Install the CylanceGATEWAY Connector to an AWS environment
CylanceGATEWAY Connectorto an
When you install the
CylanceGATEWAY Connector, you upload the
CylanceGATEWAY ConnectorVMDK image file to an
AmazonS3 bucket in your private network. You use the
AmazonEC2 Image Builder service to import the uploaded VMDK image file and create an
AmazonMachine Image (AMI). The
CylanceGATEWAY Connectorinstance is created from the imported AMI. The
CylanceGATEWAY Connectorinstance is configured for DHCP. Configuring the instance to use a static IP is not supported.
- Verify that your account has appropriate permissions to access an existingAmazonS3 bucket or to create a new S3 bucket. For instructions on how to create an S3 bucket, visit docs.aws.amazon.com to read “Creating a bucket.”
- Verify that your environment has anAWSIdentity and Access Management (IAM) service role. For instructions on how to create an IAM service role, visit docs.aws.amazon.com to read “Required service role.” If you do not specify a name for the service role,AWSnames it "vmimport."
Optionally, you can use the
AWSCommand Line Interface (CLI) to automate the import of the
CylanceGATEWAY ConnectorAMI image file. For more information, visit docs.aws.amazon.com to read "Importing a VM as an image using VM Import/Export."
- Download theCylanceGATEWAY ConnectorVMDK file (cylance-gateway-connector-aws<version>.vmdk) from.myAccount
- Sign in to theAWSmanagement console at https://aws.amazon.com/console.
- Upload the cylance-gateway-connector-aws<version>.vmdk image file to an S3 bucket using theAWSconsole. For instructions, visit docs.aws.amazon.com to read “Upload objects." If necessary, create an S3 bucket.
- To import the AMI using theAWSconsole, complete the following steps:
- Open theEC2 Image Builderservice.
- In the left column, clickImages.
- Click theImport imagebutton.
- On theImport imagescreen complete the following fields:
- Type a name and version for theCylanceGATEWAY Connector.
- In theBase image operating systemsection, selectUbuntuand set theOS versiontoUbuntu 20.
- In theVM import configuration,Disk container 1section, set theSourcetoS3 bucket. Browse to the S3 bucket where you uploaded theCylanceGATEWAY ConnectorVMDK image file in step 3.
- Select the appropriate IAM service role that will be used during the import process. By default, the IAM service is named "vmimport."
- ClickImport image. Note: This step can take up to 30 minutes to complete.
- Record theimage IDof the imported image file. The image ID is used to launch theCylanceGATEWAY Connectorinstance. Perform the following actions:
- On theImagesscreen, click the version of the imported AMI.
- On theImage build versionsscreen, click the version.
- In theOutput resourcessection, in theImagecolumn, record theAMI image ID.
- Create theCylanceGATEWAY Connectorinstance from the imported AMI. Perform the following actions:
- Open theEC2service.
- In the left column, underInstances, clickInstances.
- ClickLaunch instances.
- On theLaunch an instancescreen, type a name for theCylanceGATEWAY Connectorinstance.
- In theApplication and OS images (Amazon Machine Image)section, click theMy AMIstab. Make sure thatOwned by meis selected.
- In theAmazon Machine Image(AMI) drop-down list, paste the AMI ID that you recorded in step 4f. Click the AMI that is returned.
- Select an instance type according to your organization's requirements.The instance type must be anAWSNitro System instance type. If you do not select a Nitro System instance type, you will not be able to use the EC2 serial console to connect to theCylanceGATEWAY Connector. For more information, visit docs.aws.amazon.com to read “Instances built on the Nitro System.”
- Select a key pair. The key pair is required by theAWSinstance creation form; however, it is disregarded by theCylanceGATEWAY Connector.
- In theNetwork settingssection, clickEditand specify the following settings:
- Click theVPCdrop-down and select your private network.
- Optionally, click theAuto-assign public IPand selectEnable. You must assign a public IP address to theCylanceGATEWAY Connectoronly if you do not have a way to access the connector's web interface using the private network that it is installed on.
- Select or create a security group according to your organization's requirements. The security group must have HTTP (port 80) and HTTPS (port 443) access to theCylanceGATEWAY Connectorfrom the network that the enrollment is being completed from.
- ClickLaunch instance.
- Optionally, enable SSH for theCylanceGATEWAY Connectorinstance. For instructions, see Access the CylanceGATEWAY Connector using OpenSSH.