Installing the Data Processor in AWS Using Separate DL-m/DA-m VMs

This topic describes how to deploy the data processor (DP) with separate Data Lake Master (DL-m) and Data Analyzer Master (DAm) VMs in AWS. This model also provides optional cluster support for deployment of additional DL and DA worker nodes as you need to scale up capacity and retention.

You can also deploy the DP as an all-in-one (AIO), with both the DL and the DA on the same VM. However, this model does not provide the efficiency and scalability of installing components on separate VMs. Stellar Cyber recommends using either the standard model described here or scaling up to a cluster.

Deployment Summary

Deployment of Stellar Cyber in AWS using separate DL-m and DA-m VMs consists of the following major steps:

Before You Begin

Make sure the target system meets the minimum system requirements for installing a DP. The installation requires:

  • An AWS account with sufficient authorization to deploy Stellar Cyber.

  • AWS Security Groups.

  • Management IP addresses for all VMs:

    • 1 public IP address for each non- clustered DP (for management access).

    • 2 public IP addresses for each DP in a cluster (1 for management access, and 1 for the cluster).

    • 1 public IP address for each sensor, if the sensor will be receiving packets or logs from a sensor or application outside of AWS.

  • S3 access for data and configuration backup.

  • Open ports on your firewall

  • Login credentials and One Time Password (OTP) from Stellar Cyber

The internal network of the DP uses the 172.17.0.0/16 and 10.244.x.0/24 subnets. If you use these subnets elsewhere in your network, change them to avoid conflicts. If you cannot change them, contact Stellar Cyber technical support.

Firewall Ports

You must open ports on your firewall for communication.

When configuring the DP with separate VMs for the DL and DA (or in a cluster with additional worker nodes), all nodes must be in the same VPC and all ports between the nodes must be open in your firewall.

Open All TCP Ports Between Internal Addresses of Associated Stellar Cyber VMs

All TCP ports must be open between the internal network addresses of associated Stellar Cyber VMs, either in a cluster or a standard deployment with separate DL-m and DA-m VMs. For example, in a standard deployment with the DL-m on 172.31.7.0/24 and the DA-m on 172.31.10.0/24, the following rules must exist:

  • The DL-m must have a rule that allows all inbound TCP traffic from the 172.31.10.0/24 subnet.

  • The DA-m must have a rule that allows all inbound TCP traffic from the 172.31.7.0/24 subnet.

Stellar Cyber recommends that you add a firewall rule to allow all for clustered VMs (or just the DA and DL VMs in a standard deployment) and set the priority of that rule higher than the standard rule for the VPC .

One Time Password

Contact Stellar Cyber support (support@stellarcyber.ai) for login credentials and a one-time password (also known as a License Key).

You will need to provide:

  • The AWS account name and number.
  • The AWS region for the DP and sensors.

Complete this step at least a day before installing so Stellar Cyber has enough time to deploy the images to your region.

After license activation, you can find the OTP for your installation in the Licensing page.

Minimum System Requirements

Refer to VM Specifications for Public Cloud Deployments (AWS, Azure, GCP, OCI) for details on the instance types and provisioning for the DL Master and DA Master in an AWS deployment.