AMI deployment guide

What you need to know about Scrutinizer AMI

The latest Scrutinizer AMI can be obtained from Plixer or your local reseller. Please contact support if you do not already have the Scrutinizer AMI. You will need to know your AWS Region and your AWS account ID so the AMI link can be shared with you.

  • Scrutinizer will deploy with a 30-day evaluation key. After that period, Scrutinizer will go into free mode and you will need to apply a valid license key to restore full functionality.
  • Contact Plixer technical support to discuss the recommended instance type for production environments. Choose c4.2xlarge if the expected flow rate is under 10,000 flows per second.
  • Decide on the VPC and security group rules that fit the needs of your organization. You will need to specify these in the deployment process.
  • Deploy AMIs with two NICs and use the secondary NIC as the collection point. AWS does not let you release the primary private IP address of an instance unless you terminate the instance itself.
  • The default size of the root partition size is 100GB. This should be left unchanged. If you need more disk space, you will need to add another disk. With the default of 100GB of disk space, you can store up to 1 month of NetFlow v5 data from 25 devices at 1,500 flows per second.
  • Do not lose the SSH key that you will be asked to create in the deployment process. This key is the only way to access the server via SSH.

Pre-deployment checklist

Please provide a technical support engineer with the following information:

  • Amazon account number;
  • Region you are planning to deploy an instance in;
  • Expected flow rate.

Deploying AMI

  1. Open the Amazon AWS console. From the console navigation bar, select the region that you instructed Plixer’s Support to place the AMI in. Navigate to the EC2 Dashboard. Click the Launch Instance button.
images/chapter10/1.png
  1. In the navigation pane, click My AMIs to display the list of AMIs available to you in the region. Make sure to check the Shared with me checkbox. Select the Scrutinizer AMI from the list.
images/chapter10/2.png
  1. Choose c4.2xlarge for an Instance Type if the expected flow rate is under 10,000 flows per second. Contact Plixer technical support to review the recommended instance types for the production environments with higher flow rates.
  2. Navigate to the Configure Instance Details section. Set the Shutdown Behavior to Stop and enable Termination Protection.
  3. Select the Network and Subnet you would like to assign to the instance from the drop-down menus. Then assign the IP addresses to the AMI.

Important

It is highly recommended to deploy AMIs with two NICs and use the secondary NIC as the collection point. AWS does not let you release the primary private IP address of an instance unless you terminate the instance itself.

  1. In the Add Storage section, the Root Volume should not be increased. The partition /dev/zvda/ should be set to 100GB. Add an another disk if you need more space. Please see the Adding storage to AMI section or contact Plixer support if you need to add more storage.

Hint

Make sure the Delete on Termination box is checked.

images/chapter10/3.png
  1. [Optional] We recommend using Tags to categorize your AWS resources, for example, by purpose, owner, or environment. Each tag consists of a key and an optional value, both of which you define. Using a consistent set of tag keys makes it easier for you to manage your resources. You can search and filter the resources based on the tags you add.
  2. Create a new Security Group or assign the instance to an existing group. A security group is a set of firewall rules that control the traffic for your instance. You can add rules to allow specific traffic to reach your instance. For example, if you want to set up a web server and allow internet traffic to reach your instance, add rules that allow unrestricted access to the HTTP and HTTPS ports.
images/chapter10/4.png
  1. Navigate to the Review Launch section. Verify your instance launch details. You can go back to edit changes for each section. Click Launch to assign a key pair to your instance and complete the launch process.
  2. Once it is launched, you can SSH into the server as the ec2-user. Then you can run the sudo su command to become root.
ssh -i /PATH/TO/KEY/KEY.pem [email protected]

Accessing Scrutinizer user interface

To access the application via a web browser, use its primary private or public IP address. After accepting the user agreement, log in as an admin user. The default password is the AMI instance ID.

For example, the instance below can be accessed by using the following URL: https://172.18.1.11 with the username admin and password i-07d159db2cd771515:

images/chapter10/7.png

Important

The default user interface login credentials are user: admin and password: the instance ID of your AMI instance.

Changing passwords

After deploying your new Scrutinizer instance, we recommend changing the user interface login credentials to meet your own security requirements.

  1. Navigate to the Admin tab within Scrutinizer’s web console.
  2. Click on the admin user.
  3. Enter your desired password and click the Save button.

In some environments, additional security measures are placed onto passwords for all applications. If your environment requires a more complex password for Scrutinizer accounts, Plixer has a password complexity setting you can enable for Scrutinizer.

Navigate to Admin > Settings > System Preferences and check Enforce Password Complexity.

When checked, creating new users’ passwords will require:

  • length of at least 8 characters;
  • one capital letter;
  • one number;
  • one special character.

Adding storage to AMI

  1. Get the correct availability zone for the instance you will be adding the disk space to from the Availability Zone column on the Instance page.
  2. Navigate to the Volumes page and click on the Create Volume button in the top left. On the Create Volume page, create the new volume with the desired size and in the correct Availability Zone.

Important

ALWAYS choose GP2 General Purpose SSD.

  1. Right-click on the new volume and select Attach Volume. Start entering the name of the instance and select it from the drop-down menu. Once you have the instance selected, you will need to change the name of the volume to “dev/xvdb”. Click Attach when finished.
images/chapter10/5.png
  1. To configure the OS, SSH into the instance. Make sure the new volume was attached. Run the sudo fdisk -l command to find the new volume.
  2. Launch the scrut_util interactive prompt and run the set partitions /dev/xvdb command to add the new disk.
SCRUTINIZER> set partitions /dev/xvdb
  1. Run the ‘show diskspace’ command to check that the space was added and /var/db is now its own mount point.
SCRUTINIZER> show diskspace

Hint

If you are adding more than one new drive to a single AWS instance, you will need to run the set partitions command for each drive.

How to add resources to a Scrutinizer AMI

As needs change, an instance can become overutilized. If this is the case, the size can be modified. For example, if an instance named t2.micro is resource-strapped, it can be changed to an m3.medium instance. When an instance is resized, an instance type that is compatible with the configuration of the instance must be selected. If the instance type is not compatible with the instance configuration, the application must be migrated to a new instance.

  1. SSH into the instance.
  2. Stop all the services using the interactive Scrutinizer utility:
[ec2-user\@supportami ~]$ sudo su
[root\@supportami ec2-user]# cd /home/plixer/scrutinizer/bin/
[root\@supportami bin]# ./scrut_util.exe


SCRUTINIZER> services all stop
  1. Power off the operating system:
[root\@supportami bin]# shutdown -h now
  1. Open the Amazon EC2 console. In the navigation pane, choose Instances, then select the instance.

[EC2-Classic] If the instance has an associated Elastic IP address, write down the Elastic IP address and the instance ID shown in the details pane.

  1. Choose Actions> Instance State> Stop

    ../_images/6.png

In the confirmation dialog box, choose Yes, Stop. It can take a few minutes for the instance to stop.

[EC2-Classic] When the instance state becomes stopped, the Elastic IP, Public DNS (IPv4), Private DNS, and Private IPs fields in the details pane are blank to indicate that the old values are no longer associated with the instance.

  1. With the instance still selected, choose Actions> Instance Settings, then click Change Instance Type. Note that this action is disabled if the instance state is not stopped.
  2. From Instance Type, select the instance type desired. If the desired instance type does not appear in the list, then it is not compatible with the configuration of the instance (for example, because of virtualization type).
  3. To restart the stopped instance, select the instance, choose Actions> Instance State, then Start.

In the confirmation dialog box, choose Yes, Start. It can take a few minutes for the instance to enter the running state.

[EC2-Classic] When the instance state is running, the Public DNS (IPv4), Private DNS, and Private IPs fields in the details pane contain the new values that we assigned to the instance. If an instance had an associated Elastic IP address, it must be reassociated as follows:

In the navigation pane, choose Elastic IPs. Select the Elastic IP address that was written down in the previous step before the instance was stopped. Choose Actions> Associate address. From Instance, select the instance ID that was written down before the instance was stopped, then click on the Associate button.

  1. SSH into the instance and use the interactive utility to retune:
SCRUTINIZER> set tuning