Setting up an AMI-Based Edge Service in AWS

This article provides step-by-step instructions on setting up Secureworks® Taegis™ VDR-published AMIs for Edge Service setup in AWS.

ES Process AWS Post-Configured

Request a Configuration-only Edge Service in VDR ⫘

1. To request the creation of a configuration-only URL for a generic Edge Service virtual machine, access the System menu by selecting the Account circle in the upper right, and then choose Settings.
2. Select Edge Services from the System Settings box.

Manage Edge Services

3. In the Manage Edge Services panel displayed on the right, use the + button to request the creation of a new Edge Service.

4. From the window that appears, enter a name for the Edge Service, choose Configuration Only from the Virtualization Platform dropdown, and then select Submit.

5. After a few minutes, the configuration URL will be accessible through the cog icon that appears at the right of the Edge Service name.

Configuration URL icon

6. Once the cog icon appears, select it to obtain further instructions and copy the Edge Service Configuration URL.

Edge Service Configuration URL

7. Once the Edge Service has been created, VDR will wait for a connection from the Edge Service. The Status icon in the Manage Edge Services panel will stay orange when it isn't connected.

Edge Service Awaiting Connection

Get the Right AMI ID for Your AWS Region ⫘

With the configuration URL copied, note the AMI ID of a generic unconfigured Edge Service image that corresponds to your AWS region.

Set up a New Instance in AWS with This AMI ID ⫘

1. Select the appropriate AWS Region in your environment and navigate to your EC2 console.

2. Choose Launch Instance.

Launch Instance

3. In Step 1, search for the AMI ID noted above, and select the result from Community AMIs.

Community AMIs

4. When you select the result, you will be presented with the VDR Edge Service AMI information.

5. Choose Select to start the AMI creation process, then choose the instance size fitting with your deployment. We recommend at minimum a t2.small instance, but you can use the following guidelines for the instance size:

   • t2.small: up to 100 scans/day
   • t2.medium: between 100-200 scans/day
   • t2.large: between 200-300 scans/day
   • t2.xlarge: between 300-500 scans/day
   • t2.2xlarge: 500+ scans/day

6. Configure instance details. These should be filled according to your VPC configuration, but these are the important settings to consider:

   • Network / subnet: Choose a VPC where the ES will have access to the machines it needs to discover and scan.
   • For the finalization of the setup and to link the generic ES that you started to your VDR instance, you need to have HTTP (port 80) access to the ES from your browser. This is only needed temporarily for the setup.
   • Auto-assign Public IP: You will need to access the ES through HTTP (port 80) to finalize the setup and link the generic ES that you started to your VDR instance. Consider if you want to do this configuration through the Internet (secured through a security group restricting access to only your personal IP), or through a local jump-box in the same VPC.

7. Add storage. The default settings from the AMI (49GB SSD) should selected.

8. Add tags. You can add a Name tag if you want to be able to find your EC2 instance easily.

9. Configure security groups. Make sure you're setting the ES in a security group that allows:

   • Access to the assets in the VPC where the discoveries and scans will take place.
   • Access to the HTTP (port 80) interface for the ES from your browser to finalize the setup and link the generic ES that you started to your VDR instance. This is only needed temporarily for the setup.

10. Review and launch. If asked about installing a key by AWS, you can choose to proceed without a keypair.

11. Navigate back to your EC2 console to confirm that the ES is running; if you get a console screenshot, you should see that it’s waiting on the HTTP interface for final configuration step.

Assign an Elastic IP to the AMI ⫘

1. Navigate to Networking & Security>Elastic IPs.

2. Assign from one of your existing Elastic IPs; you can re-use one that you're not currently making use of.

   • Right-click the image using it and select Dissassociate.
   • Right-click your new ES image and select Associate → pick your IP → Associate.

3. Alternatively, you can request for more IPs from AWS's support, generally a request that is answered pretty quickly.

Use the Configuration URL to Finalize the Edge Service Setup ⫘

1. The ES will expose a single-use temporary configuration interface that should be accessible on your local network (or publicly if you used an Amazon public IP) at the following address:

http://<IP-of-the-Edge-Service>/

2. Once you have accessed the temporary configuration interface, select the desired local network configuration for the Edge Service, either DHCP or Static IP, and then select Submit.

3. On the next page, enter the configuration URL you obtained in VDR in Step 6 of the preceding section.

4. Once you press Submit, the Edge Service will download the custom keys in addition to the configuration it needs to run and will be associated to your VDR account.

Soon after, the success message Client keys were downloaded successfully displays and the web interface will be turned off immediately. If you chose a static IP configuration, the machine will reboot automatically; otherwise, for DHCP, you can just close the tab.

The machine console should now have changed and show connectivity to your VDR account.

Resolving Potential Connectivity Issues ⫘

Once your Edge Service is up and running, it should connect to VDR automatically if your networking has been configured accordingly.

The Edge Service icon visible in VDR will turn green if the connection is successful.

If you run into connectivity issues, you can try to debug by following these suggestions.