Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision
Previous revision
aws-gettingstarted [2020_05_21 14:31] stevenaws-gettingstarted [2024_03_19 22:06] (current) – [Why AWS (Amazon Web Services)?] steven
Line 1: Line 1:
 # Getting Started with AWS Cloud # Getting Started with AWS Cloud
  
 +**Last Updated: March 23, 2023**
 +
 +{{ :aws-gettingstarted:asset_logo_amazon-web-service.png?nolink&240 |nobox}}
 ## Why AWS (Amazon Web Services)? ## Why AWS (Amazon Web Services)?
  
-AWS customers are using the File Fabric to take advantage of the high durability, scalability and low cost of Amazon S3Customers are able to securely extend access to end users and existing file-based applicationssignificantly reducing migration costs to the cloud+AWS customers are using Nasuni Access Anywhere to take advantage of the high durability, scalability and low cost of AWS Cloud Services. 
 + 
 +## Overview 
 + 
 +This Getting Started with AWS guide provides step-by-step instructions for 
 +deploying your own Access Anywhere Server on the AWS Cloud. 
 + 
 +Applies to: Version 2301.0 
 + 
 +### Features 
 + 
 +The server indexes and allows interacting with your storage as a single global file system. You can add multiple Nasuni Filers. The content of your data is not copied. 
 + 
 +Features include: 
 + 
 + * Search across storage by name, metadata, and keyword (content search) 
 + * Remote and at-home users can access from the desktop apps or the web 
 + * Data access/stored in native format - no vendor lock-in 
 + * Add security to object storage with SSOACLs, and 2FA. 
 + * Comprehensive audit trail 
 + 
 +### Costs 
 + 
 +You are responsible for the cost of the AWS services used by deploying this solution. This includes the compute instances and other AWS services to which the platform is deployed and any ingress, egress, and storage fees for metadata and data accessed through the platform. 
 + 
 +This is an AWS pricing model based on a single node deployment with 1 TB of storage.
  
-For more information on See [[https://storagemadeeasy.com/objectstorage/|The Enterprise File Fabric™ — The Killer Solution for Object Storage !]]+^ Service ^  Monthly^  First Year^ Configuration summary ^ 
 +| Amazon EC2 |  ~$245.00|  ~2940.00| Operating system (Linux), Quantity (1), Pricing strategy (EC2 Instance Savings Plans 1 Year No Upfront), Disk (150 GB), Instance type (c6i.2xlarge) | 
 +| S3 Standard |   24.09|  289.08| S3 Standard storage (1 TB per month) | 
 +| Data Transfer |   8.91|  106.92 | DT InboundNot selected (100 GB per month), DT Outbound: Internet (100 GB per month) | 
 +| Amazon Elastic IP|  0.00 0.00| Number of EC2 instances (1), Number of EIPs per instance (1), Number of EIP remaps (0) | 
 +^ TOTAL ^  121.33 ^  1455.96 ^ USD ^
  
 ## Architecture ## Architecture
Line 11: Line 44:
 ### Single VM Deployment ### Single VM Deployment
  
-For evaluation and smaller production environments the Enterprise File Fabric™ solution is typically deployed as a single virtual machine. The virtual machine includes an embedded database and search index.+For most AWS Cloud installations the solution is deployed as a single virtual machine or instance. The virtual machine includes all application and database services needed and can be launched directly from the AWS Marketplace
  
-A single virtual machine can be launched directly from the AWS Marketplace+{{ :aws-gettingstarted:awscloud-filefabric-ec2.png?600 |}}
  
 ### Multiple VM Deployment ### Multiple VM Deployment
  
-The Enterprise File Fabric solution may also be deployed for High Availability with multiple virtual machines and a separate database.+{{ :aws-gettingstarted:awscloud-filefabric-ha.png?600 |}}
  
-Please contact us for more information on setting up HA deployments on the AWS Cloud.+The solution may also be deployed in a multi-AZ environment with multiple virtual machines and external databases. 
 + 
 +Please contact support for more information on setting up multi-node deployments on the AWS Cloud.
  
 For production deployments see also [[sizingguide]]. For production deployments see also [[sizingguide]].
  
-### Requirements+### AWS Components
  
-You will need the following information before you can complete setup on the AWS:+The platform uses the following AWS services:
  
- domain name (recommended+ [[https://docs.aws.amazon.com/ec2|Amazon EC2]] – The Amazon Elastic Compute Cloud (Amazon EC2) service enables virtual machine instances to be launched with a variety of operating systems. The server is available as a virtual machine image. 
- License key (required) - A trial key can be requested from https://www.storagemadeeasy.com/appform/. + 
- * Outbound mail relay information(recommended)+ * [[https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/elastic-ip-addresses-eip.html|Elastic IP Address]] - An Elastic IP address is a public IPv4 address, reservable through AWS. It can be mapped dynamically to an instance, allowing instances to be changed without affecting their public address. They also allow mapping to a DNS record for your domain.  
 + 
 + * [[https://docs.aws.amazon.com/ses/|Amazon Simple Email Service (Amazon SES)]] - Amazon SES is an email service that may be used by the solution for sharing links with other users and receiving notifications. 
 + 
 +The solution may also use the following AWS storage services: 
 + 
 + [[https://aws.amazon.com/s3|Amazon S3]] - Amazon Simple Storage Service (Amazon S3is an object storage service that offers industry-leading scalability, data availability, security, and performance. 
 + 
 + 
 +## Deployment 
 + 
 +This guide walks through deploying the Access Anywhere Server to your environment as a single-instance software appliance. An instance will be launched directly from the AWS Marketplace. You'll have the ability to choose the target region and size the instance for your requirements.  After the appliance is started you'll set up the network, and then with the creation of an Organization, you will add storage and users. 
 + 
 +### Skills Required 
 + 
 +This guide is for IT infrastructure architects and DevOps professionals who are deploying the solution on AWS. 
 + 
 +To follow this guide a user should have some familiarity with the AWS Console and with a Linux shell. They may require support from a network administrator to create a DNS record, and from an IT administrator if a corporate SSL certificate is required. 
 + 
 +### Time Required 
 + 
 +Following this guide, the Access Anywhere Server platform can be deployed in under an hour. 
 + 
 +### Prerequisites 
 + 
 +You will need the following information before you can complete the setup: 
 + 
 + * An AWS Account. If you don’t already have an AWS account, create one at https://aws.amazon.com/getting-startedby following the on-screen instructions.  
 + * A domain name (recommended). 
 + * A Nasuni Account with access to a Nasuni Access Anywhere Serial Number
 + * Outbound mail relay information (recommended).
  * Default storage system connectivity details - for example, Amazon S3 (required)  * Default storage system connectivity details - for example, Amazon S3 (required)
- * An Active Directory service account if you are connecting to AD (optional)+ * An Active Directory service account if you are connecting to AD (optional).
  
 +## Security
  
-## Launch from AWS Marketplace+As with all systems you deploy to the AWS Cloud security responsibilities are shared between you and AWS. AWS is responsible for the host operating system and virtualization layer down to the physical security of the facilities in which the services operate. You assume responsibility for the security of the appliance through configuration and management of specific AWS Cloud services and of the appliance itself. Through the appliance, you can delegate specific application and data security responsibilities to designated users and roles.
  
-From the [[https://aws.amazon.com/marketplace/pp/B088M9KK9V|AWS Marketplace page]] select "Continue to Subscribe".+For more information about security on AWS, visit the [[http://aws.amazon.com/security/|AWS Security Center]]. For more information about security see [[security]]. 
 + 
 +### AWS Identity and Access Management  
 + 
 +Following the security principle of least privilege, we recommend that you use two "IAM user" accounts, one with access to EC2 services, and a second with access to Amazon S3 services. They should not be [[https://docs.aws.amazon.com/IAM/latest/UserGuide/id_root-user.html|root users]]. You may also create these users in separate AWS Accounts. 
 + 
 +You should assign permissions through groups and assign them to users as needed. For example: 
 + 
 + * SME-Admin - The ability to create Amazon EC2 services through the AWS Console.  
 + * SME-Storage - The ability to access Amazon S3 storage (optional)  
 + 
 +#### SME-Admin 
 + 
 +For deploying to EC2 we recommend the following policies: 
 + 
 + * AmazonEC2FullAccess 
 + * SupportUser 
 + 
 +#### SME-Storage 
 + 
 +The doc page on adding Amazon S3 provides instructions for obtaining access credentials and using a custom policy to limit access to what is needed. Public access is not required. See [[:cloudproviders/amazons3]] 
 + 
 +### Operating System Security 
 + 
 +The application does not use root or other administrative uses to run internal components. An end-user cannot log in as root – they can use sudo from the user smeconfiguser. A user can log into the smeconfiguser account only by using the SSH key specified during the deployment process. AWS doesn't store these SSH keys, so if you lose your SSH key, you can lose access to these instances. 
 + 
 +The appliance can be updated with respect to security patches outside of our regular release cycle with the following command: 
 + 
 +    yum install yum-plugin-security # If automating you can add the "-y" option 
 + 
 +We will announce high-severity security patches when they are available through a security alert (email). This includes security patches to third-party components we may be using and other remediations. 
 + 
 +### Customer Sensitive Data 
 + 
 +The platform provides a number of preventative and detective mechanisms to protect customer data.  For more information see [[security]]. 
 + 
 +### Data Encryption 
 + 
 +The solution encrypts data in motion and provides a number of options for encrypting data at rest in addition to that provided by the storage service.  
 + 
 + * Amazon S3 server-side encryption can be enabled 
 + * Folder encryption, where data is sent encrypted to the storage 
 + * Personal encryption where data is encrypted by the client before sending to the platform.  
 + 
 +For more information see [[security]]. 
 + 
 +### Security Groups  
 + 
 +A security group acts as a firewall that controls the traffic for one or more instances. When you launch an instance, you associate a security group with the instance. You add rules to the security group that allow traffic to or from the appliance. You can modify the rules for a security group at any time. 
 + 
 +## Launch 
 + 
 +### Launch from AWS Marketplace 
 + 
 +From the [[https://aws.amazon.com/marketplace/pp/prodview-ke4huirvq5pfc|AWS Marketplace page]] select "Continue to Subscribe".
  
 {{ :aws-gettingstarted:continue-to-subscribe.png?nolink&200 |}} {{ :aws-gettingstarted:continue-to-subscribe.png?nolink&200 |}}
Line 49: Line 169:
  
 This page allows you to launch the instance directly from this webpage, or through the EC2 launch instance wizard. This page allows you to launch the instance directly from this webpage, or through the EC2 launch instance wizard.
 +
 +#### Launch this software
  
 {{ :aws-gettingstarted:review-config-details.png?nolink&600 |}} {{ :aws-gettingstarted:review-config-details.png?nolink&600 |}}
 +
 +#### Choose Action
  
 Leave the setting as **Launch from Website** (Recommended). Instructions for launching from EC2 instead are provided in the section [[#launch_through_ec2|Launch Through EC2]]. Leave the setting as **Launch from Website** (Recommended). Instructions for launching from EC2 instead are provided in the section [[#launch_through_ec2|Launch Through EC2]].
Line 56: Line 180:
 {{ :aws-gettingstarted:choose-action-launch-from-website.png?nolink&600 |}} {{ :aws-gettingstarted:choose-action-launch-from-website.png?nolink&600 |}}
  
 +#### EC2 Instance Type
  
-## Launch from Website (Recommended)+Review settings.
  
-Review defaults:+Default is **c6i.2xlarge**:
  
-{{ :aws-gettingstarted:ec2-vpc-subset-settings.png?nolink&600 |}}+ * **Memory**16 GiB 
 + * **CPU**8 virtual cores 
 + * **Storage**: EBS Only 
 + * **Network Performance**: 12.5Gbps
  
-### Security Group Settings+#### VPC Settings 
 + 
 +Select a VPC. 
 + 
 +#### Subnet Settings 
 + 
 +Choose a public subnet. 
 + 
 +#### Security Group Settings
  
 Select "Create New Based on Seller Settings". Select "Create New Based on Seller Settings".
 +
 +#### Create new based on seller settings
  
 {{ :aws-gettingstarted:security-group.png?nolink&600 |}} {{ :aws-gettingstarted:security-group.png?nolink&600 |}}
  
-### Create New Security Group+#### Create New Security Group
  
-Add a name and description.+Add a name and description such as "Access Anywhere".
  
 Do NOT change the Source (IP or Group) to "My IP" as this setting incorrectly assigns an internal AWS IP address. Do NOT change the Source (IP or Group) to "My IP" as this setting incorrectly assigns an internal AWS IP address.
Line 79: Line 217:
 {{ :aws-gettingstarted:new-security-group-settings.png?nolink&600 |}} {{ :aws-gettingstarted:new-security-group-settings.png?nolink&600 |}}
  
-### Key Pair+#### Key Pair
  
-Amazon EC2 uses SSH-2 RSA keys for SSH which is required to complete configuration. A public/private key pair can be assigned or created.+Amazon EC2 uses SSH-2 RSA keys for SSH which is required to complete the configuration. A public/private key pair can be assigned or created.
  
 Choose an existing Key Pair or create a new one. Choose an existing Key Pair or create a new one.
Line 87: Line 225:
 {{ :aws-gettingstarted:key-pair.png?nolink&600 |}} {{ :aws-gettingstarted:key-pair.png?nolink&600 |}}
  
-### Launch+#### Launch
  
 Select the "Launch" button to deploy. Select the "Launch" button to deploy.
Line 95: Line 233:
 Select EC2 Console to see the instance running in the region you selected. Select EC2 Console to see the instance running in the region you selected.
  
-Add a Name by clicking in the empty Name box and entering "Enterprise File Fabric".+Add a Name by clicking in the empty Name box and entering "Nasuni Access Anywhere".
  
-Jump to the next step [[#add_static_ip_address|Add Static IP Address]].+Jump to the next step [[#configure_public_endpoint|Configure Public Endpoint]].
  
-## Launch through EC2+### Launch through EC2
  
 If you did not "Launch from the website", follow these steps to launch the instance. If you did not "Launch from the website", follow these steps to launch the instance.
  
-### Step 1. Choose an Amazon Machine Image (AMI)+#### Step 1. Choose an Amazon Machine Image (AMI)
  
-1. From the AWS Marketplace click  [[https://aws.amazon.com/marketplace/seller-profile?id=e77bcef7-0eda-4bdd-8185-57f817c27cf4|Enterprise File Fabric]].+1. From the AWS Marketplace click  [[https://aws.amazon.com/marketplace/pp/prodview-ke4huirvq5pfc|Nasuni Access Anywhere Server]].
  
 2. Then click **Launch**. 2. Then click **Launch**.
  
-### Step 2: Choose an Instance Type+#### Step 2: Choose an Instance Type
  
 Minimum recommended settings are: Minimum recommended settings are:
  
- vCPUs+ vCPUs
  * 16 GiB memory  * 16 GiB memory
- 150 GB Storage (SSD)+ 200 GB Storage
  
 For example,  For example, 
  
-^ Type        ^ vCPUs ^ Memory (GiB) ^ Instance Storage (GB) ^ Description +^ Type      ^ vCPUs ^ Memory (GiB) ^ Instance Storage (GB) ^ Network ^ Notes 
-m5ad.xlarge     | 16           1 x 150 (SSD) Minimum recommended |+c6i.2xlarge     | 16           EBS Only            | Up to 12.5 Gigabit Ethernet Recommended |
  
  
-### Step 3: Configure Instance Details+#### Step 3: Configure Instance Details
  
 Check the following setting: Check the following setting:
Line 130: Line 268:
  
  
-### Step 4: Add Storage+#### Step 4: Add Storage
  
 Accept the defaults, for example: Accept the defaults, for example:
  
 ^ Volume Type ^ Device ^ Snapshot ^ Size (GbB) ^ Volume Type ^ Delete on Termination ^  ^ Volume Type ^ Device ^ Snapshot ^ Size (GbB) ^ Volume Type ^ Delete on Termination ^ 
-| Root | /dev/sda1 | snap-05dd6ab8b681d39e7 100 | [General Purpose SSD (gp2] | Yes +| Root | /dev/sda1 | snap-xxx 200 | [General Purpose SSD (gp2] | Yes |
-| ephemeral0 | /dev/nvme0n1 | N/A | 150 | NVMe SSD | N/A |+
  
 You might wish to change "Delete on Termination" to False to prevent your instance from being accidentally terminated through Amazon EC2. You might wish to change "Delete on Termination" to False to prevent your instance from being accidentally terminated through Amazon EC2.
  
-### Step 5: Add Tags+You can also encrypt the root volume here. 
 + 
 +#### Step 5: Add Tags
  
 No changes, select Next: Configure Security Group No changes, select Next: Configure Security Group
  
-### Step 6: Configure Security Group+#### Step 6: Configure Security Group
  
-Create a new security group for the "File Fabric" with three settings:+Create a new security group for "Access Anywhere" with four settings:
  
 ^ Type ^ Protocol ^ Port Range ^ Source ^ Description ^ ^ Type ^ Protocol ^ Port Range ^ Source ^ Description ^
Line 152: Line 291:
 | Custom TCP Rule | TCP | 8080 | My IP | Installation website (temporary) | | Custom TCP Rule | TCP | 8080 | My IP | Installation website (temporary) |
 | HTTPS | TCP     | 443         | Anywhere  | Main website |  | HTTPS | TCP     | 443         | Anywhere  | Main website | 
-| HTTP | TCP     | 80           | Anywhere  | Redirects to main website | +| HTTP | TCP     | 80           | Anywhere  | Redirects to the main website | 
  
-If you will be access the File Fabric using FTP/FTPS or SFTP you'll need to add [[https://docs.storagemadeeasy.com/cloudappliance/sftpsetup|additional ports]]. +If you will be accessing the server using FTP/FTPS or SFTP you'll need to add [[cloudappliance/cloudftp-configuration|additional ports]]. 
  
-### Step 7: Review Instance Launch+#### Step 7: Review Instance Launch
  
-Select [Launch] to bring up the dialog to choose or create a public/private key pair. This will allow you to ssh into the instance and complete setup.+Select [Launch] to bring up the dialog to choose or create a public/private key pair that will allow you to SSH into the instance.
  
 {{ ::aws-gettingstarted:aws-keypair.png?nolink&600 |}} {{ ::aws-gettingstarted:aws-keypair.png?nolink&600 |}}
Line 164: Line 303:
 Select **Launch Instances**. Select **Launch Instances**.
  
-### View Instances+#### View Instances
  
-Select **View Instances** and wait a few minutes until the **Status Checks** are complete.+Select **EC2 Console** or **View Instances** and wait a few minutes until the **Status Checks** are complete.
  
-## Setting Up Instance+#### Add Name
  
-### Add Static IP Address+Add a name for your instance such as **Nasuni Access Anywhere**.
  
-To access the instance securely over the internet we'll create a trusted SSL/TLS certificate. We first need a domain name and a static IP address.+## Configuration
  
-To associate a static IP address with the instance from within the [[https://console.aws.amazon.com/|AWS Console]] navigate to [[https://console.aws.amazon.com/ec2/v2/home?region=us-east-1#Addresses:|Elastic IPs]].+### Configure Public Endpoint
  
-Select **Allocate Elastic IP address** and then **Action > Associate Elastic IP address** with the File Fabric instance you just created.+Applications access the server through a public endpoint, a fully qualified domain name that resolves to a public IP address. For single node deployments on AWS Cloud we recommend requesting an AWS Elastic IP Address and associating that with the appliance. You'll also generate a trusted SSL/TLS certificate for that address from the appliance itself.
  
 +### Associate Elastic IP address
 +
 +To add a public IP address with the instance from within the [[https://console.aws.amazon.com/|AWS Console]] navigate to [[https://console.aws.amazon.com/ec2/v2/home#Addresses:|Elastic IPs]]. You should be in the same region as the instance you deployed.
 +
 +Select **Allocate Elastic IP address** and **Allocate** to reserve the IP Address.
 +
 +Then choose **Actions > Associate Elastic IP address** to hook it to the instance you just created. Choose **Associate** to complete.
  
 ### SSH Access ### SSH Access
  
-The instance can now be accessed at this IP address using a standalone SSH client. The username is **smeconfiguser**. For example:+The instance can now be accessed at this IP address using a standalone SSH client and the Key Pair you assigned. The username is **smeconfiguser**. For example:
  
-    ssh -i "FileFabric.pem" smeconfiguser@34.194.216.200+    ssh -i "AccessAnywhere.pem" smeconfiguser@34.194.216.200
          
 +(If the command freezes check your Security Group allows SSH access (port 22) for your IP address.)
 +
 Check that you can become root. Check that you can become root.
  
-    sudo bash+    sudo su -
          
-This will be required to complete configuration.+This will be required to complete the configuration.
  
-More information on connecting via SSH can be found from the AWS Console. Select the instance in the Instances view and click **Connect**.+More information on connecting via SSH can be found in the AWS Console. Select the instance in the Instances view and click **Connect**.
  
  
Line 204: Line 352:
 If you do NOT wish to use SSL for the trial you can disable it. If you do NOT wish to use SSL for the trial you can disable it.
  
- 1. Log in as the Appliance Administrator as per the the instructions below.+ 1. Log in as the Appliance Administrator as per the instructions below.
  2. Navigate to Settings > Site Functionality  2. Navigate to Settings > Site Functionality
  3. Set Always use HTTPS to No.  3. Set Always use HTTPS to No.
- 4. Set Generate secure server side links to No.+ 4. Set Generate secure server-side links to No.
  5. Select *Update options* at the bottom of the page.  5. Select *Update options* at the bottom of the page.
  
Line 216: Line 364:
    * **files**.example.com - Domain name (service endpoint and website)    * **files**.example.com - Domain name (service endpoint and website)
    * **files-webdav**.example.com - used for WebDAV service    * **files-webdav**.example.com - used for WebDAV service
-   * **files-s3**.example.com - used for S3 service 
  
 Add DNS type A records that point these domain names to the appliance IP Address. For example, Add DNS type A records that point these domain names to the appliance IP Address. For example,
Line 223: Line 370:
 | A    | files        | 35.188.82.62| | A    | files        | 35.188.82.62|
 | A    | files-webdav | 35.188.82.62| | A    | files-webdav | 35.188.82.62|
-| A    | files-s3     | 35.188.82.62| 
  
-Verify that Public DNS records are setup correctly:+Verify that Public DNS records are set up correctly:
  
     curl -L -k http://files.example.com | head     curl -L -k http://files.example.com | head
     curl -L -k http://files-webdav.example.com | head     curl -L -k http://files-webdav.example.com | head
-    curl -L -k http://files-s3.example.com | head 
  
 These commands should resolve the domain name, connect to port 80, get redirected to port 443 and return (part of) the web login page: These commands should resolve the domain name, connect to port 80, get redirected to port 443 and return (part of) the web login page:
  
     <!DOCTYPE html>     <!DOCTYPE html>
-    <html lang="en">+    <html lang="en" class="for-guest">
        
     <head>     <head>
  <!-- title -->  <!-- title -->
- <title>Home | SME Appliance</title>+ <title>Home | Nasuni Access Anywhere Server</title>
   
  <meta content="text/html; charset=utf-8" http-equiv="content-type"/>  <meta content="text/html; charset=utf-8" http-equiv="content-type"/>
Line 246: Line 391:
 ### Change Hostname ### Change Hostname
  
-To update the appliance with the FQDN change to the root user by issuing “sudo bash“ with SSH. As the root user, edit /etc/hostname with nano or vi.+To update the appliance with the FQDN change to the root user by issuing “sudo su -“ with SSH.
  
-Change the AWS instance name to your FQDN.+Change the hostname to your FQDN by editing /etc/hostnameFor example,
  
-    files.example.com+    echo "files.example.com" > /etc/hostname
  
  
-### Start SME Config Server+### Start NAA Config Server
  
-Leave root privilege: +If you are logged in as root leave root privilege: 
  
     [root@ip-10-0-0-192 smeconfiguser]# exit     [root@ip-10-0-0-192 smeconfiguser]# exit
Line 268: Line 413:
  
     http://<your_ip>:8080     http://<your_ip>:8080
- 
  
 ### Configure Hostname Settings ### Configure Hostname Settings
  
-Here you only need to configure the three domain names. Click "Configuration" and then "SME Server Hostname Settings".+Here you only need to configure the three domain names. Click "Hostname Settings".
  
 {{ :aws-gettingstarted:server-hostname-settings.png?nolink&600 |}} {{ :aws-gettingstarted:server-hostname-settings.png?nolink&600 |}}
Line 278: Line 422:
 After Saving go to the "Overview" page and scroll down to the bottom to "Apply". No other changes are required for the appliance on AWS. After Saving go to the "Overview" page and scroll down to the bottom to "Apply". No other changes are required for the appliance on AWS.
  
-Follow the prompts on the page to reboot the applianceIf you are not doing this immediately stop the Config Server by typing Control-C in the terminal window. +You must now reboot the serverStop the Config Server by typing Control-C in the terminal window.
- +
-### Create SSL Certificates +
- +
-This section creates and configures SSL certificates from Let's Encrypt. If you are using your own certificates (or a different service) you can use the smeconfigserver service above to add certificates. +
- +
-Log back into the rebooted appliance: +
- +
-   ssh -i "FileFabric.pem" smeconfiguser@34.194.216.200 +
- +
-Elevate to the root user (no password required). +
- +
-    sudo bash +
- +
-Note: The appliance will be inaccessible during the request which may be up to a minute. +
- +
-Run the following command: +
- +
-    certbot --no-redirect --authenticator standalone --installer apache --pre-hook "systemctl stop httpd" --post-hook "systemctl start httpd"  +
- +
-This command will prompt for an email address.  It’s important to give this information so that an admin can be notified in the future if there are issues automatically renewing the certificate. +
- +
-Please also agree to the Terms of Service. It is not necessary to share the provided email with the Electronic Frontier Foundation. +
- +
-Certbot will automatically detect what FQDNs are setup for the Enterprise File Fabric and prompt for which should be included in the certificate. +
- +
-    Which names would you like to activate HTTPS for? +
-    - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - +
-    1: files.example.com +
-    2: files-s3.example.com +
-    3: files-webdav.example.com +
-    - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - +
-    Select the appropriate numbers separated by commas and/or spaces, or leave input  +
-    blank to select all options shown (Enter 'c' to cancel): +
- +
-After successful completion, the Enterprise File Fabric will automatically start using the new certificates.  These certificates will last for 90 days, so the final step is to setup automated renewal. +
- +
-####  Automatically Certificate Renewal+
  
-A Let’s Encrypt certificate is valid for 90 days, and can be automatically renewed within 30 days of expiration.  A simple cron job will run daily and handle renewals.+Change to root and reboot the server.
  
-Please Note:  The File Fabric will be inaccessible during the renewal.  Please ensure that the renewal time is during off hours.  Downtime will only occur every 60 days when a renewal is required and may last up to one minute.+    $ sudo su - 
 +    # reboot 
  
-While still logged in as root run the following command to add a cron job. 
  
-    crontab -e+### SSL Certificates
  
-In the example below the renewal attempt will process at 2:30AM in the timezone of the Enterprise File Fabric.  The Enterprise File Fabric ships by default with the timezone set to UTC time.  Please adjust this timezone as necessary.+The appliance includes an untrusted SSL certificate.
  
-    30 2 * * * /bin/certbot renew >> /var/log/letsencrypt/le-renew.log+To create a trusted SSL/TLS certificate associated with your domain see [[:cloudappliance/ssl_certificates]].
  
-This will create a crontab entry for a cron job that will handle the renewals and write its output to a log file.+## Configure Appliance
  
-Use https://www.ssllabs.com/ to test the installation. +Open a browser to the domain name you assigned, for example:
- +
-## Appliance Administrator +
- +
-Open a browser to the the domain name you assigned:+
  
    https://files.example.com       https://files.example.com   
Line 345: Line 448:
 You'll see the following login page: You'll see the following login page:
  
-{{ ::appladmin-login.png?nolink&300 |}}+{{ :aws-gettingstarted:appladmin-login.png?nolink&300 |}}
  
 Log into the appliance as appladmin with a password generated from the AWS instance ID: Log into the appliance as appladmin with a password generated from the AWS instance ID:
Line 352: Line 455:
    Password: eff-<Instance ID>    Password: eff-<Instance ID>
  
-### License Key+### License Activation
  
-Configure your license key under **Settings > License Key**.+Register your site key under **Settings > Account Status & License Key**.
  
-A trial key can be requested from https://www.storagemadeeasy.com/appform/.+For more information see [[:cloudappliance:applying-license]].
  
 ### Change Admin Password (Optional) ### Change Admin Password (Optional)
Line 366: Line 469:
 An SMTP server is used by the appliance to send registration and notification emails to users. It can be configured under **Settings > Email & Filebox**. An SMTP server is used by the appliance to send registration and notification emails to users. It can be configured under **Settings > Email & Filebox**.
  
-If you do not configure an email server remember not to use email notification when adding users+If you do not configure an email server remember not to use email notifications when adding users.
- +
-#### Using AWS Simple Email Service +
- +
-Below is what the screen looks like for an SMTP setup using the AWS Simple Email Service (SES).+
  
-{{ ::smtp-config-aws-ses.png?nolink&800 |}}+To configure an email server see [[:cloudappliance/smtp_configuration]].
  
-The “Notification Email” address will receive emails from the system warning of license expiration etc. You should enter your email here. 
  
 ### Change Appliance Admin Email ### Change Appliance Admin Email
Line 388: Line 486:
 The "Notification Email" setting is on the "SMTP and Filebox Configuration" page that can be found via the menu "Email and Filebox". The "Notification Email" setting is on the "SMTP and Filebox Configuration" page that can be found via the menu "Email and Filebox".
  
-## Create an Organization+## Systems Monitoring
  
-An //organization// is a tenant within the appliance and is created by the Appliance Administrator.+For information on general systems monitoring see [[:cloudappliance/monitoring]].
  
-### Review User Package (Optional)+### Server Notifications
  
-The File Fabric platform uses templates for organizations, in order for us to create our organization, we need to pick template, before we do, let’s review.+Configure [[:cloudappliance/servernotifications]] to be emailed short report on the server status each day.
  
-Login as the Appliance Administrator.+### Amazon CloudWatch Alarms
  
-Click “User Packages” and then click the pencil to modify “Organisation Cloud 20 Users” This is a good template to start fromScroll down to the “Extra options” section and add “Content Search Enabled” and DropfoldersUse “Crtl-Click" to add to the selection.+Use the [[https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/monitoring-system-instance-status-check.html#types-of-instance-status-checks}|EC2 Status Checks]] to monitor CPU usage, the primary metric to monitor resource utilization.
  
-### Create Organization+Installing the [[https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/Install-CloudWatch-Agent.html|CloudWatch agent]] will allow you to other key metrics through CloudWatch as well. Follow the installation instructions for CentOS via the command line and run "yum install collected" before you begin. 
  
-Login as the Appliance Administrator.+This is a CloudWatch agent configuration file: /opt/aws/amazon-cloudwatch-agent/bin/config.json 
  
-In the hamburger menuselect “Users” and then "Add a User".+    { 
 +        "agent":
 +            "metrics_collection_interval": 60, 
 +            "run_as_user": "cwagent" 
 +        }, 
 +        "logs":
 +            "logs_collected":
 +                "files":
 +                    "collect_list":
 +                        { 
 +                            "file_path": "/var/www/smestorage/sitelogs/logits.txt", 
 +                            "log_group_name": "logits.txt", 
 +                            "log_stream_name": "{instance_id}" 
 +                        } 
 +                    ] 
 +                } 
 +            } 
 +        }, 
 +        "metrics":
 +            "append_dimensions":
 +                "AutoScalingGroupName": "${aws:AutoScalingGroupName}", 
 +                "ImageId": "${aws:ImageId}", 
 +                "InstanceId": "${aws:InstanceId}", 
 +                "InstanceType": "${aws:InstanceType}" 
 +            }, 
 +            "metrics_collected":
 +                "collectd":
 +                    "metrics_aggregation_interval": 60 
 +                }, 
 +                "cpu":
 +                    "measurement":
 +                        "cpu_usage_idle", 
 +                        "cpu_usage_iowait", 
 +                        "cpu_usage_user", 
 +                        "cpu_usage_system" 
 +                    ], 
 +                    "metrics_collection_interval": 60, 
 +                    "totalcpu": false 
 +                }, 
 +                "disk":
 +                    "measurement":
 +                        "used_percent", 
 +                        "inodes_free" 
 +                    ], 
 +                    "metrics_collection_interval": 60, 
 +                    "resources":
 +                        "*" 
 +                    ] 
 +                }, 
 +                "diskio":
 +                    "measurement":
 +                        "io_time", 
 +                        "write_bytes", 
 +                        "read_bytes", 
 +                        "writes", 
 +                        "reads" 
 +                    ], 
 +                    "metrics_collection_interval": 60, 
 +                    "resources":
 +                        "*" 
 +                    ] 
 +                }, 
 +                "mem":
 +                    "measurement":
 +                        "mem_used_percent" 
 +                    ], 
 +                    "metrics_collection_interval": 60 
 +                }, 
 +                "netstat":
 +                    "measurement":
 +                        "tcp_established", 
 +                        "tcp_time_wait" 
 +                    ], 
 +                    "metrics_collection_interval": 60 
 +                }, 
 +                "processes":
 +                    "measurement":
 +                        "blocked", 
 +                        "running", 
 +                        "total", 
 +                        "dead" 
 +                    ] 
 +                }, 
 +                "statsd":
 +                    "metrics_aggregation_interval": 60, 
 +                    "metrics_collection_interval": 10, 
 +                    "service_address": ":8125" 
 +                }, 
 +                "swap":
 +                    "measurement":
 +                        "swap_used_percent" 
 +                    ], 
 +                    "metrics_collection_interval": 60 
 +                } 
 +            } 
 +        } 
 +    }
  
-On the Add a User screen create your Organization admin user. (This will also be your organization.)  
  
- 1. User Login: The Organization short name and superuser's username. We recommend the domain name of your company such as "smestorage.com". 
- 1. E-mail: Email address of organizational admin, must be unique to the system, do not use your own. 
- 1. Password:  
- 1. Name (Company Name): Full organization name. 
- 1. Package: The user package template from earlier. 
- 1. We do not need to split the license between organizations, leave the last field empty. 
  
-Click Save. 
  
-{{ :cloudappliance:applinstallv1901:image014.png?nolink&400 |}}+## Post Installation
  
-## Setting Up an Organization+For further customizing and securing the appliance see [[cloudappliance/postinstallation]]. 
 + 
 +## Creating Users 
 + 
 +To add users you will first [[cloudappliance/organization|Create an Organization]] and then Add Storage. 
 + 
 +## Setting Up Storage
  
 Log out from the Appliance Admin, appladmin user, and log back in as the user you just created. Log out from the Appliance Admin, appladmin user, and log back in as the user you just created.
Line 427: Line 619:
 Select your provider and follow the instructions on the next couple of screens. See the next section for information on setting up Amazon S3 storage. Select your provider and follow the instructions on the next couple of screens. See the next section for information on setting up Amazon S3 storage.
  
-## Cloud Storage Provider+## Setting Up Amazon S3 Storage
  
 After logging into the organization you will be prompted to register your cloud storage provider. Choose the provider (for example, Amazon S3) and click Continue to proceed. After logging into the organization you will be prompted to register your cloud storage provider. Choose the provider (for example, Amazon S3) and click Continue to proceed.
Line 441: Line 633:
 The credentials are validated and a list of buckets in the account are returned. Select the buckets you wish to be indexed. We recommend not using buckets with existing production data for the initial trial. The credentials are validated and a list of buckets in the account are returned. Select the buckets you wish to be indexed. We recommend not using buckets with existing production data for the initial trial.
  
-Select and create a new bucket for default data (at the bottom) before selecting Continue. You are then ready to add users!+Select and create a new bucket for default data (at the bottom) before selecting Continue. You are then ready to [[:cloudappliance/organization#adding_users|add users]]! 
 + 
 +## Appliance Backup 
 + 
 +Single-node appliances can be easily backed up as EC2 Snapshots. 
 + 
 +For general information on appliance and database backup strategies see [[:cloudappliance/backupbp]]. 
 + 
 +### Creating a Backup 
 + 
 +To create an appliance backup on demand navigate to the [[https://console.aws.amazon.com/backup/home|AWS Backup dashboard]].  
 + 
 +Choose **Create an on-demand backup** and follow the prompts to back up the **EC2 Resource** you just created. 
 + 
 +Select **Create on-demand backup**. A backup of a 150 GB instance should take less than 10 minutes. 
 + 
 +{{:aws-gettingstarted:create-ondemand-backup.png?600|}} 
 + 
 +### Automating Backups 
 + 
 +Backups can be automated through the [[https://aws.amazon.com/backup|AWS Backup]] service. 
 + 
 +From the [[https://console.aws.amazon.com/backup/home|AWS Backup dashboard]] in your region choose **Create a Backup plan** to bring up the **Start options**. 
 + 
 +Select **Start with a template** and choose an appropriate template. For example **Daily-Yearly-1yr-Retention**. Enter a plan name and select **Create plan**. 
 + 
 +{{:aws-gettingstarted:create-backup-plan.png?600|}} 
 + 
 + 
 +Once the backup plan is created, navigate to it and select **Assign Resources**.  
 + 
 +Enter a name, choose **Assign by Resource ID**, and then select the instance you want to be backed up.  Then choose **Assign Resources**. 
 + 
 +{{:aws-gettingstarted:assign-resource-to-backup-plan.png?600|}} 
 + 
 + 
 +For offsite backups select a Backup Rule and choose a region for **Copy to destination**: 
 + 
 +{{:aws-gettingstarted:copy-to-destination.png?600|}} 
 + 
 + 
 + 
 +### Restore Backup 
 + 
 +On instance or service failure, the backup is used to restore the appliance to a new instance. 
 + 
 +Navigate to the [[https://console.aws.amazon.com/backup/home|AWS Backup dashboard]] and select **Restore Backup**. 
 + 
 +Choose the "Protected Resource" to be covered. This will then show backups that are available and when they were created. 
 + 
 +Choose a backup and select **Restore**. 
 + 
 +You will be prompted for an instance type and network settings but you can leave the defaults as-is. They are the settings of the instance at the time it was backed up. 
 + 
 +{{:aws-gettingstarted:create_image_from_snapshot.png?600|}} 
 + 
 +Once the backup has been restored log into the new external IP address to verify the instance has completed startup.  Assign the Elastic IP Address to the recovered instance. 
 + 
 +Users can start using the recovered instance immediately. 
 + 
 +Next, update the backup plan to back up this new instance going forward. 
 + 
 +{{:aws-gettingstarted:assign-resource-to-backup-plan.png?600|}} 
 + 
 +You can then recover any missed storage metadata by running a resync on each provider. Log in as an administrator to the web app and select **Dashboard**.  Select the sync icon as shown to start a resync. 
 + 
 +{{:aws-gettingstarted:dashboard-resync-provider.png?600|}} 
 + 
 + 
 +## Routine Maintenance 
 + 
 +### Rotating Credentials 
 + 
 +To rotate Amazon S3 storage keys see [[:cloudproviders/amazons3#changing_access_keys|Amazon S3 Provider]]. 
 + 
 +### Upgrades 
 + 
 +Upgrades for instances running on the AWS Cloud are delivered through RPM packages via our curated repository. Always follow the upgrade documentation as sometimes additional steps post-upgrade are required. 
 + 
 +You will be notified through your designated support contact when new versions of the software or security patches for third-party components are available. 
 + 
 +## Licenses 
 + 
 +Licenses are provided upon renewal. To apply licenses see [[:cloudappliance/applying-license]]. 
 + 
 +## Support 
 + 
 +Contact Nasuni Support through email at support@nasuni.com or through the Support Portal.
  
- +### Troubleshooting
  
 +See also:
  
-# Use Cases+ * [[:cloudappliance/appliance-troubleshooting]] 
 + * [[:cloudappliance/database-troubleshooting]]
  
-Once this is complete you can: 
-  * [[organisationcloud/usermanagement|Add users]] 
-  * [[filesharing|Share files]] 
-  * ... 
  
-For more information see [[index|]]