Installing an All-In-One Data Processor in AWS

You can deploy an all-in-one (AIO) Stellar Cyber data processor (DP) as a Virtual-50 on AWS using Elastic Compute Cloud (EC2). In the AIO model, both the Data Lake (DL) and Data Analyzer (DA) are installed on the same virtual machine.

Although AIO deployments are supported, Stellar Cyber recommends that you deploy the DP with separate VMs for the DL and DA in AWS. This model provides a scalable solution, allowing you to deploy additional DL and DA worker nodes in a cluster configuration as demands for capacity increase.

To install you must:

1. Complete the prerequisites.
2. Launch and configure the AMI.
3. Configure the DP.

Prerequisites

Installation on AWS requires:

• Appropriate AWS configurations
• Open ports on your firewall
• Login credentials and One Time Password (OTP) from Stellar Cyber

The internal network of the DP uses the 172.17.0.0/16 and 10.244.x.0/24 subnets. If you use these subnets elsewhere in your network, change them to avoid conflicts. If you cannot change them, contact Stellar Cyber technical support.

AWS Configurations

You must have an AWS account with sufficient budget authorization to deploy Stellar Cyber. The instance must have:

• AWS Security Groups
• 1 public IP address for the DP for management access
• 1 public IP address for each security sensor (SS), if the SS will be receiving packets or logs from a sensor or application outside of AWS

Configure your VM based on your planned data ingestion. Each DL instance should have at least:

• Instance: r5.4xlarge
• CPUs: 16
• Memory: 128 GB
• OS SSD Disk Space: 500 GB

Each DA instance (other than AIO) should have at least:

• Instance: M5.4xlarge
• CPUs: 16
• Memory: 64 GB
• OS SSD Disk Space: 500 GB

Configure the number of Data Analyzers and Data Lakes based on your ingestion requirements:

Data Ingestion (GB)	Tenants	Reports	ATH Playbooks	DA Count	DL Count	Notes
50	10	10	100	N/A	1	AIO
100 – 250	25	100	1000	1	1	Without multi-tenancy, can support 300 GB ingestion
300	50	100	1000	1	2
350	50	100	1000	2	2
500	75	200	1500	2	2	MDS mode required
400	75	300	2000	2	3
600	100	400	3000	2	3
800	100	400	2000	3	4	MDS mode enabled
900	100	400	3000	3	4

Firewall Ports

You must open ports on your firewall for communication.

If you configure the DP as a cluster, all nodes must be in the same VPC, and all ports between the nodes must be open.

One Time Password

Contact Stellar Cyber support (support@stellarcyber.ai) for login credentials and a one-time password (also known as a License Key).

You will need to provide:

• The AWS account name and number
• The AWS region for the DP, security sensors, and network sensors

Do this at least a day before installing, so we have enough time to deploy the images to your region.

After license activation, you can find the OTP for your installation in the Licensing page.

Launching and Configuring the AMI

To launch and configure the AMI:

Use our example as a guideline, as you might be using a different software version.

1. Log in to your EC2 Dashboard.

   

2. Click on AMIs, under Images.

   

   A list of existing AMIs appears.

3. If you don't see any products, click the drop-down next to the search bar and choose Private images.

   

   If you still don't see any products, make sure your region setting is correct.

   And if you still don't see any products, contact technical support.

   AMI Name for DP Image

   For reference, the AMI name for the Stellar Cyber DP image is DataProcessor-4-x-y, where the x-y refers to the minor version numbers of the software (for example, DataProcessor-4-3-5).

4. Click the check-box to the left of the AMI. The Launch button activates and the details appear.

   

5. Click Launch. The Choose an Instance Type page appears.

   

6. Choose a r5.4xlarge or higher type. Smaller instance types are not supported.

7. Click Next: Configure Instance Details. The Configure Instance Details page appears.

   

   We recommend keeping the default settings.

8. Click Next: Add Storage. The Add Storage page appears.

   

9. Change the Size (GiB) to between 1024 and 2000 (more than 2 TB is wasted). A size warning appears. You can ignore the warning.

10. Click Next: Add Tags. The Add Tags page appears.

    

    Stellar Cyber does not use tags.

11. Click Next: Configure Security Group. The Configure Security Group page appears.

    

    You can ignore the warning at the bottom of the page.

    Security groups define which local ports and remote hosts can reach the DP. AWS enables SSH by default.

12. Enter the Security group name.

13. Click Add Rule. A new row appears. Configure inbound rules to allow your sensors to communicate with the DP.

    If you already added rules on a prior installation, you can choose Select an existing security group to see a list of the existing groups.

14. Click Review and Launch. Make changes if necessary.

    

15. Click Launch. The Select an existing key pair screen appears. Stellar Cyber is configured with a user name and password, so does not need a key pair.
16. Choose Proceed without a key pair.

17. Click the check-box to acknowledge.

    

18. Click Launch Instance.

    You can launch the image but you cannot copy it. This means that the VM must be deployed in the AWS region where the image was authorized.

The VM is now running in the AWS cloud.

Configuring the DP as an AIO

When the VM is up and running you can configure the DP as an AIO. But first you need the IP addresses that AWS assigned when you launched the instance.

Getting the IP Addresses

To get the IP addresses:

1. Log in to your EC2 Dashboard.

2. Click on Instances. The active instances appear.

   

3. Select the instance you just launched. The Description tab appears at the bottom of the screen.

   

4. Copy the Public IP, Private IP, and Private DNS.

Configuring the DP

To configure the DP as an AIO:

1. Access the console of the VM.
2. Log in. The default user/password is aella/changeme. You are immediately prompted to change the password.
3. Change the password.

4. On the DP, enter these commands (the IP addresses are automatically configured by AWS):

   Copy

   1
   2
   3
   4
   5
   6
   7
   set role AIO
   set cluster_name AIO
   set cluster_size 1
   set cm [IP address of DP Data Lake]
   set otp [OTP you received from Stellar Cyber]
   reset
   

5. Confirm the reset. The image is downloaded (which can take a while, depending on your network) and installed.

6. Verify that everything is installed, ready, and running with the show status command. A screen similar to the following appears as it is installing:

   

   When it finishes the status is similar to:

   

The installation is complete and the DP is now functional.