Cloud Manager: Deploy and Operate AEM Cloud Service
Cloud Manager is an integral part of Adobe’s AEM as a Cloud Service (AEMaaCS) offering.
Cloud Manager provides a fully-featured Continuous Integration / Continuous Development (CI/CD) pipeline enabling organisations to build, test, and deploy their AEM applications to the Adobe Cloud automatically.
Hosting, operation, and scaling of Adobe Experience Manager is all managed by Adobe in the background including a SLA. Maintenance of Cloud Manager and upgrading of AEM is taken care of by Adobe as well.
Cloud Manager benefits smaller projects with the extensive out of the box build pipeline and stable deployment that promises zero downtime. Larger projects can free up resources in their devops and operations team which no longer have to focus on the intricacy of deploying and hosting AEM.
Lastly, overall system performance, stability and availability are improved since no one will know how to build and host Adobe Experience Manager better than Adobe.
Overall, Cloud Manager is a great cost and time saver due to a lot of functionality which is provided and maintained by Adobe.
We will explore and highlight the main functionalities so that you understand the tool and reasoning why we, at One Inside, think it’s so great.
What is Adobe Cloud Manager?
Adobe Cloud Manager allows self-managed deployments and operation of AEM Cloud Service.
It consists of a CI/CD pipeline, various environments, code repositories and further information about the system like logs or SLA reports.
Log in to Adobe Cloud Manager
To log in to Cloud Manager, go to experience.adobe.com (Experience Manager / Launch Cloud Manager).
If you do not have access, either your company does not yet have the AEM Cloud Service licenses or your account is lacking the required permissions.
You can find the most important information about the environments and pipelines on the Startpage and have access to more detailed information.
Cloud Manager Core Features
Cloud Manager has the following main features:
- Self-Service web interface for the deployments and AEM operation
- Cloud Manager functionality can also be accessed programmatically via API
- Fully automated and configurable CI/CD Pipeline
- Provisioning and configuration of productive and test environments
- Adobe hosted git repositories
- Automated quality assurance of the application (code quality, security and performance)
- Autoscaling of both AEM author as well as publish Instances
- Multitier Caching Architecture including global Akamai Cache
Benefits and Disadvantages of Adobe Cloud Manager
These outlined core features result in a great set of benefits when using Cloud Manager:
- Performance – Great performance can be expected, the global CDN and the possibility to run the AEM servers in one of the globally distributed Azure datacenters (support for AWS is on the roadmap). AEM hosting by Adobe helps guarantee optimal AEM performance and continuous improvements.
- Autoscaling – When subjected to unusually high load, Cloud Manager detects the need for additional resources and automatically brings additional instances online via autoscaling. This works for both authoring and publishing instances.
- Confidence in deployments – since the same pipeline is executed by all AEMaaCS customers, Adobe can optimise the reliability of the pipeline and deployments. After ten successful deployments, the customer can usually independently carry out deployments without involving Adobe Customer Service at all.
- Extensibility of the pipeline – Cloud Manager is integrated into the Experience Cloud APIs and is therefore easy to connect or integrate with other or custom services.
- Backup – Cloud Manager will automatically back up before every release. If any issue is noticed after the deployment, the release can be set back with the press of a button. The production instances are backed up as well (24h point in time recovery, up to 7 days with Adobe-defined timestamps).
- “Zero” Downtime – Adobe has a lot of experience in hosting AEM for its large customer base. This allows Adobe to achieve great availability and you can expect basically zero downtime. Need proof? Adobe’s SLA of 99.9%.
- Very low initial setup time – Basically a “1 click setup” for environments and the default pipeline. Certificates and domains are also set up quickly via the UI.
- Very low maintenance and operation costs – Adobe takes care of maintaining the pipeline, upgrading AEM, providing security fixes for the OS, and operating all systems (Cloud Manager, Apache / Dispatcher, AEM instances, Akamai CDN etc).
- Always up to date AEM – Adobe releases new versions almost weekly or even more frequently if there is a very urgent security fix. The moment the new features or fixes are available you will see them on your AEM instances! Your security team will be very happy to hear that.
For on-premises versions, new features will only be available approximately 6 months after their release (except security fixes which usually come with service packs).
As always there are some drawbacks, but the benefits far outweigh them and there are ways to work around them:
- Less flexibility – The pipeline and architecture is, to a certain degree, predefined. For example, it’s no longer possible to install additional OS level applications or use a different caching solution like Varnish. The Adobe I/O runtime or an external environment has to be used to provide additional services instead.
- Limited customisability of AEM – It’s no longer possible to extend AEM freely. Some customisation is still possible, especially if the developers get creative, but not everything. Since this will be a win for maintainability, this could almost be regarded as an advantage.
- Less control – Since Adobe takes responsibility for running the services and provides an SLA there are certain limitations.
For example, it’s not possible to log in on the publisher’s website, no admin password is available, and Felix Console access is blocked. Especially the last one is a concern for any AEM developers and will hinder the possibilities to debug issues on productive systems.
These issues are somewhat alleviated since Cloud Manager allows to extract certain information like log files. On the authoring instance, some tools are still accessible (e.g. /crx/de). Cloud Manager also provides additional utilities, like viewing the bundle status (those will probably be expanded on in the future).
Release a new version of AEM in the cloud (CI/CD pipeline)
The Cloud Manager CI/CD pipeline brings the code in the repository to a build application on your productive Adobe Experience Manager environment.
There are two types of environments, each environment consists of the full AEM stack (author, publish, dispatcher). A single pair called “Production” consists of “Stage” and “Prod” environments.
Every “Production” deployment first goes to “Stage” where it is analysed and can be further inspected manually before being approved and deployed to “Production”.
All other environments are referred to as “Non-Production” and are used as test environments. New test environments can be provisioned as needed.
The pipeline runs are shown in the UI and additional logs of each execution step can be downloaded to debug any issues. There are several steps in the pipeline explained as follows:
1 – Code in Adobe Git
Cloud Manager allows git repositories hosted by Adobe. The pipeline can only fetch code from those repositories. The pipeline can be triggered on commit on a certain branch or triggered manually.
To use an external non-Adobe repository, the changes have to be synchronised with the Adobe repository (this can easily be automated with various CI/CD tools like Github Actions, Bitbucket Pipelines or Jenkins).
2 – Build Code and Unit Tests
The project is built by executing the Maven build, including executing the unit tests. The result is the “Release” build.
3 – Code Scanning
This inspects the whole code base and applies static code analysis.
There are several rule sets for different topics like test coverage, potential security issues or maintainability in the context of AEM. Each topic is rated and a recommendation is given by Adobe.
These recommendations are set up quite reasonably at 50% coverage. The goal of each project should be to reach those numbers.
4 – Deploy to Stage
The code is now deployed to the stage environment. Internally, Cloud Manager creates a copy of the whole stage environment before deploying it. If there is any issue or failure with the deployment, the Stage can be reverted to the previous state.
5 – Stage testing Tests: Security Tests, Performance & Load Tests, UI Tests
Various tests are executed by default by Adobe to test if AEM itself is still working as expected and some tools to measure the performance of the website. Additionally, custom tests can be added to further test the integration of the application into AEM or the website itself.
Deploy to Production
If not disabled, the pipeline halts at this point before deploying to Production. This allows us to inspect the performance tests and code audit test results.
Any further manual testing can now be done on Stage. If everything looks good, the build can be approved and will be deployed to Product. Otherwise, the build is cancelled and reverted.
Testing with Cloud Manager
Four different categories of tests are executed in the pipeline.
These are executed before the deployment step. They test the application on a code level and in isolation.
Since unit tests are pretty much industry standard, there is mainly one interesting question: how high should the coverage be?
There are different viewpoints on this topic.
Adobe is quite defensive or realistic with the expectation of 50%. From our perspective, for web based projects and especially content focused logic, the integration tests discussed afterwards provide a lot of value.
For each project it has to be decided how much time is spent on each type of test.
This is executed before the deployment step. It inspects the code itself by doing static analysis. It gives various metrics indicating the quality of the code base by a set of code quality rules defined by Adobe.
Internally, SonarQube is used to analyse the code. Additionally, OakPAL scans the built content package to catch various potential issues which might not work with the deployment.
There are three categories of criticality:
- Critical: Pipeline stops immediately
- Important: Pipeline pauses, can be manually continued if the issue is not urgent for the current release and fixed later
- Info: Purely informational
There are the following types of ratings, each with different failure thresholds (check code quality rules documentation for details).
Over 100 SonarQube rules are applied. If a specific issue is a false positive and should be ignored, an Excel from the link above can be downloaded to look up the rule key.
The key can then be used in the Java code to make sure SonarCube will skip the warning. An example for “Credentials should not be hard-coded” is ”squid:S2068″.
In the Java code add the annotation: @SuppressWarnings(“squid:S2068”)
Experience Audit (Performance Testing)
This executes the well known Google Lighthouse Tool, the same that is available in Chrome Dev Tools.
It indicates changes compared to the last release. It’s also possible to inspect and download the full Lighthouse report.
This is a great feature to have, especially because the tests are executed on every run and in an isolated, repeatable environment.
What is missing is a view for the audit over time, that would be really helpful to track performance.
Product Functional Testing, Custom Functional Testing, Custom UI Testing
There are several integration tests.
Adobe provides a set of tests to verify the basic functionality of AEM, for example, if content can still be replicated from Author to Publish. Adobe might add additional tests in the future as well – who doesn’t like free integration tests!
In addition, custom tests can be written to further verify the functionality of AEM. This is especially useful if there are custom AEM modifications.
UI Tests are intended to test the website itself on the publisher instance via dispatcher. The idea is to provide test content with the code which will be deployed to the stage and then execute the integration tests in various browsers to verify functionality.
There is a default setup in the Maven Archetype for Integration tests based on webdriver.io and Selenium.
Docker is used to build and execute the integration tests in the cloud. It’s possible to modify those to adjust the test setup. Important to note is that UI tests are disable dy default.
Follow the documentation for “Customer Opt-Int” to understand how to enable it.
Team and Roles
There is a set of predefined roles by Adobe, which also have their according permission profile and access restrictions of who is allowed to run or modify the pipeline and other features.
Most of those roles probably match the existing roles of a project.
The most important ones are Business Owner, Deployment Manager, Program Manager, Developer. Content Authors do not have to interact with Cloud Manager. Permissions for Authors are set up in AEM itself.
We believe it’s not necessary to use this many roles for most projects and if you can trust your developers, it’s probably enough if the lead is “Business Owner” and developers are “Deployment Manager“.
Have a look at the user permission table to decide what makes sense for your project.
A notable role that is missing is “DevOps” or “Operation“. Deployment Manager is what comes closest to a DevOps person, since it’s allowed to edit the pipeline, however, any experienced developer should be able to configure Cloud Manager.
If there are integrations of Cloud Manager planned, a person with DevOps experience might become helpful.
Integrate Cloud Manager programmatically in your current Solution (Advanced topic)
Adobe is aware that every customer has its unique application landscape. There are various ways to integrate AEM Cloud Service and Cloud Manager.
Adobe Cloud Manager API
All capabilities available in the UI can also be programmatically accessed with the Adobe Cloud Manager API.
This allows to integrate the AEM Cloud Service Pipeline into a custom existing CI/CD infrastructure and also enhances the pipeline with additional custom features.
Webhooks are also supported by the API which is a great way to integrate with other services.
Some example use cases are triggering of the pipeline from an external action, monitoring and notification (e.g. Slack channel) of the pipeline runs, externally executing additional tests, or adding actions after the deployment like clearing of the cache.
Identity Management System (IMS) integration
Provisioning and access to control for the Cloud Manager and AEM can be handled manually but also via integration of external IMS.
Synchronising user accounts with group permissions is supported to automate provisioning. SAML with an external IDP is supported to enable Single Sign On.
By default, the AEM Cloud Service instances do not have access to external systems due to security reasons. Simple IP whitelisting can be configured directly in Cloud Manager.
For anything more complex, a solution can be worked out with the Adobe Cloud Manager engineer.
Forwarding Splunk logs
AEM Cloud Service internally uses Splunk to aggregate the logs.
Via support it can be requested to configure forwarding of the Splunk logs to a custom Splunk instance. This is a great way to extract as much information from the system as possible.
As we can see, Adobe Cloud Manager provides out of the box enterprise-grade CI/CD and hosting of AEM applications in the cloud.
There is a big cost-saving potential for both the initial setup as well as maintenance, thanks to the simple configuration in the web UI and all the operation efforts being taken care of by Adobe.
Combined with the powerful capability of AEM itself and the Adobe Experience Cloud as a whole, AEM Cloud Service is the best cloud-native CMS offering on the market.
This article is part of a series of content about AEM Cloud Service, where we explain how to move to AEM Cloud.
Learn how to design an AEM website with Core Components. Finally, once your website is live, start optimising it and improving the customer experience.