In my last blog post, we discussed the advantages of using the CipherGraph Cloud VPN solution to connect the Amazon VPC environment from office LANs or homes or any other locations. In this post, we will discuss how to deploy the CipherGraph solution to connect your VPC resources.
Here are the steps to deploy the CipherGraph Cloud Access Gateway (CAG).
CipherGraph Cloud Access Gateway(CAG) Server Setup
1. Create a VPC environment with at least 1 Public subnet and Multiple Private Subnets as shown in the below diagram.
2. Select the CipherGraph Cloud Access Gateway AMI from Amazon Marketplace and create an instance within your public subnet of your VPC network
3. Please create at least with an m1.small instance, and follow the launch configuration steps
4. CipherGraph will create a new Security Group and a couple of rules also as part of the launch configuration. Please keep those rules as it is for testing, for production VPC you can change the rules as per your security compliance.
5. Associate an Elastic IP Address to the Instance
6. After the Instance Launch is complete, you can now open the CAG management console. You can access it by using the https://<Assigned Elastic IP Address>:9080/. For example, if the Elastic IP Address you assigned was 188.8.131.52 then the management console is at https://184.108.40.206:9080
username : cgnadmin
Password : <Your CAG Instance ID>. Example: i-12ab3de
7. After successful login, you can see the CAG management console home page.
8. Change the admin user default password by clicking on “Admin Console” on the left pane.
9. Please go through each menu item in the left pane to make yourself comfortable with the terminology
10. By default, CipherGraph will create the test user called “testuser” and publicly allowed access rule for testing. We will cover the user management and access rules in detail in the next blog post. For now, we will use “testuser” for our testing.
11. CAG cannot apply changes as you make changes to the configurations. In the left navigation menu “Apply Changes” menu item will be visible if you have any changes that still not yet applied. Once you finish your changes, click on “Apply Changes” navigation item and then you may either click on “Apply Changes” to take effect of your changes by CAG or “Discard Changes” to ignore the changes you made
Please add rules for Private Subnets machines security groups to allow the CAG server to communicate with those machines. These are the rules which will be allowed to connect your AWS resources from your Laptop, or Home PC or Tablet
CipherGraph Cloud Access Gateway(CAG) Client Setup (Windows)
We will set up the CAG client application in your users’ laptops, or home PCs to establish a VPN connectivity with the VPC environment using CAG server. Here we will discuss how to set up the CAG client in Windows OS.
- Download the Client Application Installer depending on the OS type which you use and Client Configuration file (ciphergraph.cgn) from the Downloads menu. Also, distribute this installer & config file to the users who need access to the VPC environment. Here we will download the Windows Installer
Install the Client Application Installer and open the “Configure CipherGraph Cloud Access Gateway” utility from your client machine
Import the downloaded configuration file to the above open utility and restart your client machine to take the effect of the change.
Run the “Connect CipherGraph” application from the start menu or Desktop and then click connect
Once connected a new browser window will be opened automatically, please enter your login/password given by your CipherGraph Admin. Here we have used the “testuser” account.
Congratulations! You are now connected to your VPC via CipherGraph CAG. You can start using your VPC resources via SSH, RDP or HTTP, etc.
How to Go Serverless Like a Pro
So, no servers? Yeah, I checked and there are definitely no servers. Well...the cloud service providers do need servers to host and run the code, but we don’t have to worry about it. Which operating system to use, how and when to run the instances, the scalability, and all the arch...
AWS Security: Bastion Host, NAT instances and VPC Peering
Effective security requires close control over your data and resources. Bastion hosts, NAT instances, and VPC peering can help you secure your AWS infrastructure. Welcome to part four of my AWS Security overview. In part three, we looked at network security at the subnet level. This ti...
Top 13 Amazon Virtual Private Cloud (VPC) Best Practices
Amazon Virtual Private Cloud (VPC) brings a host of advantages to the table, including static private IP addresses, Elastic Network Interfaces, secure bastion host setup, DHCP options, Advanced Network Access Control, predictable internal IP ranges, VPN connectivity, movement of interna...
Big Changes to the AWS Certification Exams
With AWS re:Invent 2019 just around the corner, we can expect some early announcements to trickle through with upcoming features and services. However, AWS has just announced some big changes to their certification exams. So what’s changing and what’s new? There is a brand NEW ...
New on Cloud Academy: ITIL® 4, Microsoft 365 Tenant, Jenkins, TOGAF® 9.1, and more
At Cloud Academy, we're always striving to make improvements to our training platform. Based on your feedback, we released some new features to help make it easier for you to continue studying. These new features allow you to: Remove content from “Continue Studying” section Disc...
AWS Security Groups: Instance Level Security
Instance security requires that you fully understand AWS security groups, along with patching responsibility, key pairs, and various tenancy options. As a precursor to this post, you should have a thorough understanding of the AWS Shared Responsibility Model before moving onto discussi...
Cloud Migration Risks & Benefits
If you’re like most businesses, you already have at least one workload running in the cloud. However, that doesn’t mean that cloud migration is right for everyone. While cloud environments are generally scalable, reliable, and highly available, those won’t be the only considerations dri...
Real-Time Application Monitoring with Amazon Kinesis
Amazon Kinesis is a real-time data streaming service that makes it easy to collect, process, and analyze data so you can get quick insights and react as fast as possible to new information. With Amazon Kinesis you can ingest real-time data such as application logs, website clickstre...
Google Cloud Functions vs. AWS Lambda: The Fight for Serverless Cloud Domination
Serverless computing: What is it and why is it important? A quick background The general concept of serverless computing was introduced to the market by Amazon Web Services (AWS) around 2014 with the release of AWS Lambda. As we know, cloud computing has made it possible for users to ...
Google Vision vs. Amazon Rekognition: A Vendor-Neutral Comparison
Google Cloud Vision and Amazon Rekognition offer a broad spectrum of solutions, some of which are comparable in terms of functional details, quality, performance, and costs. This post is a fact-based comparative analysis on Google Vision vs. Amazon Rekognition and will focus on the tech...
New on Cloud Academy: CISSP, AWS, Azure, & DevOps Labs, Python for Beginners, and more…
As Hurricane Dorian intensifies, it looks like Floridians across the entire state might have to hunker down for another big one. If you've gone through a hurricane, you know that preparing for one is no joke. You'll need a survival kit with plenty of water, flashlights, batteries, and n...
Amazon Route 53: Why You Should Consider DNS Migration
What Amazon Route 53 brings to the DNS table Amazon Route 53 is a highly available and scalable Domain Name System (DNS) service offered by AWS. It is named by the TCP or UDP port 53, which is where DNS server requests are addressed. Like any DNS service, Route 53 handles domain regist...