Summary
In Deep Security, deployment scripts can be generated to automatically add protection when Amazon Web Services (AWS) instances are added. The deployment scripts can be used with leading operations management tools such as Chef, Puppet, RightScale, OpsWorks, Salt and others. This article focuses on leveraging the AWS User Data in the Advanced Details section to help auto-install and activate agent through scripts in private subnet.
Details
The following procedure has been tested in the environment specified below:
- Deep Security Manager: Deep Security as a Service
- Deep Security Agent: Deep Security Agent 11.0.0-326 for Windows -x86_64 (10.0.1.202)
- AWS VPC: Public subnet and private subnet; No NAT, instead of proxy only
- Proxy server: Squid 3.5.27 (Public IP: 13.231.198.161; Private IP: 10.0.0.143) Port 3128
To install and activate the agent:
- Register the proxy (Squid Proxy) in Deep Security as a Service Manager and connect the agents, appliances, and relays to security updates via proxy.
- On the console, go to Administration > System Settings.
- Select Proxies tab.
- Under Proxy Server Use section, select Squid Proxy.
- Create a policy for AWS EC2 instance (e.g. Windows Server 2016 policy).
- Connect the agents to security services via proxy.
- Go to Settings > General tab.
- Under Network Setting for Census, Good File Reputation, and Predictive Machine Learning Service section, select Squid Proxy.
- Set up a proxy to the Smart Protection Network for Anti-Malware.
- Navigate to Anti-Malware > Smart Protection tab.
- Under Smart Protection Server for File Reputation Service section, enable When accessing Global Smart Protection Service, use proxy and select Squid Proxy from the drop-down list.
- Set up a proxy to the Smart Protection Network for Web Reputation.
- Navigate to Web Reputation > Smart Protection tab.
- Under Smart Protection Server for Web Reputation Service, enable When accessing Global Smart Protection Service, use proxy and select Squid Proxy from the drop-down list.
- Configure the deployment scripts.
- For the Security Policy, choose the policy that you created from Step 2 (e.g. Windows Server 2016).
- Select Squid Proxy for Proxy to contact Deep Security Manager and Proxy to contact Relays(s).
- Click Copy to Clipboad to copy the script for AWS EC2 creation later.
- For the Security Policy, choose the policy that you created from Step 2 (e.g. Windows Server 2016).
- Launch a new AWS EC2 instance in private subnet.
- On the Advanced Details section, paste the deployment script in the User data field.
- Check the Instance ID and verify the Instance State.
- Check the Agent status. No need for a manual step to help the agent to run.
- Double-check the agent status in host. It should be running as expected.
