This section describes how to set up an Amazon AWS Virtual Private Cloud (VPC) which will support either a single instance or a high availability (HA) pairing of SoftNAS Cloud instances using SoftNAS SNAP HA™. SoftNAS SNAP HA™ for EC2 now supports the use of Virtual IPs, and is our best practice recommendation. Configuration with Elastic IPs is still fully supported.
The following is required:
Note: The HA IAM Role is caps sensitive, and must be named SoftNAS_HA_IAM.
A VPC is a private, isolated section of the AWS cloud that can be set up in a variety of configurations. To create your VPC, log into the AWS console with your AWS credentials, and expand All Services (if not already open). Scroll down to Networking and Content Delivery, and select VPC.
From the VPC Dashboard, click on Launch VPC Wizard.
Select VPC with Public and Private Subnets as the configuration scenario.
Click on Select. The Create an Amazon Virtual Private Cloud screen is displayed.
Note: Private subnet instances access the Internet via a Network Address Translation (NAT) instance in the public subnet. (Hourly charges for NAT instances apply.)
Note: You may not require NAT setup if setting up a Private instance using Virtual IPs. While not required for Private instances, there are some organization specific instances where set up of NAT is relevant.
Configure the IP CIDR block, Public and Private Subnets, and all other settings as appropriate.
Click on Create VPC. AWS will create a VPC with Public and Private subnets.
Note: If a NAT instance is not required for the local SoftNAS Cloud® deployment, delete the NAT instance and release any assigned Elastic IPs. Amazon hourly charges apply to NAT instances.
AWS Identity and Access Management is a web service that enables Amazon Web Services (AWS) customers to manage users and user permissions in AWS. The service is targeted at organizations with multiple users or systems that use AWS products such as Amazon EC2, Amazon RDS, and the AWS Management Console. With IAM, centrally manage users, security credentials such as access keys, and permissions that control which AWS resources users can access.
Create an AWS IAM User for SoftNAS Cloud®. This will allow SoftNAS Cloud® instances to use the credentials of the AWS IAM User when accessing the VPC. For a step-by-step guide to setting up your IAM user, see Creating the SoftNAS Cloud® IAM Role for AWS.
SoftNAS' No Downtime Guarantee requires that each instance in an HA pairing must belong to a separate Availability zone or region for redundancy. For this reason, at least two subnets are required for your VPC, each in a different Availability Zone. The first can be the default public or private subnet created when setting up the VPC. The second can be created now.
If you are going to assign additional subnets to your newly created VPC, it is important to log the VPC ID. The VPC ID can be found in Your VPCs from the VPC Dashboard.
Select Subnets from the VPC Dashboard, and click Create Subnet.
In Create Subnet, you will provide the following information to create each subnet:
Click Yes, Create when the information has been provided.
Once your subnets have been created, they need to be associated with the correct route table. If creating a private VPC HA deployment, the two private subnets just created will need to be associated with the NAT Gateway or private Route Table. If public, you will need to associate a second public subnet to the route table. In the below example, we will be associating private subnets to a private route table. However, the process is the same in either case. Simply be sure to select the correct route table, and associate the appropriate subnet.
To determine or verify the correct route table to assign the private subnets to, select one of the two route tables associated with your VPC (Remember, this can be determined by checking the VPC ID). Click on the Routes tab.
Scroll down to see the default route (identified by the 0.0.0.0 IP address). If this route is associated with an internet gateway, this is the public route table. Labelling the route table can help identify it at a glance.
Move to the second route table associated with the VPC if the first is associated with an internet gateway. The private route table to which we will associate the private subnets can be identified because the default route will be associated with the NAT Gateway.
After verifying the private route table (associated with the NAT Gateway), select this route table, and select the Subnet Associationstab. Click Edit subnet associations.
Select the two private subnets created earlier, and click Save.
If deploying into a public subnet, you would simply associate a second public subnet instead (This public subnet should have been created as described earlier in the Creating a Subnet section of this guide).
To launch an instance of SoftNAS Cloud® into the already-set-up VPC, the following is required:
The above procedure is repeated to create a second SoftNAS Cloud® instance for HA.
SoftNAS recommends an instance size of r5.2xlarge for any production deployment or any deployment testing production workload capacity. For SoftNAS Instance sizing guidance, see SoftNAS' Sizing Tool.
Note: Disk names for EBS volumes must follow SoftNAS Cloud® storage naming conventions. For more information, see the document SoftNAS Installation Guide.
Security groups for SoftNAS Cloud® must include TCP 443, TCP 22, and ICMP Echo Reply and Echo Response. Source can be locked down per security requirements.
Note: When assigning the Security Group for a SoftNAS Cloud® instance, either create a new Security Group or select a preexisting security Group. Regardless of the decision, ensure it includes the above-mentioned rules.
Keep in mind that two instances are required for HA. Create a second instance at this time.
In order to complete the set up high availability for Amazon Web Services VPCs in either a Virtual IP or Elastic IP setup, select the appropriate link below: