Install the CylanceGATEWAY Connector to an AWS environment Skip Navigation
  1. BlackBerry Docs
  2. Cylance Endpoint Security
  3. Setup
  4. Cylance Endpoint Security Setup Guide
  5. Setting up CylanceGATEWAY
  6. Defining your private network
  7. Setting up the CylanceGATEWAY Connector
  8. Install the CylanceGATEWAY Connector to an AWS environment

Install the
CylanceGATEWAY Connector
 to an
AWS
 environment

When you install the
CylanceGATEWAY Connector
, you upload the
CylanceGATEWAY Connector
 VMDK image file to an
Amazon
 S3 bucket in your private network. You use the
Amazon
 EC2 Image Builder service to import the uploaded VMDK image file and create an
Amazon
 Machine Image (AMI). The
CylanceGATEWAY Connector
 instance is created from the imported AMI. The
CylanceGATEWAY Connector
 instance is configured for DHCP. Configuring the instance to use a static IP is not supported.
  • Verify that your account has appropriate permissions to access an existing
    Amazon
     S3 bucket or to create a new S3 bucket. For instructions on how to create an S3 bucket, visit docs.aws.amazon.com to read “Creating a bucket.” 
  • Verify that your environment has an
    AWS
     Identity and Access Management (IAM) service role. For instructions on how to create an IAM service role, visit docs.aws.amazon.com to read “Required service role.” If you do not specify a name for the service role,
    AWS
     names it "vmimport."
Optionally, you can use the
AWS
 Command Line Interface (CLI) to automate the import of the
CylanceGATEWAY Connector
 AMI image file. For more information, visit docs.aws.amazon.com to read "Importing a VM as an image using VM Import/Export."
  1. Download the
    CylanceGATEWAY Connector
     VMDK file (cylance-gateway-connector-aws<
    version
    >.vmdk) from
    my
    Account
    .
  2. Sign in to the
    AWS
     management console at https://aws.amazon.com/console.
  3. Upload the cylance-gateway-connector-aws<
    version
    >.vmdk image file to an S3 bucket using the
    AWS
     console. For instructions, visit docs.aws.amazon.com to read “Upload objects." If necessary, create an S3 bucket.
  4. To import the AMI using the
    AWS
     console, complete the following steps:
    1. Open the
      EC2 Image Builder
       service.
    2. In the left column, click
      Images
      .
    3. Click the
      Import image
       button.
    4. On the
      Import image
       screen complete the following fields: 
      • Type a name and version for the
        CylanceGATEWAY Connector
        .
      • In the
        Base image operating system
         section, select
        Ubuntu
         and set the
        OS version
         to
        Ubuntu 20
        .
      • In the
        VM import configuration
        ,
        Disk container 1
         section, set the
        Source
         to
        S3 bucket
        . Browse to the S3 bucket where you uploaded the
        CylanceGATEWAY Connector
         VMDK image file in step 3.
      • Select the appropriate IAM service role that will be used during the import process. By default, the IAM service is named "vmimport."
    5. Click
      Import image
      . Note: This step can take up to 30 minutes to complete.
    6. Record the
      image ID
       of the imported image file. The image ID is used to launch the
      CylanceGATEWAY Connector
       instance. Perform the following actions:
      1. On the
        Images
         screen, click the version of the imported AMI.
      2. On the
        Image build versions
         screen, click the version.
      3. In the
        Output resources
         section, in the
        Image
         column, record the
        AMI image ID
        .
  5. Create the
    CylanceGATEWAY Connector
     instance from the imported AMI. Perform the following actions:
    1. Open the
      EC2
      service.
    2. In the left column, under
      Instances
      , click
      Instances
      .
    3. Click
      Launch instances
      .
    4. On the
      Launch an instance
       screen, type a name for the
      CylanceGATEWAY Connector
       instance.
    5. In the
      Application and OS images (Amazon Machine Image)
       section, click the
      My AMIs
       tab. Make sure that
      Owned by me
       is selected.
    6. In the
      Amazon Machine Image
       (AMI) drop-down list, paste the AMI ID that you recorded in step 4f. Click the AMI that is returned.
    7. Select an instance type according to your organization's requirements.
      The instance type must be an
      AWS
       Nitro System instance type. If you do not select a Nitro System instance type, you will not be able to use the EC2 serial console to connect to the
      CylanceGATEWAY Connector
      . For more information, visit docs.aws.amazon.com to read “Instances built on the Nitro System.”
    8. Select a key pair. The key pair is required by the
      AWS
       instance creation form; however, it is disregarded by the
      CylanceGATEWAY Connector
      .
    9. In the
      Network settings
       section, click
      Edit
       and specify the following settings:
      1. Click the
        VPC
         drop-down and select your private network.
      2. Optionally, click the
        Auto-assign public IP
         and select
        Enable
        . You must assign a public IP address to the
        CylanceGATEWAY Connector
         only if you do not have a way to access the connector's web interface using the private network that it is installed on.
      3. Select or create a security group according to your organization's requirements. The security group must have HTTP (port 80) and HTTPS (port 443) access to the
        CylanceGATEWAY Connector
         from the network that the enrollment is being completed from. 
    10. Click
      Launch instance
      .