGION.amazonaws.com||Enabling KMS encryption for AWS Sessions Manager|
In order to determine the region for the above follow the table below:
|Rackspace DC/VCD*||AWS Region|
Virtual Datacenter for SDDC Flex
The SDDC portfolio of products comes ready for device enrollment. This can be achieved by logging into the customer portal and following the add-on enrollment section in this guide.
If you are a public cloud customer looking to use VM Management on devices within that environment, please contact your sales executive for more information.
If you are a VMC on AWS customer looking to use VM Management on devices within that environment, please contact your sales executive for more information.
Rackspace-provided images come with the agent preinstalled. If you still see the ‘Agent Installation’ warning within the Resource UI then run the scripts found in the next section, titled ‘Customer Provided Images on VMware based platforms.’
To utilize VMM on a non-Rackspace image, install the Rackspace Agent on the VM or where the Agent is not installed.
The following install scripts should be run on each VM that has been created with the custom image that was imported.
Script (Windows): https://add-ons.manage.rackspace.com/bootstrap/vmware/ssm_install.ps1
- From the My Accounts page, click on “My Accounts” drop-down on the left side of the page.
- Select, “My Resources” to open the Resource UI
- The Resource UI will show all the virtual machines currently located in your environment.
Note: If the VM does not have the option to “Enroll” in a feature. This is most likely due to a missing agent and would be evidenced by the ‘Management Agent’ column showing ‘Agent Installation’ as seen below. The instructions to resolve this issue can be found in the Agent Installation section of this handbook.
- To enroll a VM in service, click the enroll button in the corresponding VMM Add-On column.
- This will bring up the enrollment confirmation screen.
From there Click the Enroll Server button.
- This process is the same for OS Admin, Monitoring, and Anti-Virus.
- For patching you will need to click “Enroll Server”
- And select a Patching group, that corresponds with your needed patch window and OS.
Note: The field titled: ‘next run’ is given in local server time.
If you’re enrolled into patching specifically you will get access to the ‘Patching UI’ and it can be found by navigating on the top left of the customer portal and selecting ‘Patching’ as seen below:
Within this portal you will have several different views to choose from, allowing you to take different actions and export reporting data from that section. The sections are:
- Patch Groups
- Maintenance Windows
Within the ‘Patch Groups’ you’re able to see the way your instances are grouped and then assigned to various maintenance windows. Here you will also see instance status, pending updates, baselines etc. all at the group level.
Within the ‘Instances’ section you can select individual instances to drill down into updates at that level. The information here ranges from missing KBs to updates about the last run. This view can be seen below:
In the ‘Maintenance Windows’ section you’re able to see the existing maintenance groups, their schedules, next run and more. That view is previewed below:
The portal experience is primarily self-service and as such there are many options which can be toggled in all of the above windows. For any activities that you do not want to take through self-service you’re able to put a ticket in and Rackspace engineers would be more than happy to assist.
- To unenroll, open the resource UI.
- Click on the icon next to the VM you want to unenroll.
- Click “Unenroll from” followed by the name of the service you would like to remove. “IE Unenroll From OS Admin”
This section provides information about each of the following areas of the VM Management experience.
Managed OS Administration.
Managed OS Patching
Managed OS Monitoring
When a VM is enrolled in OS Administration, Rackspace Technology creates a configuration management database (CMDB) record of the VM, and securely stores Customer- provided OS login credentials so that our OS system administrators can log in to the OS and perform the desired OS Services upon request.
This service enables a customer to initiate a request that would trigger a Rackspace administrator to log in to the guest OS of a virtual machine in the private cloud. Rackspace support engineers will utilize secure, time-limited, and audited access to the environment to provide troubleshooting services for supported systems.
Spheres of Support
OS Administration spheres of support can be found here:
Rackspace Technology provides a managed OS patching service for supported operating systems. The patching schedule is set by the Customer and Rackspace Technology configures the guest OS to use Rackspace Technology-provided patching sources so that only approved patches are delivered and installed on customer machines.
Rackspace Technology installs, configures, and responds to monitoring alerts from an installed OS agent for OS and application alerts and conditions on VMs. It enables monitoring of guest OS service availability on a network, internal OS system resources, OS services operational status, and error conditions.
The default monitoring thresholds are as follows;
Windows metrics are located in the System/Window CW metric namespace
Linux metrics are located in the System/Linux CW metric namespace
CPU, Memory, and Disk Percent alarms are configured to trigger when the given metric exceeds the threshold for 6 consecutive 5-minute averages. They are configured to clear when any subsequent 5-minute average of the metric is below the threshold.
- The Disk Free Space alarm is configured to trigger when the given metric falls below the threshold for 5 consecutive 1-minute averages. It is configured to clear when any subsequent 1-minute average of the metric is above the threshold.
- Disk alarms are NOT created for the following volume file system types:
- Disk alarms are NOT created for Kubernetes container volumes: any volume path starting with “/var/lib/kubelet/”.
Rackspace Technology installs an OS antivirus agent on the selected VMs to provide Customers with antivirus services. Rackspace Technology makes no guarantees as to the effectiveness of the antivirus service. This service enables the scanning of guest OS files by a system within the private cloud that maintains up-to-date signatures of known malicious code.
It is connected to a centralized management service maintained by Rackspace that enables visibility into the function of the service and allows tickets to be triggered if any failure with the scanning system occurs or in the event of malicious code being discovered.
VM Management utilizes role-based access control (RBAC) to create granular control over permissions. When it comes to Rackspace employees, there are zero standing permissions granted. Rackspace employees are granted temporary access when performing a support task required by the customer. All remote access requests are logged and retained by Rackspace for security purposes.
For the most up-to-date version of the SLAs (service level agreements) please review the terms and conditions page.
VM Management is billed at the VM level and is charged via usage per hour used on your monthly bill. The actual rate for VM Management varies depending on the add-on so please ask your seller for the current rates.
The bill for VM Management is available for viewing by customers within the Rackspace portal.
For issues using the platform please put a ticket into your Rackspace portal asking for assistance with VM Management. For questions about the shared responsibility model for this product please review the RACI below.
|Add-On Enrollment||Responsible||Optional Add-On|
|AgentInstallation on Rackspace provided images||Inform||Responsible|
|Add-On Unenrollment||Responsible||Optional Add-On|
|AgentInstallation on Customer provided images||Responsible||Optional Add-On|
|Create Patching Groups||Consult||Responsible|
|Change Patch Baseline||Consult||Responsible|
|Change Patch Group||Consult||Responsible|
|Change Maintainence Window||Consult||Responsible|
|Configure Monitoring Agent||Inform||Responsible|
|Respond to Events||Inform||Responsible|
|Respond to Incidents||Inform||Responsible|
Note: For those fields that say ‘optional add-on’ in the above RACI contact your sales team and request more information about our Elastic Engineering or Professional Service offerings.
VM Management terms and conditions can be found here:
For all service requests please place a ticket in the ticketing portal, however, if you have feedback or suggestions for the design teams you can email us your feedback here at:
Important: The subject of your request should be as follows “VM Management Customer Feedback” and contain your account number in the body as well as any relevant detail to support your feedback.
Updated about 2 months ago