Deploy the POP using the following steps:
- Download the POP deployment package.
- Deploy the required infrastructure through the prerequisite CloudFormation Template (CFT).
- Deploy the CWPP POP.
Once the POP is successfully deployed, the POP details and its health status are reported on the POP Management page.
Step 1: Download the POP Deployment Package
Use the following steps to download the POP deployment package:
- Log in to MVISION Cloud.
- Go to Setting > Service Management, select the Amazon Web Services instance, and choose the registered AWS Account.
- In the Overview section, click Deploy New POP.
- Click Download Deployment package.
The downloaded POP Deployment package contains the installation files to deploy the POP, and the required artifacts for the POP to communicate with MVISION Cloud. The package is valid for 7 days after it is downloaded from MVISION Cloud.
Step 2: Create a CloudFormation Template
We recommend that you deploy a POP in a dedicated secure Virtual Private Cloud (VPC). The secure VPC is created as part of the prerequisite CloudFormation Template (CFT), included as part of the POP deployment package. But first, you must deploy the prerequisite infrastructure using the CFT.
To create a CFT:
- Extract the downloaded POP Deployment Package, go to Infrastructure > aws, and locate the file aws_preReq.json. This is the CFT that deploys the prerequisite infrastructure.
- In the AWS console, go to CloudFormation and select the region where you want to deploy the POP.
- Go to CloudFormation > Create Stack > With new resources (Standard) > Template is ready > Upload a template file. Select the file aws_preReq.json.
- Enter the required fields:
- Stack name. The stack name for the prerequisite deployment.
- NumberofAZs. The number of Availability zones that must be configured in the region.
- PrivateSubnets. Select true.
- PoPName. Specify the name for the POP that you need to create. This is limited to 20 characters.
- Click Next and confirm to launch the CloudFormation resource.
- To create the stack, you may need an additional IAM Role. In the final tab, click check the flag I acknowledge that AWS CloudFormation might create IAM resources and click Create stack.
This creates the prerequisite infrastructure in your AWS account. It generally takes about 4 minutes.
Once the CFT is started, the resources are created. Review them in the Outputs tab. Note the values for PoPName, PrivateSubnet, PublicSubnet, VPC, cwppRole, and cwppSecurityGroup. These are the resources created as part of the prerequisites, required for the POP deployment.
Step 3: Deploy the POP
IMPORTANT: Before continuing, make sure the following prerequisites are in place.
- You have selected the correct region where you want to deploy the POP.
- You have the Key Pairs required to create the AWS instance and connect to them. To create key pairs, in the AWS console, go to EC2 Resources > Key Pairs.
To deploy the POP:
- Extract the POP Deployment Package and copy PoPDeployment.tar to an AWS S3 location.
- Log in to the AWS console and switch to the Region where the POP needs to be deployed.
- Go to Create Stack > With new resources (Standard) > Template is ready > Upload a template file. In the POP deployment package, go to Infrastructure > aws and select the file aws_cft.json.
- Enter the required fields:
- Stack name. The stack name for the POP deployment.
- AutoScalingSubnetList. A comma-separated list of PrivateSubnet(s) value from prerequisite outputs.
- DesiredSecondaryNodeCapacity. The number of secondary nodes for the POP.
- IAMRole. The cwppRole value from prerequisite outputs.
- ImageId. Ubuntu 18.04 AMI ID in the deployment region. In the IAM console, in the AMI list, search for ubuntu/images/hvm-ssd/ubuntu-bionic-18.04-amd64-server-20201026.
- InstanceType. Select the instance type.
- KeyName. The name of the KeyPair to launch and connect to the instance.
- PoPName. The PoPName value from the prerequisite outputs.
- S3Path. The AWS S3 Path where PoPDeployment.tar is uploaded.
- SecurityGroupIDs. The cwppSecurityGroup value from the prerequisite outputs.
- SubnetId. The PrivateSubnet value from prerequisite outputs. Specify the subnet where the VPC Endpoint must be created. Not all Availability Zones may be supported for the service based on the network topology. For more details, refer to AWS documentation, Interface VPC endpoints (AWS PrivateLink).
- Click Next and launch the CloudFormation.
After launching the CloudFormation, takes about 20 minutes to deploy the POP. You can check the deployment status in the CloudFormation stack console in AWS.
After the POP Deployment, the POP deployed in your account updates the status to MVISION Cloud, and you can check the POP details in the POP Management page.