search

Deploying the AMI

Deploy the AWS Brain AMI using CloudFormation or AWS Marketplace.

hashtag
Deploying the AMI

  • Please await confirmation from Vectra that your AWS account has been whitelisted if you are not deploying from the marketplace.

    • You will receive the latest AWS CloudFormation template (CFT) as part of that confirmation.

  • Using the AWS CloudFormation service deploy the template.

    • Click the Create stack button and select the With new resources (standard) option.

    • You may use JSON or YAML format for the template.

During this process you will be asked to fill in the following fields:

  • Stack name - The Stack name can contain letters, numbers and dashes only and cannot conflict with any other existing stacks.

    • Fill out a Stack name.

  • amID – this is the actual ID of the AMI that will be launched by the template.

    • This is built into the template and can be left as a default value of AWS::NoValue.

  • backupBrainToken – This is used only if this is going be a backup Brain used for Brain to Brain backup.

  • baseName - This should be a value related to the Stack name.

    • The base name will be prepended to all objects created with the template.

    • Enter a baseName like CompanyXYZ-.

  • instanceType - Currently there are 4 options – r5d.2xlarge, r5d.4xlarge, r5d.8xlarge, and r5.16xlarge.

    • The r5d.2xlarge is rated for up to 15 sensors, 2 Gbps of network bandwidth and 50k IPs.

    • The r5d.4xlarge is rated for up to 25 sensors, 5 Gbps of network bandwidth and 50k IPs.

    • The r5d.8xlarge is rated for up to 100 sensors, 15 Gbps of network bandwidth and 150k IPs.

    • The r5.16xlarge is rather for up to 500 sensors, 50 Gbps of network bandwidth and 500k IPs.

  • mgtPrivateIP - If you choose the default value of AWS::NoValue your Brain will get a DHCP IP address that will change each time the server is restarted.

    • It is recommended to use a static assignment.

  • mgtSecurityGroup – The template will create an empty security group.

    • You may change it to a group you want to use now, or soon after deployment.

  • mgtSubnet- This is the subnet that will be assigned to the Brain’s AWS ENI (Elastic Network Adaptor).

  • mgtVpc - This is the Amazon VPC that contains the subnet from above.

    • Select the proper subnet on the pulldown.

circle-exclamation

Please make sure that the Amazon VPC you select contains the subnet from the mgtSubnet pulldown, otherwise the deployment will fail

  • provisioningToken – This is required for deployments outside of the AWS Marketplace.

    • A provisioning token allows the Brain to register with Vectra for service integrity checks and subsequent updates.

    • This should have been provided to you by Vectra prior to attempting deployment.

  • publicIP - If you would like to run your Brain in a public subnet with an EIP you can set that EIP here.

    • You can also choose to associate an Elastic IP after deployment.

  • sshKey – You should have created an Amazon EC2 key pair that you would like to use for this AMI previously

    • Select your key pair

    • This private key will need to be used during SSH login to the CLI of the Brain as the vectra user

  • Tenancy - Select default

  • Then click Next – An example dialog is below:

  • All fields on the above page are optional.

    • You may wish to configure tags as an example.

  • Click Next.

  • Verify all settings and click Create stack.

  • Once the security group stack creation is complete, you can edit the Amazon EC2 security group if it was not previously selected.

    • You can easily reach this Amazon EC2 security group from the Resources tab of the completed Stack.

    • If you have already closed this, you can go to the Amazon EC2 service, right click on the instance from the list, select Networking, and edit the Amazon EC2 security group to add the required rules.

  • Once your point of management has reachability to the Brain IP, you can browse to its IP or hostname using HTTPS.

hashtag
Completing the Brain Deployment

Once you bypass a warning for the self-signed certificate that is created by default on the Brain, you will be presented with information relaying the status of the Brain’s progress as it continues through the deployment process. It will proceed through the following stages:

  • Authenticating and verifying the file system of the virtual Brain appliance.

  • Rebooting.

  • Decryption of the file system.

  • Connecting to the Vectra provisioning server and provisioning.

Example screenshots:

If a proxy is required to access Vectra in your AWS environment, this can be configured during this time by clicking on the Set Proxy Configuration link on any of these status screens.

circle-info

Please Note:

  • This proxy configuration screen is only used to communicate with Vectra’s provisioning server and must utilize an HTTPS proxy. HTTP only proxies are not supported for this use.

  • Other proxy configuration in the main Vectra UI after deployment accepts HTTP proxies and is used by non-provisioning related services and integrations.

    • Configuration → COVERAGE → Data Sources > Network > Brain Setup > Proxy & Status

circle-info

Please Note:

If you are doing a Respond UX deployment and require a proxy for non-provisioning related services and integrations (this includes linking to Vectra’s cloud for use with the Respond UX), you should configure that proxy at the CLI of your Brain AFTER you progress through this initial configuration and get to the Success! message at the end of this section. Please see the Respond UX Deployment Guide in the Deployment > Proxy Support section for more detail.

Once complete, you will see the following:

Clicking on the blue Login button will take you to the login page of the Brain (Quadrant UX). If you are doing a Respond UX deployment, you should NOT login to the local GUI (which is the Quadrant UX) before linking your Brain with Vectra. Once linked with Vectra per the Respond UX Deployment Guide, your Brain will no longer show a Quadrant UX login screen when you browse to its IP or hostname and it will instead show a page the instructs you to login to the Respond UX in Vectra’s cloud or a status page.

circle-exclamation

Please Note:

The Brain may require several updates to become current with Vectra’s latest generally available version.

  • Please do not power off the Brain during the initial AWS deployment prior to login or during the updating process as the Brain becomes current.

  • If powered off during initial deployment the Brain may become unresponsive and require redeployment.

  • During this time the UI may become unresponsive, or you may be disconnected but it is safe to configure platform settings.

  • Periodically, the Brain image is updated and when deploying a new Brain, always check with Vectra for the latest base image available for your deployment.

hashtag
50 Gbps Brain Storage Throughput Modification

The 50Gbps brain uses a faster EBS drive (storage) than our other Brains for the root drive. All but one necessary setting will be set automatically by the deployment template. The other setting, Throughput, will need to be set manually in the AWS management console. This only needs to be done once per deployment. The instance will remember the settings once set.

Here is the value that needs to be set for the Brain:

  • Drives: /dev/sda1

  • Throughput: 300 Mb/s

This value can be modified immediately after finishing the CloudFormation template deployment has completed and the Brain is building and provisioning with Vectra. This modification can be done at any time and as per the deployment guidance above, you should not power off the Brain during the initial deployment process. The modification does not require a reboot.

To modify the value, please perform the following steps:

  • Open the instance summary page for your Brain instance and select the Storage tab:

  • Select the entry for the /dev/sda1 device:

  • After selecting the entry, click on the Volume ID:

  • On the Details page for the volume, click Modify in the top right:

  • Change the Throughput value to 300.

    • No other values need validation or modification.

    • This can be done with the Brain running as per the earlier guidance.

      • If done while the instance is stopped, it will typically take around 5 minutes to complete.

      • If done while the Brain is running, it will typically take 10-30 minutes.

      • The AWS UI will give a status of migrating (%) until it is finished.

    • Before and during the migration process, the Brain’s ability to process traffic may be less than during normal operations. Essentially, until this process is completed the Brain will not be able to process the full 50 Gbps of aggregate traffic seen by its paired Sensors.

hashtag
Default login credentials

The default credentials to login to the Vectra Brain GUI (Quadrant UX only) in AWS are:

  • Username: admin

  • Password: EC2 instance ID as copied from the Amazon EC2 console, beginning with i-

Logging in at the CLI can be done via SSH using the Amazon EC2 private key that was assigned to this stack and the vectra username.

Please ensure Amazon EC2 security groups are updated to allow CLI and GUI access as per earlier guidance.

hashtag
Configuring Initial Brain Settings

For more details around initial settings for the Brain after successfully deploying it in AWS, see the Vectra Respond UX Deployment Guide or Vectra Quadrant UX Deployment Guide that is available on the Vectra Support portal.

PreviousFirewall requirementsNextEnabling AWS integrations

Last updated

Was this helpful?