Documentation Center

Viz Now Administrator Guide

Version 1.2 | Published April 09, 2024 ©

Best practices - How to Configure Your AWS Accounts for Viz Now

Introduction

This is a guide to creating a specific AWS account tailored for Viz Now. By creating a dedicated AWS account, users can benefit from enhanced security and isolation.

Main Benefits of a Dedicated AWS Account

  • Security Isolation: By creating a dedicated AWS account, users can isolate resources and services, ensuring that potential security breaches or vulnerabilities in one environment do not affect the other.

  • Cost Management: A dedicated AWS account allows for better cost tracking and management. Users can easily monitor and control costs associated with the Viz Now deployment without interference from other services.

  • Customization: A dedicated AWS account allows users to customize settings, policies, and permissions specifically for the Viz Now deployment. This provides greater flexibility in managing and optimizing the application's performance and security.

AWS Account Considerations

On the other hand, there are several AWS account requirements essential for Viz Now to achieve seamless deployment:

  • On-demand Capacity reservations: Viz Now requires that the IAM entities used for Viz Now do not have limitations on their permissions to create on-demand Capacity reservations. This is necessary to ensure that the capacity required for a Space is available and that the Space created by Viz Now can be fully deployed in a single request.
    Reference: On-Demand Capacity Reservations - Amazon Elastic Compute Cloud

  • Service Quota limits: These limits are described and defined by AWS, and in the case of Viz Now, must ensure that there are some minimum safe limits to guarantee that the deploys are carried out correctly.
    Reference: What is Service Quotas? - Service Quotas (amazon.com)

On-Demand Capacity Reservations

On-Demand Capacity Reservations enable you to reserve compute capacity for your Amazon EC2 instances in a specific Availability Zone for any duration. Capacity Reservations mitigate against the risk of being unable to get On-Demand capacity in case there are capacity constraints. If you have strict capacity requirements, and are running business-critical workloads that require a certain level of long or short-term capacity assurance, we recommend that you create a Capacity Reservation to ensure that you always have access to Amazon EC2 capacity when you need it, for as long as you need it.

This ensures that the required resources are always available when needed, providing predictable performance and the ability to launch instances immediately.

Main Benefits of On-Demand Capacity Reservations

  • Guaranteed Capacity: On-Demand Capacity Reservations ensure that the required capacity is available when needed, avoiding potential delays and ensuring the successful execution of the workload by having the necessary AWS resources.

  • Flexible Pricing: Unlike Reserved Instances, On-Demand Capacity Reservations do not require long-term commitments. Users pay for the reserved capacity on an hourly basis, providing more flexibility in managing costs.

  • Customizable Reservations: Users can create Capacity Reservations with different instance types, sizes, and tenancies, allowing for a tailored solution that meets the specific requirements of the Viz Now deployment.

AWS Account Considerations

In an AWS account, there are several factors that could prevent the use of Capacity Reservations:

  • Insufficient permissions: The IAM entities (users, groups, or roles) might not have the necessary permissions to create or manage Capacity Reservations. Ensure that the appropriate permissions are granted in the IAM policies.

    1. Sign in to the AWS Management Console and navigate to the IAM service.

    2. Check the permissions for a specific IAM user, group, or role, select the corresponding section in the left navigation pane (Users, Groups, or Roles).

    3. Find and select the IAM entity you want to check

    4. Click on the Permissions tab and then the Simulate button.

    5. In IAM Policy Simulator, in the search bar, enter EC2 service and select the following actions:

      1. CreateCapacityReservation

      2. CancelCapacityReservation

  • Service limits: AWS imposes default limits on the number of Capacity Reservations per region. If the limit is reached, you may be unable to create new reservations. In such a case, you can request a limit increase through the AWS Service Quotas console or through AWS Support.

  • Availability zone restrictions: Capacity Reservations are specific to an Availability Zone (AZ). If the desired Availability Zone is constrained or has limited capacity, it may impact your ability to use Capacity Reservations.

    • This is managed by Viz Now selecting another AZ or region on the preferred ones for the Viz Now organization.

  • Instance type restrictions: Some instance types might not be available for Capacity Reservations in certain regions or Availability Zones. Check the AWS documentation for instance type availability.

    • This is managed by Viz Now selecting another Instance type in the preferred ones for the Viz Now application.

To address these issues, ensure that the necessary permissions are in place, monitor service limits, choose appropriate Availability Zones and instance types, and maintain a sufficient account budget.

AWS Service Quotas

AWS Service Quotas are limits applied to the number of resources that can be created or used within an AWS account. These quotas help prevent unintentional resource consumption and enable AWS to provide a reliable service to all users. If your business needs are not met by the default limit of service resources or operations that apply to an AWS account or an AWS Region, you might need to increase your Service Quota values. Service Quotas enable you to look up your service quotas and to request increases. AWS Support might approve, deny, or partially approve your requests.

Viz Now automatically requests a service quota increase during the deployment process. However, since the approval process for these requests can take up to 48 hours, there is also a manual method for increasing service quotas. Manually performing this action in advance can help ensure that your deployment proceeds smoothly without waiting for quota increases approval.

Top Service Quotas Related to Viz Now

This technical guide outlines various AWS service quotas that may impact the deployment of Viz Now. Each section presents a service quota, its default value, scope, and adjustability, as well as a brief description of the corresponding AWS service or resource.

Running On-Demand G and VT Instances (L-DB2E81BA)

Note: It is strongly recommended to make a manual request (48 hours in advance) to AWS for this type of deployment.

vCPUs (virtual CPUs) allocate computing resources to instances in AWS.

    • Quota: Maximum number of vCPUs assigned to running On-Demand G and VT instances

    • Quota code: L-DB2E81BA

    • Default quota value: 0

    • Adjustable: Yes

    • Scope: Regional.

EC2-VPC Elastic IPs (L-0263D0A3)

Elastic IP addresses are static IPv4 addresses designed for dynamic cloud computing in EC2. The IP address is assigned to the instance and retained till it is destroyed.

    • Quota: Maximum number of Elastic IP addresses allocated for EC2-VPC

    • Quota code: L-0263D0A3

    • Default limit: 5 per region

    • Adjustable: Yes

    • Scope: Regional.

VPCs (L-F678F1CE)

A Virtual Private Cloud (VPC) is an isolated section of the AWS Cloud where a user can launch resources within a virtual network.

    • Quota: Maximum number of VPCs per region (tied to the maximum number of internet gateways per region)

    • Quota code: L-F678F1CE

    • Default limit: 5

    • Adjustable: Yes

    • Scope: Regional.

Inbound or Outbound Rules per Security Group (L-0EA8095F)

Security groups serve as virtual firewalls for EC2 instances, controlling inbound and outbound traffic.

    • Quota: Maximum number of inbound or outbound rules per VPC security group (120 rules in total, enforced separately for IPv4 and IPv6)

    • Quota code: L-0EA8095F

    • Default limit: 60 inbound and 60 outbound rules per security group

    • Adjustable: Yes

    • Scope: Regional.

Security Groups per Network Interface (L-2AFB9258)

Network interfaces facilitate communication between instances and networks.

    • Quota: Maximum number of security groups per network interface (cannot exceed 1000 when multiplied by the quota for rules per security group)

    • Quota code: L-2AFB9258

    • Default limit: 5 per network interface

    • Adjustable: Yes (max 16)

    • Scope: Regional.

VPC Peerings (L-7E9ECCDB)

VPC peering allows a user to connect VPCs across different AWS accounts or regions.

    • Quota: Maximum number of active VPC peering connections per VPC (can be increased up to a maximum of 125)

    • Quota code: L-7E9ECCDB

    • Default limit: 50

    • Adjustable: Yes (max 125)

    • Scope: Regional.

Examples of Quota Service Numbers

Explanation of Service Quotas related with Viz Now on an AWS account:

Service Quota

Default Value

Viz Now considerations about the Service Quota

Reason

Calculations

G On-demand running

0

Default template: Live Production Vision Mixing with default Apps

2 instances from G family InstanceType (g4dn.2xlarge Instances) are needed. Since the default value is 0, this requires an increase request.

2 x 8 vCPU = 16 vCPU

VPC

5

Viz Now makes a VPC per Space

An Organization has 1 mandatory Space, a License Space.
With default settings, 4 spaces could be deployed before reaching the limit.

4 Spaces + License = 5 VPC

Elastic IP

5

Each App has an attached elasticIP

A template with 6 Applications needs 6 Elastic IP.

Each App deployed needs one Elastic IP.

Security Groups (SG) Rules

60 in 60 out

Each IP allowed to access a Space's apps has a number of rules it applied to it, based on the workflow.

Each IP will apply 10 rules per allowed IP.

All rules are inbound rules so max allowed IP is around 20, unless this limit is increased.

SG per Network Interface

5

4 SG per Network Interface

With the default number of Security Groups no extra security groups need be added.


VPC Peerings

50

By default, each deployed space needs (one) peering with the License server.

By default an Organization could have 50 Spaces with default Peering between the Space VPC and the License VPC.


Service Quota by Template

Below you see the relationship between a Template and its configurations. Some examples are shown to provide an understanding of how Viz Now deployments impacts a service quota.

Template Title

G On demand Quota

Elastic IP Quota

Comments

Live Production Vision Mixing

Default Specs: 16 (8+8)

Max Specs: 112 (32*4 +16)

Default Specs: 3

Max Specs: 6

Defaults Specs:

    • There are two G family instances:

      • Viz Vectar and NDI Bridge

      • g4dn.2xlarge requires 8 vCPU

    • There are 3 apps by default: 3 IPs are needed.

Max Specs:

    • 3 potential G family instance:

      • Vectar - g4dn.8xlarge - 32 vCPU

      • NDI Bridge - g4dn.4xlarge - 16 vCPU

      • Windows (3x) - g4dn.8xlarge - 32 vCPU x3

    • Max of 6 Apps : 6 IPs are needed.

Live Production Vision Mixing and Advanced Graphics

Default Specs: 24 (8+8+8)

Max Specs: 272 (160 + 16 +96)

Default Specs: 4

Max Specs: 12

Defaults Specs:

    • There are three G family instance:

      • Viz Vectar, Viz Engine & NDI Bridge

      • g4dn.2xlarge requires 8 vCPU

    • There are 4 apps by default: 4 IPs are needed.

Max Specs:

    • 7 potential G family instance:

      • Vectar - g4dn.8xlarge - 32 vCPU

      • Vectar Live Prod - g4dn.8xlarge - 32 vCPU

      • 3Play - g4dn.8xlarge - 32 vCPU

      • Viz Engine - g4dn.8xlarge - 32 vCPU

      • Viz Trio - g4dn.8xlarge - 32 vCPU

      • NDI Bridge - g4dn.4xlarge - 16 vCPU

      • Windows (3x) - g4dn.8xlarge - 96 vCPU

    • Max of 6 Apps : 6 IPs are needed.

Sports Analysis File-base

Default Specs: 16

Max Specs: 48 (32 + 32)

Default Specs: 1

Max Specs: 2

Defaults Specs:

    • There are 1 G family instance:

      • Viz Libero

      • g4dn.4xlarge requires 16 vCPU

    • There are 1 apps by default: 1 IP needed.

Max Specs:

    • 2 potential G family instance:

      • Viz Libero - g4dn.8xlarge - 32 vCPU

      • Windows - g4dn.8xlarge - 32 vCPU

    • Max of 2 Apps : 2 IPs are needed.

Increasing Service Quotas

Deployment Timeout

Viz Now will automatically request an increase in service quotas during the deployment process. This is usually executed on the AWS side in 15-20 minutes.

  • However, if the request is not approved by AWS after 20 minutes, the deployment is canceled.

At timeout and cancel, you will be notified, with a reference to the canceled service quota.

The request is retained in the AWS Management console, where you can monitor status of the request.

It can take up to 48 hours for AWS to increase service quotas. For this reason, we recommend submitting a manual service quota increase, 48 hours in advance of intended deployment.

To manually increase a Service Quota

Performing this action in advance can help ensure that your deployment proceeds smoothly without waiting for quota increases.

After submitting the request, AWS will review and respond to the request within 48 hours, although the response time may vary depending on the complexity of the request and the justification provided. AWS may request additional information or deny the request if the justification is not deemed sufficient. Status is available in your AWS Management console.

Conclusion

By following this guide, users can create an AWS account tailored for the Viz Now deployment application, taking advantage of security isolation, cost management, and customization.

Understanding Reserved Instances and AWS Service Quotas helps with optimizing the application's performance and resource usage.