Before you begin Ivanti Standalone Sentry installation on Amazon Web Services (AWS)

Before you install Ivanti Standalone Sentry on Amazon Web Services (AWS), ensure the following:

You have a UEM deployed.

You have an AWS account.

Ports 22 and 443 inbound are open.
Ivanti recommends restricting access to port 22 or SSH from the internal corporate network only. This service is intended for Ivanti Standalone Sentry System Manager and must have strictly controlled access.

The following minimum memory and CPU requirements are available for Ivanti Standalone Sentry. The table lists t2.medium type configuration offered by AWS that maps to the Ivanti Standalone Sentry small configuration size.

Table 7.  minimum memory and cpu requirements

Parameters

Medium configuration

Maximum devices

< 8000 devices

Minimum memory

4 GB

Virtual CPUs**

2

Disk

32 GB

The Ivanti Standalone Sentry medium configuration size maps to the t2.large type offered by AWS.

To access Ivanti Standalone Sentry System Manager, you have enabled port 8443 or TCP port on AWS security group.

Ivanti recommends allowing HTTPS traffic on port 8443 from the corporate network, limited to Ivanti applications only. This service is intended for Ivanti Standalone Sentry System Manager and must have strictly controlled access.

Site-to-site VPN is enabled between Ivanti EPMM and AWS.

Working with RSA Keys for SSH Access

The RSA keys are a pair of public and private keys known as a key pair. You can generate RSA keys or use the existing RSA keys for SSH Access. The following procedure provides steps to create and use the key pairs. If you already have a key pair generated, then skip steps a, b, and c.

To create new key pair using Amazon EC2, see Creating a Key Pair in
http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-key-pairs.html.

Procedure

1. Run the following commands in PowerShell to generate the RSA keys.

Generate the private.pem file.

#openssl genrsa -des3 -out private.pem 2048

Change the permission of the private.pem file.

#chmod 400 private.pem

Generate the public.pem file using the private.pem file.

#openssl rsa -in private.pem -outform PEM -pubout -out public.pem

Open the public.pem file and delete the following lines if present and save the file:

-----BEGIN PUBLIC KEY-----

-----END PUBLIC KEY-----

2. In AWS, on the left pane, click Key Pairs > Import Key Pair.
3. Click Browse and upload the public.pem file.

For more information on key pairs, see http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-key-pairs.html.