Deploying the Brain

Overview

In this lab you will be using AWES CloudFormation to deply the Vectra Brain.

AWS CloudFormation provides a common language to describe and provision all the infrastructure resources in your environment in a safe, repeatable way.

Brain Deployment

Before you start download the CloudFormation Template

You will also need to make sure you have a provisionToken procived by doing a Ultimate Case, or provided by TME or Enablement.

Deploy The Brain

  1. In the search bar, search for Cloud Formation

  2. Click on CloudFormation

  3. From the Create stack dropdown, select With new resources (standard)

  4. Select Template is ready, and Upload a template file to upload the mainTemplateFromBrain.json you downloaded earlier

    Create Stack

  5. Click Next

  6. Fill in the following fields below:

    • Stack name - initials-stack

    • baseName - initials-brain

    • instanceTyoe - r5d.2xlarge

    • mgtSubnet - *initials-project-private1-us-west-2a

    • mgtVPC - initials-project-vpc

    • provisionToken - *provided by Instructor or TME/Enablement

    • publicIP - True

    • sshKey - initials-key

    Stack Details

  7. Click Next, and then click Next again

  8. Review your stack config, and then click Create stack

Validate The Brain Deployment

  1. Go to CloudFormation > Stacks

  2. Search for initials-stack

  3. Verify the deployment shows CREATE_COMPLETE

  4. Now lets go look at the instance in EC2. Go to EC2 > Instances > Instances

  5. Search for your initials-brain instance, and click into it and verify the details.

Security Group

We need to edit our sucurity group, and add a new Inbound rule.

Note: We will open access to everywhere, as we'll be using ZeroTier to access it.

Never do that in real life.

  1. Go to EC2 > Network & Security > Security Groups

  2. Search for initials-brain-mgtsecgroup, and open it

  3. Click , and edit the name of your Security group to initials-SecurityGroup

    Security Group Name

  4. Click into the Security Group

  5. Click Edit inbound rules

  6. Click Add rule, and fill in the following fields:

    • Type - SSH

    • Source - Anywhere-IPv4

  7. Click Add rule, and fill in the following fields:

    • Type - HTTPS

    • Source - Anywhere-IPv4

    Inbound Rules

  8. Click Save rule

Connecting To The Brain

You will need the Private IPv4 address for you initials-brain instance

SSH Connection

  1. Change the security rights of your key so you are the only one to access it, run the following command:

    chmod 700 ./PathToKey/xyz-key.pem

  2. Now connect to your Vectra Brain appliance using your key, run the following command:

    ssh vectra@*Brain-Private-IP* -i ./PathToKey/xyz-key.pem

HTTPS Connection

  1. Now lets go look at the instance in EC2. Go to EC2 > Instances > Instances

  2. Search for your initials-brain instance, and click Connect

    • Username - admin

    • Password - Instance ID