It allows you to install drivers, update windows configurations and modify system settings without needing to open a remote desktop application and using the windows desktop GUI to make the changes. First is port 5985, this is the port that is used by Microsoft Windows Remote Management this is a way of managing the server remotely from the PowerShell command line. There are 2 final ports that you should consider opening. All user traffic should be coming over HTTPS with SSL activated usually terminating at the ALB in the public subnet. The public security group will allow access from port 443 for HTTPS traffic. This arrangement funnels any access to the server from the public subnet, meaning port scanning wont find any open ports on the server and minimise the chances of getting access to the Alteryx Server host without permission. One for the public subnet which will allow for external access, the other for the private subnet which only allows access from the public subnet. Once you have your environmental created you will need to create 2 security groups. How they get deployed will be talked about a bit later. When we start deploying the EC2 instances they will be placed in the private subnets. For the private subnet, it allows for a more robust future scaling pathway. In the public subnet this is because the load balancer (ALB) requires at least two Availability Zones. Inside each subnet you need access to multiple availability zones. To allow the missing internet access we also need a public subnet with an internet gateway attached ( IGW documentation). This is because we want to protect the Alteryx host from the outside world in a private subnet (which has no direct internet access). When building out the network environment we need two subnets, one public and one private. The components that make up our networking stack are built around an Alteryx Virtual Private Cloud (VPC), a public subnet and a private subnet What Subnets are needed and what Availability Zones should you have? When you architect this system the challenge is you face is how to answer each of these requirements while minimising the possible attacks on the server. The real question we need to answer is what other parts are needed in the AWS setup? How many subnets do you need? Should the subnets be public with an internet gateway? How will you access the instance for maintenance? What we normally recommend is a m5.2xlarge with 8vCPUs (for a standard Alteryx 4 core licence) and 32 GB Memory. If you pick an instance with the right number of cores for your licence (remembering that Alteryx licensing treats 1 vCPU as 0.5 cores) and enough RAM (generally 32gb to get started). When designing an AWS environment for your Alteryx Server choosing the EC2 instance size is the easy part. Finally, an Application Load Balancer should be used to direct external traffic and provide the SSL management. Multiple Security Groups should be used to manage server access to all the resources. To build a secure AWS environment, you want a public and private subnet to deploy the compute resources into. This isn’t an issue, you just have to take a few additional steps when designing your AWS resources for the Alteryx Server to minimise the security risks. The problem is that if you treat EC2 just like a Virtual Machine provided by your IT team, you don’t get any of the security that they would normally deploy. Deploying your Alteryx server onto EC2 on AWS is a great way to get your server up and running fast.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |