Installing CTERA Portal Instances

Installing a CTERA Portal Server

A CTERA Portal in AWS is created as an instance in an existing Virtual Private Cloud (VPC).

Installation Workflow

Use the following workflow to install CTERA Portal.

1. Setting up the Amazon EC2 Instance.
2. Initializing the Storage Pool.
3. Optionally, associate your CTERA Portal instance with an Elastic IP Address. See Optionally Obtaining an Elastic IP Address for the CTERA Portal Instance.
4. Optionally, configure a default gateway.
5. For the first server you install, follow the steps in Configuring the Primary Server.
6. For any additional servers beside the primary server, install the server as described below and configure it as an additional server, as described in Installing and Configuring Additional CTERA Portal Servers-1.
7. Make sure that you replicate the database, as described in Backing Up the Database.

Setting up the Amazon EC2 Instance

To set up the Amazon EC2 instance, go through the following sections in order. If you are using Amazon EC2 for the first time, sign up for an Amazon Web Services (AWS) account. Optionally, you can also sign up for an AWS Identity and Access Management (IAM) user account. Amazon recommends using IAM to control access to your EC2 instances, as well as other AWS resources.

Obtaining the Latest CTERA Portal Amazon Machine Image (AMI)

To obtain the latest AMI:

• Contact CTERA Networks, and request the latest Amazon Machine Image (AMI).

  • Provide CTERA Networks with your Amazon account number.
  • Provide CTERA with the AWS region where you are planning to install the CTERA Portal instance.

  CTERA Networks will then share their latest AMI with your account.

Setting CTERA Portal Resource Access in IAM

Running CTERA Portal on AWS requires an Amazon Identity Access Management (IAM) user account with sufficient privileges for accessing AWS EC2 and S3 resources.

To set CTERA Portal resource access in IAM:

1. From your Amazon Web Services account, sign in to the AWS Management Console and select Services.
2. Under Security, Identity, & Compliance, select IAM.
3. In the navigation pane, click Access management > Policies.
   The Policies screen is displayed.
4. Click Create policy.
   The Create policy screen is displayed.
5. Select the JSON tab and paste the following policy document into the Policy Document area:

{"Version": "2012-10-17",
      "Statement": [{
        "Effect": "Allow",
        "Action": [
            "ec2:AttachVolume",
            "ec2:CreateSnapshot",
            "ec2:DeleteSnapshot",
            "ec2:DescribeSnapshots",
            "ec2:DescribeVolumes",
            "ec2:DetachVolume"
        ],
        "Resource": [
            "*"
        ]
    },
    {"Sid": "Stmt1413831949000",
        "Effect": "Allow",
        "Action": [
            "s3:CreateBucket",
            "s3:DeleteObject",
            "s3:GetObject",
            "s3:ListAllMyBuckets",
            "s3:ListBucket",
            "s3:PutObject"
        ],
        "Resource": [
            "*"
        ]
    }]
}

6. Click Next through the wizard until Review policy.
7. Enter a name for the policy and click Create policy.
8. In the navigation pane, click Access management > Roles.
   The Roles screen is displayed.
9. Click Create role.
   The Create role screen is displayed.
10. Under the AWS service option, under Use Case, choose EC2 and click Next.
11. Select the policy created in step 7.
12. Select the AmazonSSMFullAccess policy.
    Note

    You can search for this policy and then select it.

13. Click Next.
14. Enter a name for the role and, optionally, click Add tag to add a tag for the role.
    Key – A name for the tag.
    Value - optional – The policy name from step 7.
15. Click Create role.

Creating the Amazon EC2 CTERA Portal Instance

To create the Amazon EC2 CTERA Portal instance:

1. In the AWS Management Console select Services.
2. Under Compute, select EC2.
3. In the navigation pane, click Images > AMIs.
   The Amazon Machine Images (AMIs) screen is displayed.
4. Select the CTERA Portal image that CTERA shared with you and click Launch instance from image.
   The Instances Wizard opens, displaying the Step 2: Choose an Instance Type screen.
5. Select the required instance type, for example M5.xlarge or M5.2xlarge.

6. Click Next: Configure Instance Details.
   The Step 3: Configure Instance Details screen is displayed.
7. Select the VPC Network from the list.
8. Select the Subnet from the list. The subnet can be a private subnet or a public subnet.
   Note

   You only need a public subnet if access to the CTERA Portal will not be within the VPC.

9. Select the IAM role created in Setting CTERA Portal Resource Access in IAM.
10. Select the Protect against accidental termination check box.
11. Click Next: Add Storage.
    The Step 4: Add Storage screen is displayed.
12. Allocate an additional EBS volume for the CTERA database:
    1. Click Add New Volume.
       Another row is displayed in the table.
    2. In the Volume Type field, select EBS.
    3. In the Size (GiB) field, enter the size of the EBS volume.
       The size of the EBS should be 2% of the overall data you will store on the CTERA Portal.
    4. In the Volume Type field, select General Purpose SSD (gp3).
13. Click Next: Add Tags.
    The Step 5: Add Tags screen is displayed.
14. Optionally, click Add Tag and enter a key and in the Value field, enter the CTERA Portal instance's name.
    Note

    In multi-instance environments, it is recommended include the name of CTERA service running on this instance.

15. Click Next: Configure Security Group.
    The Step 6: Configure Security Group screen is displayed.
    Note

    For security reasons, it is recommend to create one security group for servers running CTERA's application service or preview service, and a different security group for servers running CTERA's main database.

16. Add the following security group rules.
    • TCP port 22 for SSH remote connectivity and assistance by CTERA support personnel.
    • For DNS: UDP 53
    • For HTTP: TCP 80
    • TCP port 389 for Active Directory, if used.
    • For HTTPS: TCP 443
    • For CTTP: TCP 995
    Note

    If you are launching more than one CTERA Portal instance, be sure to also allow TCP communication over port 5432 to the CTERA Portal database server. This communication port should be opened only between the CTERA servers.
    CTERA recommends modifying the allowed source IP addresses for each inbound security rule added.

17. Click Review and Launch.
    The Step 7: Review Instance Launch screen is displayed.
18. Review the configuration and click Launch.
    The Select an existing key pair or create a new key pair windowis displayed.
19. Do one of the following.
    • If you created a key pair, and have the private key file that corresponds to the pair in a safe and accessible place, in the upper drop-down list, select Choose an existing key pair, then select the name of the key pair that you created.
    • If you want to create a new key pair, do the following:
      1. In the upper drop-down list, select Create a new key pair.
      2. In the Key pair name field, enter a name for the key pair.
      3. Click Download Key Pair.
         A private key in *.pem format is downloaded.
         Be sure to save the private key file in a safe place. You will need to provide the name of your key pair when you launch the instance and the corresponding private key each time you connect to the instance.
         This is also the key you will use to setup any additional portal servers.
    Warning

    Do not select Launch Instances without a key pair. If you launch your instance without a key pair, you will not be able to connect to it.

20. Check the acknowledgment and click Launch Instances.
    The Launch Status screen is displayed.
21. Click View Instances.
    The Instances is displayed, showing the status of the instances.
22. Wait until the status checks for the instance have finished and then click the edit icon in the Name field to a enter a unique name for the instance.
23. Select the instance.
    Information about the instance is displayed.
24. Note the IP address displayed in either the Public IPv4 address field, when public access was required and a subnet accessible publicly was specified, or in the Private IPv4 addresses field, when the access is within the VPC.
25. Note the volume ID of the additional volume that you added, displayed in the Storage tab, under Block devices.

Initializing the Storage Pool

To initialize the storage pool:

1. In to the AWS Management Console, in the EC2 service, click Instances > Instances in the navigation pane.
2. Select the instance you created in Creating the Amazon EC2 CTERA Portal instance and click Connect.
3. Select the Session Manager tab and click Connect.
4. Change to the root user by entering the following command: sudo -i
5. Set up Logical Volume Manager (LVM) for your CTERA Portal instance, by running the following command: portal-storage-util.sh create_storage EBS-Volume-ID
   Where EBS-Volume-ID is the EBS volume ID you copied down in the procedure Creating the Amazon EC2 CTERA Portal instance.
6. Start CTERA Portal services, by running the following command: portal-manage.sh start