Amazon AWS Installation Overview

This section describes how to set up an Amazon AWS Virtual Private Cloud (VPC) which will support either a single instance or a high availability (HA) pairing of SoftNAS Cloud instances using SoftNAS SNAP HA™. SoftNAS SNAP HA™ for EC2 now supports the use of Virtual IPs, and is our best practice recommendation. Configuration with Elastic IPs is still fully supported.

The following is required:


Note: The HA IAM Role is caps sensitive, and must be named SoftNAS_HA_IAM.

Creating the VPC

A VPC is a private, isolated section of the AWS cloud that can be set up in a variety of configurations. To create your VPC, log into the AWS console with your AWS credentials, and expand All Services (if not already open). Scroll down to Networking and Content Delivery, and select VPC.

 From the VPC Dashboard, click on Launch VPC Wizard.

Select VPC with Public and Private Subnets as the configuration scenario. 
Click on Select. The Create an Amazon Virtual Private Cloud screen is displayed.



Note: Private subnet instances access the Internet via a Network Address Translation (NAT) instance in the public subnet. (Hourly charges for NAT instances apply.) 

Note: You may not require NAT setup if setting up a Private instance using Virtual IPs. While not required for Private instances, there are some organization specific instances where set up of NAT is relevant.

Configure the IP CIDR block, Public and Private Subnets, and all other settings as appropriate.

  1. Provide a CIDR block for your VPC. The default can be kept, provided it does not conflict with other CIDR blocks within your organization. For this example, we will use 10.10.0.0/16. 
  2. IPv6 CIDR block can be kept at the default of 'No IPv6 CIDR block' unless your use case necessitates an Amazon provided IPv6 CIDR block. 
  3. Provide an easily recognized VPC name.



  4.  Select an IPV4 CIDR block for your public subnet within the VPC range. In this example, we use 10.10.0.0/24.
  5. Select a specific availability zone for your VPC public subnet.  Note the availability zone selected for future reference.
  6. Provide a name for your public subnet name. 
  7.  Select an IPV4 CIDR block for your private subnet within the VPC range. In this example, we use 10.10.5.0/24.
  8. Select the same availability zone as the public subnet, for simplicity's sake. 
  9. Provide a name for the private subnet.

  10. Provide the elastic IP address for a NAT gateway.


 image2019-5-15_13-12-9.png


Configuration Best Practices to Consider Now:

Click on Create VPC. AWS will create a VPC with Public and Private subnets. 
Note: If a NAT instance is not required for the local SoftNAS Cloud® deployment, delete the NAT instance and release any assigned Elastic IPs. Amazon hourly charges apply to NAT instances. 

Specify the IAM User for SoftNAS Cloud®

About Amazon IAM Users

AWS Identity and Access Management is a web service that enables Amazon Web Services (AWS) customers to manage users and user permissions in AWS. The service is targeted at organizations with multiple users or systems that use AWS products such as Amazon EC2, Amazon RDS, and the AWS Management Console. With IAM, centrally manage users, security credentials such as access keys, and permissions that control which AWS resources users can access. 

Create an AWS IAM User for SoftNAS Cloud®. This will allow SoftNAS Cloud® instances to use the credentials of the AWS IAM User when accessing the VPC. For a step-by-step guide to setting up your IAM user, see Creating the SoftNAS Cloud® IAM Role for AWS.

Creating a Subnet

SoftNAS' No Downtime Guarantee requires that each instance in an HA pairing must belong to a separate Availability zone or region for redundancy. For this reason, at least two subnets are required for your VPC, each in a different Availability Zone. The first can be the default public or private subnet created when setting up the VPC. The second can be created now. 

If you are going to assign additional subnets to your newly created VPC, it is important to log the VPC ID. The VPC ID can be found in Your VPCs from the VPC Dashboard.



Select Subnets from the VPC Dashboard, and click Create Subnet.



In Create Subnet, you will provide the following information to create each subnet:


    1. Name Tag: Provide a name for the subnet, ideally one that identifies it as a secondary public or private subnet, dependent on which you will be deploying into (this creates a key and value for the subnet). 
    2. VPC: Here you will specify the VPC ID of the VPC you wish this subnet associated with. (This will be the VPC ID you logged earlier)
    3. Availability Zone: Next you will specify an Availability Zone. This should be a separate availability zone from the default VPC public/private subnets.
    4. IPv4 CIDR block: The IPv4 CIDR block specifies an IP range for your instance. As we are creating two subnets, the CIDR block provided should be smaller than the CIDR block specified for the VPC. 

Click Yes, Create when the information has been provided.

Associating Subnets to a Route Table

Once your subnets have been created, they need to be associated with the correct route table. If creating a private VPC HA deployment, the two private subnets just created will need to be associated with the NAT Gateway or private Route Table. If public, you will need to associate a second public subnet to the route table. In the below example, we will be associating private subnets to a private route table. However, the process is the same in either case. Simply be sure to select the correct route table, and associate the appropriate subnet. 

To determine or verify the correct route table to assign the private subnets to, select one of the two route tables associated with your VPC (Remember, this can be determined by checking the VPC ID). Click on the Routes tab. 


Scroll down to see the default route (identified by the 0.0.0.0 IP address). If this route is associated with an internet gateway, this is the public route table. Labelling the route table can help identify it at a glance.


Move to the second route table associated with the VPC if the first is associated with an internet gateway. The private route table to which we will associate the private subnets can be identified because the default route will be associated with the NAT Gateway.


After verifying the private route table (associated with the NAT Gateway), select this route table, and select the Subnet Associationstab. Click Edit subnet associations.

Select the two private subnets created earlier, and click Save



If deploying into a public subnet, you would simply associate a second public subnet instead (This public subnet should have been created as described earlier in the Creating a Subnet section of this guide). 

Launch An Instance of SoftNAS Cloud® into the VPC


To launch an instance of SoftNAS Cloud® into the already-set-up VPC, the following is required:

  1. Select the appropriate SoftNAS Cloud® AMI from the Marketplace AMI section of EC2 services.
     
  2. Select at least the small instance.
     
  3. Configure the instance details.
     
  4. Launch instance into the subnet.
     
  5. Add an additional ethernet interface.
     
  6. Add storage as required.
     
  7. Tag the instance.
     
  8. Set up security groups.
     
  9. Select a key pair for SSH.


The above procedure is repeated to create a second SoftNAS Cloud® instance for HA.


Selecting the SoftNAS Cloud® AMI


  1. For SoftNAS Cloud®, navigate to AWS Marketplace AMIs.

  2. Select the SoftNAS AMI from the Community AMI section of EC2 services.

  3. From EC2 services, click on Launch Instance>Marketplace AMIs and enter SoftNAS in the search text box.

  4. Select the appropriate SoftNAS Cloud® version for expected need (Platinum, Enterprise, or Essentials).

Choosing an Instance Type


SoftNAS recommends an instance size of r5.2xlarge for any production deployment or any deployment testing production workload capacity. For SoftNAS Instance sizing guidance, see SoftNAS' Sizing Tool.

  1. From Step 2. Choose an Instance Type.

  2. Select the appropriate machine type for expected usage from the matrix given. For more information on Amazon Instance types, click here.

  3. Click on Next: Configure Instance Details.

Instance Details

  1. For Network, select the previously configured VPC.

  2. Select one of the available public or private subnets to associate with this instance.

  3. Scroll to Network Interfaces, expand, and click Add Device. If using Elastic IPs for your HA instance, it is very important to add an additional NIC here as well as your storage.

    To add an additional NIC after instance creation:


    1. Select Network Interfaces from within the EC2 console, then Create Network Interface.




    2. Provide a name, select your subnet and a security group. Click Create.



  4. Click on Next: Add Storage.


Adding Storage and Tagging

  1. From the storage screen, add storage volumes as necessary. Remember that storage can be added after instance creation from within the SoftNAS Cloud UI making this step entirely optional. Ensure that Delete on Termination is selected.

  2. Click Next: Tag Instance and add an instance name to the Value field.

  3. Click Next: Configure Security Group
     

Note: Disk names for EBS volumes must follow SoftNAS Cloud® storage naming conventions. For more information, see the document SoftNAS Installation Guide

Security Groups

Security groups for SoftNAS Cloud® must include TCP 443, TCP 22, and ICMP Echo Reply and Echo Response. Source can be locked down per security requirements.

Note: When assigning the Security Group for a SoftNAS Cloud® instance, either create a new Security Group or select a preexisting security Group. Regardless of the decision, ensure it includes the above-mentioned rules.

Create the required rules for the security group

  1. From the available selection, choose Create.

  2. Select Custom ICMP Rule. Source can be set to "Anywhere, My IP, or Custom IP," based on local security requirements. Assign Type and Port as appropriate. 




  3. Repeat the above procedure to add the Custom TCP Rule for ports 443 and 22.
    Enable ALL ICMP for both IPv4 and IPv6 as shown above. 

    Note: It is recommended to restrict the Source IP address to an address or range of valid addresses for best security. 
    Note: Port 3389 can also be enabled for RDP access to Clients in the environment.

  4. Click on Review and Launch.
  5. Provide the appropriate key pair when prompted.


Keep in mind that two instances are required for HA. Create a second instance at this time. 

In order to complete the set up high availability for Amazon Web Services VPCs in either a Virtual IP or Elastic IP setup, select the appropriate link below: