Edge Extend Agent for AWS

This guide covers the network configuration of the Edge Extend Agent running on the AWS Cloud in your AWS Account. Once network configuration is complete return to Edge Extend Server to continue setup.

For general documentation see Edge Extend

Architecture

Virtual Machine

Each Edge Extend agent is deployed to the AWS as a single virtual machine or instance. Agents connect to a single Edge Extend server, deployed on another region or cloud, through a public endpoint. They will connect using a UDP protocol through port 8445.

AWS architecture diagram showing an Edge Extend server and Edge Extend agents.

Deployment

This guide walks through deploying an Edge Extend agent to your environment. An instance will be launched directly from the AWS Marketplace. Once the instance is running you'll set up the network, and then, after registering the agent with a server, you will complete set up.

Skills Required

This guide is for IT infrastructure architects and DevOps professionals who are deploying an Edge Extend agent on AWS.

To follow this guide a user should have some familiarity with the AWS Console and with a Linux shell.

Time Required

Following this guide, an Edge Extend agent can be deployed in under an hour.

Prerequisites

You will need the following information before you can complete the setup:

Security

As with all systems you deploy to the AWS Cloud security responsibilities are shared between you and AWS. AWS is responsible for the host operating system and virtualization layer down to the physical security of the facilities in which the services operate. You assume responsibility for the security of the appliance through configuration and management of specific AWS Cloud services and of the appliance itself. Through the appliance, you can delegate specific application and data security responsibilities to designated users and roles.

For more information:

AWS Identity and Access Management

The agent needs access to any network storage server for which remote access is required.

It does not access AWS services.

Operating System Security

The appliance does not use root or other administrative uses to run internal components. An end-user cannot log in as root – they can use sudo from the user smbstream. A user can log into the smbstream account only by using the SSH key specified during the deployment process. AWS doesn't store these SSH keys, so if you lose your SSH key, you can lose access to these instances.

We will announce high-severity security patches when they are available through a security alert (email). This includes security patches to third-party components we may be using and other remediations.

Customer Sensitive Data

Edge Extend provides a number of preventative and detective mechanisms to protect customer data. For more information see Edge Extend Security.

Data Encryption

The Access Anywhere encrypts data in motion and provides a number of options for encrypting data at rest in addition to that provided by the storage service.

  • Amazon S3 server-side encryption can be enabled
  • Folder encryption, where data is sent encrypted to the storage
  • Personal encryption where data is encrypted by the client before Access Anywhere.

For more information see Edge Extend Security.

Security Groups

A security group acts as a firewall that controls the traffic for one or more instances. When you launch an instance, you associate a security group with it. You add rules to the security group that allow traffic to or from the instance. You can modify the rules for a security group at any time.

Launch

AWS Marketplace

To launch directly from the marketplace select Edge Extend Agent.

Select “Continue to Subscribe”.

Review terms and select “Continue to Configuration”.

Select your preferred Region and then select “Continue to Launch”

This page allows you to launch the instance directly from this webpage, or through the EC2 launch instance wizard.

Leave the setting as Launch from Website (Recommended). Instructions for launching from EC2 instead are provided in the section Launch Through EC2.

Review Configuration details:

  • EC2 Instance Type: t3.small
    • Memory: 2 GiB
    • CPU: 2 virtual cores
    • Storage: EBS Only
    • Network Performance: Up to 5 Gigabit Ethernet
  • VPC Settings: (default)
  • Subnet Settings: (default)
Security Group Settings

Select “Create New Based on Seller Settings”.

Create New Security Group

Add a name and description.

Do NOT change the Source (IP or Group) to “My IP” as this setting incorrectly assigns an internal AWS IP address.

Select “Save”.

Key Pair

Amazon EC2 uses SSH-2 RSA keys for SSH which is required to complete the configuration. A public/private key pair can be assigned or created.

Choose an existing Key Pair or create a new one.

Launch

Select the “Launch” button to deploy.

Select EC2 Console to see the instance running in the region you selected.

Add a Name by clicking in the empty Name box and entering “Edge Extend Agent”.

Jump to the next step Configuration.

Launch through EC2

If you did not “Launch from the website”, follow these steps to launch the instance.

Step 1. Choose an Amazon Machine Image (AMI)

  1. From the AWS Marketplace click Edge Extend Agent.
  2. Then click Launch.

Step 2: Choose an Instance Type

Minimum recommended settings are:

  • vCPUs - 2
  • Memory - 2 GB
  • Disk - 40 GB (SSD)

This corresponds to a t3.small.

For example,

Family Type vCPUs Memory (GiB) Instance Storage (GB) Network Notes
t3 t3.small 2 2 EBS Only Up to 5 Gigabit Ethernet Recommended

Step 3: Configure Instance Details

Check the following setting:

  • Auto-assign Public IP - set to Enable

Step 4: Add Storage

Accept the defaults, for example:

Volume Type Device Snapshot Size (GbB) Volume Type Delete on Termination
Root /dev/xvda snap-xxx 40 [General Purpose SSD (gp2] Yes

You might wish to change “Delete on Termination” to False to prevent your instance from being accidentally terminated through Amazon EC2.

Step 5: Add Tags

No changes, select Next: Configure Security Group

Step 6: Configure Security Group

Choose the default, a new security group with one rule.

Type Protocol Port Range Source Description
SSH TCP 22 Anywhere 0.0.0.0/0, ::/0 SSH for initial configuration

Step 7: Review Instance Launch

Select [Launch] to bring up the dialog to choose or create a public/private key pair that will allow you to SSH into the instance.

Select Launch Instances.

View Instances

Select View Instances and wait a few minutes until the Status Checks are complete.

Configuration

SSH Access

The instance can now be accessed at this IP address using a standalone SSH client and the Key Pair you assigned. The username is smbstream. For example:

ssh -i "AccessAnywhere.pem" smbstream@34.194.216.200

(If the command freezes check your Security Group allows SSH access (port 22) for your IP address.)

Check that you can become root.

sudo bash

This will be required to complete the configuration.

More information on connecting via SSH can be found in the AWS Console. Select the instance in the Instances view and click Connect.

Next Steps

Once network configuration is complete return to Edge Extend Server to continue agent setup.