Quick Start Guide for AWS Version 2.3 | AMI Instance CONTENTS 1. Introduction 1.1 Running Gemini appliance on Amazon Web Services 1.1.1 Limitations 1.1.2 Key Pairs 1.1.3 Note on Storage 1.1.4 Note on Security Groups 1.2 Sizing 1.2.1 Splunk 1.2.2 Cloudera 2. Getting Started with AWS 2.1 Prerequisites 2.2 Launch Instance 2.3 Appliance Log In 3. Gemini Enterprise Manager 3.1 Activation 3.1.1 EULA 3.1.2 Localization 3. 1.3 Select License Option 3.1. 3.1 Activate Enterprise Edition License 3.1.3.1.1 License Request and Application 3.1.3.1.2 License Server Validation 3. 1.4 Provisioning 3.1. 4.1 Bulk Provisioning 3.1.4.1.1 Appliance Discovery 3.1.4.1.2 Network Settings 3.1.4.1.3 Hostname 3.1.4.1.4 Change Admin Password 3.1.4.1.5 Connect to LDAP 3.1.4.1.6 SSH Authentication 3.1.4.1.7 Summary 3.1.4.2 Stand-Alone Provisioning - Join Cluster 3.1.4.3 Stand-Alone Provisioning - Change Admin Password 3.1.4.4 Stand-Alone Provisioning - Success 3.1.5 Welcome to Gemini Enterprise: Manager 3.1.6 Install Featured Platforms 4. Additional Support 1. Introduction 1.1 Running Gemini appliance on Amazon Web Services 1.1.1 Limitations Due the nature of the Amazon Web Services, network interfaces and their configuration are automatically applied during the Instance Creation process. For this reason, the Network Configuration section in Gemini Enterprise: Manager provides read-only access. Additional virtual network interfaces, including any bonding options, are not available. 1.1.2 Key Pairs A key feature of Amazon Web Services is the identity and access management (IAM) and password-less authentication with Key Pairs. Gemini appliance AMI supports automatic injection of assigned Key Pairs during Instance Creation process. However, upon first login, Manager will ask you to change the default passwords (refer to section 2.3 for further information). 1.1.3 Note on Storage It is highly recommended to use EBS Volumes from "General Purpose SSD (GP2)" type to achieve best results regarding performance. Refer to section 2.2 for further instructions how to attach Storage to SBOX. 1.1.4 Note on Security Groups In order to function SBOX properly, certain communication channels between clients and nodes are required. As a minimum, ports tcp/443 (HTTPS) and tcp/22 are required for basic SBOX operation and administration. As the SBOX Manager and SSH console offer low-level system access, make sure to not expose these ports towards public access (Anywhere, 0.0.0.0/0). Additionally, depending on the Deployment, add inbound rules as needed based on the port matrix below: Port Protocol Direction Purpose 22 tcp Client ? Appliance SSH Access 443 tcp Client ? Appliance Gemini Enterprise Manager (Customizable) 4444 tcp Appliance ? Appliance Manager initialization 6996 tcp Appliance ? Appliance Manager License Server 13217 tcp Appliance ? Appliance Gemini Cluster 2049 tcp Client ? Appliance SNMP Monitoring 8000 tcp Client ? Appliance Splunk Web Access 8089 tcp Client ? Appliance Splunk REST API 9997 tcp Client ? Appliance Splunk Data Input 7800 tcp Client ? Appliance Cloudera Manager 7180 7183 tcp Client ? Appliance Cloudera Cluster Manager 8797 tcp Appliance ? Appliance Cloudera deployment API 1.2 Sizing 1.2.1 Splunk In general, Gemini recommends to follow the Splunk(r) Sizing principles when deploying Gemini appliance with Amazon Web Services. Please refer to the "DEPLOYING SPLUNK(r) ENTERPRISE ON AMAZON WEB SERVICES" document, to be found here: https://www.splunk.com/pdfs/technical-briefs/deploying-splunk-enterprise-on-amazon-w eb-services-technical-brief.pdf For specific Data Ingestion Rates and Retention Periods, make your selection based on the recommendations below: 1.2.2 Cloudera The table below lists requirements for resources used with Cloudera. Cloudera Manager and CDH CPU 4 RAM 64 GB Disk 500 GB Recommended AWS instance Cloudera Manager: m4.xlarge or m4.4xlarge 2. Getting Started with AWS 2.1 Prerequisites a) Make sure you have access to the latest version of Gemini appliance AMI named in your desired region. Once Gemini Support has shared it, the AMI will appear under "Private images": If the AMI is not available at all or in a specific region, please contact Gemini Support. b) Prepare a Security Group according to the Port Matrix in chapter 1.1.4 c) (optional) A Key Pair for SSH connection 2.2 Launch Instance a) Log-in to the AWS Console and open the EC2 Service section b) Step 1: Verify the correct region and select the Gemini appliance AMI. Click the "Launch" button c) Step 2: Select an Instance Type according to the Sizing Guide in Chapter 1.2. d) Step 3: Configure Instance Details according your company standards e) Step 4: Leave 10 GiB General Purpose SSD (GP2) storage for the Root Volume f) Add a new EBS Volume, set Size to your needs, choose the "General Purpose SSD (GP2)" option. Do not enable Encryption as it will significantly impact the performance g) Step 5: Add tags if required h) Step 6: Select your pre-created Security Group i) Step 7: Review the Instance configuration summary and click Launch Instance creation takes a couple of minutes. After the Instance Status changes to "Running", proceed with next chapter. 2.3 Appliance Log In After successful initialization, you can connect to your instance with SSH as user 'sbox' and with the default password " facing jet function drive" (without quotes). It will ask you to change the password upon first login, whereafter public-key authentication using the selected Key Pair will be enabled. The Instance Creation Wizard automatically configures basic network settings. Use the CLI command "ip addr" to verify the IP address: [sbox@gemini-packer ~]$ ip addr 1: lo: mtu 65536 qdisc noqueue state UNKNOWN link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever inet6 ::1/128 scope host valid_lft forever preferred_lft forever 2: nic0: mtu 9001 qdisc pfifo_fast state UP qlen 1000 link/ether 02:8c:18:6c:80:c7 brd ff:ff:ff:ff:ff:ff inet 172.31.22.102/20 brd 172.31.31.255 scope global dynamic nic0 valid_lft 3326 sec preferred_lft 3326 sec inet6 fe80::8c:18ff:fe6c:80c7/64 scope link valid_lft forever preferred_lft forever 3. Gemini Enterprise Manager Final configuration of the appliance is completed using the Manager web console Using a supported web browser, navigate to: https:// A security warning or message may be displayed. This is expected and does not indicate a problem. Depending on your browser you may have to choose "proceed anyway" or "continue" for the page to load. 3.1 Activation 3.1.1 EULA Upon the first visit to Manager, the End User Software License Agreement is shown. After reading the terms, choose Accept to advance to the next screen. 3.1.2 Localization Manager supports multiple languages and setting a preferred language adjusts the entire user experience accordingly. . If the hostname and timezone settings were skipped in previous basic configurations, this step provides an opportunity to configure them. 3.1.3 Select License Option There are 3 options: "Activate Enterprise Edition using Purchased License ": Select this if there's a purchased license was provided or there is a license server configured. "Activate Free Edition": With this option several features are restricted. Ignore this option if you already had a purchased license or you want to have a trial. "Activate Enterprise Edition Free Trial ": Select this if you want to start a 30 days free trial. Purchased user may also considered to select this and attach purchased license later. Only when you selected any one of the options, the "Next" button will reveal. 3.1.3.1 Activate Enterprise Edition License Select "Use a License File" if you have a purchased license. Select "Connect to a License Server" if you have a license server to manage all the licenses and can be activated from this license server. Only when you selected any one of the options, the "Next" button will reveal. 3.1.3.1.1 License Request and Application Follow the steps to generate a license request file, send it to Gemini support and apply the received license. Only when you applied the license file, the "Next" button will reveal. 3.1.3.1.2 License Server Validation Input the License server IP address and token string for validation. 3.1.4 Provisioning If you have multiple appliances to be configured, select " Bulk Provisioning ( provision several appliances with this node as the master) " would help you to apply configurations and complete the initial setup on the appliances at one time. To operate as a standalone appliance, select "Stand-Alone (single) provisioning". 3.1.4.1 Bulk Provisioning This is a step-by-step wizard to guide you complete the initial setup configurations. 3.1.4.1.1 Appliance Discovery If you have a known appliances IP list, e.g. acquired from DHCP server or reported by AWS, you can create a text file and make an IP list, one IP address per line, and then upload this text file to locate the appliances. Another way is to perform a IP subnet scan to discover the appliances. Use CIDR notation to specify the subnet, e.g. 192.168.156.0/24. Please note if you specify a large subnet, it might take long time on scanning. If the IP address of all the appliances are assigned by DHCP server and you want to keep them as static IP configurations, select " Network settings - Static assigned ". This is useful when building a DHCP server for deployment temporarily. User may assign IP addresses by using DHCP server and use this option to turn the configurations permanently. In the end DHCP server can be removed after deployment. Keep the default settings to assign IP address by DHCP, select "Network settings - DHCP assigned". 3.1.4.1.3 Hostname When you have assigned DNS records for each appliance, select "Use Reverse DNS Loopkup" to acquire it's own hostname. If you want to name the appliances with a custom pattern, select "Specify Custom Pattern" and specify the custom pattern with valid tokens. 3.1.4.1.4 Change Admin Password Update the password for the account 'admin' in Manager here. It is recommended that you use a strong password or if applicable, follow appropriate password security policy as required for your enterprise. Please note all the appliance will be updated with the same admin password. 3.1.4.1.5 Connect to LDAP You may configure LDAP resources here to support LDAP authentication. When LDAP resources are configured successfully and correctly, a user will be able to login to Manager with their LDAP account. Read LDAP Authentication in Settings chapter for more details. Please note this is optional and you can skip it. 3.1.4.1.6 SSH Authentication For SSH login, you may specify the password for SSH authentication. You may also upload SSH key to complete the key exchange and it allows you to login Manager via SSH without password required. Please note this is optional and you can skip it. 3.1.4.1.7 Summary Here you can see the summary of provision appliances. Click " Start " to start provisioning. You can see the live status during provisioning and download the CSV result for further use. 3.1.4.2 Stand-Alone Provisioning - Join Cluster If this node is going to join into an existing Gemini Cluster, select " Join an existing appliance cluster" and provide the IP Address and the Token String that were assigned on the Master Node. If this is an standalone appliance, or you wish to configure a cluster at a later time, select "Operate as a standalone appliance". Only when you selected any one of them, the "Next" button will reveal. 3.1.4.3 Stand-Alone Provisioning - Change Admin Password Update the password for the account 'admin' in Manager here. It is recommended that you use a strong password or if applicable, follow your password security policy in your enterprise. 3.1.4.4 Stand-Alone Provisioning - Success Congratulations! The Completed screen lets you know that this appliance has been configured. Click "Get Started" to launch Manager. 3.1.5 Welcome to Gemini Enterprise: Manager Log in to Manager with username 'admin' and password configured in the setup process. 3.1.6 Install Featured Platforms Follow the on screen directions to install featured platforms like Splunk Enterprise and Cloudera CDH. Note that this process involves accessing the application website and 4. Additional Support To access the Gemini Support documentation and knowledge base, or to open a support ticket, please visit http://support.geminidata.com. Also refer to the support site frequently for updates, patches and other information related to your appliance.