[WIP]-DOCTEAM-1552:creates the public cloud chapter and adds to the b…

…ook (#1771)

* creates the chapter and adds to the book

* Intro

* adds more

* adds images

* adds content

* adds sections

* final edits

* tech review changes

* self review

* review feedback

* review feedback

xml/book_rmt.xml

@@ -60,5 +60,6 @@
  <xi:include href="rmt_tools.xml"/>
  <xi:include href="rmt_backup.xml"/>
  <xi:include href="rmt_certificates.xml"/>
+ <xi:include href="rmt_public_cloud.xml"/>
  <xi:include href="common_legal.xml"/>
 </book>

xml/rmt_mirroring.xml

@@ -204,7 +204,7 @@ Jun 22 04:22:34 d31 systemd[1]: Started RMT Mirror timer.</screen>
         <replaceable>ID</replaceable></command> and <command>rmt-cli products
         disable <replaceable>ID</replaceable></command> commands. To retrieve
         an ID for an enabled product, use the <command>rmt-cli products
-        list</command> command. To get the ID of a disabled 
+        list</command> command. To get the ID of a disabled
         product that is still available, run the <command>rmt-cli products list --all</command>
         command.
       </para>
@@ -281,8 +281,8 @@ Enabling SUSE Linux Enterprise Server 12 x86_64:
         and <command>rmt-cli repos disable
         <replaceable>ID</replaceable></command> commands. To retrieve an ID for
         an enabled repository, use the <command>rmt-cli repos
-        list</command>command. If you need to get the ID of a disabled 
-        but accessible repository, execute the command 
+        list</command>command. If you need to get the ID of a disabled
+        but accessible repository, execute the command
         <command>rmt-cli repos list --all</command>.
       </para>
       <para>

xml/rmt_public_cloud.xml

@@ -0,0 +1,167 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE chapter
+[
+  <!ENTITY % entities SYSTEM "generic-entities.ent">
+    %entities;
+]>
+<chapter xmlns="http://docbook.org/ns/docbook"
+ xmlns:xi="http://www.w3.org/2001/XInclude"
+ xmlns:xlink="http://www.w3.org/1999/xlink" version="5.0"
+ xml:id="rmt-public-cloud">
+  <title>Deploying a &sls; instance to support &rmt; in the public cloud</title>
+  <info>
+    <dm:docmanager xmlns:dm="urn:x-suse:ns:docmanager">
+      <dm:translation>yes</dm:translation>
+    </dm:docmanager>
+  </info>
+  <para>
+You can deploy a &sls; instance to support &rmt; in Amazon Web Services (AWS), Google Cloud Platform (GCP), and Microsoft Azure.
+&rmt; is included in &slsa; starting with version 15. </para>
+  <para>
+  The following example shows a generic cloud architecture for the &rmt; deployment. Your deployment may look different based
+  on your networking requirements. </para>
+  <figure>
+    <title>An example of cloud architecture for &rmt; deployment</title>
+    <mediaobject>
+      <imageobject role="fo">
+        <imagedata fileref="rmt-architecture-example.png" width="70%"/>
+      </imageobject>
+        </mediaobject>
+  </figure>
+  <sect1 xml:id="sec-rmt-byos-image">
+<title>Using a bring-your-own-subscription image</title>
+<para>
+SUSE provides images for &slsa; in Amazon Web Services, Google Cloud and Microsoft Azure. There are two types of images available:
+PAYG (Pay-As-You-Go) and BYOS (Bring-Your-Own-Subscription). These images are updated at regular intervals and it is suggested that you deploy
+new instances from the latest version of the image to ensure the most recent security updates are in place.
+To support &rmt; deployment, we recommend deploying an &rmt; instance from a BYOS image.
+</para>
+<sect2 xml:id="sec-rmt-byos-image-where">
+  <title>Finding images in the cloud marketplace </title>
+  <para>The location of the relevant image in each of the cloud provider is shown below: </para>
+  <figure>
+    <title>Google Cloud</title>
+    <mediaobject>
+      <imageobject role="fo">
+        <imagedata fileref="gcp-launch-sles-instance-cloud-rmt-marketplace.png" width="70%"/>
+      </imageobject>
+       </mediaobject>
+  </figure>
+  <figure>
+    <title>Amazon Web Services</title>
+    <mediaobject>
+      <imageobject role="fo">
+        <imagedata fileref="aws-launch-sles-instance-cloud-rmt-marketplace.png" width="70%"/>
+      </imageobject>
+       </mediaobject>
+  </figure>
+  <figure>
+    <title>Microsoft Azure</title>
+    <mediaobject>
+      <imageobject role="fo">
+        <imagedata fileref="azure-launch-sles-instance-cloud-rmt-marketplace.png" width="70%"/>
+      </imageobject>
+       </mediaobject>
+  </figure>
+  <para>It is recommended to start with an instance type that has at least
+    two vCPUs and a minimum of 8&nbsp;GB RAM to support the &rmt; deployment.
+    For example, on Amazon EC2, this could be a <literal>t3.large</literal>
+    instance type, and in Microsoft Azure, it could be a <literal>B2as_v2</literal>
+    The instance can be rightsized as needed and depends on the number of clients being managed and updated by the &rmt; server.
+    </para>
+</sect2>
+<sect2 xml:id="sec-rmt-byos-image-registration">
+  <title>Registering the &slsa; instance</title>
+  <para>After the &slsa; instance deployment, you must register the instance with the SUSE Customer Center.</para>
+  <note>
+    <title>&suse; account</title>
+    <para>
+     Registering with the &scc; requires a SUSE account. If you do not have
+     a SUSE account yet, go to the &scc; home page (<link
+     xlink:href="https://scc.suse.com/"/>) to create one.
+    </para>
+   </note>
+   <para>To connect your instance: </para>
+   <para>AWS:</para>
+   <screen>&prompt.user; <command>ssh -i <replaceable>SSH_KEY</replaceable> <replaceable>EC2_USER_ID</replaceable>@<replaceable>SERVER_IP</replaceable></command></screen>
+   <para>Google Cloud:</para>
+   <screen>&prompt.user; <command>gcloud compute ssh <replaceable>GCE_INSTANCE_IP</replaceable></command></screen>
+   <para>Azure:</para>
+   <screen>&prompt.user; <command>ssh <replaceable>AZURE_USER_ID</replaceable>@<replaceable>SERVER_IP</replaceable></command></screen>
+  <para>To register the &slsa; instance with SCC: </para>
+  <screen>&prompt.sudo; <command>SUSEConnect -e <replaceable>EMAIL_ADDRESS</replaceable> -r <replaceable>REGISTRATION_CODE </replaceable></command></screen>
+  <para>The registration code is available once you log in to  SCC. </para>
+</sect2>
+</sect1>
+<sect1><title>Considerations when using &rmt;</title>
+  <para>You must consider the following requirements when you use &rmt;: </para>
+<variablelist>
+  <varlistentry>
+    <term>Disk space</term>
+    <listitem>
+      <para>
+        The &rmt; server requires sufficient disk space to mirror the repositories.
+        Downloaded packages are available in <filename>/var/lib/rmt/public/repo/</filename>. Disk space is dependent
+        on the number of repositories you mirror. We recommend a minimum of 1.5 times the total size of all enabled repositories.
+        It is a best practice to provision an additional disk volume to support this requirement.
+        You can either mount the volume to <filename>/var/lib/rmt/public/repo/</filename> on instance creation or immediately after the launch.
+        For Azure, this is an additional disk volume. For AWS, it is an Amazon EBS volume and for GCP, it is a persistent disk volume .
+              </para>
+         </listitem>
+  </varlistentry>
+  <varlistentry>
+    <term>IP or DNS resolution</term>
+    <listitem>
+      <para>
+        A static IP address or a DNS name is required in order for clients to connect to the &rmt; server.
+        In Azure, AWS and GCP, a DNS provided by the Cloud Service Provider (CSP) is assigned when the instance is launched.
+        This IP or DNS may change if the instance is re-created. For Azure, consider using a static IP address to provide a consistent
+        connection point for your clients. In AWS, this would be an elastic IP or Route53. In GCP, this would be a cloud DNS
+        record that uses a static IP address.
+        </para>
+         </listitem>
+  </varlistentry>
+  <varlistentry>
+    <term>Connectivity for the &rmt; server</term>
+    <listitem>
+      <para>
+      The &rmt; server can connect to SCC on ports 80 and 443. There are many ways to provide connectivity.
+For example, in AWS, connectivity to SCC can be provided via an AWS Internet Gateway, an AWS NAT Gateway, or via a local data center (VPN/DX Connection) but this is depends
+on whether the &rmt; instance is in a public or private subnet. GCP provides direct access to the Internet via the VPC routes or
+Cloud NAT services. Azure offers similar services.
+        </para>
+         </listitem>
+  </varlistentry>
+  <varlistentry>
+    <term>Connectivity for clients</term>
+    <listitem>
+      <para>
+        Clients can connect to &rmt; on ports 80 and 443.
+        When launching the &slsa; instance to support &rmt;, check if network connectivity allows inbound access to the &rmt; server from your clients (HTTP/HTTPS).
+  For AWS, when a &slsa; instance is launched to support &rmt;, it is possible to use an existing AWS security group or a new one.
+  The security group must be configured to allow inbound access to the &rmt; server from your clients.
+  For GCP, the firewall rules must be configured to allow inbound access to the &rmt; server from your clients.
+   </para>
+         </listitem>
+  </varlistentry>
+</variablelist>
+</sect1>
+<sect1>
+  <title>More information</title>
+   <itemizedlist mark="bullet" spacing="normal">
+      <listitem>
+       <para>
+        <link xlink:href="https://documentation.suse.com/sles/15-SP6/html/SLES-all/cha-rmt-mirroring.html#sec-rmt-mirroring-credentials"/>
+        Organization credentials to create a local mirror of the &sle; repositories.
+       </para>
+      </listitem>
+      <listitem>
+       <para>
+        <link xlink:href="https://documentation.suse.com/sles/15-SP6/html/SLES-all/cha-register-sle.html#sec-register-sle-installation"/>
+        Register and activate &sles; with the SUSE Customer Center.
+       </para>
+      </listitem>
+        </itemizedlist>
+</sect1>
+
+</chapter>