Verifying Prerequisites

This section describes the prerequisites and tasks for installing Protegrity appliances on AWS. In addition, it describes some best practices for using the Protegrity ESA appliances on AWS effectively.

The Full OS Backup/Restore features of the Protegrity appliances is not available on the AWS platform.

Prerequisites

The following prerequisites are essential to install the Protegrity ESA appliances on AWS:

• Login URL for the AWS account
• AWS account with the authentication credentials
• Access to the My.Protegrity portal

Hardware Requirements

As the Protegrity ESA appliances are hosted and run on AWS, the hardware requirements are dependent on the configurations provided by Amazon. However, these requirements can autoscale as per customer requirements and budget.

The minimum recommendation for an ESA appliance is 8 CPU cores and 32 GB memory. On AWS, this configuration is available in the t3a.2xlarge option.

For more information about the hardware requirements of the ESA, refer to the section System Requirements.

Network Requirements

Protegrity ESA appliances on AWS are provided with an Amazon Virtual Private Cloud (VPC) networking environment. Amazon VPC enables you to access other AWS resources, such as other instances of Protegrity appliances on AWS.

You can configure the Amazon VPC by specifying its usable IP address range. You can also create and configure subnets, network gateways, and the security settings.

For more information about the Amazon VPC, refer to the Amazon VPC documentation at: http://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/VPC_Introduction.html.

If you are using the ESA or the DSG appliance with AWS, then ensure that the inbound and outbound ports of the appliances are configured in the Amazon Virtual Private Cloud (VPC). This ensures that they are able to interact with the other required components.

For more information about the list of inbound and outbound ports to be configured based on the ESA or the DSG, refer Open Listening Ports.

Accessing the Internet

The following points list the ways in which you can provide or limit Internet access for an ESA instance in the VPC:

• If you need to connect the ESA to the Internet, then ensure that the ESA is on the default subnet so that it uses the Internet gateway that is included in the VPC.
• If you need to allow the ESA to initiate outbound connections to, and prevent inbound connections from the Internet, then ensure that you use a Network Address Translation (NAT) device.
• If you want to block the connection of the ESA to the Internet, then ensure that the ESA is on a private subnet.

Accessing a Corporate Network

If you need to connect the ESA to a corporate network, then ensure that you use an IPSec hardware VPN connection.