The former Porticor support site is now frozen. Please refer to our Intuit page.

Getting Started in a Private VPC Subnet

This article walks through the steps of setting up a Virtual Appliance inside a VPC subnet, where all outside connectivity is through a proxy. These steps assume that you do not have HTTPS (port 443) connectivity into the VPC and so you are unable to use the UI. If this is not the case, please see this article.

Network Setup

  • You should have a VPC subnet with no Internet Gateway attached, and a HTTP proxy on this or another subnet.
  • The subnet should route traffic correctly to the proxy. The proxy should route Internet traffic through an Internet Gateway.
  • You should have SSH connectivity (possibly through an intermediary server) into the subnet.

Preparation

  • Ensure you have an AWS Access Key for your account. For our purposes, a read-only access key is sufficient.
  • Make sure you have registered to IDPS and have your user name and password. Try logging in to: https://vkm.ps.idps.a.intuit.com/.
  • Ensure you have the address and port number for the proxy.
  • You will need the IDPS CLI script, idpscli.

Starting an Auxiliary Instance

  • Create a Security Group (any name is allowed, we will use IDPS1 in this article) on the Amazon Console with an inbound rule that allows all traffic from the same security group. This requires two steps: creating the group and then adding a rule. See screenshot.

sg1.png

  • Start a Linux instance in the private subnet. The instance should belong to the IDPS1 group, and in addition should allow inbound SSH connectivity. To do that you will need to edit your security groups in the Amazon launch wizard. We will assume that you are using a Red Hat instance.
  • The instance should provide Python 2.7 and cURL. Both are available on the default RHEL 7.1 AMI.

Testing connectivity

  • Use SSH to connect to your auxiliary instance. Reminder: the default user on RHEL is ec2-user.
  • From your instance, run
ping <proxy-address>
  • Now configure the proxy, and test HTTPS connectivity through the proxy. Note that this configuration will not persist after a reboot.
export https_proxy="http://proxy-address:port"
curl https://www.google.com

Launching the Virtual Appliance

We will use the "advanced mode" launch option, which allows you to use a low-privilege Amazon access key. Therefore you need to launch the VA yourself from the AWS Console.

  • In the AWS Console, locate the AMI. It should have a name similar to Intuit Data Protection Services v3.00 HVM. To ensure you are using the right AMI, make sure the source account is: 071989450653.
  • Now launch an instance from this AMI. Any instance type is acceptable for testing. The instance should belong to the IDPS1 security group. Note down the instance's private IP address.
  • Prepare a configuration file (any file name will do) on the Auxiliary Instance:
[Launch]
# VKM, instance, project details
pvkm=vkm.ps.idps.a.intuit.com
instance_address=<your instance's private IP>
project_name=My Project
project_description=Project Description
# User name and password for your IDPS account
username=email@intuit.com    
password=P@ssw0rd
verbose = False
verify_cert = True
# AWS access key
aws_key_id = <key ID>
aws_secret_key = <secret>
# Proxy details
proxy_host=<proxy address>
proxy_port=<proxy port>
# Typically proxy user and password can remain blank
proxy_user=
proxy_password=
  • Run the launch script from the Auxiliary Instance:
idpscli --advanced-launch config-file
  • Copy and save the master key. Losing the master key will render your data unusable!

Installing IDPS Agents

  • Before you install the Agent, make sure that the instance on which it will run belongs to the IDPS1 security group.
  • The instance should have port 443 connectivity into the Virtual Appliance. You can test that with:
curl https://appliance-address/