Every Silver Lining Has a Vault in the Cloud

Irvin Hayes Jr. Autodesk, Inc.

PL6015-P Dont worry about acquiring hardware and additional personnel in order to manage your Vault
software installation. Learn how to spin up a hosted server instance to install the Vault Server software for your
enterprise.

Learning Objectives
At the end of this class, you will be able to:

Learn how to use Microsoft Azure to host Vault software

Learn how to use Amazon Web Services to host Vault software

Learn the license requirements when using a hosted environment

Learn how to connect a local File Server with a hosted Vault Server

About the Speaker

Irvin Hayes Jr. is a product manager for the data management group at Autodesk in Novi,
Michigan. Irvin has worked at Autodesk for seven years starting in product support and as a
user experience designer. Irvin is a Microsoft Certified Professional, and has been working in
the information technology field for more than 21 years.

Table of Contents
Learning Objectives..................................................................................................... 1
About the Speaker........................................................................................................ 1
Introduction................................................................................................................... 3
Using Microsoft Azure................................................................................................. 4
Single Server Setup........................................................................................................................... 5
Distributed Server Setup................................................................................................................ 9
On-Premise File Store Setup........................................................................................................10
Backup and Recovery.....................................................................................................................10
Things to Know................................................................................................................................10

Using Amazon Web Services(AWS).......................................................................11

Single Server Setup.........................................................................................................................12
Distributed Server Setup..............................................................................................................17
On-Premise File Store Setup........................................................................................................20
Backup and Recovery.....................................................................................................................20
Things to Know................................................................................................................................21

Licensing in Hosted Environments.......................................................................21

Appendix A....................................................................................................................22
Appendix B - Useful Links........................................................................................23

Every Silver Lining Has a Vault in the Cloud

Introduction
This class was intended to help Vault administrators to install Vault Server in cloud hosting
environments such as Amazon Web Services(AWS) and Microsoft Azure. This class will
only cover a single-site and remote Autodesk Vault File Server configurations with the hosted
environments. As of this writing, full replication configurations are not supported.
Recommendations
This document will not discuss best practices for the hosted environments. These best
practices may include, but are not limited to, security, port forwarding and remote desktop
connections. It is recommended that you talk to a representative from the hosting company to
discuss best practices and implement them for optimal performance.

Every Silver Lining Has a Vault in the Cloud

Using Microsoft Azure

Microsoft Azure offers a lot of services in their hosted environment but only a few can be used
with Autodesk Vault. These service include Compute services such as virtual machines, cloud
services, websites, and mobile services; Data services such as storage, SQL databases,
backup and recovery services. Application services such as Active Directory and media
services; finally Network services such as virtual networks and traffic management. When
placing Vault in Azure only a few of these service can be used.

During this class I will show you how to use the Azures Virtual Machines, Storage, and
Networks services to use Vault.

Every Silver Lining Has a Vault in the Cloud

Single Server Setup

Autodesk Vault consists of four components: the Vault server, SQL server, Internet Information
Services (IIS), and the file store (see Appendix A). In a single server configuration, each of
these components is installed on the same server or virtual machine.
Create a Storage Account
To get started, create a storage account so that you can upload the files necessary to install
Vault server in the virtual machine. I recommend downloading and configuring an application
called Azure Storage Explore 6. This application allows you to easily connect to the Azure
storage and upload files. If you have a current support subscription to Vault, you can download
a self-extracting installation file for Vault server and upload this compressed file to the Azure
storage account.

Every Silver Lining Has a Vault in the Cloud

Create a Virtual Network

A virtual network inside of Azure would allow multiple virtual machines to access each other
within the same virtual network without using the public Internet addresses. This also allows
you to expand the vault components to different virtual machines in the same virtual network to
scale to fit your business needs.
Start by creating a simple network if one isnt already available. Here is an example of one used
for this class.

The virtual network doesnt need a custom DNS server because it will use an internal Azure
DNS server for name resolution. Once this is created, you are ready to create your virtual
machine.

Every Silver Lining Has a Vault in the Cloud

Creating a Virtual Machine

When you create your virtual machine from the gallery, be sure to choose a virtual machine that
is a Vault supported operating system (Vault System Requirements).
1. Select an image from the gallery

2. Configure the virtual machine by creating a name, selecting a size at minimum A3, and
setting the user name and password.

Every Silver Lining Has a Vault in the Cloud

3. Configure the DNS name, select the virtual network you created, select the subnet in the
virtual network, and add the http protocol to the Endpoints.

4. Launch the creation of the virtual machine

After you have created your virtual machine, sign into it using a remote desktop connection.
Download the Azure Storage Explorer and sign into your storage account. Download the Vault
server installation file into the virtual image and start your installation. Be sure to capture the
MAC address of the virtual image so that you can get your license file and get FlexLM working.
Your virtual image has a public DNS name that will used as the server name in the client login
dialog box. You now have a single server environment that looks like the following image.

Every Silver Lining Has a Vault in the Cloud

Along with creating your virtual machine, Endpoints must be configured to allow communication
from the public IP address. After the virtual machine is created, the firewall settings in the guest
OS must also be configured to open the necessary ports. For the Vault virtual machine, only
port 80 is needed for communication with clients.
Distributed Server Setup
A distributed server configuration is when the different components of Vault are distributed
across multiple virtual machines. Each virtual machine could be sized based on the need of the
service.

Communications between Virtual Machines

Inside of Azure, NetBIOS resolution is not supported therefore you will not be able to connect
the individual machines to each other if each virtual machine is using a different Cloud Service.
During Step 2 of creating the virtual machine, you need to select the same Cloud Service for all
virtual machine that has a Vault component.

Every Silver Lining Has a Vault in the Cloud

On-Premise File Store Setup

Installing an Autodesk Vault File Server (AVFS) on-premise will give the Vault environment
better performance for file transfers and additional security. After installing the AVFS locally, use
the Full Qualified Domain Name (FQDN) in the configuration dialog and it will connect to the
remote Vault server and will be ready for use once complete.

Backup and Recovery

Azure offers a few backup solutions for its environment. You will need to analyze the best
backup method for your company and recovery process. Here are some options to consider:
Use ADMS Server command line utility to backup to a folder on the virtual image. Use a
PowerShell script to move that backup folder to a storage account for offline storage.
Install the Azure Backup agent and use the Azure Recovery service to backup the folder
where you stored the backups created by ADMS backup script.
Use ADMS Server command line utility to backup to a remote virtual machine in the
same virtual network.

Backing up the entire virtual machine in Azure.

Things to Know
Here are some additional things to keep in mind when using Microsoft Azure to host the Vault
server.

Azure doesnt support NetBIOS communications as discussed earlier in this document.

If you use a gallery image with SQL, you will have to install a SQL instance named
AutodeskVault on that server for Vault to connect to and use.
Azure has no method of giving the virtual machine a static MAC address for the license
server. If the license server virtual image is restarted, it may get a new MAC address which
will cause the license server to fail. Autodesk recommends using a license server onpremise to prevent this issue.

10

Every Silver Lining Has a Vault in the Cloud

Using Amazon Web Services(AWS)

Amazon Web Services also offers multiple services in their hosted environment. Just like
Azure we can only use a few of the services provided for Autodesk Vault. These services
include Amazon Elastic Compute Cloud (Amazon EC2) which offers the virtual servers for
deployment, Amazon Virtual Private Cloud (Amazon VPC) which provides a logically isolated
network in the cloud, and Amazon Simple Storage Service (Amazon S3) which provides
highly-scalable object storage that can be used for file transfer of our Vault backups.

11

Every Silver Lining Has a Vault in the Cloud

Single Server Setup

As stated previously, a single server configuration has all Vault components installed on the
same server or EC2 instance.
Creating an S3 Bucket
To get started, create an S3 bucket by logging into the S3 Management Console. Once the
storage bucket is complete You should check the permissions on the bucket to verify that you
have the necessary permissions to upload files to the bucket.

Select the bucket you have just created and click the Upload button at the top of the page.
Upload the Vault Server installation self-extracting file you downloaded from the Autodesk
Subscription Center.
Creating a Virtual Private Cloud
The virtual private cloud (VPC) provides a logical internal cloud network inside of Amazon
services. A VPC can have a public subnet for EC2 instances that need to be accessed from the
public Internet and a private subnet for EC2 instances that just need to communicate with each
other but not accessed from the Internet. Depending on when you have joined Amazon, your
account should have a VPC already setup.
The VPC requires other components to be configured for it to work. You will need to create
Route Tables, Subnets, an Internet Gateway, DHCP Options, Security Groups, and Network
ACLs. This documentation will not go into details about how these are setup but attached to the
class documentation is a CloudFormation template (VaultVPCSetup.json) which will configure
the environment which is described next Before using this template, you will need to modify line
136 and specify the AmazonProvidedDNS region.compute.internal shown in the chart below. If
you are deploying in the us-east-1 region, specify ec2.internal.

12

Every Silver Lining Has a Vault in the Cloud

Select the CloudFormation service in the AWS management console. Select Create New
Stack and use the template file to create the environment. The CloudFormation console will
show you when the stack or environment is complete and ready for use. You will then have an
environment similar to the following image.

13

Every Silver Lining Has a Vault in the Cloud

Now select the EC2 service and start creating a new instance by clicking the Launch Instance
button. This will start the steps of creating the instance from an Amazon Machine Image (AMI).
1. Select the AMI that has a supporting operating system for the Vault Server.

2. If you are planning to use it in production, you should start with the m3.large instance
type.

14

Every Silver Lining Has a Vault in the Cloud

3. Make sure you are selecting the VPC that was created and place it into the public
subnet.

4. Increase the size of the instance and keep in mind the amount of data that will be
uploaded. You can also add storage to the instance by clicking the Add New Volume button.
You should use an Elastic Block Storage (EBS) type when you add a new volume. The
Instance Store type is a temporary storage and if the instance is stopped or terminate
anything on this storage volume is lost.

15

Every Silver Lining Has a Vault in the Cloud

5. Give the instance a name that can be used to recognize it in the list of instances.

6. Click the Select an existing security group and then select Vault ADMS Security
Group.

7. Review the configuration and launch the instance when you are ready.

16

Every Silver Lining Has a Vault in the Cloud

Once the instance is ready, you can then remote desktop to the instance to get started with
the Vault server installation. Using the Amazon Command-Line Interface you will have to
connect to your S3 instance and download the installation file onto the operating system. Once
downloaded, install Vault server and the license software, and it should be ready to use. Here is
an example of the command line that can be used to copy from the S3 bucket: Aws s3 cp
s3://VaultSoftware/Vault Client/Autodesk_VPS2015.exe. You should now have a configuration
that looks like the following image.

Distributed Server Setup

Distributing the Vault components in AWS can be done in multiple ways. The first way is to have
the service separated and all servers exist in the public subnet. Because of how the security
groups are configured, all servers will have a public IP address and be accessible from the
Internet.

17

Every Silver Lining Has a Vault in the Cloud

The next configuration would be to place the Vault and license server in the public subnet but
have the SQL and File server in the private subnet.

18

Every Silver Lining Has a Vault in the Cloud

Another configuration could be to only have the Vault server in the public subnet and have all of
the other components in the private subnet.

19

Every Silver Lining Has a Vault in the Cloud

On-Premise File Store Setup

An on-premise file store can be configured for Azure by connecting the AVFS server to the Vault
server using the FQDN.

Backup and Recovery

AWS offers a few backup solutions for its environment. You will need to analyze the best backup
method for your company and recovery process. Here are some options to consider:
Use S3 buckets to store the backups created by the Vault server command line utility. An
example script could look like this: Aws s3 cp d:\backup\ s3://Vault_Backups --recursive

Use Amazon Glacier to archive backups for longer periods.

Use instance snapshots to backup an entire instance.

Place the file store on an EBS volume which can be attached to another instance if the
original instance fails.

Place backups on an EBS volume and snapshot the volume.

Use CloudWatch to monitor the instance for issues.

20

Every Silver Lining Has a Vault in the Cloud

Things to Know
Here are some additional things to keep in mind when using AWS to host the Vault server.

AWS doesnt support NetBIOS communications as discussed earlier in this document.

If you use an image with SQL, you will have to install a SQL instance named
AutodeskVault on that server for Vault to connect to and use.
Instances in the Private subnet can only be accessed by using a remote desktop session
on an instance in the Public subnet.
A static MAC address can be assigned to the license server by using a Elastic Network
Interface (ENI).

Licensing in Hosted Environments

Autodesk Vault Workgroup and Professional are the only two products that can be used in a
hosted environment. Below is a portion of the End User License Agreement (EULA) in the Vault
products.
For purposes of this Session Specific Network License, (a) a Session is defined as a single
interactive information exchange between two Computers that are connected through a
Supported Virtualization Application, and (b) Supported Virtualization Application(s) are those
third party virtualization applications or methods that are specifically identified as supported by
Autodesk in the User Documentation for the Licensed Materials. With respect to the applicable
Supported Virtualization Application, Licensee agrees to activate any available session tracking
mechanism, not disable any such session tracking mechanism and to retain all records
generated by such session tracking mechanism.

21

Every Silver Lining Has a Vault in the Cloud

Appendix A
Thing to keep in mind for Cloud Deployments

Regions/Geography

Billing/Per hour costs

Security

Disaster Recovery

Best Practices for the host provider

Distribute services between availability zones (AWS)

Configuring Full Qualified Domain Name (FQDN)

VPN connections to on-premise site

Vault Components
The Vault server consists of four different components.

22

Every Silver Lining Has a Vault in the Cloud

Appendix B - Useful Links

Microsoft Azure

Virtual Network Overview

Azure Networking

Storage Account

Name Resolution (DNS)

Azure Explorer by Cerebrata

Backup and recovery options for Azure virtual machines

Create Backups of Virtual Machines in Windows Azure by using PowerShell

Configure Azure Backup to quickly and easily back-up Windows Server

Amazon Web Services(AWS)

Amazon Elastic Compute Cloud (Amazon EC2)

Amazon S3

Amazon Virtual Private Cloud (Amazon VPC)

Regions and Endpoints

Storage

23