...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
Amazon AWS Installation Overview
This section describes how to set up an Amazon AWS Virtual Private Cloud (VPC) in high availability (HA) mode to work with SoftNAS SNAP HA™. SoftNAS SNAP HA for EC 2 now supports the use of Virtual IPs, and is our best practice recommendation. Configuration with Elastic IPs is still fully supported.
The following is required:
- Create the VPC in AWS.
- Specify the IAM User for SoftNAS Cloud®
- Configure the routing tables.
- Launch an Instance of SoftNAS Cloud® into the VPC.
- Create and Associate the Required Elastic or Virtual IPs.
- Set up SoftNAS Cloud® for HA.
Note: The HA IAM Role is caps sensitive, and must be named SoftNAS_HA_IAMIAM.
Creating the VPC
A VPC is a private, isolated section of the AWS cloud that can be set up in a variety of configurations.
- From the VPC Dashboard, click on Start VPC Wizard.
- Select VPC with Public and Private Subnets as the configuration scenario.
Click on Select. The Create an Amazon Virtual Private Cloud screen is displayed.
Note: Private subnet instances access the Internet via a Network Address Translation (NAT) instance in the public subnet. (Hourly charges for NAT instances apply.)
Note: You may not require NAT setup if setting up a Private instance using Virtual IPs. While not required for Private instances, there are some organization specific instances where set up of NAT is relevant.
...
...
Configure the IP CIDR block, Public and Private Subnets, and all other settings as appropriate. In this guide's example, the 70.0.0.0/16 VPC will be used for configuration procedures.
Configuration Best Practices to Consider Now:
- Select different availability zones when configuring the subnets for the greatest level of VPC redundancy.
- Select the proper instance type for intended usage, including anticipated networking and storage needs.
- Select a valid Key Pair that is secured and available for use.
...
...
Click on Create VPC. AWS will create the VPC with the Public and Private subnets.
Note: If a NAT instance is not required for the local SoftNAS Cloud® deployment, delete the NAT instance and release any assigned Elastic IPs. Amazon hourly charges apply to NAT instances.
Specify the IAM User for SoftNAS Cloud®
About Amazon IAM Users
AWS Identity and Access Management is a web service that enables Amazon Web Services (AWS) customers to manage users and user permissions in AWS. The service is targeted at organizations with multiple users or systems that use AWS products such as Amazon EC2, Amazon RDS, and the AWS Management Console. With IAM, centrally manage users, security credentials such as access keys, and permissions that control which AWS resources users can access.
Create an AWS IAM User for SoftNAS Cloud®. This will allow SoftNAS Cloud® instances to use the credentials of the AWS IAM User when accessing the VPC. For a step-by-step guide to setting up your IAM user, see Creating the SoftNAS Cloud® IAM Role for AWS.
Setting Up the Routing Tables
In the routing tables configuration, ensure that both the private and public subnets are associated to the main routing table of the VPC and that the default route uses the IP gateway. This will enable access to the VPC using an elastic IP address.
To set up the routing tables
- From the VPC Dashboard, click Route Tables.
...
...
- The available routing tables are displayed. In the screenshot below, the main routing table for the 70.0.0.0 VPC has no associated subnets. We want to ensure that both the public and private subnets are associated to the main routing table.
...
...
- Click on the main routing table to select it. The route table settings will appear at the bottom of the screen.
...
- Click on Subnet Associations, and ensure that both the private and public subnets are associated to the main routing table. Click the down arrow to select the subnet for association.
...
- Click Edit. Select the desired subnets from the available subnets menu provided and Save.
...
Default Routes:
When creating a VPC, the default route for the main routing table is the NAT instance. However, depending on the networking environment, it may be required to redirect this route to an internet gateway.
Note: The following procedure is optional. Use of the NAT gateway may be appropriate depending on the networking setup. 1.
- From the main route table settings, click on Routes. The default route to the NAT device is displayed.
...
...
- Click Remove next to the default route.
...
- Click Yes when prompted by the Delete Route screen.
...
- Recreate the default route (0.0.0.0/0) and point it to the internet gateway, by selecting it from the Target dropdown.
Launch An Instance of SoftNAS Cloud® into the VPC
To launch an instance of SoftNAS Cloud® into the already-set-up VPC, the following is required:
- Select the
...
- appropriate SoftNAS Cloud® AMI
...
- from the Marketplace AMI section of EC2 services.
- Select at least the small instance.
- Configure the instance details.
- Launch instance into the subnet.
- Add an additional ethernet interface.
- Add storage as required.
- Tag the instance.
- Set up security groups.
- Select a key pair for SSH.
The above procedure is repeated to create a
...
second SoftNAS Cloud®
...
instance for HA.
Selecting the SoftNAS Cloud® AMI
...
- For SoftNAS Cloud®, navigate to AWS Marketplace AMIs.
...
- Select the SoftNAS AMI from the Community AMI section of EC2 services.
...
- From EC2 services, click on Launch Instance>Marketplace AMIs and enter SoftNAS in the search text box.
...
- Select the appropriate SoftNAS Cloud® version for expected need (Express, Standard, or Enterprise).
Choosing an Instance Type
SoftNAS requires at least the use of a small instance type. 1.
- From Step 2. Choose an Instance Type.
...
- Select the appropriate machine type for expected usage from the matrix given. For more information on Amazon Instance types, click here.
...
- Click on Next: Configure Instance Details.
Instance Details
...
- For Network, select the previously configured VPC.
...
- Select one of the available public or private subnets to associate with this instance.
...
- Scroll to Network Interfaces, expand, and click Add Device. If using Elastic IPs for your HA instance, it is very important to add an additional NIC here as well as your storage.
To add an additional NIC:
...
- Select Network Interfaces from within the EC2 console, then Create Network Interface.
...
...
- Provide a name, select your subnet and a security group. Click Create.
...
...
- Click on Next: Add Storage.
Adding Storage and Tagging
...
- From the storage screen, add storage volumes as necessary. Ensure that Delete on Termination is selected.
...
- Click Next: Tag Instance and add an instance name to the Value field.
...
- Click Next: Configure Security Group
Note: Disk names for EBS volumes must follow SoftNAS Cloud® storage naming conventions. For more information, see the document SoftNAS Installation Guide.
Security Groups
Security groups for SoftNAS Cloud® must include TCP 443, TCP 22, and ICMP Echo Reply and Echo Response. Source can be locked down per security requirements.
Note: When assigning the Security Group for a SoftNAS Cloud® instance, either create a new Security Group or select a preexisting security Group. Regardless of decision, ensure it includes the above mentioned rules.
Create the required rules for the security group
...
- From the available selection, choose Create.
...
- Select Custom ICMP Rule. Source can be set to "Anywhere, My IP, or Custom IP," based on local security requirements. Assign Type and Port as appropriate.
...
- Repeat the above procedure to add the Custom TCP Rule for ports 443 and 22.
Enable ICMP Echo Reply and Request as seen above. For ping requests to work correctly, enable ICMP echo reply and request.
Note: It is
...
- recommended to restrict the Source IP address to a range of valid address, not "Anywhere" as shown in this example, for best security.
...
- Click on Review and Launch.
...
- Provide the appropriate key pair when prompted.
...
- Keep in mind that two instances are required for HA. Create a second instance at this
...
- time
In order to complete the set up high availability for Amazon Web Services VPCs in either a Virtual IP or Elastic IP setup, select the appropriate link below: