IT-Conductor Gateway Setup for AWS
This is the first setup process after subscribing to the IT-Conductor service, following successful email validation, and accepting the End User Licensing Agreement (EULA).
The IT-Conductor Gateway allows communication between the customer's site network and the IT-Conductor cloud platform. It must be connected successfully before any private customer systems can be monitored by IT-Conductor.
IT-Conductor supplies pre-configured AWS AMI published on AWS Marketplace as a free product.
1. In AWS Console, launch EC2 service, go to AMI Catalog, and search for "IT-Conductor" in AWS Marketplace AMIs.
Figure 1: Amazon Machine Image (AMI)
2. Select the IT-Conductor Gateway, click Launch Instance with AMI, and proceed to choose the Instance type. Depending on the number of monitored systems, choose "starting from Medium to 2XL" (burstable (t) or general purpose (m) is recommended), then proceed to Configure Instance Details.
3. In Network Settings, select or create a Security Group with the following rules:
Inbound Rules - allow access to port 8080 and ssh for Gateway configuration
Figure 2: Security Group Inbound Rules
Adjust destination CIDR according to your VPC setup, you will need to be able to access Gateway EC2 Instance with a web browser or a terminal (ssh)
Outbound Rules - allow access to
- Public internet and specifically hosts "agents.itconductor.com" (or the IP/SIDR resolved from that DNS name)
- Applications running on EC2 Instances in the VPC that you intend to monitor and manage with IT-Conductor
Figure 3: Security Group Outbound Rules
applications. Adjust destination SIDR according to your VPC setup, and add additional rules for accessing applications within VPC based on the specific protocol used if required.
4. Launch the instance and wait until the instance state changes to "Running". It may take several minutes to fully initialize.
5. On a machine that has been allowed to connect to the EC2 Instance, open a web browser and navigate to the URL:
http://<instance IP address>:8080
If the security group is properly configured the following web form should display:
Figure 4: Gateway Configuration Prompt
Fill in the values and click Save. After saving, the configuration screen can be accessed later with Account ID/API Key as user/password if any changes need to be made.
- Gateway ID - use the ID for the Gateway created by your administrator earlier. To obtain the Gateway ID, navigate to Management > Resources > Gateways.
Figure 5: IT-Conductor Remote Gateways
- Account ID - set the Service Account ID.
- API Key - set the API Key for the Service Account. The key is generated when the Service Account is created.
To obtain the Service Account ID and API Key, navigate to Management > Security > Service Accounts.
Figure 6: IT-Conductor Service Accounts
Click on one of the accounts to display the details:
Figure 7: Modify Service Account Wizard
Use ID and API Key for Account ID and API Key respectively.
- Proxy, Host & Port - check the Proxy box is proxy required for internet access, also fill in the host and port as required. For DMZ setup when the proxy is required for accessing both the Internet and VPC resources contact IT-Conductor support for additional instructions.
6. Wait for several minutes until the Gateway uptime and heartbeat are updated.
Figure 8: Gateway Status
You can also click on
to see the Gateway log.
Figure 9: Demo Gateway Log