Hi Everyone, We have something new and shiny for you to play with; Amazon Machine Images of our Astaro Security Gateway and Astaro Command Center! Want to skip the reading? If you are already a seasoned Amazon user, just go to the Community AMI's tab when launching an instance and search for "ASG" or ACC_3.0 - you will find both X64 (for bigger instances) and X32 (for smaller ones) depending on what you need. We will update the AMI's with new versions as they are released. For everyone else: A quick background - Amazon's Elastic Computing Cloud (EC2) is basically THE cloud. Others are trying to be "like" them, but for GUI, Power, and Pricing, they are still the ones to beat. As a result, we have decided to take advantage of the flexibility our Software ISO's offer and build custom AMI images which run inside that powerful cloud of theirs. Now, if you haven't yet used Amazons EC2 or the Amazon Web Services in general (AWS), don't be scared; its really easy, and takes just a minute. They just have a lot of acronyms for their various products [[[[:)]]]] They do a LOT, and have lots of products, we will focus on the EC2 here, and while I'd love to do a multi-page guide that educates you on all facets, you should probably just check it out. You can get an AWS account here: Amazon Web Services Once you have an account (free, just need some billing info so they can charge you if you use paid things), you can fire up an EC2 'machine' and setup an ASG. I'll quickly walk you through how to do this. Now the best news, is that these instances CAN run in a Micro instance, which are free for a year (with some reasonable usage limits) , and make great on-demand demo boxes, testing boxes, and even handy for connecting a RED to in order to show what RED + a hosted ASG can deliver (think of THAT business idea [[[[:)]]]]). With only ~600MB of memory, for real production boxes you will want a "Small' instance with 1.7GB of memory and some bigger specs. Some manual steps to launch an AMI ASG for beginners. *Update Jan - 2012* - Added screenshotted guide, see attachement. [[[[:)]]]] [LIST=1] Select the EC2 "tab" of the mgmt console. *Note which "region" you are using via the drop-down on the left, this will set where your machine "lives" I use US West N. California myself. Some images will not be available in some regions, just pick another if you find the AMI missing from your desired region. EU-west, US-west/east, AP-NE/SE all have them . Hit the 'launch instance' button Select the 'community AMI's' tab. Search for ASG_8.202 and select the 32-bit one. At the resulting screen, leave instance-type as "micro" and don't change anything else (unless you know what your doing there). click continue. At this "advanced instance options screen" again change nothing and hit continue. At this "keywords" screen, leave name and put ASG as the value if you want, this really is only useful if you have lots of AMI's, helps you to search them later. Continue. At the key pair screen, proceed without a key pair, you'll login to it with ASG's mechanisms anyways. Now, amazon protects their AMI's with a configurable port-based firewall. As ASG is a firewall, you can choose open a few ports in amazons, or fully open it and let ASG do it (which is what I do). [LIST=1] to make an "open" policy pick 'new security group', name it 'open' and put a comment like 'allow all ports' Add two rules, one for 'all TCP' and one for 'all UDP' leaving sources at 0.0.0.0/0 click continue [/LIST] You are done! Now you can launch your instance, it will just take a moment to bring up. Once its running, you can access it via the "public" hostname amazon gives you, like ec2-99-298-94-232.us-west-1.compute.amazonaws.com just use HTTPS and port 4444 to get to WebAdmin as normal. As their public hostnames are quite a mouthful to remember, you can always use your personal DNS service to make CNAME records that point to theirs, like "amazonasg.mycompany.com" for example. [/LIST] Important Notes about AMI ASG's: There is only one interface, you can relay off it, VPN to it, use it for demos, filter through it with creative proxy or mail settings, and basically use it as you see fit. Be careful, especially using proxies, don't use source network "any" or things like that, (as usual) or you'll quickly be a relay point. You cannot change or edit the Network interface, it would break the AMI, and adding new interfaces for this type of ASG doesn't make sense. Later in the year we will have full support for their Virtual Private cloud which is where you host servers and other things with them, and much more will be possible with Amazon and ASG. If you use NON-micro instances, say a medium one with 1.7 GB of memory, you can roughly expect a cost of around 17 cents per hour. Amazon's billing is their own, and very detailed, however they are not in any way associated or partnered with Astaro revenue-wise . We just gave you the platform support. IF you fire up a massive instance costing 1000's of dollars/month, add-on additional IPs or their other paid-for options, don't hit us up here with sticker-shock[[[[:)]]]] If you have questions, ask them here and someone may offer help! Enjoy playing with it, its pretty cool and has some ingenious business applications for the technically creative.

This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Announcing Technical Preview of Amazon AMI's for ASG/ACC

Hi Everyone,

We have something new and shiny for you to play with; Amazon Machine Images of our Astaro Security Gateway and Astaro Command Center! Want to skip the reading? If you are already a seasoned Amazon user, just go to the Community AMI's tab when launching an instance and search for "ASG" or ACC_3.0 - you will find both X64 (for bigger instances) and X32 (for smaller ones) depending on what you need. We will update the AMI's with new versions as they are released.

For everyone else:
A quick background - Amazon's Elastic Computing Cloud (EC2) is basically THE cloud. Others are trying to be "like" them, but for GUI, Power, and Pricing, they are still the ones to beat. As a result, we have decided to take advantage of the flexibility our Software ISO's offer and build custom AMI images which run inside that powerful cloud of theirs.

Now, if you haven't yet used Amazons EC2 or the Amazon Web Services in general (AWS), don't be scared; its really easy, and takes just a minute. They just have a lot of acronyms for their various products [[[[:)]]]] They do a LOT, and have lots of products, we will focus on the EC2 here, and while I'd love to do a multi-page guide that educates you on all facets, you should probably just check it out.
You can get an AWS account here: Amazon Web Services
Once you have an account (free, just need some billing info so they can charge you if you use paid things), you can fire up an EC2 'machine' and setup an ASG. I'll quickly walk you through how to do this.

Now the best news, is that these instances CAN run in a Micro instance, which are free for a year (with some reasonable usage limits), and make great on-demand demo boxes, testing boxes, and even handy for connecting a RED to in order to show what RED + a hosted ASG can deliver (think of THAT business idea [[[[:)]]]]). With only ~600MB of memory, for real production boxes you will want a "Small' instance with 1.7GB of memory and some bigger specs.

Some manual steps to launch an AMI ASG for beginners.
*Update Jan - 2012* - Added screenshotted guide, see attachement. [[[[:)]]]]

[LIST=1]

Select the EC2 "tab" of the mgmt console.
*Note which "region" you are using via the drop-down on the left, this will set where your machine "lives" I use US West N. California myself. Some images will not be available in some regions, just pick another if you find the AMI missing from your desired region. EU-west, US-west/east, AP-NE/SE all have them.
Hit the 'launch instance' button
Select the 'community AMI's' tab.
Search for ASG_8.202 and select the 32-bit one.
At the resulting screen, leave instance-type as "micro" and don't change anything else (unless you know what your doing there). click continue.
At this "advanced instance options screen" again change nothing and hit continue.
At this "keywords" screen, leave name and put ASG as the value if you want, this really is only useful if you have lots of AMI's, helps you to search them later. Continue.
At the key pair screen, proceed without a key pair, you'll login to it with ASG's mechanisms anyways.
Now, amazon protects their AMI's with a configurable port-based firewall. As ASG is a firewall, you can choose open a few ports in amazons, or fully open it and let ASG do it (which is what I do).
[LIST=1]
to make an "open" policy pick 'new security group', name it 'open' and put a comment like 'allow all ports'
Add two rules, one for 'all TCP' and one for 'all UDP' leaving sources at 0.0.0.0/0
click continue

[/LIST]

You are done! Now you can launch your instance, it will just take a moment to bring up. Once its running, you can access it via the "public" hostname amazon gives you, like ec2-99-298-94-232.us-west-1.compute.amazonaws.com just use HTTPS and port 4444 to get to WebAdmin as normal. As their public hostnames are quite a mouthful to remember, you can always use your personal DNS service to make CNAME records that point to theirs, like "amazonasg.mycompany.com" for example.

[/LIST]
Important Notes about AMI ASG's:

There is only one interface, you can relay off it, VPN to it, use it for demos, filter through it with creative proxy or mail settings, and basically use it as you see fit.
Be careful, especially using proxies, don't use source network "any" or things like that, (as usual) or you'll quickly be a relay point.
You cannot change or edit the Network interface, it would break the AMI, and adding new interfaces for this type of ASG doesn't make sense.
Later in the year we will have full support for their Virtual Private cloud which is where you host servers and other things with them, and much more will be possible with Amazon and ASG.
If you use NON-micro instances, say a medium one with 1.7 GB of memory, you can roughly expect a cost of around 17 cents per hour. Amazon's billing is their own, and very detailed, however they are not in any way associated or partnered with Astaro revenue-wise. We just gave you the platform support. IF you fire up a massive instance costing 1000's of dollars/month, add-on additional IPs or their other paid-for options, don't hit us up here with sticker-shock[[[[:)]]]]
If you have questions, ask them here and someone may offer help!

Enjoy playing with it, its pretty cool and has some ingenious business applications for the technically creative.

This thread was automatically locked due to age.

Amazon ASG EC2 Getting Started.zip

Parents

0 BAlfson over 14 years ago

If you look at the logfile as suggested, you'll likely see "60004". Check out https://support.astaro.com/support/index.php/Packetfilter_logfiles.

Cheers - Bob

Sophos UTM Community Moderator
Sophos Certified Architect - UTM
Sophos Certified Engineer - XG
Gold Solution Partner since 2005

MediaSoft, Inc. USA
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 BAlfson over 14 years ago

If you look at the logfile as suggested, you'll likely see "60004". Check out https://support.astaro.com/support/index.php/Packetfilter_logfiles.

Cheers - Bob

Sophos UTM Community Moderator
Sophos Certified Architect - UTM
Sophos Certified Engineer - XG
Gold Solution Partner since 2005

MediaSoft, Inc. USA
Cancel
Vote Up 0 Vote Down

Cancel

Children

No Data