Any experiences with the installation and running of DMAs in AWS?

Solved1.67K viewsAWS deployment DMA
8
0 Comments

I was just wondering if anybody had experiences to share with the installation and running of DMAs in AWS.  In general that's pretty transparent, and not really different as compared to installing and running DMAs on premises.  And of course in AWS you have to make sure that your compute is in line with the specs for a DMA (CPU, storage, memory, etc.), that's clear.  But I was wondering specifically if there are certain points of attention?  Pitfalls?  Lessons learned?

Marieke Goethals [SLC] [DevOps Catalyst] Selected answer as best 10th July 2023

1 Answer

7
2.14K 3 Comments

Up to now, I installed a few DataMiner Agents on AWS DC2 nodes. As you mentioned already, it was really transparent. You're not really aware that it's running in the cloud. Maybe a few points that were discussed before/during installation with the end user:

  1. Client access: The AWS instance is publicly available in the cloud. To still kind of restrict access to only specific users (for security reasons) they only allowed/whitelisted traffic from specific IPs.
  2. Security: Normally a DMA is part of a domain and you can use the same domain users as in your corporate private network. In the cloud this is a different story. In my specific case it's not configured yet, but we're looking into connecting to an AWS active directory.
  3. Device access: Most of the products/APIs in my case were also in the cloud. So connecting to them is not really an issue. However, some equipment is not available from the cloud because it's in a private network. Therefore, they're thinking of having 1 DMA in running in AWS, 1 DMA on premise and clustering them.
Marieke Goethals [SLC] [DevOps Catalyst] Selected answer as best 10th July 2023
Ben Vandenberghe [SLC] [DevOps Enabler] commented

Excellent points Jochen, thanks! Exactly the kind of experiences that I was looking for.
Bert Vandenberghe [SLC] [DevOps Enabler] commented

You can create a site-2-site VPN between the network you created in AWS and your on premise network. This way, you securely extended your internal network in the cloud.

Then you can basically remove internet access to your instances, you can join them to your on premise domain and you can access local devices.
Alberto De Luca commented

Super interesting post!
Licensing wise, are there special considerations that would allow running the DMA even if the NIC/MAC changes? Is it something handle at instance configuration layer or is there a different licensing mechanism?
Thinking about scenarios where the EC2 might be migrated.
You are viewing 1 out of 1 answers, click here to view all answers.