After you configure the Management Server instance and at least two endpoints in the same user role, your endpoints can use secure Stealth tunnels to communicate.
This section provides an overview on how to access the Management Server instance and view the Enterprise Manager interface, as well as how to view the endpoint instances and the current Stealth status.
4.1. Accessing the Enterprise Manager Interface
You use the Enterprise Manager interface, running on the Management Server instance, to manage your Stealth configuration.
To access the Enterprise Manager interface, perform the following procedure:
1. If you have not already done so, log on to the Management Server instance by doing the following:
a. From the AWS Management Console, selectEC2 under Compute.
b. On the EC2 Dashboard, selectInstances in the left pane (under Instances).
c. Right-click the Administration and Diagnostics System instance, and select Connect.
d. If required, download and open the Remote Desktop File.
e. Log on to the Administration and Diagnostics System using the user name and password.
f. On the Administration and Diagnostics System, use Remote Desktop Connection (RDP) or another connection software (if you selected a Linux operating system for your Administration and Diagnostics System), and connect to the
Management Server instance using its private IP address.
g. If you receive a warning that the identity of the remote computer cannot be verified, clickYes to continue.
h. Log on to the Management Server instance using theEMAdmin user name and the password that you set for the EMAdminPassword in2.4 Selecting Parameters and Launching the Management Server Instance.
2. On the Management Server instance desktop, double-click theUnisys Enterprise Manager Portal icon.
Note: Alternatively, you can enter https://<Management Server host name>:29080/
in a browser window.
3. If you see a warning that there is a problem with the website’s security certificate, clickContinue to this website (not recommended).
4. Log on to the Enterprise Manager interface using theportaladmin user name and the password that you set for PortalAdminPassword in2.4 Selecting Parameters and Launching the Management Server Instance.
The Enterprise Manager interface displays the Stealth Network Dashboard, which provides an overview of your configuration.
Caution
Be very careful when deleting or reassigning any components in the Enterprise Manager interface. If you delete any configurations, roles, users, or
certificates, or if you reassign components to different roles or configurations, you could disrupt all Stealth communications in your environment.
For information on how to change your configuration, closely follow the procedures in the Unisys Stealth(cloud) for Amazon Web Services Advanced Concepts and Operations Guide.
For more information on using the Enterprise Manager interface, select Help from the menu bar to launch the Unisys Stealth Solution Enterprise Manager Interface Help. To access context-sensitive help information for a specific interface element, click the question mark (?) help icon for that element.
4.2. Accessing Windows Endpoints and Viewing Stealth Status
Stealth endpoint instances running the Windows operating system include the Stealth Applet. You use the Stealth Applet to view the status of the Stealth service on the endpoint instance.
Note: You should wait until the status reads CREATE_COMPLETE before connecting to the endpoint instance. If you connect to the endpoint instance before the CloudFormation process is complete, the Stealth Applet might not start. If you need to manually launch the Stealth Applet, from the Start menu, type USS-Applet in the Search box.
Do the following:
1. Log on to an endpoint instance by doing the following:
a. From the AWS Management Console, selectEC2 under Compute.
b. On the EC2 Dashboard, selectInstances in the left pane (under Instances).
c. Right-click the Administration and Diagnostics System instance, and select Connect.
d. If required, download and open the Remote Desktop File.
e. Log on to the Administration and Diagnostics System using the user name and password.
f. From the Administration and Diagnostics System, access the EC2 Dashboard and browse to the endpoint instance.
g. Right-click the endpoint instance and selectConnect.
h. On the Connect to Your Instance dialog box, clickGet Password.
i. ClickBrowse, and then select the EC2 key pair that you selected when you initially configured the endpoint instance.
j. ClickDecrypt Password to obtain the Administrator user account password for the endpoint instance. Make a note of this password or copy it to the clipboard.
k. On the Administration and Diagnostics System, use Remote Desktop Connection (RDP) or another connection software (if you selected a Linux operating system for your Administration and Diagnostics System), and to connect to the endpoint instance using its private IP address.
l. If you receive a warning that the identity of the remote computer cannot be verified, clickYes to continue.
m. Log on to the endpoint instance using the Administrator user account and the password that you copied when you decrypted the password earlier in this procedure.
2. To access the Stealth Applet, click theShow hidden icons (arrow) button in the taskbar, and then click the Stealth Shield icon.
Note: If the Applet does not appear in the taskbar, you can access it from the Start menu by typing Stealth Applet in the Search box.
3. Optionally, do the following to display the Stealth Shield icon in the taskbar:
a. Click theShow hidden icons (arrow) button in the taskbar, and then click Customize.
b. On theSelect which icons and notifications appear on the taskbar window, scroll to theUnisys Stealth Solution shield icon, select Show icon and notifications from the Behaviors list, and then click OK.
The Stealth Applet shows the status of your Stealth communications on the endpoint. For more information on using the Stealth Applet, clickHelp in the left menu on the Applet.
4.3. Accessing Linux Endpoints and Viewing Stealth Status
Stealth endpoint instances running the Linux operating systems use a command to view the status of the Stealth service on the endpoint instance.
Notes:
• You should wait until the status reads CREATE_COMPLETE before connecting to the endpoint instance.
• To access a Linux endpoint from a Windows-based Administration and Diagnostics System, you must install an SSH client (for example, Putty).
Do the following to access the endpoint and view the status of the Stealth service on the endpoint instance:
1. Log on to an endpoint instance by doing the following:
a. From the AWS Management Console, selectEC2 under Compute.
b. On the EC2 Dashboard, selectInstances in the left pane (under Instances).
c. Right-click the Administration and Diagnostics System instance, and select Connect.
d. If required, download and open the Remote Desktop File.
e. Log on to the Administration and Diagnostics System using the user name and password.
f. On the Administration and Diagnostics System, use SSH to connect to the endpoint instance using the endpoint private IP address and the EC2 key pair that you selected when you initially configured the endpoint instance.
There are several methods you can use to connect to a Linux endpoint and log on.
For more information, see the “Connect to Your Instance” topic in the Amazon Elastic Compute Cloud User Guide for Linux Instances, (http://
docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-connect-to-instance-linux.html).
Note: Although the Amazon “Connect to Your Instance” procedure instructs you to use the public DNS name to connect to your Linux endpoint, because you are connecting to the endpoint from a private location (from the Administration and Diagnostics System), you must use the private IP address. For example, if you are using PuTTY, Amazon instructs you to enter user_name@public_dns_name.
However, you must enter user_name@private_IP_address to successfully access the Linux endpoint instance.
2. Enter the following command as root:
stconfig -S
The stconfig command shows the status of your Stealth communications on the endpoint.
4.4. Limitations When Accessing AWS Services
As described in1.4 Understanding Default Filters,external AWS services (outside the VPC) are automatically white-listed for clear-text communication.
Internal AWS services (inside the VPC)—including elastic load balancing (ELB) and auto-scale groups—should be deployed on known subnets so that you can easily create filters to enable clear-text communications. For more information on adding filters to access non-Stealth-enabled components and other services, see the Unisys Stealth Solution Advanced Concepts and Operations Guide.