(408) 800-2536 support@dasera.com

Welcome to Dasera's Knowledge Base

You will find your answers here!

    Sorry, we didn't find any relevant articles for you.

    Send us your queries using the form below and we will get back to you with a solution.

    Installing Dasera manually on AWS

    Table of Contents

    Overview Find the Shared AMI Choose an Instance Type Configure Launch Role Configure Instance Details Add Storage Add Tags Configure Security Groups Review Instance Launch Configure Proxy Settings

    Overview

    The instructions below are for launching the Dasera AMI in your own AWS VPC. To obtain a trial AMI, please contact sales@dasera.com. Dasera will need an AWS account number in order to share the AMI.

    Find the Shared AMI

    1. Open the Amazon EC2 console at https://console.aws.amazon.com/ec2/.
    2. In the navigation pane, choose AMIs under Images.
    3. To the left of the search box, click on the pull-down next to “Owned by me” and select Private images.
    4. All AMIs that have been shared with your account will be listed below. Locate Dasera on the page. If there are too many private AMIs, type in “Dasera” into the search bar to refine the list of private AMIs.
    5. Click on the check box to the left of “Dasera Release X.X.X”, and click on the blue “Launch” button above the search box.  Dasera will then launch.

    Choose an Instance Type

    Choose the instance size you require (unless stated otherwise, we recommend at least an m5.2xlarge), then click Next: Configure Instance Details.

    Please DO NOT click the blue Review and Launch button yet, as there are configurations needed on later screens.

    Configure Launch Role

    If you plan on using an assume role-based approach for authorizing connections between Dasera and your AWS infrastructure, follow these steps to configure the AWS IAM role used when launching Dasera instance.  Otherwise, you can skip ahead to the next step.

    1. Log into the AWS IAM Console
    2. Create a new IAM Role
    3. Using the on-screen wizard, configure the following values:
      1. Name: DaseraLaunchRole
    4. Save your new IAM Role
    5. Within EC2, select your Dasera instance, then navigate to Actions > Security > Modify IAM Role
    6. In the IAM Role field, select "DaseraLaunchRole"
    7. Click the Save button

    For now, IAM setups are complete.  Eventually, you'll define the IAM Role used by Dasera to connect to your AWS infrastructure, including the necessary trust relationship (as defined in Setup Needed to Onboard AWS Accounts).  Otherwise, if you plan to use an access key for authorization between Dasera and your AWS account, you can skip ahead to the next step.

    Configure Instance Details

    When configuring the instance details, change the default settings for the following parameters:

    • Network – Choose a VPC with a subnet in the same Availability Zone as the Redshift cluster(s) you want Dasera to monitor. An Availability Zone is Amazon’s terminology for a physical data center, and you want Dasera running in the same data center as your Redshift cluster(s). If you have Redshift clusters in different availability zones, you must launch a separate Dasera instance in each availability zone. See below to determine which Availability Zone  your Redshift cluster is in.
    • Auto-assign Public IP –  "Enable" is recommended but not required.  If a public IP address isn't enabled, Dasera users must have some other way (e.g., VPN) to access the Dasera instance.
    • IAM role –  select "DaseraLaunchRole" if configured above; otherwise, leave this blank
    • Select the IAM role that you created for the Dasera instance (see Step 4 below)
    • Enable termination protection –  Check this box.
    • Monitoring –  Check this box if you want to use CloudWatch to monitor Dasera.

    If you don’t know the VPC of your Redshift cluster, follow these quick steps:

    • Open a new tab.
    • Go to your AWS management console.
    • Type “Redshift” in the Find Services field.
    • Click on Clusters in the left nav.
    • Click on a cluster that you will want Dasera to scan.
    • In the top nav under the Cluster name, click on Properties.
    • Scroll down to “Network and security”.  Find “VPC”.

    Important Note: Please leave all other options as default.  Specifically, we strongly recommend keeping Shutdown behavior as "Stop."  Stop will prevent Dasera data stored on EBS volumes from being deleted, should you reinstall Dasera later.

    Add Storage

    • We recommend an EBS volume size of at least 40 GB for your Dasera EC2 instance.  However, EBS volume may vary based on both your query volume and your data retention needs.  Please check with your Dasera Customer Success Manager if a different EBS volume is recommended.
    • Keep all other defaults.
    • Dasera stores data on its own local database. If you would like this data to be encrypted at rest, select the KMS Key Alias/Key ID you would like to use to encrypt the EBS volume associated with the Dasera instance.
    • Click Next: Add Tags at the bottom of the page.

    Add Tags

    • Add any instance tags you require.
    • Click Next: Configure Security Group.

    Configure Security Groups

    • A security group should be created with the minimum set of ports. If required, name and adjust the security group according to your security requirements.
    • The default recommended security group uses SSH (port 22), and HTTP (port 80) for access to the instance. The range of allowed IPs should be tailored to your needs.
    • Click Review and Launch.

    Recommendation:  Putting Dasera into the same security group your Redshift clusters are in is an easy way to avoid connection problems.  Note, however, that the security group must  allow  HTTP on port 80. We also recommend including SSH port 22 so you can have SSH access to the machine.If you don’t know the security group of your Redshift cluster, follow these quick steps:

    • Open a new tab.
    • Go to your AWS management console.
    • Type “Redshift” in the Find Services field.
    • Click on Clusters in the left nav.
    • Click on a cluster that you will want Dasera to scan.
    • In the top nav under the Cluster name, click on Properties.
    • Scroll down to “Network and security”.  Find “VPC security group”

    Review Instance Launch

    You’re now ready to launch your Dasera AMI. Hit the blue Launch Instance button at the bottom-right corner.

    AWS will ask you to “Select an existing key pair or create a new key pair”.  This is for SSH access to the Dasera EC2 instance. You can choose an existing key pair, create a new key pair, or proceed without a key pair.

    Wait a few minutes until the Dasera instance is launched, you can then access Dasera by entering the hostname or IP of the instance into a web browser.  

    Configure Proxy Settings

    If your VPC and subnet has no public IP and/or routes traffic through a proxy, SSH into the instance.

    Run:

    discovery stop

    to stop the Dasera application. Then, add the following lines to  .bashrc (replacing with your own proxy address).

    export HTTP_PROXY=12.34.56.78:9000 export HTTPS_PROXY=12.34.56.78:9000

    Finally, restart the Dasera instance:

    discovery start

    Congratulations!  Your Dasera instance has now been launched.  The launch process may take a few minutes.

    Was this article helpful?

    Still can't find what you are looking for?

    Contact Support