Installing the Data Processor in AWS Using Separate DL-m/DA-m VMs

This topic describes how to deploy the data processor (DP) with separate Data Lake Master (DL-m) and Data Analyzer Master (DAm) VMs in AWS. This model also provides optional cluster support for deployment of additional DL and DA worker nodes as you need to scale up capacity and retention.

You can also deploy the DP as an all-in-one (AIO), with both the DL and the DA on the same VM. However, this model does not provide the efficiency and scalability of installing components on separate VMs. Stellar Cyber recommends using either the standard model described here or scaling up to a cluster.

Deployment Summary

Deployment of Stellar Cyber in AWS using separate DL-m and DA-m VMs consists of the following major steps:

• Before You Begin

• Minimum System Requirements

• Launching DL-m and DA-m Instances in AWS

• Configuring the DL-m and DA-m in the CLI

• Configuring the DL-m and DA-m in Stellar Cyber

• Scaling Up with Worker Nodes

Before You Begin

Make sure the target system meets the minimum system requirements for installing a DP. The installation requires:

• An AWS account with sufficient authorization to deploy Stellar Cyber.

• AWS Security Groups.

• Management IP addresses for all VMs:

  • 1 public IP address for each non- clustered DP (for management access).

  • 2 public IP addresses for each DP in a cluster (1 for management access, and 1 for the cluster).

  • 1 public IP address for each security sensor (SS), if the SS will be receiving packets or logs from a sensor or application outside of AWS.

• S3 access for data and configuration backup.

• Open ports on your firewall

• Login credentials and One Time Password (OTP) from Stellar Cyber

The internal network of the DP uses the 172.17.0.0/16 and 10.244.x.0/24 subnets. If you use these subnets elsewhere in your network, change them to avoid conflicts. If you cannot change them, contact Stellar Cyber technical support.

Firewall Ports

You must open ports on your firewall for communication.

If you configure the DP as a cluster, all nodes must be in the same VPC, and all ports between the nodes must be open.

One Time Password

Contact Stellar Cyber support (support@stellarcyber.ai) for login credentials and a one-time password (also known as a License Key).

You will need to provide:

• The AWS account name and number.
• The AWS region for the DP, security sensors, and network sensors.

Complete this step at least a day before installing so Stellar Cyber has enough time to deploy the images to your region.

After license activation, you can find the OTP for your installation in the Licensing page.

Minimum System Requirements

Selecting AWS Instances for Stellar Cyber VMs

Select AWS instances for Stellar Cyber VMs based on your planned data ingestion.

Each DL instance should have at least:

• Instance: r5.4xlarge
• CPUs: 16
• Memory: 128 GB
• OS SSD Disk Space: 500 GB

Each DA instance should have at least:

• Instance: M5.4xlarge
• CPUs: 16
• Memory: 64 GB
• OS SSD Disk Space: 500 GB

Configure the number of Data Analyzers and Data Lakes based on your ingestion requirements:

Data Ingestion (GB)	Data Replica?	DA Count	DL Count	Tenants	Reports	ATH Playbooks	Concurrent Sessions	Notes
50	N/A	N/A	1	10	10	100	5	AIO
100 – 250	N/A	1	1	25	100	1000	15	Without multi-tenancy, can support 300 GB ingestion
300	N/A	1	2	50	100	1000	15
350	N/A	2	2	50	100	1000	15
500	No	2	2	75	200	1500	20	MDS mode required
600	No	2	3	75	300	2000	30
900	No	3	4	100	400	3000	45
400	Yes	2	3	75	300	2000	30
600	Yes	2	4	100	400	3000	45
800	Yes	3	4	100	400	2000	45	MDS mode enabled