See this section for information on updating the initial configuration for your Stealth(cloud) environment or updating your AWS instance types.
5.1. Updating the Initial Configuration
After you initially configure and deploy your environment, you can manually update the initial configuration.
See Section 2, “Modifying the Stealth(cloud) AWS Environment” in the Unisys
Stealth(cloud) for Amazon Web Services Advanced Concepts and Operations Guide for detailed information on the following:
• Creating new filters and applying them to user roles
• Updating existing user roles
• Creating new user roles and updating endpoint instances
5.2. Optionally Updating the Management Server Instance Type
You selected an instance type and associated license capacity when you initially
configured the Management Server instance in2.2 Determining the Management Server Instance Size and License Capacity.
However, if you need to change the instance type and maximum license capacity (for example, if you subscribed to more Stealth AWS endpoint instances than Enterprise Manager is licensed to authorize concurrently), you can optionally resize the Management Server instance.
You can resize your instance to use any of the following Amazon instance types:
• Small – m4.large EC2 instance that supports up to 25 endpoint instances
• Medium – m4.large EC2 instance that supports up to 50 endpoint instances
• Large – m4.xlarge EC2 instance that supports up to 250 endpoint instances
• Extra Large – m4.2xlarge EC2 instance that supports up to 500 endpoint instances
Note: If you select the South America (São Paulo) region, m3 instance types are used.
When you resize your instance, the maximum number of subscribed endpoint instances that can be authorized is automatically updated to match the new size.
Caution
You shouldnot select any instance type besides m4.large, m4.xlarge, or m4.2xlarge (or the corresponding m3 instance types if you select the South America (São Paulo) region. These instance types have been specifically selected to meet the vCPU, memory, and configuration requirements of the Management Server instance and the Enterprise Manager software.
If you select another instance type, your Management Server instance might not be able to start or run.
See the following:
• For more information on Amazon EC2 instance types, seehttps://aws.amazon.com/
ec2/instance-types.
• To resize the Management Server instance, seehttp://docs.aws.amazon.com/
AWSEC2/latest/UserGuide/ec2-instance-resize.html.
5.3. Optionally Updating Endpoint Instance Types
You selected an instance type when you initially configured endpoint instances in 3.4 Selecting Parameters and Launching the Stealth Endpoint Instance.
If you need to change the instance type, you can do so at any time. You can change your endpoint instance to use any current or previous generation AWS instance type; however, you should only use instance types that support AWS hardware virtual machine (HVM) virtualization.
You shouldnot use instance types that support only paravirtual (PV) virtualization, because this could negatively impact the performance of your endpoint instances. The following instance types use PV virtualization only, and therefore you shouldnot use the following instance types: t1.micro, m1.small, m1.medium, m1.large, m1.xlarge, c1.medium, c1.xlarge, m2.xlarge, m2.2xlarge, and m2.4xlarge.
See the following:
• For more information on Amazon EC2 instance types, seehttps://aws.amazon.com/
ec2/instance-types.
• For more information on HVM and PV virtualization, see
http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/virtualization_types.html.
• To resize an endpoint instance, seehttp://docs.aws.amazon.com/AWSEC2/latest/
UserGuide/ec2-instance-resize.html.
Troubleshooting
This section provides troubleshooting information for your Stealth environment. Review this section for information on diagnosing and resolving problems in your environment.
6.1. Resolving Common Problems
If you are having trouble launching or connecting to your instances or problems authorizing or communicating with Stealth-enabled endpoints, do the following:
• Ensure that instances launched from your VPC are able to access the AWS CloudFormation services.
In order to launch your Management Server instance and endpoint instances, these instancesmust be able to access the CloudFormation services using either a public IP address or NAT. If your instances do not have a method to access the CloudFormation services, they will fail to launch after about an hour.
For general information on configuring IP addressing for your VPC and instances, see http://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/VPC_Networking.html.
For specific information about modifying the IP addressing for your instances, see
http://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/vpc-ip-addressing.html#subnet-public-ip.
• Ensure that you created an Administrative and Diagnostics System, and ensure that you can connect to it.
• Ensure that you created a Management Server instance, and ensure that the endpoint instances that you want to communicate belong to the same user role.
• Ensure that your Management Server instances and your endpoint instances are running. If your instances are not running and cannot be started, contact Amazon AWS support.
• If you have problems using the Enterprise Manager interface on the Management Server instance, ensure that you met all of the requirements in6.2 Enterprise Manager Interface Requirements.
• Depending on your operating system, review the Windows application and system event logs or the Linux Syslog for warning and informational messages that can provide guidance and suggestions.
• For Windows endpoints, view the status of the Stealth connection using the Stealth Applet, and for Linux endpoints, view the status of the Stealth connection using the stconfig command. See4.2 Accessing Windows Endpoints and Viewing Stealth Statusand4.3 Accessing Linux Endpoints and Viewing Stealth Statusfor more information.
• Verify that there are no firewalls blocking communication. For more information about configuring firewall settings to enable communications for Windows endpoint
instances, see the Unisys Stealth Solution Advanced Concepts and Operations Guide.
• Web proxy servers (HTTP proxy servers) can interfere with Stealth authorization;
ensure that there are no web proxy servers between Stealth endpoints and the Management Server instance.
• Verify the status of the Stealth services. If any of the Stealth services are not in a Running state, do the following:
- For Windows Server 2008 R2 or Windows Server 2012 R2: Verify that the Unisys Stealth Logon Service, Unisys Stealth PreLogon Service, and Unisys Stealth Protocol Service are running.
If any service status is paused, restart the Unisys Stealth Protocol Service, which automatically restarts the other two services.
- For Linux: Log on with root privileges, and enter the following to see the state of the stealthd daemon:
service stealthd status
If the services are in the process of connecting, wait a few minutes, then try to verify the status of the services again.
• Verify that your environment includes enough licenses for your endpoints (and verify that there are no license errors in your log files).
• Reboot the Management Server instance.
6.2. Enterprise Manager Interface Requirements
If you have any problems viewing the Enterprise Manager interface, ensure that you met the following requirements.