clearswift seg - amazon aws installation guide v3 1 · 2020-03-18 · gateway (seg) within amazon...
TRANSCRIPT
Clearswift Deploying the Clearswift SECURE Email Gateway Within Amazon Web Services Version 3.1 August 2018
Deploying the Clearswift SECURE Email Gateway Within Amazon Web Services
Page 2 of 18
Copyright Published by Clearswift Ltd.
© 1995–2018 Clearswift Ltd.
All rights reserved.
The materials contained herein are the sole property of Clearswift Ltd unless otherwise stated. The property of Clearswift may not be reproduced or disseminated or transmitted in any form or by any means electronic, mechanical, photocopying, recording, or otherwise stored in any retrievable system or otherwise used in any manner whatsoever, in part or in whole, without the express permission of Clearswift Ltd.
Information in this document may contain references to fictional persons, companies, products and events for illustrative purposes. Any similarities to real persons, companies, products and events are coincidental and Clearswift shall not be liable for any loss suffered as a result of such similarities.
The Clearswift Logo and Clearswift product names are trademarks of Clearswift Ltd. All other trademarks are the property of their respective owners. Clearswift Ltd. (registered number 3367495) is registered in Britain with registered offices at 1310 Waterside, Arlington Business Park, Theale, Reading, Berkshire RG7 4SA, England. Users should ensure that they comply with all national legislation regarding the export, import, and use of cryptography.
Clearswift reserves the right to change any part of this document at any time.
Deploying the Clearswift SECURE Email Gateway Within Amazon Web Services
Page 3 of 18
Contents
Introduction .................................................................................................................... 4
Configuring a Red Hat Virtual Machine Within AWS ........................................................... 5
Installing the Clearswift SECURE Email Gateway ............................................................. 14
Deploying the Clearswift SECURE Email Gateway Within Amazon Web Services
Page 4 of 18
Introduction This document outlines the steps to perform in order to deploy a Clearswift SECURE Email Gateway (SEG) within Amazon Web Services Elastic Cloud (AWS EC2). The process for installing the SEG within AWS can be broken down into the following steps:
Configure a Red Hat virtual machine within AWS Install the Clearswift SECURE Email Gateway
Please note that these instructions are valid for SEG V4.8 and AWS as of August 2018.
Deploying the Clearswift SECURE Email Gateway Within Amazon Web Services
Page 5 of 18
Configuring a Red Hat Virtual Machine Within AWS The following steps show you how to create the Red Hat Virtual Machine (VM) required to host the Clearswift SECURE Email Gateway (SEG) using the AWS management portal. The SEG should be deployed onto a VM running Red Hat Enterprise Linux x64 6.9. When you create the Red Hat VM, you need to ensure that you allocate it sufficient resources to meet your mail throughput requirements.
Message Volume Processor Number of Processors Memory Disk Raid
Low (<20,000 per hour) Dual Core 1 4 GB 320 GB+
SATA/SCSI Optional
Medium (<50,000 per hour)
Dual/Quad Core Xeon 1 4GB 320 GB+
SATA/SCSI Optional
High (<60,000 per hour)
Dual/Quad Core Xeon 1 6 GB 2 x SAS 15k
RPM Yes (1)
Very High (>60,000 per hour)
Quad Core Xeon 2 6 GB Multiple SAS
15k RPM Yes (1,
10)
Please refer to the Clearswift SECURE Email Gateway Installation and Getting Started Guide for the latest set of sizing guidelines. Please note that these instructions are accurate as of August 2018. Please refer to AWS documentation for the most up to date management steps.
Deploying the Clearswift SECURE Email Gateway Within Amazon Web Services
Page 6 of 18
To deploy a Red Hat VM in AWS:
1. Log into the AWS Management Console: https://aws.amazon.com/ 2. Ensure that you have selected the correct geographical region that you wish to
deploy the new VM into.
3. Click on EC2.
Deploying the Clearswift SECURE Email Gateway Within Amazon Web Services
Page 7 of 18
4. Click on Launch Instance.
5. Click on Community AMIs. 6. On the Step 1: Choose and Amazon Machine Image (AMI) screen, select the
following check boxes to filter the list: a. Red Hat b. 64-bit
Deploying the Clearswift SECURE Email Gateway Within Amazon Web Services
Page 8 of 18
7. Click the Select button for the RHEL-6.9_HVM-20180522-x86_64-1-Hourly2-GP2 machine image. Please note that other RHEL 6.9 machine images may not be suitable for SEG deployment.
8. On the Step 2: Choose an Instance Type screen, select the instance type that meets your mail throughput requirements. Please refer to the Clearswift SECURE Email Gateway Installation and Getting Started Guide for the latest set of sizing guidelines.
9. Click on Next: Configure Instance Details. 10. On the Step 3: Configure Instance Details screen, click on Create new subnet. 11. A new browser tab will open containing the VPC Dashboard. Make a note of the IPv4
CIDR for your chosen availability zone.
Deploying the Clearswift SECURE Email Gateway Within Amazon Web Services
Page 9 of 18
12. Return to the browser tab containing the On the Step 3: Configure Instance Details screen:
a. Use the Subnet drop down to select a subnet in your preferred availability zone.
b. Select Disable from the Auto-assign Public IP drop down. c. In Network Interfaces, enter your chosen IP address in the Primary IP field. d. If you wish to use the SEG Personal Message Manager (PMM), add a second
NIC. e. Configure any additional options that you require.
13. Click on Next: Add Storage.
Deploying the Clearswift SECURE Email Gateway Within Amazon Web Services
Page 10 of 18
14. On the Step 4: Add Storage screen, enter a minimum value in the Size (GiB) field of: i. Test environments: 80 ii. Production environments: 250
15. Click on Next: Add Tags. 16. On the Step 5: Add Tags screen, enter any tags that you require (e.g. name of the
instance) and then click on Next: Configure Security Group.
Deploying the Clearswift SECURE Email Gateway Within Amazon Web Services
Page 11 of 18
17. On the Step 6: Configure Security Group screen, configure the following rules using the Type drop down:
a. SSH – Please note that we recommend using the Source field to restrict access to just your valid IP address(es).
b. SMTP – Ensure that you use the Source drop down to select Anywhere. c. HTTPS – Please note that we recommend using the Source field to restrict
access to just your valid IP address(es). 18. Click on Review and Launch.
19. Click on Launch.
Deploying the Clearswift SECURE Email Gateway Within Amazon Web Services
Page 12 of 18
20. In the Select an existing key pair or create a new key pair dialog, select the most appropriate option for your requirements and then click on Launch Instances.
21. Once the instance has initialized you need to assign public IP addresses to any configured NICs. Click on View Instances.
22. Click on Elastic IPs. 23. Click on Allocate new address. 24. Click on Allocate. 25. Click on Close. 26. Select the Elastic IP that you just created. 27. Click on Actions – Associate address.
Deploying the Clearswift SECURE Email Gateway Within Amazon Web Services
Page 13 of 18
28. On the Associate address screen: a. Select the Network interface radio button in the Resource type section. b. Use the Network interface drop down to select the eth0 primary network
interface that you configured for your Red Hat VM. c. Use the Private IP drop down to select the IP address associated with the
eth0 NIC that you configured earlier. d. Do not tick the Reassociation check box unless you wish to disassociate this
Elastic IP address from another resource that it is already associated with. e. Click on Associate.
29. Click on Close. 30. If you previously added a second NIC so that you can configure the SEG Personal
Message Manager (PMM), then you need to repeat the above steps to associate a public Elastic IP address with this NIC.
You can now connect to your Red Hat VM and perform the steps to install the SEG.
Deploying the Clearswift SECURE Email Gateway Within Amazon Web Services
Page 14 of 18
Installing the Clearswift SECURE Email Gateway You now need to connect to your Red Hat VM and install the SEG. Please refer to the Clearswift SECURE Email Gateway Installation and Getting Started Guide for the latest set of instructions on how to perform a software install of the SEG. To perform a software install of the SEG:
1. Open an SSH client and connect to your new Red Hat VM. a. The following URL explains how to use PuTTY to connect to your VM:
https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/putty.html?icmpid=docs_ec2_console
2. Assume root role at the command line by entering the following and then pressing Enter: sudo su -
3. Enter the following at the command line and then press Enter: curl --get --remote-name http://repo.clearswift.net/rhel6/gw/os/x86_64/Packages/cs-email-repo-conf-3.6.3-1.x86_64.rpm
4. Enter the following at the command line and then press Enter: rpm --import http://repo.clearswift.net/it-pub.key
5. Enter the following at the command line and then press Enter: rpm -ivh cs-email-repo-conf-3.6.3-1.x86_64.rpm
6. Enter the following at the command line and then press Enter: yum –y remove postfix rsyslog samba-common
7. Enter the following at the command line and then press Enter: yum install -y cs-email --enablerepo=cs-*
8. Once the installation process has completed, Enter the following at the command line and then press Enter: /opt/csrh/cli/appcli.bash
9. You should now see the First Boot Console wizard. Select Start and then press Enter.
10. On the Step 1 of 6 – Locale Configuration screen, select the appropriate locale and then select Next.
11. On the Step 2 of 6 – Keyboard Configuration screen, select the appropriate keyboard language and then select Next.
12. On the Step 3 of 6 – Timezone Configuration screen, select the appropriate timezone and then select Next.
Deploying the Clearswift SECURE Email Gateway Within Amazon Web Services
Page 15 of 18
13. On the Step 4 of 6 – Network Configuration screen: a. Select System Hostname and replace the current entry with the setting
that you require. b. Select Network Adapter and replace the default settings for eth0:
i. IP Address: Enter the Private IP address of eth0 in here ii. Netmask/Prefix: Enter the appropriate netmask based on your private
IP address iii. Gateway: Enter the default Gateway based upon your private IP
address (it should end in 1, e.g. 172.31.16.1 based upon a private IP of 172.31.16.180)
iv. Select Save. c. Leave the DNS Server entry as the default (e.g. 172.31.0.2) d. Select Next.
14. On the Step 5 of 6 – Repository Configuration screen, select Online Mode: Upgrade from Clearswift repositories and then select Next.
15. On the Step 6 of 6 – cs-admin password screen, specify a suitable password and then select Next.
16. On the Confirm Wizard Complete screen, select Yes. 17. The system will now reboot. 18. Open an SSH client and connect to your new Red Hat VM. 19. Assume root role at the command line by entering the following and then pressing
Enter: sudo su -
20. Enter the following at the command line and then press Enter: /opt/csrh/cli/appcli.bash
Deploying the Clearswift SECURE Email Gateway Within Amazon Web Services
Page 16 of 18
21. You should now see the Clearswift Server Console, which can be used for tasks including:
a. Changing network settings b. Downloading and applying updates c. Configuring SNMP and SCOM d. Resetting the user interface access control settings e. Resetting the admin, or cs-admin passwords f. Accessing the command line
Deploying the Clearswift SECURE Email Gateway Within Amazon Web Services
Page 17 of 18
22. You can now connect to the SEG via an Internet browser to run the setup wizard. Open a browser and navigate to the SEG’s public IP address using https (e.g. https://192.168.250.135).
23. Complete the setup wizard. 24. Once the initial configuration has finished, you will be able to login to your SEG using
the admin account and associated password that you defined in the setup wizard.
Your SEG has now been deployed into AWS and is ready to process traffic. For more information on configuring policy, working with quarantined messages, system
Deploying the Clearswift SECURE Email Gateway Within Amazon Web Services
Page 18 of 18
management, enabling SSH, etc. please refer to the online help that is accessible via the SEG user interface. Please note that you may need to inform AWS that your SEG is intended to send and receive emails. This will avoid any throttling being imposed upon your SEG by AWS.