Merge branch 'staging'

README.md

@@ -1,22 +1,22 @@
-# Cloud Access Software
+# HP Anyware
 
-Teradici CAS (Cloud Access Software) delivers a highly responsive remote desktop experience with color-accurate, lossless and distortion-free graphics – even for high frame rate 4K/UHD graphics workloads. This is exactly why artists, editors, producers, architects, and designers all trust CAS to provide the resolution, sound, and color fidelity they need to create and work from anywhere. The immersive, feature-rich experience that CAS delivers is the reason why we won an Engineering Emmy in 2020.
+Hp Anyware delivers a highly responsive remote desktop experience with color-accurate, lossless and distortion-free graphics – even for high frame rate 4K/UHD graphics workloads. This is exactly why artists, editors, producers, architects, and designers all trust HP Anyware to provide the resolution, sound, and color fidelity they need to create and work from anywhere. The immersive, feature-rich experience that HP Anyware delivers is the reason why we won an Engineering Emmy in 2020.
 
-Based on our secure PCoIP® (PC-over-IP) protocol that connects over 15 million endpoints around the globe, CAS makes all the magic happen for Windows, Linux and macOS (coming soon) desktops and applications through three core software components:
+Based on our secure PCoIP® (PC-over-IP) protocol that connects over 15 million endpoints around the globe, HP Anyware makes all the magic happen for Windows, Linux and macOS (coming soon) desktops and applications through three core software components:
 
 - **PCoIP Agents** in any standalone or virtualized workstation, on-prem data center, cloud, multicloud or hybrid host environment
-- **Anyware Manager** to secure, broker, and provision Teradici CAS connections
+- **Anyware Manager** to secure, broker, and provision HP Anyware connections
 - **PCoIP Clients** to enable any PCoIP Zero Client, PCoIP-Enabled Thin Client, PC, Mac, laptop, or tablet to access their remote desktops, fixed or mobile workstations from anywhere
 
 For more details, please visit https://teradici.com.
 
 This repository contains a collection of Terraform configurations for demonstrating how to deploy Anyware Manager and Anyware Connectors in a user's cloud environment. __Note: These configurations are suitable for creating reference deployments for demonstration, evaluation, or development purposes. The infrastructure created may not meet the reliability, availability, or security requirements of your organization.__
 
 # Documentation
-- [Instructions](docs/aws/README.md) for deploying CAS on Amazon Web Services
-- [Instructions](docs/gcp/README.md) for deploying CAS on Google Cloud Platform
+- [Instructions](docs/aws/README.md) for deploying HP Anyware on Amazon Web Services
+- [Instructions](docs/gcp/README.md) for deploying HP Anyware on Google Cloud Platform
 
-CAS deployments on Microsoft Azure is available in a separate repository. Please visit https://github.com/teradici/Azure_Deployments
+HP Anyware deployments on Microsoft Azure is available in a separate repository. Please visit https://github.com/HPInc/Azure_Deployments
 
 # Directory structure
 ## deployments/

deployments/aws/awm-lb-connectors-ha-lls/main.tf

@@ -8,9 +8,7 @@
 locals {
   prefix = var.prefix != "" ? "${var.prefix}-" : ""
   # Name of Anyware Manager deployment service account key file in bucket
-  awm_deployment_sa_file   = "awm-deployment-sa-key.json"
   admin_ssh_key_name       = "${local.prefix}${var.admin_ssh_key_name}"
-  awm_aws_credentials_file = "awm-aws-credentials.ini"
 
   cloudwatch_setup_rpm_script = "cloudwatch_setup_rpm.sh"
   cloudwatch_setup_win_script = "cloudwatch_setup_win.ps1"
@@ -27,12 +25,6 @@ module "shared-bucket" {
   prefix = var.prefix
 }
 
-resource "aws_s3_object" "awm_aws_credentials_file" {
-  bucket = module.shared-bucket.bucket.id
-  key    = local.awm_aws_credentials_file
-  source = var.awm_aws_credentials_file
-}
-
 resource "aws_s3_object" "cloudwatch-setup-rpm-script" {
   count = var.cloudwatch_enable ? 1 : 0
 
@@ -54,25 +46,24 @@ module "dc" {
 
   prefix = var.prefix
 
-  pcoip_agent_install     = var.dc_pcoip_agent_install
-  pcoip_agent_version     = var.dc_pcoip_agent_version
-  pcoip_registration_code = ""
-  teradici_download_token = var.teradici_download_token
+  pcoip_agent_install            = var.dc_pcoip_agent_install
+  pcoip_agent_version            = var.dc_pcoip_agent_version
+  pcoip_registration_code_id     = aws_secretsmanager_secret.dummy_secret.id
+  teradici_download_token        = var.teradici_download_token
+  aws_region                     = var.aws_region
 
-  customer_master_key_id      = var.customer_master_key_id
-  domain_name                 = var.domain_name
-  admin_password              = var.dc_admin_password
-  safe_mode_admin_password    = var.safe_mode_admin_password
-  ad_service_account_username = var.ad_service_account_username
-  ad_service_account_password = var.ad_service_account_password
-  domain_users_list           = var.domain_users_list
-  ldaps_cert_filename         = local.ldaps_cert_filename
+  domain_name                    = var.domain_name
+  admin_password_id              = aws_secretsmanager_secret.admin_password.id
+  safe_mode_admin_password_id    = aws_secretsmanager_secret.safe_mode_admin_password.id
+  ad_service_account_username    = var.ad_service_account_username
+  ad_service_account_password_id = aws_secretsmanager_secret.ad_service_account_password.id
+  domain_users_list              = var.domain_users_list
+  ldaps_cert_filename            = local.ldaps_cert_filename
 
   bucket_name = module.shared-bucket.bucket.id
   subnet      = aws_subnet.dc-subnet.id
   security_group_ids = concat(
     [aws_security_group.allow-internal.id],
-    [aws_security_group.allow-winrm.id],
     var.enable_rdp  ? [aws_security_group.allow-rdp[0].id]  : [],
     var.enable_icmp ? [aws_security_group.allow-icmp[0].id] : [],
   )
@@ -94,16 +85,15 @@ module "awm" {
 
   prefix = var.prefix
 
-  aws_region              = var.aws_region
-  customer_master_key_id  = var.customer_master_key_id
-  pcoip_registration_code = var.pcoip_registration_code
-  awm_admin_password      = var.awm_admin_password
-  awm_repo_channel        = var.awm_repo_channel
-  teradici_download_token = var.teradici_download_token
+  aws_region                  = var.aws_region
+  pcoip_registration_code_id  = aws_secretsmanager_secret.pcoip_registration_code.id
+  awm_admin_password          = var.awm_admin_password
+  awm_repo_channel            = var.awm_repo_channel
+  teradici_download_token     = var.teradici_download_token
 
-  awm_aws_credentials_file = local.awm_aws_credentials_file
-  awm_deployment_sa_file   = local.awm_deployment_sa_file
-  bucket_name              = module.shared-bucket.bucket.id
+  bucket_name                 = module.shared-bucket.bucket.id
+  awm_aws_credentials_file_id = aws_secretsmanager_secret.awm_aws_credentials_file.id
+  awm_deployment_sa_file_id   = aws_secretsmanager_secret.awm_deployment_sa_file.id
 
   subnet = aws_subnet.awm-subnet.id
   security_group_ids = concat (
@@ -133,9 +123,8 @@ module "ha-lls" {
   prefix = var.prefix
 
   aws_region              = var.aws_region
-  customer_master_key_id  = var.customer_master_key_id
-  lls_admin_password      = var.lls_admin_password
-  lls_activation_code     = var.lls_activation_code
+  lls_admin_password_id   = aws_secretsmanager_secret.lls_admin_password.id
+  lls_activation_code_id  = aws_secretsmanager_secret.lls_activation_code.id
   lls_license_count       = var.lls_license_count
   teradici_download_token = var.teradici_download_token
 
@@ -259,19 +248,18 @@ module "awc" {
 
   prefix = var.prefix
 
-  awm_deployment_sa_file    = local.awm_deployment_sa_file
-  aws_region                = var.aws_region
-  awc_flag_manager_insecure = true
-  customer_master_key_id    = var.customer_master_key_id
-  manager_url               = "https://${module.awm.internal-ip}"
+  awm_deployment_sa_file_id     = aws_secretsmanager_secret.awm_deployment_sa_file.id
+  aws_region                    = var.aws_region
+  awc_flag_manager_insecure     = true
+  manager_url                   = "https://${module.awm.internal-ip}"
 
-  domain_name                 = var.domain_name
-  domain_controller_ip        = module.dc.internal-ip
-  ad_service_account_username = var.ad_service_account_username
-  ad_service_account_password = var.ad_service_account_password
-  ldaps_cert_filename         = local.ldaps_cert_filename
-  computers_dn                = "dc=${replace(var.domain_name, ".", ",dc=")}"
-  users_dn                    = "dc=${replace(var.domain_name, ".", ",dc=")}"
+  domain_name                    = var.domain_name
+  domain_controller_ip           = module.dc.internal-ip
+  ad_service_account_username    = var.ad_service_account_username
+  ad_service_account_password_id = aws_secretsmanager_secret.ad_service_account_password.id
+  ldaps_cert_filename            = local.ldaps_cert_filename
+  computers_dn                   = "dc=${replace(var.domain_name, ".", ",dc=")}"
+  users_dn                       = "dc=${replace(var.domain_name, ".", ",dc=")}"
 
   lls_ip = var.lls_subnet_ips["haproxy_vip"]
 
@@ -283,7 +271,7 @@ module "awc" {
     [aws_security_group.allow-internal.id],
     [aws_security_group.allow-pcoip.id],
     var.enable_icmp ? [aws_security_group.allow-icmp[0].id] : [],
-    var.enable_ssh  ? [aws_security_group.allow-ssh[0].id]  : [],  
+    var.enable_ssh  ? [aws_security_group.allow-ssh[0].id]  : [],
   )
 
   bucket_name   = module.shared-bucket.bucket.id
@@ -323,16 +311,15 @@ module "win-gfx" {
   prefix = var.prefix
 
   aws_region             = var.aws_region
-  customer_master_key_id = var.customer_master_key_id
 
-  pcoip_registration_code = ""
-  teradici_download_token = var.teradici_download_token
-  pcoip_agent_version     = var.win_gfx_pcoip_agent_version
+  pcoip_registration_code_id = aws_secretsmanager_secret.dummy_secret.id
+  teradici_download_token    = var.teradici_download_token
+  pcoip_agent_version        = var.win_gfx_pcoip_agent_version
 
-  domain_name                 = var.domain_name
-  admin_password              = var.dc_admin_password
-  ad_service_account_username = var.ad_service_account_username
-  ad_service_account_password = var.ad_service_account_password
+  domain_name                    = var.domain_name
+  admin_password_id              = aws_secretsmanager_secret.admin_password.id
+  ad_service_account_username    = var.ad_service_account_username
+  ad_service_account_password_id = aws_secretsmanager_secret.ad_service_account_password.id
 
   bucket_name      = module.shared-bucket.bucket.id
   subnet           = aws_subnet.ws-subnet.id
@@ -370,16 +357,15 @@ module "win-std" {
   prefix = var.prefix
 
   aws_region             = var.aws_region
-  customer_master_key_id = var.customer_master_key_id
 
-  pcoip_registration_code = ""
-  teradici_download_token = var.teradici_download_token
-  pcoip_agent_version     = var.win_std_pcoip_agent_version
+  pcoip_registration_code_id = aws_secretsmanager_secret.dummy_secret.id
+  teradici_download_token    = var.teradici_download_token
+  pcoip_agent_version        = var.win_std_pcoip_agent_version
 
-  domain_name                 = var.domain_name
-  admin_password              = var.dc_admin_password
-  ad_service_account_username = var.ad_service_account_username
-  ad_service_account_password = var.ad_service_account_password
+  domain_name                    = var.domain_name
+  admin_password_id              = aws_secretsmanager_secret.admin_password.id
+  ad_service_account_username    = var.ad_service_account_username
+  ad_service_account_password_id = aws_secretsmanager_secret.ad_service_account_password.id
 
   bucket_name      = module.shared-bucket.bucket.id
   subnet           = aws_subnet.ws-subnet.id
@@ -417,15 +403,14 @@ module "centos-gfx" {
   prefix = var.prefix
 
   aws_region             = var.aws_region
-  customer_master_key_id = var.customer_master_key_id
 
-  pcoip_registration_code = ""
-  teradici_download_token = var.teradici_download_token
+  pcoip_registration_code_id = aws_secretsmanager_secret.dummy_secret.id
+  teradici_download_token    = var.teradici_download_token
 
-  domain_name                 = var.domain_name
-  domain_controller_ip        = module.dc.internal-ip
-  ad_service_account_username = var.ad_service_account_username
-  ad_service_account_password = var.ad_service_account_password
+  domain_name                    = var.domain_name
+  domain_controller_ip           = module.dc.internal-ip
+  ad_service_account_username    = var.ad_service_account_username
+  ad_service_account_password_id = aws_secretsmanager_secret.ad_service_account_password.id
 
   bucket_name      = module.shared-bucket.bucket.id
   subnet           = aws_subnet.ws-subnet.id
@@ -470,15 +455,14 @@ module "centos-std" {
   prefix = var.prefix
 
   aws_region             = var.aws_region
-  customer_master_key_id = var.customer_master_key_id
 
-  pcoip_registration_code = ""
-  teradici_download_token = var.teradici_download_token
+  pcoip_registration_code_id = aws_secretsmanager_secret.dummy_secret.id
+  teradici_download_token    = var.teradici_download_token
 
-  domain_name                 = var.domain_name
-  domain_controller_ip        = module.dc.internal-ip
-  ad_service_account_username = var.ad_service_account_username
-  ad_service_account_password = var.ad_service_account_password
+  domain_name                    = var.domain_name
+  domain_controller_ip           = module.dc.internal-ip
+  ad_service_account_username    = var.ad_service_account_username
+  ad_service_account_password_id = aws_secretsmanager_secret.ad_service_account_password.id
 
   bucket_name      = module.shared-bucket.bucket.id
   subnet           = aws_subnet.ws-subnet.id

deployments/aws/awm-lb-connectors-ha-lls/networking.tf

@@ -143,7 +143,7 @@ resource "aws_route_table" "private" {
 
 resource "aws_route_table_association" "rt-dc" {
   subnet_id      = aws_subnet.dc-subnet.id
-  route_table_id = aws_route_table.public.id
+  route_table_id = aws_route_table.private.id
 }
 
 resource "aws_route_table_association" "rt-awm" {
@@ -269,22 +269,6 @@ resource "aws_security_group" "allow-rdp" {
   }
 }
 
-resource "aws_security_group" "allow-winrm" {
-  name   = "${local.prefix}allow-winrm"
-  vpc_id = aws_vpc.vpc.id
-
-  ingress {
-    protocol    = "tcp"
-    from_port   = 5986
-    to_port     = 5986
-    cidr_blocks = local.allowed_admin_cidrs
-  }
-
-  tags = {
-    Name = "${local.prefix}secgrp-allow-winrm"
-  }
-}
-
 # In the case of ICMP, from_port is ICMP type, to_port is ICMP code. Type 8
 # Code 0 is Echo Request.
 # https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ec2-security-group-ingress.html
@@ -733,20 +717,6 @@ resource "aws_network_acl" "nacls-dc" {
     }
   }
 
-  # allow-winrm (upload-scripts)
-  dynamic "ingress" {
-    for_each = local.allowed_admin_cidrs
-
-    content {
-      rule_no    = 300 + ingress.key
-      protocol   = "tcp"
-      action     = "allow"
-      cidr_block = ingress.value
-      from_port  = 5986
-      to_port    = 5986
-    }
-  }
-
   # allow-icmp
    dynamic "ingress" {
     for_each = var.enable_icmp ? local.allowed_admin_cidrs : []

deployments/aws/awm-lb-connectors-ha-lls/output.tf

@@ -1,5 +1,5 @@
 /*
- * Copyright Teradici Corporation 2020-2021;  © Copyright 2022 HP Development Company, L.P.
+ * Copyright Teradici Corporation 2020-2021;  © Copyright 2022-2023 HP Development Company, L.P.
  *
  * This source code is licensed under the MIT license found in the
  * LICENSE file in the root directory of this source tree.
@@ -9,10 +9,6 @@ output "domain-controller-internal-ip" {
   value = module.dc.internal-ip
 }
 
-output "domain-controller-public-ip" {
-  value = module.dc.public-ip
-}
-
 output "awm-public-ip" {
   value = module.awm.public-ip
 }