Amazon AWS Installation Overview
This section describes how to set up an Amazon AWS Virtual Private Cloud (VPC) in high availability (HA) mode to work with SoftNAS SNAP HA™. Using Elastic IPs is the traditional setup for High Availability EC2 nodes. With SoftNAS Storage Center, use of Elastic IPs are no longer a requirement. Because use of Elastic IPs require a public facing IP, providing a potential security risk, a Virtual IP setup is Buurst's recommendation. Both setups are fully supported by Buurst.
The following is required:
- Create the VPC in AWS.
- Specify the[ IAM User for SoftNAS®
- Configure the routing tables.
- Launch an Instance of SoftNAS® into the VPC.
- Create and Associate the Required Elastic IPs.
- Set up SoftNAS® for HA.
See Amazon Web Services VPC for detailed setup of the VPC, if you have not already done so.
Note: The HA IAM Role is caps sensitive, and must be named SoftNAS_HA_IAM.
Secure Administrative Access in VPC
With Elastic IPs, direct internet access to the SoftNAS instance is possible. However, this is not recommended for obvious security reasons.
There are multiple ways to configure secure administrative access to the SoftNAS SNAP HA™ storage controllers:
- VPN - this is the most secure and recommended best practice for limiting access to the private IPs of each SoftNAS® controller. In this case, use DNS to assign a common name to each controller (e.g., "nas01.localdomain.com", "nas02.localdomain.com"), making routing to each SoftNAS® controller convenient for administrators.
- Admin Desktop - an even more secure approach is to combine VPN access with an Administrator's desktop, typically running Windows and accessed via RDP. This secure admin desktop adds another layer of authentication, namely Active Directory (or local account) authentication. Once an administrator has gained secure, encrypted access to the Admin Desktop, she opens up a web browser to connect to the SoftNAS StorageCenter™ controller.
- Direct Internet Access - the least secure, yet simplest form of providing administrators with access to SoftNAS StorageCenter™ is to assign two additional Elastic IP addresses, one per SoftNAS® controller (see Figure 3 below). Of course, a corresponding security group, locked down to restrict the IP addresses allowed access to the controllers is necessary to properly secure this configuration. While not recommended for production systems, this configuration is most commonly seen during evaluation and for development systems, where full VPC deployment has not yet taken place.
Associating the Required Elastic IPs to the SoftNAS® Instances
If setting up SoftNAS SNAP HA™ with Elastic IPs, three elastic IPs will be required. One IP is associated to each VPC instance, and a third IP is associated to the VIP interface.
Creating the Elastic IPs
Create three Elastic IPs for use with SoftNAS®.
- From the EC2 Services Dashboard, click on Elastic IPs.
- Click on Allocate New Address.
- For EIP used in, select "VPC."
- Click Yes, Allocate.
Repeat the procedure to create three new elastic IPs for the VPC.
Associating the Elastic IPs to the SoftNAS® Instances
To associate the Elastic IPs to the instances, take note of the Interface ID for the SoftNAS® instance. This can then be used to associate an Elastic IP.
- From the EC2 Services Dashboard, click on Instances.
- Select one of the SoftNAS® instances.
- Scroll down to the Network interfaces settings.
- Click on "eth0" and take note of the Interface ID.
- Click on Elastic IPs.
- Select the Elastic IP of choice.
- Click on Associate Address.
- From the Associate Address window, select the corresponding Network Interface from the dropdown.
- Click on Associate.
The Elastic IP is associated with the SoftNAS® instance.
Repeat the above procedure to associate another Elastic IP to the other SoftNAS® instance.
Setting Up for SNAP HA™
To set up SoftNAS for SNAP HA™, log into the SoftNAS® instances and access storage via the SoftNAS StorageCenter™ interface. Via the SoftNAS StorageCenter™ interface, set up SoftNAS® with the required Disk Devices, Storage Pools, and Volumes. Once this is complete for both instances, set up replication and SoftNAS SNAP HA™.
Log In to SoftNAS StorageCenter™
Logging in to SoftNAS StorageCenter™ requires the public IP of the SoftNAS® instance, as well as the Instance ID (default password).
- Obtain the public IP of the SoftNAS® instance, as listed on the Instances screen.
- Select the desired SoftNAS® instance.
- Copy the Instance ID.
- Navigate a local web browser to https://\[Public IP of the instance].
- When prompted, use "softnas" as the username and the Instance ID (e.g., "i-99abc991") as the password. Change the password when convenient as dictated by security best practices.
The SoftNAS StorageCenter™ interface will load.
Setting Up SoftNAS®
After accessing the SoftNAS StorageCenter™ interface, set up the Disk Devices, Storage Pools, and Volumes that will ultimately be required for SNAP HA™.
For more information, see the document SoftNAS Installation Guide.
Note: When setting up storage pools for replication, they have to have the same name or replication will not work properly. Also, create a volume on the source side node.
Setting Up Replication and SNAP HA™
Set up Replication
- Log on to a SoftNAS® instance and select the SnapReplicate / SNAP HA™ menu in the file tree.
- Click Add Replication.
- Enter the private IP for Ethernet 0 of the secondary node to be replicated to from AWS setup.
- Provide this private IP address when prompted by the SoftNAS StorageCenter wizard, as seen below.
- Provide the SoftNAS® instance credentials.
- Click Finish.
This will establish replication.
Set Up HA
- From the SoftNAS SnapReplicate™ panel, click on Add SNAP HA and click Next.
- Select Elastic IP from High Availability type when the option is presented.
- Add the Elastic IP which was previously configured in AWS. This is the Elastic IP that we previously created, but did not assign to a VPC.
- Provide the Amazon IAM User credentials that will be used with SoftNAS®. Click Next.
- Click Finish.
At this point, SoftNAS® will do the heavy lifting required to establish HA without the need for any user intervention. This process may take several minutes. After completion, a high availability SoftNAS® pair has been successfully set up across availability zones in AWS.