Steps to Deploy Ivanti Policy Secure on AWS

Below is the one-time activity to be followed to deploy Ivanti Policy Secure on AWS.

• Registering the AMI

Below is the step to be followed for each deployment of Ivanti Policy Secure.

• Deploying Ivanti Policy Secure on AWS using AWS Portal

Registering the AMI

This section describes the steps to register the AMI.

Prerequisites

• AWS command line should be configured on the host.
• The image should be available locally on the host.

To register AMI, do the following:

1. Download Ivanti Policy Secure Xen image which is in zip format from Ivanti, Inc. support site and unzip the file.

2. Install AWS CLI on the client machine. For the software and installation details, refer the link https://aws.amazon.com/cli/.

3. Copy Ivanti Policy Secure Xen image on the client machine.

4. Create Amazon S3 bucket and VM Import service role by following the procedures mentioned in https://docs.aws.amazon.com/vm-import/latest/userguide/vmimport-image-import.html#vmimport-iam-permissions.

5. Upload the Ivanti Policy SecureXen image to AWS S3 bucket by typing the following command:

   aws s3 cp <image> s3://<bucket>/<folder>/<imagename>

   where, bucket and folders are created in the desired S3 location.

6. Create a snapshot by doing the following:

   Prepare a container json file by entering the details:

   $ cat container.json 

      {

        "Description": "fill-description",

        "Format": "raw",

        "UserBucket": {

            "S3Bucket": "bucket-name-where-image-is-uploaded",

            "S3Key": " path of image: <folder>/<imagename>"

         }

        }

   After preparing container.json appropriately, run the following command:

   aws ec2 import-snapshot --description “<description>" --disk-container file:container.json --region <your-ec2-region>

   This command will return a json file describing the status. Make a note of the “ImportTaskId” field from the json output.

   Monitor the progress by running the following command:

   aws ec2 describe-import-snapshot-tasks --region <your-ec2-region> --import-task-ids <import-task-id>

   Monitor the progress until the “status:Completed” message appears, and a snapshotId is added in the json output. Make note of the “SnapshotId”.

7. Register an AMI from the snapshot by running the following command:

   aws ec2 register-image --description “<description>" --architecture x86_64 --name <image-name> --block-device-mappings DeviceName="/dev/xvda",Ebs={SnapshotId=<snapshot-id>} --virtualization-type hvm --root-device-name "/dev/xvda" --region <your-ec2-region>

8. Once the snapshot is created, you can also copy the snapshot ID from the AWS console (Services > EC2 > Elastic Block Store > Snapshots). Select the snapshot and click Actions > Create Image. This completes AMI registration