Deploy a Conductor on Alibaba Cloud

You can deploy an Airwall Conductor on Alibaba Cloud to manage physical, virtual, and cloud Airwall Edge Services, and Airwall Agents. Use the following steps to deploy a Conductor on Alibaba Cloud.

Supported Versions
Conductor 2.2.8 and later
Note: Click the print icon print icon at the top right of this topic to print or create a PDF.

Before you Begin

Before you begin, you need:
  • Access to an Alibaba Cloud account. If you do not have an account, you can create one here.
  • Billing information set up for your Alibaba Cloud account.
  • A Conductor license voucher. You need to purchase a voucher to license and log in to your Conductor once you’ve deployed it on Alibaba Cloud.
Note: See Alibaba Cloud for details and up to date instructions.

Step 1: Set up a Security Group

Before you start setting up the Conductor, you need to set up a Security Group and Networks in Alibaba Cloud for the Conductor.

  1. Follow the instructions on Alibaba Cloud to log in to your account.
  2. In Alibaba Cloud, on the Elastic Compute Service side menu, go to Networks and Security, then Security Groups.
  3. Create a new Security Group for your Conductor, and set up the following Inbound Security Group Rules:
    1. Allow ICMP IPv4 access. This allows the Conductor to check network communication and reachability (for example, ping).
    2. Allow TCP on port 8096. This is the port the Conductor uses to communicate.
    3. Allow TCP on 443/443. This opens up https:// for the Conductor's web interface and API calls.
    Security groups set up on Alibaba Cloud

Step 2: Set up Networks

  1. In Alibaba Cloud, on the Elastic Compute Service side menu, go to Networks and Security, then VPCs.
  2. Create a VPC for your Conductor.
  3. Set up 2 subnets in that network, and select the datacenter and zone for them (these need to be the same as you choose for the Conductor in the next step):
    • public_network
    • private_network
Now you’re ready to set up the Conductor.

Step 3: Set up a Conductor in Alibaba Cloud

Set General Settings
  1. Search for Tempered Airwall Conductor in the Alibaba Cloud marketplace.
  2. Select Choose Your Plan.
  3. Select your Billing method and Region. Make sure you choose the same datacenter and zone as the subnets you set up earlier.
  4. For Instance Type, select ecs.g5.large.
  5. For Image, leave it on the default Marketplace image.
  6. Under Storage, set:
    1. System Disk - Set to Ultra Disk with the minimum storage of 40 GiB.
    2. Data Disk – Add a second Enhanced SSD drive with 120 GiB for the database and log files.
  7. Select Next: Networking at the bottom to continue.
Set Networking Settings
  1. Under Network Type:
    1. Type - Choose VPC.
    2. Select a VPC - Select the VPC network you set up earlier
    3. Select a VSwitch – Select the public_network subnet you set up earlier.
  2. Under Public IP Address, check the Assign Public IP Address box.
  3. Under Bandwidth Billing, select Pay by Traffic.
  4. Under Security Group, select the security group you created earlier.
  5. Leave the rest of the settings as the default, and select Next: System Configurations.
Set System Configurations
  1. For Logon Credentials, select Set Later.
  2. For Instance Name, set to Conductor-<date>. For example, Conductor-20200501.
  3. (Optional) Fill in the Description, and set a Hostname if you have it set up.
  4. Select Next: Grouping, then Next: Preview. (You do not need to set any Grouping settings.)
Preview your Settings and Create
  1. On the Preview page, check your settings, check to accept the terms of service, and then select Create Instance.
    Preview of Conductor settings
    You get a confirmation that your instance has been created.
  2. Click Console to go to your Conductor instance page, where you can see the status of the instance being created. Under IP address, note the IP of your Conductor.

Step 4: (Optional) Assign a permanent IP to your Conductor

If needed, you can assign a permanent IP address under Networks & Security, EIP. See the Alibaba Cloud help for instructions.

Verify, Configure, Provision, and License a Cloud Conductor

At this point the Conductor instance is running in your cloud provider.
To verify, paste your Conductor IP into a browser window. It should show you the Initial Conductor Configuration page. To log in, configure, and license your Conductor, see Log in and Configure the Conductor.
Note: In v2.2.8 and earlier, it shows the Provisioning page. See License and Provision a Conductor (v2.2.8 and earlier).

It may take several minutes for the Conductor to become available after it starts, so if you attempt to access it and your browser appears to stop responding, please try again in a few minutes.

Here are the default passwords for cloud Conductors. You are prompted to change the password as soon as you log in:
  • Alibaba Cloud – Tnw-<instanceID>
  • Amazon Web Services – Tnw-<instanceID>
  • Microsoft Azure – Tnw-<privateIpOfPublicNic>
  • Google Cloud – Tnw-<instanceID>
Note: In Microsoft Azure, if you do not see a password on the Azure Outputs page next to conductorPassword, it is likely you are not using the Managed image.
Note: When running the Conductor for the first time, you may receive notifications indicating the connection is not private. Once you have finished configuring the Conductor, you can install a custom certificate on the Conductor that prevents these notifications in the future.
For more information, see:

Conductor v2.2.8 and earlier – Set Conductor System Time

After you've finished provisioning and licensing your v2.2.8 or earlier Alibaba Cloud Conductor, you may need to change the system time, as the default time zone may be out of sync with your current time. In v2.2.10 and later, you are prompted to set the system time during initial configuration.

  1. In your Conductor, go to Settings.
  2. Under System time, select Edit Settings.
  3. Select Set browser time, and then select Update.

You can also enable NTP servers to set the system time. See Set the Conductor system time.