Upgrading Sentry with AWS on MobileIron Cloud

Typically a users deployment might vary based on requirements. The following steps provide a generic process of AWS Sentry upgrade procedure:

Before you begin 

  • Verify that you reconfigure the different settings such as Splunk, SNMP, and so on the new Standalone Sentry. Backup the configuration and showtech dump before upgrading.

Procedure 

  1. On AWS, deploy new Standalone Sentry in the same region and same network with other Sentries.

  2. On MobileIron Sentry, configure Standalone Sentry and register with MobileIron Cloud.

  3. On MobileIron Cloud, assign MobileIron Cloud to the newly registered Standalone Sentry profile.

  4. On AWS, add new Standalone Sentry to the target group.

  5. On AWS, Remove the old Standalone Sentry from the target group.

  6. On MobileIron Cloud, unassign the old Standalone Sentry profile.

  7. On AWS, terminate old Standalone Sentry.

Setting up AWS environment for Sentry

The following procedure is provided as an example to an appropriate deployment. The deployment might vary in any environment.

Installing AWS

  1. Login to AWS Console > Dashboard > Images AMIs.

  2. Select Private Images from the drop-down.

  3. Search for the appropriate images, named as below:
    mobileiron-sentry-<version>-<build>.<aws-region>.ami

  4. Select the AMI to install and click Launch.

  5. Under Choose Instance Type, select t2.medium and click Review and Launch.

  6. (Optional) Click Add Tags and create tags.

  7. Under Configure Security Group, link and add the existing Security Group.

  8. Click Review and Launch. Review the details and click Launch again.

  9. In the Select the existing key pair or create new key pair, select the key pair and save it.

  10. Click Launch Instance. EC2 instance is setup in a couple of minutes.

Configuring Sentry

Before you begin 

Ensure that you have configured EC2 and it is running.

Procedure 

  1. Login to EC2 instance using SSH.

  2. Locate the key pair (pem) file.

  3. Update the pem file permission to 400 using chmod 400 <key-pair-file>.

  4. SSH to the EC2 instance using the following command: ssh -i <pem-file-path> aws-user@<publicIPv4-DNS>.

  5. Complete the configuration.

Creating Network Load Balancer

  1. Login to AWS > EC2 Dashboard.

  2. Select Load Balancers and click Create Load Balancer.

  3. Select Create Network Load Balancer.

  4. Enter the following details:

    1. Enter name for load balancer

    2. Select Scheme for internet-facing

    3. Select IPv4 for IP Address type

    4. Select Load Balancer Protocol as TCP and Load Balancer Port as 443, 8443, and 9090

    5. Select VPC and Availability Zones.


  5. Click Next on Configure Security Settings.

  6. On Configure Routing, enter the following details:

    1. Enter a name for the target group

    2. Select target type as instance

    3. Select protocol as TCP and Port as 443

    4. Retain the health check as default

  7. Click Next.

  8. On Review Targets, select the instance and click Add to registered.

  9. Click Next.

  10. On the Reviews tab, click Create. Load Balancer is now created.

Next steps 

Create target groups for port 8443 and 9090.

Creating target groups

  1. Login to AWS > EC2 dashboard > Target Groups.

  2. Click Create Target Group and enter the following details:

    1. Select Instances as the target type

    2. Enter the group name.

    3. Select TCP as the protocol and 8443 for the port.

    4. Retain the defaults for health check.


  3. Click Next.

  4. Select the available instance and click Include as pending below.

  5. Click Create Target Group and repeat the above steps to create a group for port 9090.

Attaching target groups to load balancers

  1. Open the Network load balancer and update the default action for port 8443 and 9090.

  2. Select Listener or TCP:8443 and click Edit.

  3. Delete the default action and add new action that forwards to port 8443.

  4. Click Update.

  5. Repeat the above steps to update the listener for port 9090.

Registering new target to the target group

  1. On AWS console, click Target Groups and open the target group to register the new instance.

  2. Click Register Targets.

  3. Select the instance to register and click Include as pending below.

  4. Click Register pending targets.
    Target registration is initialized now.

  5. Repeat the steps for other targets.

Deregistering target from target group

  1. On AWS console, click Target Groups and open the target group to register the new instance.

  2. Select the instance and click Deregister.

  3. Target registration is initialized now.