clearswift seg - amazon aws installation guide v3 1 · 2020-03-18 · gateway (seg) within amazon...

Clearswift Deploying the Clearswift SECURE Email Gateway Within Amazon Web Services Version 3.1 August 2018

Deploying the Clearswift SECURE Email Gateway Within Amazon Web Services

of 18

Copyright Published by Clearswift Ltd.

© 1995–2018 Clearswift Ltd.

All rights reserved.

The materials contained herein are the sole property of Clearswift Ltd unless otherwise stated. The property of Clearswift may not be reproduced or disseminated or transmitted in any form or by any means electronic, mechanical, photocopying, recording, or otherwise stored in any retrievable system or otherwise used in any manner whatsoever, in part or in whole, without the express permission of Clearswift Ltd.

Information in this document may contain references to fictional persons, companies, products and events for illustrative purposes. Any similarities to real persons, companies, products and events are coincidental and Clearswift shall not be liable for any loss suffered as a result of such similarities.

The Clearswift Logo and Clearswift product names are trademarks of Clearswift Ltd. All other trademarks are the property of their respective owners. Clearswift Ltd. (registered number 3367495) is registered in Britain with registered offices at 1310 Waterside, Arlington Business Park, Theale, Reading, Berkshire RG7 4SA, England. Users should ensure that they comply with all national legislation regarding the export, import, and use of cryptography.

Clearswift reserves the right to change any part of this document at any time.


of 18

Contents

Introduction .................................................................................................................... 4

Configuring a Red Hat Virtual Machine Within AWS ........................................................... 5

Installing the Clearswift SECURE Email Gateway ............................................................. 14


of 18

Introduction This document outlines the steps to perform in order to deploy a Clearswift SECURE Email Gateway (SEG) within Amazon Web Services Elastic Cloud (AWS EC2). The process for installing the SEG within AWS can be broken down into the following steps:

Configure a Red Hat virtual machine within AWS Install the Clearswift SECURE Email Gateway

Please note that these instructions are valid for SEG V4.8 and AWS as of August 2018.


of 18

Configuring a Red Hat Virtual Machine Within AWS The following steps show you how to create the Red Hat Virtual Machine (VM) required to host the Clearswift SECURE Email Gateway (SEG) using the AWS management portal. The SEG should be deployed onto a VM running Red Hat Enterprise Linux x64 6.9. When you create the Red Hat VM, you need to ensure that you allocate it sufficient resources to meet your mail throughput requirements.

Message Volume Processor Number of Processors Memory Disk Raid

Low (<20,000 per hour) Dual Core 1 4 GB 320 GB+

SATA/SCSI Optional

Medium (<50,000 per hour)

Dual/Quad Core Xeon 1 4GB 320 GB+

SATA/SCSI Optional

High (<60,000 per hour)

Dual/Quad Core Xeon 1 6 GB 2 x SAS 15k

RPM Yes (1)

Very High (>60,000 per hour)

Quad Core Xeon 2 6 GB Multiple SAS

15k RPM Yes (1,

10)

Please refer to the Clearswift SECURE Email Gateway Installation and Getting Started Guide for the latest set of sizing guidelines. Please note that these instructions are accurate as of August 2018. Please refer to AWS documentation for the most up to date management steps.


of 18

To deploy a Red Hat VM in AWS:

1. Log into the AWS Management Console: https://aws.amazon.com/ 2. Ensure that you have selected the correct geographical region that you wish to

deploy the new VM into.

3. Click on EC2.


of 18

4. Click on Launch Instance.

5. Click on Community AMIs. 6. On the Step 1: Choose and Amazon Machine Image (AMI) screen, select the

following check boxes to filter the list: a. Red Hat b. 64-bit


of 18

7. Click the Select button for the RHEL-6.9_HVM-20180522-x86_64-1-Hourly2-GP2 machine image. Please note that other RHEL 6.9 machine images may not be suitable for SEG deployment.

8. On the Step 2: Choose an Instance Type screen, select the instance type that meets your mail throughput requirements. Please refer to the Clearswift SECURE Email Gateway Installation and Getting Started Guide for the latest set of sizing guidelines.

9. Click on Next: Configure Instance Details. 10. On the Step 3: Configure Instance Details screen, click on Create new subnet. 11. A new browser tab will open containing the VPC Dashboard. Make a note of the IPv4

CIDR for your chosen availability zone.


of 18

12. Return to the browser tab containing the On the Step 3: Configure Instance Details screen:

a. Use the Subnet drop down to select a subnet in your preferred availability zone.

b. Select Disable from the Auto-assign Public IP drop down. c. In Network Interfaces, enter your chosen IP address in the Primary IP field. d. If you wish to use the SEG Personal Message Manager (PMM), add a second

NIC. e. Configure any additional options that you require.

13. Click on Next: Add Storage.


of 18

14. On the Step 4: Add Storage screen, enter a minimum value in the Size (GiB) field of: i. Test environments: 80 ii. Production environments: 250

15. Click on Next: Add Tags. 16. On the Step 5: Add Tags screen, enter any tags that you require (e.g. name of the

instance) and then click on Next: Configure Security Group.


of 18

17. On the Step 6: Configure Security Group screen, configure the following rules using the Type drop down:

a. SSH – Please note that we recommend using the Source field to restrict access to just your valid IP address(es).

b. SMTP – Ensure that you use the Source drop down to select Anywhere. c. HTTPS – Please note that we recommend using the Source field to restrict

access to just your valid IP address(es). 18. Click on Review and Launch.

19. Click on Launch.


of 18

20. In the Select an existing key pair or create a new key pair dialog, select the most appropriate option for your requirements and then click on Launch Instances.

21. Once the instance has initialized you need to assign public IP addresses to any configured NICs. Click on View Instances.

22. Click on Elastic IPs. 23. Click on Allocate new address. 24. Click on Allocate. 25. Click on Close. 26. Select the Elastic IP that you just created. 27. Click on Actions – Associate address.


of 18

28. On the Associate address screen: a. Select the Network interface radio button in the Resource type section. b. Use the Network interface drop down to select the eth0 primary network

interface that you configured for your Red Hat VM. c. Use the Private IP drop down to select the IP address associated with the

eth0 NIC that you configured earlier. d. Do not tick the Reassociation check box unless you wish to disassociate this

Elastic IP address from another resource that it is already associated with. e. Click on Associate.

29. Click on Close. 30. If you previously added a second NIC so that you can configure the SEG Personal

Message Manager (PMM), then you need to repeat the above steps to associate a public Elastic IP address with this NIC.

You can now connect to your Red Hat VM and perform the steps to install the SEG.


of 18

Installing the Clearswift SECURE Email Gateway You now need to connect to your Red Hat VM and install the SEG. Please refer to the Clearswift SECURE Email Gateway Installation and Getting Started Guide for the latest set of instructions on how to perform a software install of the SEG. To perform a software install of the SEG:

1. Open an SSH client and connect to your new Red Hat VM. a. The following URL explains how to use PuTTY to connect to your VM:

https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/putty.html?icmpid=docs_ec2_console

2. Assume root role at the command line by entering the following and then pressing Enter: sudo su -

3. Enter the following at the command line and then press Enter: curl --get --remote-name http://repo.clearswift.net/rhel6/gw/os/x86_64/Packages/cs-email-repo-conf-3.6.3-1.x86_64.rpm

4. Enter the following at the command line and then press Enter: rpm --import http://repo.clearswift.net/it-pub.key

5. Enter the following at the command line and then press Enter: rpm -ivh cs-email-repo-conf-3.6.3-1.x86_64.rpm

6. Enter the following at the command line and then press Enter: yum –y remove postfix rsyslog samba-common

7. Enter the following at the command line and then press Enter: yum install -y cs-email --enablerepo=cs-*

8. Once the installation process has completed, Enter the following at the command line and then press Enter: /opt/csrh/cli/appcli.bash

9. You should now see the First Boot Console wizard. Select Start and then press Enter.

10. On the Step 1 of 6 – Locale Configuration screen, select the appropriate locale and then select Next.

11. On the Step 2 of 6 – Keyboard Configuration screen, select the appropriate keyboard language and then select Next.

12. On the Step 3 of 6 – Timezone Configuration screen, select the appropriate timezone and then select Next.


of 18

13. On the Step 4 of 6 – Network Configuration screen: a. Select System Hostname and replace the current entry with the setting

that you require. b. Select Network Adapter and replace the default settings for eth0:

i. IP Address: Enter the Private IP address of eth0 in here ii. Netmask/Prefix: Enter the appropriate netmask based on your private

IP address iii. Gateway: Enter the default Gateway based upon your private IP

address (it should end in 1, e.g. 172.31.16.1 based upon a private IP of 172.31.16.180)

iv. Select Save. c. Leave the DNS Server entry as the default (e.g. 172.31.0.2) d. Select Next.

14. On the Step 5 of 6 – Repository Configuration screen, select Online Mode: Upgrade from Clearswift repositories and then select Next.

15. On the Step 6 of 6 – cs-admin password screen, specify a suitable password and then select Next.

16. On the Confirm Wizard Complete screen, select Yes. 17. The system will now reboot. 18. Open an SSH client and connect to your new Red Hat VM. 19. Assume root role at the command line by entering the following and then pressing

Enter: sudo su -

20. Enter the following at the command line and then press Enter: /opt/csrh/cli/appcli.bash


of 18

21. You should now see the Clearswift Server Console, which can be used for tasks including:

a. Changing network settings b. Downloading and applying updates c. Configuring SNMP and SCOM d. Resetting the user interface access control settings e. Resetting the admin, or cs-admin passwords f. Accessing the command line


of 18

22. You can now connect to the SEG via an Internet browser to run the setup wizard. Open a browser and navigate to the SEG’s public IP address using https (e.g. https://192.168.250.135).

23. Complete the setup wizard. 24. Once the initial configuration has finished, you will be able to login to your SEG using

the admin account and associated password that you defined in the setup wizard.

Your SEG has now been deployed into AWS and is ready to process traffic. For more information on configuring policy, working with quarantined messages, system


of 18

management, enabling SSH, etc. please refer to the online help that is accessible via the SEG user interface. Please note that you may need to inform AWS that your SEG is intended to send and receive emails. This will avoid any throttling being imposed upon your SEG by AWS.

clearswift seg - amazon aws installation guide v3 1 · 2020-03-18 · gateway (seg) within amazon...

Documents