Cloudmersive Private Cloud Best Practices for Amazon Web Services (AWS)

Overview

Cloudmersive Private Cloud natively supports Amazon Web Services. Follow these best practices to facillitate a great installation experience.

General Approach

In general, follow the instructions in the Cloudmersive management portal under Private Cloud Deployment. Extend those instructions with these best practices.

Choosing the Right AWS EC2 Virtual Machine Configuration

When creating your EC2 Virtual Machine instance, we recommend a m5.xlarge (4 cores) or r5.large (2 cores) or higher/equivalent. Be sure that your Compute instance has at least 16 GB of RAM. When choosing Amazon Machine Image (AMI), be sure to choose Microsoft Windows Server 2016 Base with Containers (with operating system Microsoft Windows 2016 Datacenter edition. [English] 64-bit). Be sure to set the OS disk to 200 GB or larger. For OS disk type, SSD (EBS General Purpose SSD GP2 or better) is recommended but not required. We recommend but do not require enabling EBS encryption. Under Networking we recommend allowing the ports for RDP (3389) and HTTP (80) or HTTPS (443). For the installation, connect to the instance over Remote Desktop (RDP). Ensure that the instance has outbound connectivity as described in the instructions. We strongly recommend assigning all IP addresses as static.

Before Installation (Required)

After provisioning your EC2 Virtual Machine instances but prior to running the installation, navigate to each node in your Cloudmersive Private Cloud installation in the management portal under Private Cloud Deployment and click on Configure Node. Under External Node Address, copy and paste the IPv4 Public IP address from the AWS EC2 Portal. Under Internal Node Address, copy and paste the Private IP address from the AWS EC2 Portal in the Azure Portal. If you are using an outbound proxy (not common in AWS), check the box for Enable Proxy Server for Outbound Traffic and specify the proxy server. Click Save Changes.

We also recommend disabling automatic Windows Update restarts in Windows Server 2016, and also disabling Windows Defender automatic scanning.

Outbound Proxy Endpoint Whitelisting

If your company limits outbound network traffic based on a proxy server or requires outbound IP endpoint whitelisting, whitelist all of these endpoints prior to starting the installation:

  • https://cloudmersive.com
  • https://account.cloudmersive.com
  • https://servicecore.cloudmersive.com
  • https://virusdefinitions.cloudmersive.com
  • https://privatecloud.cloudmersive.com
  • https://927861292015.dkr.ecr.us-east-1.amazonaws.com
  • https://ecr.us-east-1.amazonaws.com
  • https://api.ecr.us-east-1.amazonaws.com
  • https://download.microsoft.com
  • https://onegetcdn.azureedge.net
  • https://go.microsoft.com
  • https://appsapi.cloudmersive.com
  • https://mcr.microsoft.com
  • https://eastus.data.mcr.microsoft.com
  • https://prod-us-east-1-starport-layer-bucket.s3.us-east-1.amazonaws.com

In addition, navigate to the server in Cloudmersive Management Center under Private Cloud, click on Configure Node, and check "Enable Proxy Server for Outbound Installation Traffic", provide the proxy server (e.g. https://myproxy.mydomain.com:8080) and click on Save Changes.


After Installation

If you are installing Cloudmersive Private Cloud in high availability mode, you will want to configure an Elastic Load Balancer to balance traffic across the nodes. Create a load balancer under ELB in the AWS Portal and set the endpoints to the HTTP 80 (or HTTPS 443 if you configured it) port on each of the nodes that you installed. Use the public endpoint of the load balancer as the BasePath for all of the API clients.