XMPro Platform
Integrations Installation Administration
Contact Support

AWS

Architecture

The following deployment diagram shows an example architecture and the necessary resources for the XMPro platform in AWS.

The solution is deployed as an auto-scaling Elastic Beanstalk Application with 3 environments:

  • SM – Subscription Manager

  • AD – Application Designer

  • DS – Data Stream Designer & API

These environments use Redis for a centralized Cache and RDS for database storage.

All data transfers are done via HTTPS and the SSL certificates are managed in AWS Certificate Manager.

There are two accounts set up: one for production and one for non-production. Both of these environments follow the above architecture and deployment.

Prerequisites

In order to proceed with the deployment, you are required to complete the steps in the 1. Preparation guide:

  1. Meet the hardware requirements

  2. Install the software requirements

  3. Follow the certificate and communication steps

Two SSL Certificates are required

  1. An SSL Certificate in AWS Certificate Manager, used by IIS (See the Appendix guide).

  2. An SSL Certificate, used by the SM instance (added to the S3 Bucket during the installation). Create or ask your administrator for an SSL certificate with the correct DNS name. A self-signed certificate is good enough. There are many ways to generate this certificate, one of which is described in the above 1. Preparation guide. Please note the file names must be called ssl.pfx and ssl.password.txt.

Resources

We are going to be deploying the following resources, please ensure you have the desired domain names ready.

  1. SQL RDS

  2. Parameter Store

  3. Elastic Beanstalk Application

  4. Elastic Beanstalk Environment – Subscription Manager

  5. Elastic Beanstalk Environment – App Designer

  6. Elastic Beanstalk Environment – Data Stream Designer & API

An example of preferred domain names is as follows; each set is for a specific account as per the architecture diagram.

For production:

  • https://sm-xmpro․domain․com

  • https://ad-xmpro․domain․com

  • https://ds-xmpro․domain․com

For non-production:

  • https://sm-nonprod-xmpro․domain․com

  • https://ad-nonprod-xmpro․domain․com

  • https://ds-nonprod-xmpro․domain․com

Log on to the AWS Management Console and switch to the region you want to deploy the solution in, you will need Administrative rights to the subscription to complete the deployment.

ElastiCache

Search for ElastiCache in the Services dropdown and select it.

  1. Click the Get Started Now button from the screen that opens.

2. Make sure Redis is selected, click create.

3. Provide a name for the cache, select the size and leave the rest of the Redis options as defaults.

4. Provide the Subnet information and select the VPC to deploy Redis in.

5. Click Create to complete the Redis configuration and create the cache.

6. Once created, select EC2 from Services, and under Network & Security click Security Groups.

7. Edit the default security group and add Redis Port 6379 to the Inbound rules.

8. Make a note of the Redis endpoint as it will be used later within the Redis Connection string.

Note:

Amazon RDS Creation

In the AWS Management Console choose RDS under Database in the Services drop-down.

  1. Click Databases and then click Create database.

2. Select Easy Create, SQL Server, and the desired Tier for the database instance.

3. Provide the DB instance Identifier, Username, and Password for the RDS database instance. Click create.

4. Once created it will appear as below:

5. Click the DB Identifier just created.

Make a note of the following:

  • Endpoint - In this example: aero-sql.cug4m2yk6h94.ap-south-1.rds.amazonaws.com

  • User - as specified earlier

  • Password - as specified earlier

6. The security group will need to be modified to allow inbound traffic this is done as follows:

6.1. Click the VPC security groups.

6.2. Select the Default security group, click Inbound then click Edit.

6.3. Add a new rule called MS SQL, with Protocol as TCP and Port Range as 1433; and click Save.

Parameter Store Identity and Access

  1. Click IAM under Security, Identity & Compliance

2. In IAM click policies click Create policy

3. Select Import managed policy

4. Search and select AmazonSSMManagedInstanceCore then click Import

5. Click Add additional permission

6. Choose service Systems Manager

7. Select Read and click Review Policy

8. Expand resources and resolve all the warnings by clicking All Resources.

9. Enter a Name and Description for the policy and click Create Policy

10. Search for the Newly created policy, select it, and click Policy Actions

11. Select Attach from Policy actions

12. Attach this new policy to the role aws-elasticbeanstalk-service-role and click Attach Policy

Create Elastic Beanstalk Application

The first step in using AWS Elastic Beanstalk is to create an application, which represents your web application in AWS. In Elastic Beanstalk an application serves as a container for the environments that run your web app and for versions of your web app's source code, saved configurations, logs, and other artifacts that you create while using Elastic Beanstalk.

  1. Open the Elastic Beanstalk console, and then, in the regions drop-down list, select your region.

2. In the navigation pane, choose Applications, and then click Create Application.

3. Use the on-screen form to provide an application name.

4. Click Create.

You have successfully created the application. Next, we'll create the application's environments for each product: Subscription Manager, Data Stream Designer, and App Designer.

Subscription Manager

Create Environment

  1. Select the Application, click on Actions then click Create environment

2. Click Select

3. Provide the Environment name for Subscription Manager.

4. Select the Platform information.

5. Select Sample Application and click Configure more options

6. Click Edit under the Capacity section.

7. Select Load Balanced under Environment Type and set the required Instance Min and Max to 1. (More information can be found here)

8. Change the Instance type to the required instance type.

9. Click Save.

10. Click Edit under the Network section.

11. Under the VPC section select the VPC this environment should run in, set the visibility according to your requirements and select the load balancer availability zones.

12. Scroll down and click Save.

13. Click Edit under the Load balancer section.

14. Select Application Load Balancer and scroll down.

15. Click Add listener.

16. Enter 443 in Port

17. Select Protocol HTTPS.

18. Select the SSL certificate you added in the Certificate Manager earlier on and click Add.

19. Scroll down.

20. Select the default Process and under Actions click Edit.

21. Change the Port to 443 and the Protocol to HTTPS, then scroll down.

22. Tick the Stickiness policy enabled option and click Save.

23. Click Save.

24. Click Create environment to have the defined environment created.

Create S3 Bucket

  1. In the AWS Management Console, choose S3 under Storage in the Services drop-down.

  1. In S3 click Create Bucket to create a new bucket.

  2. Enter a name for the bucket name and click Create bucket.

  3. Select the Region for your bucket

  4. Remove the checkmark for Block Public Access

  1. Acknowledge the warning for a public bucket

  1. Click Create Bucket

  1. Copy the sign.pfx and sign.password.txt files (the signing certificate referenced in the 1. Preparation guide) into the bucket and ensure the files are publicly accessible.

  2. Copy the ssl.pfx and ssl.password.txt files (the SSL certificate referenced in the 1. Preparation guide) into the bucket and ensure the files are publicly accessible.

The signing certificate is between the end user and the load balancer. The instance SSL certificate is used between the instances and the load balancer.

Install Subscription Manager

1. Run the installation wizard for Subscription Manager

2. Run Subscription manager as Administrator

3. Follow the instruction in the installation wizard: click Next.

4. Select the Install option (1) and click Next (2).

5. Tick Database (1), Web Application (2), select AWS Package (3), and click Next (4).

6. Enter the secret store prefix (1), the S3 Bucket name from earlier (2), and click Next (3).

7. Select the installation path (1), the DNS name for the site (2), and click Next (3).

  1. Enter the SMTP details referenced in the 1. Preparation guide and click Test SMTP settings (1), If successful, click Next (2).

9. Enter the Signing Certificate details:

9.1. Browse to the certificate created earlier 9.2. Enter the certificate password 9.3. Select the subject name 9.4. Select Local Machine 9.5. Click Next

10. Click Next once the installation has completed.

11. Make a note of the Username and password, and click Finish.

AWS Systems Manager – Parameter Store

  1. Navigate to Parameter Store in AWS Systems Manager.

2. Click Create parameter.

3. Create a SecureString parameter.

4. Browse to the folder where SM was installed

5. Edit the file called App Secrets.xml: create the parameters as per the line items in the file:

6. Locate the S3 folder in the deployment folder. Copy the contents to the S3 Bucket you created.

Deploy the Subscription Manager

  1. Click Environments in Elastic Beanstalk service

  2. Click the SM Environment you created earlier

3. Use the on-screen form to upload the zip file.

4. Select the zip file to deploy from the folder where SM was installed. Click Deploy.

5. Navigate to the URL and log in using the following credentials:

  • admin@xmpro․onxmpro․com

  • Pass@word1

6. Reset the administrator password and store it securely in a password vault.

7. Click SM

8. Click Products

9. Click Installation Profile

Data Stream Designer

Create Environment

  1. In the AWS Management Console choose Elastic Beanstalk under Compute in the Services drop-down.

  2. In the navigation pane, choose Environments

  3. On the application overview page, choose Create a new environment.

  4. Follow the same instructions on environment creation as done for the Subscription Manager.

5. Run the Data Stream Designer installer as Administrator. Click Next.

6. Select Install (1) and click Next (2).

7. Select the items as shown below and click Next.

8. Provide a Prefix and the S3 Bucket name

9. Provide the Database Details:

  • Provide the SQL endpoint

  • Change the SQL user

  • Select a new DB and provide a name for the DB

10. Provide the DNS name for the Environment

11. Browse to the downloaded installation profile and select it

12. Login using the credentials for SM

13. Click Next

14. Once the installation completes, click Next

15. Click Finish

Install & Deploy Data Stream Designer

  1. Browse to the installation folder, as outlined in Subscription Manager.

  2. Edit the App Secrets.xml file and create the Parameters in System Manager.

  3. Upload and deploy the package.zip file to the newly created environment using upload and deploy as per SM deployment.

App Designer

Create Environment

  1. In the AWS Management Console, choose Elastic Beanstalk under Compute in the Services drop-down.

  2. In the navigation pane, choose Environments

  3. On the application overview page, choose Create a new environment.

  4. Follow the same instructions on environment creation as done for the Subscription Manager.

5. After installing Application Designer, run the setup as Administrator and click Next.

6. Select Install and click Next.

7. Select the items as below and click Next.

8. Provide the SQL endpoint and click Next.

9. Provide the DNS name for the environment and click Next.

10. Provide the URL for the Data Stream Designer installed earlier, and click Next.

  1. Enter the SMTP details referenced in the 1. Preparation guide and click Next.

  1. Enter the Twilio details referenced in the 1. Preparation guide and click Next. If you don't want SMS notifications you can select "None" from the "Select Provider" dropdown.

13. Browse to the downloaded installation profile and select it. Click Next.

14. Login with SM credentials to authenticate.

15. Click Next.

16. Click Next after the installation is complete.

17. Click Finish.

Install & Deploy App Designer

  1. Browse to the installation folder, as outlined in Subscription Manager

  2. Edit the App Secrets.xml file and create the Parameters in System Manager.

  3. Upload and deploy the package.zip file to the newly created environment using upload and deploy as per SM deployment.

Appendix

SSL certificate in Certificate Manager

In the AWS console go to the Certificate Manager

  • Select the region the SSL Certificate is required in

  • The certificate can be either imported or a new certificate can be requested.

To request a new certificate

  1. Click Get started under Provision Certificate

2. Click Request a certificate

3. Enter the certificate domain name and click Next

4. Select the DNS validation method and click Next

5. Review your settings and click Confirm and request if correct

6. Once the DNS configuration file becomes available, click Continue

7. Contact your IT administrator to complete the DNS verification by adding the CNAME record to your website DNS

8. Once the DNS verification is complete the SSL certificate is added to your certificate manager for the specified region

To import a certificate

  1. Click Get started under Provision Certificate

2. Click Import a certificate

3. Complete the certificate detail and click Next to import the certificate

Create the EB Application URLs

  1. Search for ElastiCache in the Services dropdown and select it.

2. In the left-hand panel, click Hosted Zones.

3. Click Create Hosted Zone.

  1. In the right-hand panel complete the Domain Name using the domain name you created the SSL certificate for and click Create.

5. Click Create Record Set.

6. Change Alias to Yes, then go to EC2 in AWS services and scroll down to Load Balancing and click Load Balancers.

7. Select a Load Balancer and click Tags to identify what Application is serviced by the selected Load Balancer.

8. When the correct Load Balancer for the Application is identified, click the Description Tab.

9. Copy the DNS Name for the Load Balancer. Go back to the Record Set you created in Route 53.

10. Paste the Load Balancer DNS address in the Alias Target field and click Create.

This needs to be completed for each ELB Application.

11. The NS values must be provided to you by the DNS Administrator to create the NS records in the Domain DNS records. This needs to be completed for each ELB Application.

Configure the security groups

  1. In the AWS Management Console, choose EC2 under Compute in the Services drop-down.

  2. Click Security Groups under the NETWORK & SECURITY option.

3. Click Create security group.

4. Create the RDS_security_group and select the VPC.

5. Add the following rules and replace the source with the security groups assigned to the environments you created earlier.

6. Create an additional security group called REDIS_Cache_security_group.

7. Add these rules again using the security groups for the environments created earlier as the source.

8. In Elastic Beanstalk, select the environment you want to change.

9. Click Configuration in the left pane

10. Remove the default security group and click Apply. Do this for all the environments.

11. In Services, selects RDS and click Databases.

12. Select your RDS database and click Modify.

13. Scroll down to Network and Security. Select the RDS security group you created earlier and remove the default security group.

14. Scroll down and click Continue.

15. Select Apply Immediately and click Modify DB Instance.

16. Select ElastCache from Services and click Redis.

17. Select the Redis Cache you created earlier and from Actions click Modify.

18. Edit the Security Groups

19. Remove the default security groups and add the Redis Cache security group created earlier. Click save and modify.

Next Step: Complete Installation

The installation of the XMPro Platform is now complete, but there are some environment setup steps before you can use the platform. Please click the below link for further instructions:

page3. Complete Installation

Last updated