Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Amazon AWS Installation Overview

This section describes how to set up an Amazon AWS Virtual Private Cloud (VPC) which will support either a single instance or a high availability (HA) pairing of SoftNAS instances using SoftNAS SNAP HA™. SoftNAS SNAP HA™ for EC2 now supports the use of Virtual IPs, and is our best practice recommendation. Configuration with Elastic IPs is still fully supported.

...

  • Create the VPC in AWS.
  • Specify the IAM User for SoftNAS®
  • Create required subnets
  • Configure the routing tables.
  • Launch an Instance of SoftNAS® into the VPC.
  • Create and Associate the Required Elastic or Virtual IPs.
  • Set up SoftNAS® for HA.


Note: The HA IAM Role is caps sensitive, and must be named SoftNAS_HA_IAM.

Creating the VPC

A VPC is a private, isolated section of the AWS cloud that can be set up in a variety of configurations. To create your VPC, log into the AWS console with your AWS credentials, and expand All Services (if not already open). Scroll down to Networking and Content Delivery, and select VPC.

 
From the VPC Dashboard, click on Launch VPC Wizard.




Select VPC with Public and Private Subnets as the configuration scenario. 
Click on Select. The Create an Amazon Virtual Private Cloud screen is displayed.



Note: Private subnet instances access the Internet via a Network Address Translation (NAT) instance in the public subnet. (Hourly charges for NAT instances apply.) 

Note: You may not require NAT setup if setting up a Private instance using Virtual IPs. While not required for Private instances, there are some organization specific instances where set up of NAT is relevant.

Configure the IP CIDR block, Public and Private Subnets, and all other settings as appropriate.

  1. Provide a CIDR block for your VPC. The default can be kept, provided it does not conflict with other CIDR blocks within your organization. For this example, we will use 10.10.0.0/16. 
  2. IPv6 CIDR block can be kept at the default of 'No IPv6 CIDR block' unless your use case necessitates an Amazon provided IPv6 CIDR block. 
  3. Provide an easily recognized VPC name.



  4.  Select an IPV4 CIDR block for your public subnet within the VPC range. In this example, we use 10.10.0.0/24.
  5. Select a specific availability zone for your VPC public subnet.  Note the availability zone selected for future reference.
  6. Provide a name for your public subnet name. 
  7.  Select an IPV4 CIDR block for your private subnet within the VPC range. In this example, we use 10.10.5.0/24.
  8. Select the same availability zone as the public subnet, for simplicity's sake. 
  9. Provide a name for the private subnet.

  10. Provide the elastic IP address for a NAT gateway.


 image2019-5-15_13-12-9.png


Configuration Best Practices to Consider Now:

  • Select different availability zones when configuring the subnets for the greatest level of VPC redundancy.
  • Select the proper instance type for intended usage, including anticipated networking and storage needs.
  • Select a valid Key Pair that is secured and available for use.

Click on Create VPC. AWS will create a VPC with Public and Private subnets. 
Note: If a NAT instance is not required for the local SoftNAS® deployment, delete the NAT instance and release any assigned Elastic IPs. Amazon hourly charges apply to NAT instances. 

Specify the IAM User for SoftNAS®

About Amazon IAM Users

AWS Identity and Access Management is a web service that enables Amazon Web Services (AWS) customers to manage users and user permissions in AWS. The service is targeted at organizations with multiple users or systems that use AWS products such as Amazon EC2, Amazon RDS, and the AWS Management Console. With IAM, centrally manage users, security credentials such as access keys, and permissions that control which AWS resources users can access. 

Create an AWS IAM User for SoftNAS®. This will allow SoftNAS® instances to use the credentials of the AWS IAM User when accessing the VPC. For a step-by-step guide to setting up your IAM user, see Creating the SoftNAS® IAM Role for AWS.

Creating a Subnet

SoftNASBuurst' No Downtime Guarantee requires that each instance in an HA pairing must belong to a separate Availability zone or region for redundancy. For this reason, at least two subnets are required for your VPC, each in a different Availability Zone. The first can be the default public or private subnet created when setting up the VPC. The second can be created now. 

...

Click Yes, Create when the information has been provided.

Associating Subnets to a Route Table

Once your subnets have been created, they need to be associated with the correct route table. If creating a private VPC HA deployment, the two private subnets just created will need to be associated with the NAT Gateway or private Route Table. If public, you will need to associate a second public subnet to the route table. In the below example, we will be associating private subnets to a private route table. However, the process is the same in either case. Simply be sure to select the correct route table, and associate the appropriate subnet. 

...

If deploying into a public subnet, you would simply associate a second public subnet instead (This public subnet should have been created as described earlier in the Creating a Subnet section of this guide). 

Launch An Instance of SoftNAS® into the VPC


To launch an instance of SoftNAS® into the already-set-up VPC, the following is required:

...


The above procedure is repeated to create a second SoftNAS® instance for HA.


Selecting the SoftNAS® AMI


  1. For Buurst's SoftNAS®, navigate to AWS Marketplace AMIs.

  2. Select the SoftNAS AMI from the Community AMI section of EC2 services.

  3. From EC2 services, click on Launch Instance>Marketplace AMIs and enter SoftNAS in the search text box.

  4. Select the appropriate SoftNAS® version for expected need (Platinum, Enterprise, or Essentials).

Choosing an Instance Type


SoftNAS Buurst recommends an instance size of r5.2xlarge for any production deployment or any deployment testing production workload capacity. For SoftNAS Buurst Instance sizing guidance, see SoftNAS' Sizing Tool.

  1. From Step 2. Choose an Instance Type.

  2. Select the appropriate machine type for expected usage from the matrix given. For more information on Amazon Instance types, click here.

  3. Click on Next: Configure Instance Details.

Instance Details

  1. For Network, select the previously configured VPC.

  2. Select one of the available public or private subnets to associate with this instance.

  3. Scroll to Network Interfaces, expand, and click Add Device. If using Elastic IPs for your HA instance, it is very important to add an additional NIC here as well as your storage.

    To add an additional NIC after instance creation:


    1. Select Network Interfaces from within the EC2 console, then Create Network Interface.




    2. Provide a name, select your subnet and a security group. Click Create.



  4. Click on Next: Add Storage.


Adding Storage and Tagging

  1. From the storage screen, add storage volumes as necessary. Remember that storage can be added after instance creation from within the SoftNAS UI making this step entirely optional. Ensure that Delete on Termination is selected.

  2. Click Next: Tag Instance and add an instance name to the Value field.

  3. Click Next: Configure Security Group
     

Note: Disk names for EBS volumes must follow SoftNAS® storage naming conventions. For more information, see the document SoftNAS Installation Guide

Security Groups

Security groups for SoftNAS® must include TCP 443, TCP 22, and ICMP Echo Reply and Echo Response. Source can be locked down per security requirements.

Note: When assigning the Security Group for a SoftNAS® instance, either create a new Security Group or select a preexisting security Group. Regardless of the decision, ensure it includes the above-mentioned rules.

Create the required rules for the security group

  1. From the available selection, choose Create.

  2. Select Custom ICMP Rule. Source can be set to "Anywhere, My IP, or Custom IP," based on local security requirements. Assign Type and Port as appropriate. 




  3. Repeat the above procedure to add the Custom TCP Rule for ports 443 and 22.
    Enable ALL ICMP for both IPv4 and IPv6 as shown above. 

    Note: It is recommended to restrict the Source IP address to an address or range of valid addresses for best security. 
    Note: Port 3389 can also be enabled for RDP access to Clients in the environment.

  4. Click on Review and Launch.
  5. Provide the appropriate key pair when prompted.

...