Deploy a Conductor on Amazon Web Services (AWS)

You can deploy a Tempered Networks Conductor on AWS and manage physical, virtual, and cloud HIPservices, and HIPclients. Use the following steps to deploy a Conductor on the AWS platform.

Note: A downloadable PDF of this topic is available in the Documentation Downloads section.

Prerequisites

To get started, you need to have:
  • Access to a Amazon Web Services (AWS) account. If you don't have an account, you can create a free AWS Free Tier account and upgrade it to a full account later.
  • Billing information set up on your AWS account. You cannot create a project until you are able to link your billing information to your newly created project.
  • A Conductor license voucher if you want to start the Conductor and verify it is set up correctly. Fulfillment will provide this to you in an email after your purchase is complete.
  • The Amazon Machine Image (AMI) ID that you received from Tempered Networks Fulfillment when you purchased your AWS Conductor.

Log in to AWS

From a Web browser, navigate to https://console.aws.amazon.com/ and log in to your account to get to the AWS Management Console, pictured below:

Create a Launch Instance

When you sign up for Amazon Web Services (AWS), your AWS account is automatically signed up for all services in AWS, including Amazon EC2. You add the Tempered Networks Conductor as an EC2 instance, so make sure you have the AMI ID that you received from Tempered Networks Fulfillment when you purchased your AWS Conductor.

To create an instance:

  1. On the top bar of the AWS Management Console, select Services and then select EC2 to access the EC2 Dashboard.




  2. In the Create Instance section, click Launch Instance.


  3. Click Launch Instance to start the instance setup wizard.

Step 1: Choose an Amazon Machine Image (AMI)

The AMI is a custom template used to create a Conductor as a virtual machine in AWS. It contains the Conductor's root volume, permissions, and device mappings necessary to deploy the Conductor to your account.
  1. On the Choose AMI tab, click My AMIs on the left.
  2. Under Ownership, check the Shared with me box. You should see the Conductor image listed in the right pane.


  3. Click the Select button on the right to continue.

Step 2: Choose an Instance Type

The Amazon EC2 instance type identifies the combination of memory, networking capacity, CPU, and storage required by an application. For the Conductor we recommend a minimum machine type of t2.medium.
  1. On the Choose Instance Type tab, select your desired instance type and click Next: Configure Instance Details.
    Important: DO NOT select the Review and Launch button, as this option will use the default settings for this instance type. You will need to make changes for the Conductor to operate correctly.


  2. Click Next: Configure Instance Details to cotinue.

Step 3: Configure Instance Details

Your new instance requires that you to make a few changes to ensure the Conductor has access to resources needed for proper operation. Make the following changes as outlined below.
  1. On the Configure Instance tab, do the following:
    1. Select your desired VPC from the Network drop-down.
    2. Select your region from the Subnet drop-down.
    3. Select Enable termination protection (recommended)

    You can leave all other settings as is.



  2. Click Next: Add Storage to continue.

Step 4: Add Storage

The Conductor AMI supplied by Tempered Networks is relatively small in size. The configuration information and storage, however, requires a second hard disk, which you set up as part of the instructions below.
  1. On the Add Storage tab, click Add New Volume.
    Note: The volume must be a minimum of 32 GB. This size should be sufficient for normal operation; however, you can resize your volume later should you require additional space. See Modifying the Size, Performance, or Type of an EBS Volume in the AWS documentation for more information.
  2. Change the following information on the new volume:
    1. Select /dev/sdf from the Device drop-down.
      Important: We recommend you use /dev/sdf for your second volume. Do not select /dev/sdb, /dev/sdc, or /dev/sdd as the Conductor will not function correctly. Other partitions may work but are not currently supported.
    2. Enter the value 32 in the Size (GiB) field.
    3. Check Delete on Termination.

    You can leave all other settings as is.



  3. Click Next: Add Tags to continue.

Step 5: Add Tags

Tagging your Conductor instance can help you identify it if you have a large number of instances deployed to your account. While not required, we recommend you add a tag so you can find it quickly.
  1. On the Add Tags tab, click Add Tag and enter the following:
    1. Enter Name in the Key column.
    2. Enter a name for your Conductor in the Value column.


  2. Click Next: Configure Security Group to continue.

Step 6: Configure Security Group

Configuring a security group is synonymous with configuring firewall rules. You need to add three rules: ICMP to allow HIPservices to validate their link to the Conductor, HTTPS to allow for Conductor management, and a custom rule to allow HIPservices to communicate with the Conductor on port 8096.
  1. In the Assign a security group section, select the Create a new security group radio button.
  2. In the Security group name field, enter a name for your security group.
  3. In the Description field, enter a description for your security group, or leave the default.
  4. Add three rules to your security group:
    1. Click Add Rule, select All ICMP – IPv4 from the Type drop-down, select Anywhere from the Source drop-down, and enter ICMP in the Description column.
    2. Click Add Rule, select HTTPS from the Type drop-down, select Anywhere from the Source drop-down, and enter SSL in the Description column.
    3. Click Add Rule, select Custom TCP Rule from the Type drop-down, enter 8096 in the Port Range column, select Anywhere from the Source drop-down, and enter MAP in the Description column.


  5. Click Review and Launch to continue.
    Note: If you receive a Boot from General Purpose (SSD) dialog, select the Continue with Magnetic as the boot volume for this instance radio button and then click Next.

Step 7: Review

  1. Review your setup information and if everything is correct, click Launch.


  2. In the Select an existing key pair or create a new key pair dialog, create a new key pair or enter one of your existing key pairs.
    Note: This keypair is required to complete the wizard, but is never used since SSH is not enabled on Conductors.
  3. Click Launch Instance.

Verify the install

At this point the Conductor instance is running in AWS. You should verify it is installed correctly by logging in and licensing the Conductor. It may take several minutes for the Conductor to become available after it starts, so if you attempt to access it and your browser appears to stop responding, please try again in a few minutes.
Note: When running the Conductor for the first time, you may receive notifications indicating the connection is not private. Once you have finished configuring the Conductor, you can install a customer certificate on the Conductor that prevents these notifications in the future.

To verify the install:

  1. Point your web browser to the external IP address for your Conductor. Make sure you begin the address with https://.
  2. An unlicensed Conductor will display the initial Provisioning page where you will license your Conductor.


  3. Enter the voucher code you received from Tempered Networks in the Voucher code field.
  4. Click Provision now. It will take a moment to finish the operation. Once complete, you should see the following:


  5. Select Click here to start using the Conductor.
  6. Enter the default username and password at the login dialog and click Sign in.
    Username
    admin
    Password
    admin123


  7. You will be prompted to enter a new password. Enter the default password in the Current password field and a new password of your choosing in the New password and Confirm new password fields.


  8. Click Update.
  9. On the System Configuration dialog, leave all the fields as is and click Configure.


  10. It will take a moment to complete the operation. Once finished, click Return to settings.


You should see the Conductor Settings page. On the right side in the Network adapter 1 section, the IP address should match the Internal IP of your instance in the AWS portal.

Additional Information

Once your Conductor is installed, you can configure and manage it as you would a physical Conductor. For additional help, you can search the Online Documentation by using the search bar at the top of the page or the navigation links to the left.