Overview and Deployment Guide. Sophos UTM on AWS

Save this PDF as:
 WORD  PNG  TXT  JPG

Size: px
Start display at page:

Download "Overview and Deployment Guide. Sophos UTM on AWS"

Transcription

1 Overview and Deployment Guide Sophos UTM on AWS Overview and Deployment Guide Document date: November

2 Sophos UTM and AWS Contents 1 Amazon Web Services AMI (Amazon Machine Image) EC2 Instance VPC AWS Regions AWS Shared Security Model Sophos UTM on AWS... 6 UTM on AWS Common Use Cases Web Server Protection Augment or Replace AWS Firewall and Provide Detailed Reporting Intrusion Prevention System Remote VPN User Connectivity Branch Office Connectivity using RED Content Filtering for AWS Workspaces Virtual Desktops Secure VPC to VPC Connectivity Securely extend physical office to AWS Cloud Launching a UTM AMI on AWS Launch a UTM via AWS Marketplace Choose a Sophos AMI from the Marketplace Sophos UTM BYOL (Bring Your Own License) AMI Sophos UTM Hourly AMI Licensing Differences Sizing a UTM for your AWS Environment Choosing an AWS Instance Type Launch a UTM AMI as standalone or into a VPC Choose Region Launch a UTM via AWS Management Console Common Deployment Examples UTM with Single Interface Protecting Multiple VPC Subnets VPC Wizard

3 Overview and Deployment Guide Launch EC2 Instances Terminate the NAT Instance Change the Source/Destination Check setting Assign an Elastic IP to the UTM Modify VPC Route Tables UTM with Interfaces in Multiple Subnets UTM used to connect multiple VPC s Advanced Deployment Options CloudFormation UserData Field Avoiding Single Point of Failure Resources Legal notices

4 Sophos UTM and AWS 1 Amazon Web Services Amazon Web Services is a collection of remote computing and web services that together make up the Amazon Cloud Computing platform. The services currently offered cover Storage & Content Delivery, Database, Mobile Services, Analytics, App Services, Deployment and Management, and Compute & Networking. Together these services allow businesses a way to reduce the time and efforts associated with deploying business applications, and provide a highly secure, scalable, flexible and redundant computing platform. These services along with the AWS pay as you go pricing model provide businesses a way to replace up front capital infrastructure investments with variable operating costs, and dramatically decrease the time and efforts associated with deployment. Discussion of all the available AWS services is outside the scope of this document. Instead we ll focus on those services and terms that relate to common Sophos UTM deployments. 1.1 AMI (Amazon Machine Image) An AMI is a special type of virtual appliance that is used in AWS. An AMI contains the information needed to launch an EC2 Instance. An AMI typically contains an operating system, launch permissions, storage details and often some type of application software. Some common AMI examples are Window Server and Linux AMI s that provide ready to go Operating Systems, or the Sophos UTM AMI that has a Linux OS already installed along with the UTM software. In either case these AMI s are available for general use, can be easily launched and will be ready in minutes. Custom AMI s of any type can also be created and shared, or kept private and used by only the account holder. 1.2 EC2 Instance One of the most common services to use in AWS is EC2 (Elastic Cloud Computing), which provides users resizable compute capabilities in the Cloud. The EC2 Management Console provides the ability to launch EC2 Instances, which are virtual machines of varying compute sizes, each of which has different associated pricing. These virtual machine configurations are used with your AMI s and together provide a customer most everything they need to run their applications in the Cloud. Users can create, launch, change, and terminate Instances as needed, and pay by the hour. EC2 also provides users with control over the geographical location of their instances, which allows for latency optimization, high levels of redundancy, and helps ensure compliance with data laws. 4

5 1.3 VPC Overview and Deployment Guide Virtual Private Cloud (VPC) enables you to launch AWS Instances into a virtual network that you've defined and that you control. This virtual network closely resembles a traditional network that you'd operate in your own data center, with the benefits of using the scalable infrastructure of AWS. This lets you launch and run EC2 Instances that are isolated from the rest of the AWS cloud community, and provides control over local routing, sub netting, IP addressing, and Access Control Lists. With this type of separation and control you could for example configure public and private subnets, and place your instances accordingly. The below graphic shows a common VPC example, and note that you can increase your security by deploying a Sophos UTM in place of the NAT instance so that all traffic going to and from the private subnet routes through the UTM and your configured security policies AWS Regions AWS is located in 10 geographical Regions throughout the world, and includes a separate GovCloud in the United States that is only used for the U.S. Government. Each Region is contained within a single country and all services and data stay within that region. Each AWS Region is comprised of multiple Availability Zones, which are distinct data centers. Availability zones are isolated from each other to prevent outages from spreading, and certain services are designed to operate and/or replicate across Availability Zones to spread demand and to avoid downtime from failures. 5

6 Sophos UTM and AWS 2 AWS Shared Security Model AWS provides Infrastructure as a Service (IaaS), which allows customers to build systems on top of the secure AWS Cloud infrastructure. Providing such flexibility and control means that a shared security model is necessary. AWS puts great focus on securing the data centers they operate and they provide built in security tools to secure endpoints, encrypt data storage, and segregate customers virtual networks and instances. They also offer additional security options such as direct connection options from customer offices; dedicated hardware based crypto key storage, and the Trusted Advisor service. The customer is then responsible for using the supplied tools to properly secure access to their environments, configure security groups, and for the security of any applications running on their EC2 Instances. Additional products are also available to further secure AWS environments and applications and to provide layered security. 3 Sophos UTM on AWS The AWS Shared Security Model described above means that the customer must properly secure any systems or applications they install on top of the secure AWS platform, much as they would in a physical network. The Sophos UTM suite of integrated security applications allows customers to use the same Next Generation, layered protection they re used to in the real world, in the Cloud. Customers can use the UTM security features we offer to protect their AWS cloud servers, secure access between AWS and remote sites or between VPC s, provide remote VPN connectivity to users, provide content filtering and protection to AWS Virtual Desktops or servers, and the UTM can even manage remote wireless networks and Endpoint agents. All this can be done from a single intuitive Web Interface, which runs as another instance in your AWS environment. And since our UTM is modular, customers can pick and choose the functionality they want without having to pay for UTM features they don t need. UTM on AWS Common Use Cases The Sophos UTM that is offered as a pre- built AMI is identical in features to both the UTM hardware appliances and to the software ISO image that can be installed on any Intel compatible hardware. For a full overview of the Sophos UTM capabilities please see the UTM homepage at Below we ve highlighted some of the most common use case examples of how customers are deploying the Sophos UTM on AWS. 3.1 Web Server Protection The UTM is installed in a customer s VPC where it provides protection for 1 or more web facing application servers via the Web Server Protection feature set. The UTM can either load balance inbound connections to multiple webservers, or an AWS Elastic Load Balancer (ELB) can be used. In either case the UTM acts as the gateway for any client requests destined for the Web Server or application, and provides security, protection and reporting. 6

7 Overview and Deployment Guide 3.2 Augment or Replace AWS Firewall and Provide Detailed Reporting Amazon Web Services provides both physical security for their datacenters, and the ability to protect AMI s with firewall rules that block/allow specific networks and ports. While this provides a base level of protection, it may not fully fit the needs of customers that require layered protection and the ability to block higher level exploits. The Sophos UTM Firewall provides both basic firewall capabilities as well as detailed reporting on network security events such as dropped packets destined for your Instances and where the attacks are coming from. The Sophos UTM can provide the visibility you need to monitor security events, troubleshoot issues, and displays information in both real time as well as historical format. Daily, Weekly, and Monthly summary reports can be automatically delivered via , and IPS and Advanced Threat Protection event notifications can be sent via SMTP, Syslog, and SNMP for real time alerting. 7

8 Sophos UTM and AWS 3.3 Intrusion Prevention System Acting as a critical component of the UTM layered protection feature set; the IPS solution protects servers located in a VPC behind the UTM, and reports and logs Intrusion attempts. The IPS pattern database is updated automatically on a continuous basis by Sophos Labs (http://www.sophos.com/en- us/threat- center/threat- analyses) which analyzes data in real- time, and provides pattern updates to the UTM via the up2date service. Administrators can easily protect critical application servers and use the real time and historical reporting information to monitor intrusion attempts, privilege escalation attempts, vulnerability exploit attempts, and protocol violations. 8

9 3.4 Remote VPN User Connectivity Overview and Deployment Guide The Sophos UTM offers multiple remote VPN user options that support a variety of operating systems and devices. Remote users can connect securely to the UTM VPN Gateway with the client of their choice or via an HTML 5 VPN portal which requires no client. Once connected to the UTM clients can access any AWS instances they have permissions to, or even their corporate network if using the VPC connector functionality. Administrators can easily manage end user access, and view connection details in both live and historical formats. 3.5 Branch Office Connectivity using RED The Sophos UTM can be hosted and on AWS while maintaining secure connections to physical offices and users via options such as RED, standard IPsec VPN tunnels, UTM remote access VPN options, and the UTM Endpoint agents. 9

10 Sophos UTM and AWS 3.6 Content Filtering for AWS Workspaces Virtual Desktops The Sophos UTM provides Next Generation content filtering and protection for any device connecting out to the Internet. The UTM Web Protection module provides real time malware scanning, reputation checking, Layer 7 application control, as well as dynamic content category control options. These features can be used to protect users on AWS Workspaces Virtual Desktops, or VPC server instances that connect out to remote locations for updates. In either case the UTM provides granular control and both real time and historical reporting and logging information. 3.7 Secure VPC to VPC Connectivity AWS VPC s in different Regions can be easily connected using Sophos UTM VPN s. Easily build layer 2 or Layer 3 VPN tunnels for secure access between Virtual Private Clouds. 10

11 3.8 Securely extend physical office to AWS Cloud Overview and Deployment Guide When creating an AWS VPC you are given the option to isolate your new network so that it is only accessible from a VPN tunnel. This allows you to ensure that any traffic to/from this virtual network passes through your corporate network. To do this AWS provides the ability to create and connect IPSEC VPN tunnels directly to your VPC. To ensure that your VPC is always reachable you are also given the option to create dual IPSEC VPN tunnels that use the BGP routing protocol for failover. To simplify the setup of the IPSEC tunnels and BGP, Sophos has created a 1 Touch configuration file option which allows you to simply download a VPC VPN configuration file from AWS which is then uploaded into your physical site UTM. The UTM will then build the redundant tunnels, rules, and routes needed for the connection, and monitor the traffic to ensure you always have a path. 4 Launching a UTM AMI on AWS Launch a UTM via AWS Marketplace The AWS Marketplace makes launching a UTM simple. Both the Sophos UTM and the Sophos UTM Manager products are available on the AWS marketplace where they can be used as stand- alone AMIs or as part of an Amazon Virtual Private Cloud (VPC). We also offer 2 different licensing options to fit different customer requirements. Which option is best depends on your needs and use case, but in either case the offered functionality is the same. To get started simply visit the AWS marketplace and search on Sophos. From there you simply need to choose the appropriate AMI for your needs (BYOL or Hourly), the Instance size, and then launch your UTM as either a standalone EC2 instance, or into a VPC. https://aws.amazon.com/marketplace/ 11

12 Sophos UTM and AWS 4.1 Choose a Sophos AMI from the Marketplace Sophos UTM BYOL (Bring Your Own License) AMI The BYOL option allows customers to purchase from an authorized Sophos reseller a standard UTM software license for 1, 2, or 3 years, and then apply and use it on their AWS Cloud UTM. This option allows customers to pick and choose which subscriptions and support options they would like to use with the UTM, and from Sophos perspective this is no different than a customer building and using a Software or Virtual appliance UTM. The difference to the customer is that they need to determine the instance size that they need to purchase from Amazon, and all billing for that, and support for the instance, is handled directly with AWS. If Sophos support is contacted to investigate issues they would only be able to advise about, and troubleshoot issues related to the Sophos products. It would be the responsibility of the customer and/or partner to manage anything related to AWS such as security groups, routing, and installation of the actual UTM AMI Sophos UTM Hourly AMI To satisfy the needs of existing AWS customers, Sophos designed an hourly priced UTM so that customers can bundle together the price of full UTM functionality with their chosen Instance type. This allows customers to Pay as you go rather than be locked into a 1,2 or 3 year subscription, and is especially useful for those that are securing testing and/or development environments which may not exist for long periods of time, or that may not be used often enough to justify a full time UTM subscription. Note that when choosing this option billing is done directly to the AWS account owner. Partners wishing to resell this option would have to own the AWS account for their customer and Amazon offers a reseller program to help with that. (http://aws.amazon.com/partners). Support for this hourly option is also not included except via the Sophos UTM User Bulletin Board (www.astaro.org) or via a Sophos partner. Customers and/or partners may purchase standard UTM support from an authorized reseller using standard channels. Note that AWS also now offers the option to purchase an Hourly UTM AMI for an Annual period. This can provide great savings to customers that wish to use the Hourly billing option. partner/channel- reseller- program/ us/partners/partner- locator.aspx 12

13 Overview and Deployment Guide 4.2 Licensing Differences The Hourly On Demand licensing has the following Key differences from our BYOL license: Only Full Guard functionality is available (no per sub licensing when using hourly pricing). End Point Protection is not available right now. Pricing is simply x5 AMI pricing No support built in (though available for free via UTM UBB). Support contracts can be purchased via regular VAR channel 4.3 Sizing a UTM for your AWS Environment Sizing a UTM for use on the AWS Cloud is similar to sizing a UTM for use on your own Intel compatible hardware or when sizing a UTM physical appliance. The Sophos UTM solution offers many security features as well as both real time and historical reporting and logging tools. Which features are used, how much storage is needed, and what specific throughput requirements are needed are all factors that must be considered to properly size a UTM for your AWS environment. The UTM software simply uses what virtual resources are available based on the AWS instance size chosen, and though AWS offers the option to change the underlying instance size even after a UTM AMI has been launched, proper sizing is still recommended to properly calculate costs over time. When sizing a UTM the following steps should be taken: 1. Identify what UTM Features will be used The Sophos UTM offers many active security features such as malware scanning, IPS, Advanced Threat Protection, Next Generation FW scanning, Web content filtering, scanning, and VPN gateway functionality. All of these features consume CPU processing power and RAM so must be identified for proper sizing and for licensing should the BYOL option be chosen. 2. Identify the number of protected Instances and/or the number or protected users that will be using UTM services. The UTM features may be used to protect servers located in 1 or more VPC s (e.g. IPS, WAF) and/or users (e.g. Next Generation Web Protection, remote VPN connections). This information is needed both to understand how much traffic will traverse the UTM, and for licensing purposes if the BYOL licensing AMI option is chosen. 3. Understand specific throughput requirements As mentioned above, the amount of traffic that a UTM can process is related to the resources available. Understanding how much throughput is required will help you decide on the appropriate sized instance. AWS instances offer different amount of throughput and so official AWS Instance documentation should be consulted to ensure your chosen option will support your throughput requirements. Once suggested way to size an AWS instance for a UTM would be to look at out UTM hardware appliance line performance numbers and Storage, and then look at what an equivalent virtual UTM would use for CPU and RAM. The CPU and RAM information can be used to identify an equivalent AWS instance type, and the Storage information can be used for guidance on what type of EBS storage would be appropriate. us/medialibrary/pdfs/factsheets/sophos- sg- series- appliances- brna.pdf?la=en.pdf 13

14 Sophos UTM and AWS 4.4 Choosing an AWS Instance Type AWS Instances come in a variety of sizes and configurations ranging from micro sized instances that provide a minimal amount of RAM and limited amount of computing power, up through Extra Large instances that contain large amounts of RAM and multiple computing cores. AWS also offers Instance types that offer enhanced networking performance, are compute and/or memory optimized, or that use dedicated hardware. 14

15 Overview and Deployment Guide Exact guidance on the which AWS Instance to choose is difficult to provide as there are many variables and AWS frequently improves on and adds to the types of available instances. A good place to start is with the M3 family of Instance types as they offer a good balance of compute, memory and network resources. Once your UTM Instance is launched you can use the built in resource monitoring tools to determine if the Instance size offers enough resources or not, and if not AWS allows you the ability to easily change your Instance type with just a few clicks. types/ Pricing guidance on AWS instances is also beyond the scope of this document, but Amazon offers documentation as well as online calculators to help understand and calculate costs. A good resource is the site listed below Launch a UTM AMI as standalone or into a VPC Once you ve chosen your UTM AMI and Instance type you ll need to install it into an AWS region, and choose whether it will be a standalone EC2 instance, or part of a VPC. Note that prior to launching, AWS calculates your monthly costs for either Instance only or Instance only plus UTM. If choosing VPC you can then choose to launch your UTM into an already created VPC, or you can choose to create a new VPC. 15

16 Sophos UTM and AWS 4.6 Choose Region As mentioned above AWS offers geographically distinct regions which can be used to host your AMI s. The right choice depends on your needs and location, and note that pricing will often vary depending on which region is chosen. Launch a UTM via AWS Management Console Deploying a UTM via your AWS Management Console is very similar to launching directly via AWS Marketplace. Once logged in navigate to EC2 from the services list, choose your Region from the Upper Right of the screen, and then click on the Launch Instance icon. Step 1: You ll now be presented with a screen showing you the available AMI s that you may launch. Navigate to the AWS Marketplace option and type Sophos into the search box to locate the UTM AMI s. 16

17 Overview and Deployment Guide Step 2: Select your desired UTM AMI type (Hourly or BYOL), and then proceed to the Choose an Instance Type screen. As noted above choosing the correct instance size for your deployment depends on many factors. Please refer to the above suggestions, which should help provide you enough information to make an initial decision. Fortunately AWS offers the option to quickly and easily change the chosen instance type at any time so if not all information is available for proper sizing, we would suggest choosing one of the m3 general- purpose instances as a starting point. Once launched the UTM WebGUI dashboards and reports will show resource utilization, which can be used to determine if a different instance size is needed. Step 3: Once an Instance size is chosen you re prompted to configure your Instance Details. Default Details will launch your UTM into EC2- Classic, which means as a standalone instance that is not part of a VPC. This option is of limited value in most production environments and its suggested that you instead choose an existing VPC or create a new one at this time. Please see the VPC section below for more information on configuring your UTM in a VPC. When choosing the VPC option you choose the subnet to launch your UTM into, and you may also configure the UTM Interface IP Address and add additional interfaces. Note that the Instance Type you choose limits the number of Interfaces you may add to a UTM. Please see the official AWS Instance Type Documentation for more details. eni.html This section also allows you to configure Advanced Details including User Data can be used to configure instance details at launch and can be very useful for automating some or all of your UTM deployment. Please see the User Data section below for additional information. Step 4: The UTM utilizes EBS volumes and the AMI s require at least 30 GB of either magnetic or SSD volume type. SSD volumes will provide greater I/O which may be useful in high traffic environments where large amounts of data will be generated and stored. Step 5: Tag your Instance for greater visibility. Step 6: Assign or create a security group for your new UTM Instance. By default the UTM AMI will offer to create a new Security Group that allows all traffic for both TCP and UDP protocols. These recommended settings will ensure that all traffic you send to the UTM will be allowed, and you may then rely on the UTM firewall and security policies to restrict or allow traffic destined to any protected instances in your VPC. You may of course create or use your own Security Group but please note that the UTM WebAdmin port requires TCP port 4444 by default and must be open for initial configuration. That setting can be changed once you have initially connected and please refer to the UTM Administrators guide for details on doing so. us/support/knowledgebase/ aspx Step 7: Review your Instance Launch details and note any AWS recommendations shown on screen. 17

18 Sophos UTM and AWS The final step before launching your UTM AMI is to create or choose a key pair for use with your new Instance. As the UTM is by default managed by the WebAdmin GUI a valid keypair is not needed for initial connection and configuration, and so if you wish you may choose to continue without one. Note though that it is suggested that you assign a key pair as you may need it later should you wish to connect to the UTM shell for advanced configuration. 5 Common Deployment Examples 5.1 UTM with Single Interface Protecting Multiple VPC Subnets Unlike in a physical network a UTM on AWS can function with just a single Interface that is used to route and control traffic into and out of private subnets. This is due to the built in AWS routing capabilities that can be controlled and managed by the AWS VPC administrator. Your VPC and UTM can be configured manually, via the command line tools, or by using the CloudFormation service, but for this example we ll use the VPC and EC2 Launch Wizards VPC Wizard Click on the Start VPC Wizard button to begin. You ll be shown a menu of options for configuring your VPC, and for this example we ll choose to create a VPC with Public and Private Subnets Once the Select button is chosen you ll be prompted to define your VPC details as shown below. For our example we re going to leave our IP CIDR block as the default /16, set my Public subnet to /24, and my Private Subnet to /24. Note that I have not specified a preference for Availability Zone though you may of course do that, and I have not changed other default details such as the subnet names, DNS hostname setting, hardware tenancy, or NAT details. The NAT instance will actually be replaced by the UTM once configured and terminated to save on the associated charges. Once details are configured click on the Create VPC button. 18

19 Overview and Deployment Guide Launch EC2 Instances Once your VPC has been created you will launch your EC2 Instances. You can do so from either the link on the VPC Dashboard, or by navigating to the EC2 Dashboard and clicking the link there. Either way you ll then be presented with the same Quick Start menu as mentioned above in the Launching a UTM section. Click on the AWS Marketplace menu option, search on Sophos, and then choose your desired UTM AMI (BYOL or Hourly) from the options shown. After choosing your desired Instance type you ll be prompted to Configure Instance Details. Change the Network setting from the default EC2 to your configured VPC. As the UTM will be providing both inbound and outbound security for our AWS Instances, we ll launch it into our Public subnet. There are additional configuration options available and you can also manage the UTM IP address assignment by scrolling down the Network Interfaces. For our example we ll just use the default settings and continue by clicking Review and Launch. Note that if you don t wish to use the default settings for Storage, Security Group, or wish to give a Tag to your UTM Instance you may configure those settings by continuing on with the wizard or modifying the settings during the Review Instance Launch step. For clarity it s suggested to Tag your Instances, as it will make administration much easier. AS mentioned above you will be prompted to choose or create a Key Pair before launching your UTM. You may choose the option to Proceed without choosing but this is not recommended as you may need your Key Pair at some point in the future for more advanced Instance operations. 19

20 Sophos UTM and AWS Terminate the NAT Instance Using the VPC Wizard results in a NAT instance with a public Elastic IP (EIP) that is not necessary for our example as the UTM can provide NAT services. To terminate your NAT instance simply right click on it from the EC2 Instances screen and choose Terminate. Note that as mentioned above, Tagging your Instances is suggested so you can tell them apart from each other. By default your NAT instance will not have a Tag assigned to it. If you have other untagged Instances and are unsure which is your NAT Instance you can confirm by looking a the Instance details section AMI ID information as shown below. When terminating your NAT Instance you will be shown a prompt, which asks if you want to release your Elastic IP. You may do so if you have another that you wish to use with your UTM, but if you are unsure or do not, simply proceed with the termination Change the Source/Destination Check setting To allow your UTM instance to function as a NAT device, you must change the Source/Destination setting. To do so simply right click on your UTM Instance and then choose the Change Source/Destination Check. You ll be prompted to confirm you wish to disable the setting as shown below Assign an Elastic IP to the UTM Click on the Network Security>Elastic IPs option located on the left side of your EC2 Management Console. If you did not release your EIP when terminating your NAT instance you should see it listed and available. Highlight and right click on the Elastic IP and then choose Associate Address from the options. A new screen will popup and you can click on the Instance field to see your available Instances. Choose the Sophos UTM Instance and then click Associate. 20

21 Overview and Deployment Guide Modify VPC Route Tables Your UTM Instance should now be reachable via the Elastic IP and may be configured to protect and control inbound and outbound traffic. Before you can control outbound traffic though you need to tell your private VPC subnet to route traffic to your UTM for access to the Internet. To do so, navigate to the VPC Dashboard and click on Route Tables. You should see 2 route tables, one for each of your configured subnets. Click on each route table and the Routes tab for more details and to identify which is Public, and which is Private. Your Public route table will be the one that has the Internet Gateway listed as a target as shown below. You can leave this route table as is though it s always a good idea to Tag things in AWS to help with future administration. When you click on your other route table you ll see the Private route table details. Note that the /0 route in this table has a status of Blackhole. That s because the original VPC Wizard settings created this route and pointed it at your Terminated NAT instance. Edit the route table and delete the information shown in the Target column. When you do this it should list all available route targets including your Sophos UTM Instance. Choose the UTM as your new route target and save. Instances launched into the Private subnet will now have their traffic routed to the UTM, which can be used to control and monitor outbound traffic. Note that if you do not see your UTM as an available route target it may be due to the Source/Destination check not being setup properly on the UTM interface. If you ve checked that but still do not see the UTM try copying and pasting the UTM ENI information directly into the Target section. 21

22 Sophos UTM and AWS 5.2 UTM with Interfaces in Multiple Subnets In some cases you may wish to have your UTM configured similar to a physical deployment where you have a UTM interface configured for each subnet. AWS allows you to do this but how many UTM interfaces are possible depends on the Instance size chosen. Please see the official AWS Instance documentation for specifics on the number of available interfaces per type. To configure multiple UTM Interfaces simply follow the instructions above until you get to the Launch EC2 Instances step. At this point you ll create your primary Interface as outlined above, but before moving onto the next step you ll scroll down to the Network Interfaces section and click on the Add Device button. Choose the subnet you wish to create your new Interface in from the Subnet drop down and optionally assign an IP address. Note also that AWS will show a prompt stating that they can longer automatically assign an Elastic IP to your instance so you will have to do this manually once your UTM Instance has launched. 5.3 UTM used to connect multiple VPC s The Sophos UTM can be used to connect to multiple AWS VPC s for cross- region connectivity. Please see the below link to a detailed KB article provided by AWS. https://aws.amazon.com/articles/

23 Overview and Deployment Guide 6 Advanced Deployment Options CloudFormation The AWS CloudFormation service allows you to launch a stack which is a collection of AWS resources that are defined in a JSON file. Please see the AWS CloudFormation documentation for full details on using this powerful service. An example UTM CloudFormation Template can be found when launching a UTM via the Marketplace in the Version section. UserData Field The User Data Field option allows you to bootstrap your EC2 Instances while launching to set various configuration settings. The result is a UTM that contains pre- configured settings on launch. UserData can be set during manual EC2 Instance launching through both the management console and API, and UserData can be contained within a CloudFormation Template. Some simple examples of things you can set using the UserData option are UTM hostname, passwords, and basic setup data. You can also use the UserData option to import UTM backup and license files during launch. Below is a link to a very useful tool that can be used to generate properly formatted UserData. 23

24 Sophos UTM and AWS Avoiding Single Point of Failure The standard UTM High Availability protocols do not work on AWS as they re based on the multicast protocol. To address this we re currently working on both a High Availability Failover solution as well as an Auto Scaling solution. High Availability will be available for beta testers mid November 2014, and Auto Scaling is targeted for early In the interim many customers are using a combination of stand alone UTM s, AWS services, the Sophos UTM Manager, and a 3 rd party reporting solution to ensure maximum uptime, and to achieve centralized UTM management and reporting. As the UTM is simply an EC2 Instance, it can be used with AWS tools and services such as CLoudwatch and Elastic Load Balancers to ensure that traffic can always flow to and from your AWS environments. 7 Resources https://aws.amazon.com/marketplace/ partner/channel- reseller- program/ 24

25 8 Legal notices Overview and Deployment Guide Copyright 2014 Sophos Group. All rights reserved. No part of this publication may be reproduced, stored in a retrieval system, or transmitted, in any form or by any means, electronic, mechanical, photocopying, recording or otherwise unless you are either a valid licensee where the documentation can be reproduced in accordance with the license terms or you otherwise have the prior permission in writing of the copyright owner. Sophos, Sophos Anti- Virus and SafeGuard are registered trademarks of Sophos Limited, Sophos Group and Utimaco Safeware AG, as applicable. All other product and company names mentioned are trademarks or registered trademarks of their respective owners. 25

Amazon Web Services Hands-On Virtual Private Computing

Amazon Web Services Hands-On Virtual Private Computing Amazon Web Services Hands-On Virtual Private Computing 1 Overview Amazon s Virtual Private Cloud (VPC) allows you to launch AWS resources in a virtual network that you define. You can define an environment

More information

Deploy Remote Desktop Gateway on the AWS Cloud

Deploy Remote Desktop Gateway on the AWS Cloud Deploy Remote Desktop Gateway on the AWS Cloud Mike Pfeiffer April 2014 Last updated: May 2015 (revisions) Table of Contents Abstract... 3 Before You Get Started... 3 Three Ways to Use this Guide... 4

More information

Talari Virtual Appliance CT800. Getting Started Guide

Talari Virtual Appliance CT800. Getting Started Guide Talari Virtual Appliance CT800 Getting Started Guide March 18, 2015 Table of Contents About This Guide... 2 References... 2 Request for Comments... 2 Requirements... 3 AWS Resources... 3 Software License...

More information

TechNote. Configuring SonicOS for Amazon VPC

TechNote. Configuring SonicOS for Amazon VPC Network Security SonicOS Contents Overview... 1 System or Network Requirements / Prerequisites... 3 Deployment Considerations... 3 Configuring Amazon VPC with a Policy-Based VPN... 4 Configuring Amazon

More information

Deploying Virtual Cyberoam Appliance in the Amazon Cloud Version 10

Deploying Virtual Cyberoam Appliance in the Amazon Cloud Version 10 Deploying Virtual Cyberoam Appliance in the Amazon Cloud Version 10 Document version 1.0 10.6.2.378-13/03/2015 Important Notice Cyberoam Technologies Pvt. Ltd. has supplied this Information believing it

More information

Opsview in the Cloud. Monitoring with Amazon Web Services. Opsview Technical Overview

Opsview in the Cloud. Monitoring with Amazon Web Services. Opsview Technical Overview Opsview in the Cloud Monitoring with Amazon Web Services Opsview Technical Overview Page 2 Opsview In The Cloud: Monitoring with Amazon Web Services Contents Opsview in The Cloud... 3 Considerations...

More information

KeyControl Installation on Amazon Web Services

KeyControl Installation on Amazon Web Services KeyControl Installation on Amazon Web Services Contents Introduction Deploying an initial KeyControl Server Deploying an Elastic Load Balancer (ELB) Adding a KeyControl node to a cluster in the same availability

More information

How to Deploy the Barracuda NG Firewall in an Amazon Virtual Private Cloud

How to Deploy the Barracuda NG Firewall in an Amazon Virtual Private Cloud How to Deploy the Barracuda NG Firewall in an Amazon Virtual Private Cloud The Barracuda NG Firewall 6.0 image is no longer available in the AWS marketplace. Use the newest available NextGen Firewall F-Series

More information

Security Gateway R75. for Amazon VPC. Getting Started Guide

Security Gateway R75. for Amazon VPC. Getting Started Guide Security Gateway R75 for Amazon VPC Getting Started Guide 7 November 2011 2011 Check Point Software Technologies Ltd. All rights reserved. This product and related documentation are protected by copyright

More information

VXOA AMI on Amazon Web Services

VXOA AMI on Amazon Web Services 2013 Silver Peak Systems, Inc. QUICK START GUIDE VXOA AMI on Amazon Web Services A Silver Peak Virtual Appliance (VX) can be deployed within an Amazon Web Services (AWS) cloud environment to accelerate

More information

Every Silver Lining Has a Vault in the Cloud

Every Silver Lining Has a Vault in the Cloud Irvin Hayes Jr. Autodesk, Inc. PL6015-P Don t worry about acquiring hardware and additional personnel in order to manage your Vault software installation. Learn how to spin up a hosted server instance

More information

Active Directory Domain Services on the AWS Cloud: Quick Start Reference Deployment Mike Pfeiffer

Active Directory Domain Services on the AWS Cloud: Quick Start Reference Deployment Mike Pfeiffer Active Directory Domain Services on the AWS Cloud: Quick Start Reference Deployment Mike Pfeiffer March 2014 Last updated: September 2015 (revisions) Table of Contents Abstract... 3 What We ll Cover...

More information

FortiGate-AWS Deployment Guide

FortiGate-AWS Deployment Guide FortiGate-AWS Deployment Guide FortiGate-AWS Deployment Guide September 25, 2014 01-500-252024-20140925 Copyright 2014 Fortinet, Inc. All rights reserved. Fortinet, FortiGate, FortiCare and FortiGuard,

More information

USER CONFERENCE 2011 SAN FRANCISCO APRIL 26 29. Running MarkLogic in the Cloud DEVELOPER LOUNGE LAB

USER CONFERENCE 2011 SAN FRANCISCO APRIL 26 29. Running MarkLogic in the Cloud DEVELOPER LOUNGE LAB USER CONFERENCE 2011 SAN FRANCISCO APRIL 26 29 Running MarkLogic in the Cloud DEVELOPER LOUNGE LAB Table of Contents UNIT 1: Lab description... 3 Pre-requisites:... 3 UNIT 2: Launching an instance on EC2...

More information

Alfresco Enterprise on AWS: Reference Architecture

Alfresco Enterprise on AWS: Reference Architecture Alfresco Enterprise on AWS: Reference Architecture October 2013 (Please consult http://aws.amazon.com/whitepapers/ for the latest version of this paper) Page 1 of 13 Abstract Amazon Web Services (AWS)

More information

VMware vcloud Air Networking Guide

VMware vcloud Air Networking Guide vcloud Air This document supports the version of each product listed and supports all subsequent versions until the document is replaced by a new edition. To check for more recent editions of this document,

More information

319 MANAGED HOSTING TECHNICAL DETAILS

319 MANAGED HOSTING TECHNICAL DETAILS 319 MANAGED HOSTING TECHNICAL DETAILS 319 NetWorks www.319networks.com Table of Contents Architecture... 4 319 Platform... 5 319 Applications... 5 319 Network Stack... 5 319 Cloud Hosting Technical Details...

More information

BITDEFENDER SECURITY FOR AMAZON WEB SERVICES

BITDEFENDER SECURITY FOR AMAZON WEB SERVICES BITDEFENDER SECURITY FOR AMAZON WEB SERVICES Beta Version Testing Guide Bitdefender Security for Amazon Web Services Beta Version Testing Guide Publication date 2015.03.04 Copyright 2015 Bitdefender Legal

More information

unisys Unisys Stealth(cloud) for Amazon Web Services Deployment Guide Release 1.0 January 2016 8205 5658-001

unisys Unisys Stealth(cloud) for Amazon Web Services Deployment Guide Release 1.0 January 2016 8205 5658-001 unisys Unisys Stealth(cloud) for Amazon Web Services Deployment Guide Release 1.0 January 2016 8205 5658-001 NO WARRANTIES OF ANY NATURE ARE EXTENDED BY THIS DOCUMENT. Any product or related information

More information

Here we are going to show you how to deploy Sangoma SBC VM as an EC2 (Elastic Compute Cloud) Instance inside a VPC (Virtual Private Cloud).

Here we are going to show you how to deploy Sangoma SBC VM as an EC2 (Elastic Compute Cloud) Instance inside a VPC (Virtual Private Cloud). Sangoma VM SBC AMI at AWS (Amazon Web Services) SBC in a Cloud Based UC/VoIP Service. One of the interesting use cases for Sangoma SBC is to provide VoIP Edge connectivity between Soft switches or IPPBX's

More information

Set Up the VM-Series Firewall in AWS

Set Up the VM-Series Firewall in AWS Set Up the VM-Series Firewall in AWS Palo Alto Networks VM-Series Deployment Guide PAN-OS 6.1 Contact Information Corporate Headquarters: Palo Alto Networks 4401 Great America Parkway Santa Clara, CA 95054

More information

Deploy XenApp 7.5 and 7.6 and XenDesktop 7.5 and 7.6 with Amazon VPC

Deploy XenApp 7.5 and 7.6 and XenDesktop 7.5 and 7.6 with Amazon VPC XenApp 7.5 and 7.6 and XenDesktop 7.5 and 7.6 Deploy XenApp 7.5 and 7.6 and XenDesktop 7.5 and 7.6 with Amazon VPC Prepared by: Peter Bats Commissioning Editor: Linda Belliveau Version: 5.0 Last Updated:

More information

QualysGuard Asset Management

QualysGuard Asset Management QualysGuard Asset Management Quick Start Guide January 28, 2014 Dynamic Asset Tagging provides a flexible and scalable way to automatically discover and organize the assets in your environment and make

More information

vcloud Air - Virtual Private Cloud OnDemand Networking Guide

vcloud Air - Virtual Private Cloud OnDemand Networking Guide vcloud Air - Virtual Private Cloud OnDemand Networking Guide vcloud Air This document supports the version of each product listed and supports all subsequent versions until the document is replaced by

More information

Biznet GIO Cloud Connecting VM via Windows Remote Desktop

Biznet GIO Cloud Connecting VM via Windows Remote Desktop Biznet GIO Cloud Connecting VM via Windows Remote Desktop Introduction Connecting to your newly created Windows Virtual Machine (VM) via the Windows Remote Desktop client is easy but you will need to make

More information

Security Gateway Virtual Appliance R75.40

Security Gateway Virtual Appliance R75.40 Security Gateway Virtual Appliance R75.40 for Amazon Web Services VPC Getting Started Guide 5 March 2013 [Protected] 2013 Check Point Software Technologies Ltd. All rights reserved. This product and related

More information

Web Application Firewall

Web Application Firewall Web Application Firewall Getting Started Guide August 3, 2015 Copyright 2014-2015 by Qualys, Inc. All Rights Reserved. Qualys and the Qualys logo are registered trademarks of Qualys, Inc. All other trademarks

More information

Installing and Using the vnios Trial

Installing and Using the vnios Trial Installing and Using the vnios Trial The vnios Trial is a software package designed for efficient evaluation of the Infoblox vnios appliance platform. Providing the complete suite of DNS, DHCP and IPAM

More information

AWS Service Catalog. User Guide

AWS Service Catalog. User Guide AWS Service Catalog User Guide AWS Service Catalog: User Guide Copyright 2016 Amazon Web Services, Inc. and/or its affiliates. All rights reserved. Amazon's trademarks and trade dress may not be used in

More information

Quick Start Guide: Utilizing Nessus to Secure Microsoft Azure

Quick Start Guide: Utilizing Nessus to Secure Microsoft Azure Quick Start Guide: Utilizing Nessus to Secure Microsoft Azure Introduction Tenable Network Security is the first and only solution to offer security visibility, Azure cloud environment auditing, system

More information

Networking Configurations for NetApp Cloud ONTAP TM for AWS

Networking Configurations for NetApp Cloud ONTAP TM for AWS Technical Report Networking Configurations for NetApp Cloud ONTAP TM for AWS Kris Lippe, NetApp November 2014 TR-4352 TABLE OF CONTENTS 1 Introduction...3 1.1 Glossary of Terms:...3 1.2 Overview...4 1.3

More information

Sophos UTM Software Appliance

Sophos UTM Software Appliance Sophos UTM Software Appliance Quick Start Guide Product version: 9.300 Document date: Monday, December 01, 2014 Sophos UTM Minimum Hardware Requirements Intel compatible CPU 1.5 GHz+ 1 GB RAM (2 GB recommended)

More information

How AWS Pricing Works May 2015

How AWS Pricing Works May 2015 How AWS Pricing Works May 2015 (Please consult http://aws.amazon.com/whitepapers/ for the latest version of this paper) Page 1 of 15 Table of Contents Table of Contents... 2 Abstract... 3 Introduction...

More information

Remote Application Server Version 14. Last updated: 25-02-15

Remote Application Server Version 14. Last updated: 25-02-15 Remote Application Server Version 14 Last updated: 25-02-15 Information in this document is subject to change without notice. Companies, names, and data used in examples herein are fictitious unless otherwise

More information

McAfee Public Cloud Server Security Suite

McAfee Public Cloud Server Security Suite Installation Guide McAfee Public Cloud Server Security Suite For use with McAfee epolicy Orchestrator COPYRIGHT Copyright 2015 McAfee, Inc., 2821 Mission College Boulevard, Santa Clara, CA 95054, 1.888.847.8766,

More information

.Trustwave.com Updated October 9, 2007. Secure Web Gateway Version 11.0 Amazon EC2 Platform Set-up Guide

.Trustwave.com Updated October 9, 2007. Secure Web Gateway Version 11.0 Amazon EC2 Platform Set-up Guide .Trustwave.com Updated October 9, 2007 Secure Web Gateway Version 11.0 Amazon EC2 Platform Set-up Guide Legal Notice Copyright 2012 Trustwave Holdings, Inc. All rights reserved. This document is protected

More information

Amazon Web Services Primer. William Strickland COP 6938 Fall 2012 University of Central Florida

Amazon Web Services Primer. William Strickland COP 6938 Fall 2012 University of Central Florida Amazon Web Services Primer William Strickland COP 6938 Fall 2012 University of Central Florida AWS Overview Amazon Web Services (AWS) is a collection of varying remote computing provided by Amazon.com.

More information

Cyberoam Security-as-a-Service on Amazon Web Services Cloud. www.cyberoam.com

Cyberoam Security-as-a-Service on Amazon Web Services Cloud. www.cyberoam.com Cyberoam Security-as-a-Service on Amazon Web Services Cloud What is Amazon Web Services (AWS)? Amazon Elastic Compute Cloud Rent computing capacity or infrastructure on the cloud A Web service that provides

More information

The steps will take about 4 hours to fully execute, with only about 60 minutes of user intervention. Each of the steps is discussed below.

The steps will take about 4 hours to fully execute, with only about 60 minutes of user intervention. Each of the steps is discussed below. Setup Guide for the XenApp on AWS CloudFormation Template This document walks you through the steps of using the Citrix XenApp on AWS CloudFormation template (v 4.1.5) available here to create a fully

More information

VX 9000E WiNG Express Manager INSTALLATION GUIDE

VX 9000E WiNG Express Manager INSTALLATION GUIDE VX 9000E WiNG Express Manager INSTALLATION GUIDE 2 VX 9000E WiNG Express Manager Service Information If you have a problem with your equipment, contact support for your region. Support and issue resolution

More information

Chapter 9 PUBLIC CLOUD LABORATORY. Sucha Smanchat, PhD. Faculty of Information Technology. King Mongkut s University of Technology North Bangkok

Chapter 9 PUBLIC CLOUD LABORATORY. Sucha Smanchat, PhD. Faculty of Information Technology. King Mongkut s University of Technology North Bangkok CLOUD COMPUTING PRACTICE 82 Chapter 9 PUBLIC CLOUD LABORATORY Hand on laboratory based on AWS Sucha Smanchat, PhD Faculty of Information Technology King Mongkut s University of Technology North Bangkok

More information

Amazon EC2 Product Details Page 1 of 5

Amazon EC2 Product Details Page 1 of 5 Amazon EC2 Product Details Page 1 of 5 Amazon EC2 Functionality Amazon EC2 presents a true virtual computing environment, allowing you to use web service interfaces to launch instances with a variety of

More information

Hands on Lab: Building a Virtual Machine and Uploading VM Images to the Cloud using Windows Azure Infrastructure Services

Hands on Lab: Building a Virtual Machine and Uploading VM Images to the Cloud using Windows Azure Infrastructure Services Hands on Lab: Building a Virtual Machine and Uploading VM Images to the Cloud using Windows Azure Infrastructure Services Windows Azure Infrastructure Services provides cloud based storage, virtual networks

More information

Implementing Microsoft Windows Server Failover Clustering (WSFC) and SQL Server 2012 AlwaysOn Availability Groups in the AWS Cloud

Implementing Microsoft Windows Server Failover Clustering (WSFC) and SQL Server 2012 AlwaysOn Availability Groups in the AWS Cloud Implementing Microsoft Windows Server Failover Clustering (WSFC) and SQL Server 2012 AlwaysOn Availability Groups in the AWS Cloud David Pae, Ulf Schoo June 2013 (Please consult http://aws.amazon.com/windows/

More information

Basic ViPNet VPN Deployment Schemes. Supplement to ViPNet Documentation

Basic ViPNet VPN Deployment Schemes. Supplement to ViPNet Documentation Basic ViPNet VPN Deployment Schemes Supplement to ViPNet Documentation 1991 2015 Infotecs Americas. All rights reserved. Version: 00121-04 90 01 ENU This document is included in the software distribution

More information

Remote Application Server Version 14. Last updated: 06-02-15

Remote Application Server Version 14. Last updated: 06-02-15 Remote Application Server Version 14 Last updated: 06-02-15 Information in this document is subject to change without notice. Companies, names, and data used in examples herein are fictitious unless otherwise

More information

Virtual Web Appliance Setup Guide

Virtual Web Appliance Setup Guide Virtual Web Appliance Setup Guide 2 Sophos Installing a Virtual Appliance Installing a Virtual Appliance This guide describes the procedures for installing a Virtual Web Appliance. If you are installing

More information

Virtual Private Cloud - Lab. Hands-On Lab: AWS Virtual Private Cloud (VPC)

Virtual Private Cloud - Lab. Hands-On Lab: AWS Virtual Private Cloud (VPC) Virtual Private Cloud - Lab Hands-On Lab: AWS Virtual Private Cloud (VPC) 1 Overview In this lab we will create and prepare a Virtual Private Cloud (VPC) so that we can launch multiple EC2 web servers

More information

Using ArcGIS for Server in the Amazon Cloud

Using ArcGIS for Server in the Amazon Cloud Using ArcGIS for Server in the Amazon Cloud Randall Williams, Esri Subrat Bora, Esri Esri UC 2014 Technical Workshop Agenda What is ArcGIS for Server on Amazon Web Services Sounds good! How much does it

More information

Netop Environment Security. Unified security to all Netop products while leveraging the benefits of cloud computing

Netop Environment Security. Unified security to all Netop products while leveraging the benefits of cloud computing Netop Environment Security Unified security to all Netop products while leveraging the benefits of cloud computing Contents Introduction... 2 AWS Infrastructure Security... 3 Standards - Compliancy...

More information

How AWS Pricing Works

How AWS Pricing Works How AWS Pricing Works (Please consult http://aws.amazon.com/whitepapers/ for the latest version of this paper) Page 1 of 15 Table of Contents Table of Contents... 2 Abstract... 3 Introduction... 3 Fundamental

More information

TechNote. Configuring SonicOS for MS Windows Azure

TechNote. Configuring SonicOS for MS Windows Azure Network Security SonicOS Contents Overview...1 Deployment Considerations...2 Supported Platforms...2 Configuring a Policy-Based VPN...2 Configuring a Route-Based VPN...17 Overview This TechNote details

More information

Microsoft Windows Server Failover Clustering (WSFC) and SQL Server AlwaysOn Availability Groups on the AWS Cloud: Quick Start Reference Deployment

Microsoft Windows Server Failover Clustering (WSFC) and SQL Server AlwaysOn Availability Groups on the AWS Cloud: Quick Start Reference Deployment Microsoft Windows Server Failover Clustering (WSFC) and SQL Server AlwaysOn Availability Groups on the AWS Cloud: Quick Start Reference Deployment Mike Pfeiffer July 2014 Last updated: September 2015 (revisions)

More information

GRAVITYZONE HERE. Deployment Guide VLE Environment

GRAVITYZONE HERE. Deployment Guide VLE Environment GRAVITYZONE HERE Deployment Guide VLE Environment LEGAL NOTICE All rights reserved. No part of this document may be reproduced or transmitted in any form or by any means, electronic or mechanical, including

More information

TANDBERG MANAGEMENT SUITE 10.0

TANDBERG MANAGEMENT SUITE 10.0 TANDBERG MANAGEMENT SUITE 10.0 Installation Manual Getting Started D12786 Rev.16 This document is not to be reproduced in whole or in part without permission in writing from: Contents INTRODUCTION 3 REQUIREMENTS

More information

Sophos for Microsoft SharePoint startup guide

Sophos for Microsoft SharePoint startup guide Sophos for Microsoft SharePoint startup guide Product version: 2.0 Document date: March 2011 Contents 1 About this guide...3 2 About Sophos for Microsoft SharePoint...3 3 System requirements...3 4 Planning

More information

AWS Toolkit for Visual Studio User Guide

AWS Toolkit for Visual Studio User Guide AWS Toolkit for Visual Studio User Guide Release 1.0 Amazon Web Services Dec 01, 2016 Contents 1 Using the Toolkit for Visual Studio 1 2 Setting Up the Toolkit for Visual Studio 5 3 Working with AWS Services

More information

Virtual Appliance Setup Guide

Virtual Appliance Setup Guide Virtual Appliance Setup Guide 2015 Bomgar Corporation. All rights reserved worldwide. BOMGAR and the BOMGAR logo are trademarks of Bomgar Corporation; other trademarks shown are the property of their respective

More information

USER GUIDE: MaaS360 Services

USER GUIDE: MaaS360 Services USER GUIDE: MaaS360 Services 05.2010 Copyright 2010 Fiberlink Corporation. All rights reserved. Information in this document is subject to change without notice. The software described in this document

More information

Aerohive Networks Inc. Free Bonjour Gateway FAQ

Aerohive Networks Inc. Free Bonjour Gateway FAQ Aerohive Networks Inc. Free Bonjour Gateway FAQ 1. About the Product... 1 2. Installation... 2 3. Management... 3 4. Troubleshooting... 4 1. About the Product What is the Aerohive s Free Bonjour Gateway?

More information

Online Backup Guide for the Amazon Cloud: How to Setup your Online Backup Service using Vembu StoreGrid Backup Virtual Appliance on the Amazon Cloud

Online Backup Guide for the Amazon Cloud: How to Setup your Online Backup Service using Vembu StoreGrid Backup Virtual Appliance on the Amazon Cloud Online Backup Guide for the Amazon Cloud: How to Setup your Online Backup Service using Vembu StoreGrid Backup Virtual Appliance on the Amazon Cloud Here is a step-by-step set of instructions to get your

More information

TELSTRA CLOUD SERVICES CLOUD INFRASTRUCTURE PRICING GUIDE AUSTRALIA

TELSTRA CLOUD SERVICES CLOUD INFRASTRUCTURE PRICING GUIDE AUSTRALIA TELSTRA CLOUD SERVICES CLOUD INFRASTRUCTURE PRICING GUIDE AUSTRALIA WELCOME TO TELSTRA CLOUD SERVICES Our cloud infrastructure solutions are made up of a combination of scalable cloud resources, including

More information

Simone Brunozzi, AWS Technology Evangelist, APAC. Fortress in the Cloud

Simone Brunozzi, AWS Technology Evangelist, APAC. Fortress in the Cloud Simone Brunozzi, AWS Technology Evangelist, APAC Fortress in the Cloud AWS Cloud Security Model Overview Certifications & Accreditations Sarbanes-Oxley (SOX) compliance ISO 27001 Certification PCI DSS

More information

Endpoint web control overview guide. Sophos Web Appliance Sophos Enterprise Console Sophos Endpoint Security and Control

Endpoint web control overview guide. Sophos Web Appliance Sophos Enterprise Console Sophos Endpoint Security and Control Endpoint web control overview guide Sophos Web Appliance Sophos Enterprise Console Sophos Endpoint Security and Control Document date: December 2011 Contents 1 Endpoint web control...3 2 Enterprise Console

More information

RackConnect User Guide

RackConnect User Guide RackConnect User Guide Updated: November 8, 2011 RackConnect User Guide Page 2 of 15 DISCLAIMER This RackConnect User Guide (the Guide ) is for informational purposes only and is provided AS IS. The information

More information

Move over, TMG! Replacing TMG with Sophos UTM

Move over, TMG! Replacing TMG with Sophos UTM Move over, TMG! Replacing TMG with Sophos UTM Christoph Litzbach, Pre-Sales Engineer NSG 39 Key Features of TMG HTTP Antivirus/spyware URL Filtering HTTPS forward inspection Web Caching Role based access

More information

VMware vcenter Log Insight Getting Started Guide

VMware vcenter Log Insight Getting Started Guide VMware vcenter Log Insight Getting Started Guide vcenter Log Insight 1.5 This document supports the version of each product listed and supports all subsequent versions until the document is replaced by

More information

ReadyNAS Replicate. Software Reference Manual. 350 East Plumeria Drive San Jose, CA 95134 USA. November 2010 202-10727-01 v1.0

ReadyNAS Replicate. Software Reference Manual. 350 East Plumeria Drive San Jose, CA 95134 USA. November 2010 202-10727-01 v1.0 ReadyNAS Replicate Software Reference Manual 350 East Plumeria Drive San Jose, CA 95134 USA November 2010 202-10727-01 v1.0 2010 NETGEAR, Inc. All rights reserved. No part of this publication may be reproduced,

More information

Virtual Appliances. Virtual Appliances: Setup Guide for Umbrella on VMWare and Hyper-V. Virtual Appliance Setup Guide for Umbrella Page 1

Virtual Appliances. Virtual Appliances: Setup Guide for Umbrella on VMWare and Hyper-V. Virtual Appliance Setup Guide for Umbrella Page 1 Virtual Appliances Virtual Appliances: Setup Guide for Umbrella on VMWare and Hyper-V Virtual Appliance Setup Guide for Umbrella Page 1 Table of Contents Overview... 3 Prerequisites... 4 Virtualized Server

More information

Virtual Data Centre. User Guide

Virtual Data Centre. User Guide Virtual Data Centre User Guide 2 P age Table of Contents Getting Started with vcloud Director... 8 1. Understanding vcloud Director... 8 2. Log In to the Web Console... 9 3. Using vcloud Director... 10

More information

About the VM-Series Firewall

About the VM-Series Firewall About the VM-Series Firewall Palo Alto Networks VM-Series Deployment Guide PAN-OS 6.1 Contact Information Corporate Headquarters: Palo Alto Networks 4401 Great America Parkway Santa Clara, CA 95054 http://www.paloaltonetworks.com/contact/contact/

More information

Virtualization Features

Virtualization Features Virtualization Features Palo Alto Networks PAN-OS New Features Guide Version 6.1 Contact Information Corporate Headquarters: Palo Alto Networks 4401 Great America Parkway Santa Clara, CA 95054 http://www.paloaltonetworks.com/contact/contact/

More information

RemoteApp Publishing on AWS

RemoteApp Publishing on AWS RemoteApp Publishing on AWS WWW.CORPINFO.COM Kevin Epstein & Stephen Garden Santa Monica, California November 2014 TABLE OF CONTENTS TABLE OF CONTENTS... 2 ABSTRACT... 3 INTRODUCTION... 3 WHAT WE LL COVER...

More information

Interworks. Interworks Cloud Platform Installation Guide

Interworks. Interworks Cloud Platform Installation Guide Interworks Interworks Cloud Platform Installation Guide Published: March, 2014 This document contains information proprietary to Interworks and its receipt or possession does not convey any rights to reproduce,

More information

TRIPWIRE PURECLOUD. TRIPWIRE PureCloud USER GUIDE

TRIPWIRE PURECLOUD. TRIPWIRE PureCloud USER GUIDE TRIPWIRE PURECLOUD TRIPWIRE PureCloud USER GUIDE 2001-2015 Tripwire, Inc. All rights reserved. Tripwire and ncircle are registered trademarks of Tripwire, Inc. Other brand or product names may be trademarks

More information

Oracle Cloud. What s New for Oracle Compute Cloud Service (IaaS) Topics. July 2016. What's New for Oracle Compute Cloud Service (IaaS) Release 16.

Oracle Cloud. What s New for Oracle Compute Cloud Service (IaaS) Topics. July 2016. What's New for Oracle Compute Cloud Service (IaaS) Release 16. Oracle Cloud What's New for Oracle Compute Cloud Service (IaaS) Release 16.3 E71882-05 July 2016 What s New for Oracle Compute Cloud Service (IaaS) Learn about the new and changed features of Oracle Compute

More information

XenDesktop 7.5 on Amazon Web Services (AWS) Design Guide

XenDesktop 7.5 on Amazon Web Services (AWS) Design Guide XenDesktop 7.5 on Amazon Web Services (AWS) Design Guide July 14, 2014 Revision History Revision Change Description Updated By Date 0.1 Document Created Peter Bats April 17, 2014 1.0 Final Draft Peter

More information

ArcGIS 10.3 Server on Amazon Web Services

ArcGIS 10.3 Server on Amazon Web Services ArcGIS 10.3 Server on Amazon Web Services Copyright 1995-2015 Esri. All rights reserved. Table of Contents Introduction What is ArcGIS Server on Amazon Web Services?............................... 5 Quick

More information

Managing Your Microsoft Windows Server Fleet with AWS Directory Service. May 2015

Managing Your Microsoft Windows Server Fleet with AWS Directory Service. May 2015 Managing Your Microsoft Windows Server Fleet with AWS Directory Service May 2015 2015, Amazon Web Services, Inc. or its affiliates. All rights reserved. Notices This document is provided for informational

More information

Quick Start Guide for VMware and Windows 7

Quick Start Guide for VMware and Windows 7 PROPALMS VDI Version 2.1 Quick Start Guide for VMware and Windows 7 Rev. 1.1 Published: JULY-2011 1999-2011 Propalms Ltd. All rights reserved. The information contained in this document represents the

More information

McAfee Network Security Platform Administration Course

McAfee Network Security Platform Administration Course McAfee Network Security Platform Administration Course Intel Security Education Services Administration Course The McAfee Network Security Platform Administration course from McAfee Education Services

More information

Firewall Defaults and Some Basic Rules

Firewall Defaults and Some Basic Rules Firewall Defaults and Some Basic Rules ProSecure UTM Quick Start Guide This quick start guide provides the firewall defaults and explains how to configure some basic firewall rules for the ProSecure Unified

More information

Cloud Computing. Adam Barker

Cloud Computing. Adam Barker Cloud Computing Adam Barker 1 Overview Introduction to Cloud computing Enabling technologies Different types of cloud: IaaS, PaaS and SaaS Cloud terminology Interacting with a cloud: management consoles

More information

F-Secure Messaging Security Gateway. Deployment Guide

F-Secure Messaging Security Gateway. Deployment Guide F-Secure Messaging Security Gateway Deployment Guide TOC F-Secure Messaging Security Gateway Contents Chapter 1: Deploying F-Secure Messaging Security Gateway...3 1.1 The typical product deployment model...4

More information

About the VM-Series Firewall

About the VM-Series Firewall About the VM-Series Firewall Palo Alto Networks VM-Series Deployment Guide PAN-OS 6.0 Contact Information Corporate Headquarters: Palo Alto Networks 4401 Great America Parkway Santa Clara, CA 95054 http://www.paloaltonetworks.com/contact/contact/

More information

WHITE PAPER SETTING UP AND USING ESTATE MASTER ON THE CLOUD INTRODUCTION

WHITE PAPER SETTING UP AND USING ESTATE MASTER ON THE CLOUD INTRODUCTION WHITE PAPER SETTING UP AND USING ESTATE MASTER ON THE CLOUD INTRODUCTION Cloud Computing can provide great flexibility for the Estate Master user. You can access your feasibilities, manage you projects

More information

Lab 4.4.8a Configure a Cisco GRE over IPSec Tunnel using SDM

Lab 4.4.8a Configure a Cisco GRE over IPSec Tunnel using SDM Lab 4.4.8a Configure a Cisco GRE over IPSec Tunnel using SDM Objective Scenario Topology In this lab, the students will complete the following tasks: Prepare to configure Virtual Private Network (VPN)

More information

Cloud Security Best Practices

Cloud Security Best Practices Cloud Security Best Practices Cohesive Networks - your applications secured VNS3 security and connectivity solutions protect cloud-based applications from exploitation by hackers, criminal gangs, and foreign

More information

Chapter 11 Cloud Application Development

Chapter 11 Cloud Application Development Chapter 11 Cloud Application Development Contents Motivation. Connecting clients to instances through firewalls. Chapter 10 2 Motivation Some of the questions of interest to application developers: How

More information

AWS Directory Service. Simple AD Administration Guide Version 1.0

AWS Directory Service. Simple AD Administration Guide Version 1.0 AWS Directory Service Simple AD Administration Guide AWS Directory Service: Simple AD Administration Guide Copyright 2015 Amazon Web Services, Inc. and/or its affiliates. All rights reserved. Amazon's

More information

Zend Server Amazon AMI Quick Start Guide

Zend Server Amazon AMI Quick Start Guide Zend Server Amazon AMI Quick Start Guide By Zend Technologies www.zend.com Disclaimer This is the Quick Start Guide for The Zend Server Zend Server Amazon Machine Image The information in this document

More information

Configuration Information

Configuration Information This chapter describes some basic Email Security Gateway configuration settings, some of which can be set in the first-time Configuration Wizard. Other topics covered include Email Security interface navigation,

More information

Microsoft Azure Configuration

Microsoft Azure Configuration Microsoft Azure Configuration Azure Setup for VNS3 2015 copyright 2015 1 Table of Contents Introduction 3 Create Azure Private VLAN 10 Launch VNS3 Image from Azure Marketplace 15 VNS3 Configuration Document

More information

Sophos XG Firewall on Microsoft Azure. Quick Start Guide

Sophos XG Firewall on Microsoft Azure. Quick Start Guide Sophos XG Firewall on Microsoft Azure Quick Start Guide Document date: Tuesday, September 20, 2016 Contents 1 Overview 3 2 Deployment of Sophos XG Firewall on Azure 4 3 Registration of XG Firewall Device

More information

MATLAB on EC2 Instructions Guide

MATLAB on EC2 Instructions Guide MATLAB on EC2 Instructions Guide Contents Welcome to MATLAB on EC2...3 What You Need to Do...3 Requirements...3 1. MathWorks Account...4 1.1. Create a MathWorks Account...4 1.2. Associate License...4 2.

More information

Installing and Configuring vcloud Connector

Installing and Configuring vcloud Connector Installing and Configuring vcloud Connector vcloud Connector 2.7.0 This document supports the version of each product listed and supports all subsequent versions until the document is replaced by a new

More information

WildFire Reporting. WildFire Administrator s Guide 55. Copyright 2007-2015 Palo Alto Networks

WildFire Reporting. WildFire Administrator s Guide 55. Copyright 2007-2015 Palo Alto Networks WildFire Reporting When malware is discovered on your network, it is important to take quick action to prevent spread of the malware to other systems. To ensure immediate alerts to malware discovered on

More information

Smartronix Inc. Cloud Assured Services Commercial Price List

Smartronix Inc. Cloud Assured Services Commercial Price List Smartronix Inc. Assured Services Commercial Price List Smartronix, Inc. 12120 Sunset Hills Road Suite #600, Reston, VA 20190 703-435-3322 cloudassured@smartronix.com www.smartronix.com Table of Contents

More information

Virtual Managment Appliance Setup Guide

Virtual Managment Appliance Setup Guide Virtual Managment Appliance Setup Guide 2 Sophos Installing a Virtual Appliance Installing a Virtual Appliance As an alternative to the hardware-based version of the Sophos Web Appliance, you can deploy

More information

Backup & Disaster Recovery Appliance User Guide

Backup & Disaster Recovery Appliance User Guide Built on the Intel Hybrid Cloud Platform Backup & Disaster Recovery Appliance User Guide Order Number: G68664-001 Rev 1.0 June 22, 2012 Contents Registering the BDR Appliance... 4 Step 1: Register the

More information