# WebStream for AWS Cloud {{ :aws-gettingstarted:asset_logo_amazon-web-service.png?nolink&240 |nobox}} This guide covers the launch and network configuration of the WebStream server within the AWS Cloud. The server works with an Access Anywhere appliance that may be deployed in a different region or cloud. Once network configuration is complete return to the [[/webstream/gettingstarted]] documentation to continue setup. For general documentation see [[/webstream]]. ## Architecture A single WebStream Server provides streaming services to one or more Access Anywhere instances. The server must be accessible by each Access Anywhere instance as well as web browsers through a public endpoint. ### AWS Cloud Deployment The WebStream appliance may be launched from the AWS Marketplace. When deployed with a single Access Anywhere appliance the architecture may look like this: {{ :webstream:gettingstarted:aws:awscloud-webstream-ec2.png?600 |}} ### AWS Components The appliance uses the following AWS services: * [[https://docs.aws.amazon.com/ec2|Amazon EC2]] – The Amazon Elastic Compute Cloud (Amazon EC2) service enables virtual machine instances to be launched with a variety of operating systems. The controller is available as a virtual machine image. * [[https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/elastic-ip-addresses-eip.html|Elastic IP Address]] - An Elastic IP address is a public IPv4 address, reservable through AWS. It can be mapped dynamically to an instance, allowing instances to be changed without affecting their public address. They also allow mapping to a DNS record for your domain. ## Deployment This guide walks through deploying the WebStream to your environment as a software appliance. An instance will be launched directly from the AWS Marketplace. You'll have the ability to choose the target region and size of the instance for your requirements. After the appliance is started you'll set up the network and connect to an existing Access Anywhere instance. ### Skills Required This guide is for IT infrastructure architects and DevOps professionals who are deploying Access Anywhere on AWS. To follow this guide a user should have some familiarity with the AWS Console and with a Linux shell. They may require support from a network administrator to create a DNS record, and from an IT administrator if a corporate SSL certificate is required. ### Time Required Following this guide, the WebStream server can be deployed in under thirty minutes. ### Prerequisites You will need the following information before you can complete the setup: * An AWS Account. If you don’t already have an AWS account, create one at https://aws.amazon.com/getting-started/ by following the on-screen instructions. * ApplAdmin password for your Access Anywhere instance. * A domain name (recommended) ## Launch ### Launch from AWS Marketplace Open the page [[https://aws.amazon.com/marketplace/pp/prodview-yuu53ddgvp432|AWS Marketplace: WebStream Server]]. Select "Continue to Subscribe". {{ :aws-gettingstarted:continue-to-subscribe.png?nolink&200 |}} Review terms and select "Continue to Configuration". {{ :aws-gettingstarted:continue-to-configuration.png?nolink&200 |}} Select your preferred **Region** and then select "Continue to Launch" This page allows you to launch the instance directly from this webpage, or through the EC2 launch instance wizard. #### Launch this software {{ :aws-gettingstarted:review-config-details.png?nolink&600 |}} #### Choose Action Leave the setting as **Launch from Website** (Recommended). Instructions for launching from EC2 instead are provided in the section [[#launch_through_ec2|Launch Through EC2]]. {{ :aws-gettingstarted:choose-action-launch-from-website.png?nolink&600 |}} #### EC2 Instance Type Review settings. Default is **c5.2xlarge**: * **Memory**: 16 GiB * **CPU**: 8 virtual cores * **Storage**: EBS Only * **Network** Performance: Up to 10 Gigabit Ethernet ##### Storage Settings * **Size (GiB)** - 100 * **Volume Type** - General Purpose SSD (gp3) * **IOPS** - 3000 * **Throughput (MB/s)** - 125 * **Encryption** - Not Encrypted #### VPC Settings Select a VPC. #### Subnet Settings Choose a public subnet. #### Security Group Settings Select "Create New Based on Seller Settings". #### Create new based on seller settings Add a name and description such as "NAA WebStream". Do NOT change the Source (IP or Group) to "My IP" as this setting incorrectly assigns an internal AWS IP address. Select "Save". The following inbound firewall rules are required. ^ Type ^ Protocol ^ Port Range ^ Source ^ Description ^ | SSH | TCP | 22 | 0.0.0.0/0 | SSH access for initial network configuration | | HTTP | TCP | 80 | 0.0.0.0/0 | Used by Certbot | | HTTPS | TCP | 443 | 0.0.0.0/0 | Access point for Access Anywhere and Web browsers | #### Create New Security Group Add a name and description such as "WebStream Server". Do NOT change the Source (IP or Group) to "My IP" as this setting incorrectly assigns an internal AWS IP address. Select "Save". #### Key Pair Amazon EC2 uses SSH-2 RSA keys for SSH which is required to complete the configuration. A public/private key pair can be assigned or created. Choose an existing Key Pair or create a new one. {{ :aws-gettingstarted:key-pair.png?nolink&600 |}} #### Launch Select the "Launch" button to deploy. {{ :aws-gettingstarted:website-launch-congratulations.png?nolink&600 |}} Select EC2 Console to see the instance running in the region you selected. Add a Name by clicking in the empty Name box and entering "WebStream". Jump to the next step [[#configure_public_endpoint|Configure Public Endpoint]]. ### Launch through EC2 If you did not "Launch from the website", follow these steps to launch the instance. #### Step 1. Choose an Amazon Machine Image (AMI) 1. From the AWS Marketplace click [[https://aws.amazon.com/marketplace/seller-profile?id=e77bcef7-0eda-4bdd-8185-57f817c27cf4|WebStream Server]]. 2. Then click **Launch**. #### Step 2: Choose an Instance Type Choose at least an **c5.2xlarge**, **c5a.xlarge** or **c6a.2xlarge** instance. For example: * **Memory**: 16 GiB * **CPU**: 8 virtual cores * **Storage**: EBS Only * **Network**: Performance: Up to 10 Gigabit Ethernet For example, ^ Family ^ Type ^ vCPUs ^ Memory (GiB) ^ Instance Storage (GB) ^ Network ^ Notes ^ | c5 | c5.2xlarge | 16 | 8 | EBS Only | Up to 10 Gigabit Ethernet | Recommended | Select "Next: Configure Instance Details". #### Step 3: Configure Instance Details Check the following setting: * **Auto-assign Public IP** - set to **Enable** Select "Next: Add Storage". #### Step 4: Add Storage Change the size and Volume Type which will give 3000 IOPS: * **Size (GiB)** - 100 * **Volume Type** - General Purpose SSD (gp3) * **IOPS** - 3000 * **Throughput (MB/s)** - 125 * **Encryption** - Not Encrypted You might wish to change "Delete on Termination" to False to prevent your instance from being accidentally terminated through Amazon EC2. You can also encrypt the root volume here. Select "Next: Add Tags". #### Step 5: Add Tags No changes, select "Next: Configure Security Group" #### Step 6: Configure Security Group Create a new security group for the controller. For example, Security group name: WebStream Controller ^ Type ^ Protocol ^ Port Range ^ Source ^ Description ^ | SSH | TCP | 22 | Anywhere 0.0.0.0/0, ::/0 | SSH access for initial network configuration | | Custom TCP Rule | TCP | 8081 |Anywhere 0.0.0.0/0, ::/0 | User interface for administration | | Custom UDP Rule | UDP | 8445 | Anywhere 0.0.0.0/0, ::/0 | IPv4, IPv6 public endpoint for WebStream | Select "Review and Launch". #### Step 7: Review Instance Launch Select [Launch] to bring up the dialog to choose or create a public/private key pair that will allow you to SSH into the instance. {{ ::aws-gettingstarted:aws-keypair.png?nolink&600 |}} Select **Launch Instances**. ## Continue Configuration To continue configuration see [[/webstream/gettingstarted#configure_public_endpoint|Configure Public Endpoint]].