I N S T A L L I N G P R O T E C T E D H O S T S I N T H E A M A Z O N V P C |23
7: Test the DSM installation.
__ Wait a few minutes after you receive your DSM Deployment Details.
__ Open a browser and enter the DSM URL listed in the Deployment Details. For example:
https://ec2-54-208-235-131.compute-1.amazonaws.com
__ Log in as awsadmin using the information in the Deployment details. awsadmin / Qx2[S4GYB53wi
The Vormetric Data Security page opens.
Figure 28: Vormetric Management Console dashboard
If the DSM dashboard is not responsive--for example, when you point to a drop-down menu nothing happens, log off and wait a few minutes for the configuration process to complete.
. . .
INSTALLING PROTECTED HOSTS IN THE AMAZON VPC
A protected host is a host in the Amazon cloud whose data is protected by a Vormetric agent.
VDS protects hosts running many different operating systems including various versions of Microsoft Windows, Linux and UNIX. However, the installation process described here requires that you use CentOS 6.3 for your protected hosts. If you would like support in protecting other platforms, contact [email protected].
Once your DSM is installed and configured, you can create protected hosts. Installing an agent
Document Version 1.2 All-in-Cloud Installation Guide Installing Vormetric Data Security in the Amazon VPC
• Instantiate the host you want to protect (step 1).
• Run the agent install and registration script on the host (step 2).
• Verify that the protected host is registered with the DSM (step 3).
• For each protected host, save the deployment information (step 4).
• Repeat this process for each protected host (step 4).
Gather the following information for these steps:
__ The VPC and subnet where you installed the DSM.
__ Agent install script url. (See step 6: Get the DSM Deployment Details.)
__ The Security Group you created. (See step 3a: Create a new EC2 security group with the following port rules.).
Note: Currently we only support protected hosts running CentOS 6.3. You can use any CentOS 6.3 AMI.
1: Instantiate your protected host.
AWS protected host instances can be of any size. For each DSM you can have up to five protected hosts.
a: __ Log in to your Amazon account.
b: __ Instantiate your protected host AMI (not the DSM AMI) using the following parameters (valid for either 1-Click or EC2 Console launching):
__ Region. Choose one.
__ EC2 Instance Type. Instances can be of any size.
__ Network: Choose the same VPC where you installed the DSM.
__ Subnet: Choose the same subnet where you installed the DSM.
__ Check Automatically assign a public IP address to your instances. You will use this public IP address to access the host in subsequent steps.
__ Tag Instance. Add a name for your protected host.
__ Security Group. Use the same group you used when you instantiated the DSM (Figure 9 and Figure 24).
__ Click Review and Launch.
__ Key Pair. Choose a Key Pair that you previously created or create a new key pair and download the private key. Remember your private key path (location of the .pem/.ppk file) as you will need this later.
__ Note the instance ID as this will be useful for the next step.
2: Run the agent installation and registration script on the host.
After your host instance is running (the time it takes depends on the size of the host and the AWS EC2 load), connect to it with an SSH Client to download the agent installation and registration script. This script installs the agent and registers it with the DSM.
. . . . .
I N S T A L L I N G P R O T E C T E D H O S T S I N T H E A M A Z O N V P C |25
There are many ways to start an SSH session.See Connect to Your Amazon Instance.
a: Launch an SSH client on your host instance and login with the user name root. Use the following parameters to launch your SSH session.
__ Host Name (or IP address). Enter the IP address or Public DNS of the protected host.
If you installed the host using the EC2 Console, highlight the host name in the Instances view of the EC2 Dashboard. The Public DNS is displayed under the Description tab. Figure 26 shows an example of what you should see.
If you launched the host with 1-Click, you need to allocate a new EIP address for VPCs and associate it with the host instance:
__ In the AWS EC2 Dashboard, click on Elastic IPs.
__ Click Allocate New Address, select EIP used in VPC and Yes, Allocate.
__ Select this new address, click Associate Address and select the host instance on which to associate the EIP.
__ Use this EIP address to set up your SSH session.
__ Private key path: Enter the path of the .pem (or .ppk if you are using PuTTY) file that you generated earlier (Figure 25: “Key pairs”).
Some AMIs only allow you to first log in as ec2-user. If you can't log in as root, log in as ec2-user, then do a "sudo su -" in the terminal to run as root.
b: Make sure the firewall on the protected host allows the following TCP Port connections:
ICMP Ping Incoming/Outgoing TCP 7024 Incoming
TCP 8080 Outgoing TCP 8443 Outgoing TCP 8444 Outgoing
c: From the SSH terminal, copy and run the agent install program.
__ Run the following commands as root user:
# wget -O installer --no-check-certificate <Agent_Install_Script_url>
Agent_install_script_url is part of the DSM details (6: Get the DSM Deployment Details.).
(If the wget command fails with "wget not found," execute yum -y install wget and try again.)
# ls installer
# chmod +x installer
# ./installer
Welcome to the Vormetric Data Security agent installer
Your instance has been launched with the following security groups:
<Name of your security Group>
Document Version 1.2 All-in-Cloud Installation Guide Installing Vormetric Data Security in the Amazon VPC
allow outgoing connections to TCP ports 8443, 8444 and 8080 and ICMP ping requests and incoming connections to TCP port 7024 and ICMP ping requests before proceeding
Proceed? (yes/no) yes
(Installation continues until you get the following screen output.) Cleaning up...
Installing agent
Please enter the information below to configure your agent instance Enter hostname of the Security Manager: ip-10-1-0-61.ec2.internal (Important: For “hostname of the Security Manager,” use the private DNS of the DSM, not the public DNS. You can get this from Figure 28: “Vormetric Management Console dashboard”)
Adding host ip-10-1-0-252.ec2.internal to Data Security Manager.
Enter password for awsadmin user on the Security Manager - &*($d($@Ed9 (Get this from step 6, Get the DSM Deployment Details. on page 22)
Host ip-10-1-0-252.ec2.internal added to Security Manager
After restarting, this instance will be registered to the Security Manager hosted at ip-10-1-0-61.ec2.internal
The instance is going to restart now. Continue? (yes/no) yes
Type yes. The host goes down for a reboot and after a few minutes is registered with the DSM.
3: Verify that the protected host is registered with the DSM.
a: __ Open a browser and enter the DSM URL. See step 6, Get the DSM Deployment Details. on page 22
Figure 29: Management Console Login
__ Login as awsadmin with the password from your DSM Deployment Details.
The VDS Dashboard appears:
. . . . .
I N S T A L L I N G P R O T E C T E D H O S T S I N T H E A M A Z O N V P C |27
Figure 30: VDS Dashboard
b: Switch to domain, awsdomain.
__ Click Domains > Switch Domains
Figure 31: Switch domains
You will have a domain called awsdomain.
Document Version 1.2 All-in-Cloud Installation Guide Installing Vormetric Data Security in the Amazon VPC
Figure 32: Switch to domain
__ Select awsdomain, then click Switch to domain.
c: View the hosts in the domain.
__ Click Hosts > Hosts in the top menu bar to bring up the Hosts page. The new protected host is added and under Pushing Status it says Pending or Done. It may take a few minutes to complete registration. If it says N/A, then the registration did not complete. See Chapter 4, Additional Help, on page 64 to re-register.
Figure 33: Hosts page
4: Repeat the instantiation (step 1), agent installation and registration (step 2), and verification process (step 3) for each protected host.
5: See the Vormetric Data Security on AWS: Getting Started Guide to learn how to use the product.