Installing DSG on AWS
This section describes the process for launching a DSG instance on Amazon Web Services (AWS).
AWS is a cloud-based computing service. It provides several services, such as, computing power through Amazon Elastic Compute Cloud (EC2), storage through Amazon Simple Storage Service (S3), and so on. The AWS stores Amazon Machine images (AMIs), which are templates or virtual images containing an operating system, applications, and configuration settings.
Prerequisites
This section describes the prerequisites for launching and installing the DSG on AWS. It also includes the information for the audience, network prerequisites, and hardware and software requirements for the DSG.
Ensure that the following prerequisites are met before launching the DSG on AWS:
Ensure that an ESA v10.1.x is installed.
For more information about installing the ESA v10.1.x, refer to the sections Installing Appliance On-Premise and Installing Appliances on Cloud Platforms.
Ensure that Policy Management (PIM) has been initialized on the ESA. The initialization of PIM ensures that cryptographic keys for protecting data and the policy repository have been created.
For more information about initializing the PIM, refer to section Initializing the Policy Management.Ensure that the FIPS mode is disabled on the ESA.
Ensure that Analytics component is initialized on the ESA. The initialization of Analytics component is required for displaying the Audit Store information on Audit Store Dashboards.
For more information about initializing Analytics, refer Initializing Analytics on the ESA.An Amazon account for using AWS is available with the following information:
- Login URL for the AWS account
- Authentication credentials for the AWS account
Audience
This section contains information for stakeholders who are interested in understanding how to create, launch, and install a DSG instance on AWS.
It is recommended that you understand and use Amazon Web Services and its related concepts.
For more information about the Amazon Web Services concepts, refer to the AWS documentation at https://docs.aws.amazon.com.
Hardware Requirements
This section describes the hardware requirements for the DSG.
As the Protegrity appliances are hosted and run on AWS, the hardware requirements are dependent on the configurations provided by Amazon.
For reference, the following list describes the minimum hardware requirements for the DSG:
- CPU: 4 Cores
- RAM: 16 GB
- Disk Size: 64 GB
- Network Interfaces: 2
The hardware configuration required might vary based on the actual usage or amount of data and logs expected.
Network Requirements
This section describes the network requirements for a DSG instance on AWS.
It is recommended that the DSG on AWS must be installed in the Amazon Virtual Private Cloud (VPC) networking environment.
For more information about the Amazon Virtual Private Cloud, refer to the documentation at: http://docs.aws.amazon.com.
Ensure that two Network Interface Cards (NICs) are added during the DSG instance creation on AWS.
For more information about the network interface requirements, refer to the section Network Planning.
The Data Security Gateway must be configured with the following two network interfaces:
- Management Interface - This interface is used for communication between the ESA and the DSG, and accessing the DSG Web UI.
- Service Interface - This interface is used for handling the network traffic traversing through the DSG.
Installing the DSG on AWS
This section provides information for the steps required to launch and install the Data Security Gateway (DSG) instance from an AMI provided by Protegrity.
Ensure that the installation order provided in the table is followed.
| Order of installation | Description | Affected Appliance | Reference |
|---|---|---|---|
| 1 | Create and launch the DSG instance. | DSG | Creating and Launching a DSG Instance from the AMI |
| 2 | Finalize the DSG Installation. | DSG | Finalizing the DSG Installation |
| 3 | Configure the Default Gateway for the Management NIC using the DSG CLI Manager. | DSG | Configuring Default Gateway for Management NIC (ethMNG) using the DSG CLI Manager |
| 4 | Configure the Default Gateway for the Service NIC using the DSG CLI Manager. | DSG | Configuring Default Gateway for Service NIC (ethSRV0) using the DSG CLI Manager |
| 5 | Create a Trusted Appliance Cluster (TAC) on the DSG | DSG | Create a TAC on DSG |
| 6 | Update the host details of ESA on DSG. If the DNS and name server is properply configured then this step is optional. | DSG | Updating the host details |
| 7 | Create a Trusted Appliance Cluster (TAC) on the ESA | ESA | Create a TAC on ESA |
| 8 | Update the host details of DSG on ESA. If the DNS and name server is properply configured then this step is optional. | ESA | Updating the host details |
| 9 | Note the FQDN or the IP address of the ESA node. | ESA | Ascertaining the host address in the ESA server certificate |
| 10 | Set ESA communication between the DSGs and ESA. | DSG | Set communication |
| 11 | Note the FQDN or the IP address of the DSG node. | DSG | Ascertaining the host address in the DSG server certificate |
| 12 | Apply the DSG v3.3.0.0 patch (ESA_PAP-ALL-64_x86-64_10.0.1.xxxx-DSGUP.pty) on the ESA v10.0.x. Before applying a patch on the ESA, it is recommended to take a full OS backup from the ESA Web UI. For more information about taking a full OS backup from the ESA Web UI, refer Backing up the Appliance OS. | ESA | Installing the DSG patch on ESA |
| 13 | Optional: Add the additional DSG nodes to the existing Trusted Appliance Cluster through the Cluster tab. | DSG | Adding additional DSG node |
| 14 | Optional: Add the other ESA nodes to the existing Trusted Appliance Cluster from the TAC screen. | ESA | Adding additional ESA node |
| 15 | Perform the post-installation steps. | ESA | Post Installation Steps |
| 16 | Enable Scheduled Tasks on Insight | ESA | Enabling Scheduled Tasks on Insight |
| 17 | Configure the DSG to forward the logs to Insight on the ESA. | DSG | Forwarding Logs to Insight |
Feedback
Was this page helpful?