Deploy SolarWinds Orion Platform products to Amazon Web Services

DEPLOYMENT GUIDE
Deploy Orion Platform
products to Amazon Web
Services
Version 2017.3
Last Updated: Wednesday, March 21, 2018
Table of Contents
Deploy SolarWinds Orion Platform products to Amazon Web Services
Deployment type
3
3
Cloud (main Orion server and database in the cloud)
3
Hybrid (Additional Polling Engines in the cloud; main Orion server and database on-prem)
4
Hybrid (Main and DB in the cloud; APE on-prem)
4
Cloud instance requirements for the Orion server
5
Cloud instance requirements for the Orion database server
5
Cloud instance requirements for the NTA Flow Storage database
6
Prepare for installation checklist
6
Prepare the environment
8
Gotchas
10
Installation instructions
10
Deploy Orion agents in the cloud
18
Install an additional polling engine or additional web server
20
Enable High Availability
21
Troubleshooting
22
page 2
DEPLOYMENT GUIDE: DEPLOY ORION PLATFORM PRODUCTS TO AMAZON WEB SERVICES
Deploy SolarWinds Orion Platform products to
Amazon Web Services
This guide is intended for new installations in Amazon Web Services in a virtual private cloud (VPC). It does
not cover migrating products to the cloud.
To reduce the number of places you have to configure your ports, SolarWinds recommends that all
cloud instances be in the same availability zone and in the same VPC. We recommend using
availability zones closest to your monitored devices.
Deployment type
Your main Orion server and your Orion database should either be both on-prem or both in the cloud.
Hosting the main Orion server and database servers separately is not recommended due to connectivity
concerns.
SolarWinds is not responsible for fees incurred when deploying SolarWinds products to the cloud.
Cloud (main Orion server and database in the cloud)
We recommend this deployment when your monitored environment resides mostly in the cloud, and you
have a good understanding of how much compute capacity you require to monitor your environment.
page 3
Hybrid (Additional Polling Engines in the cloud; main Orion server and
database on-prem)
This deployment type is recommended when more of your monitored network is on-prem or if your hybrid
environment is geographically diverse and use different availability zones.
Alternatively, you can deploy agents to your nodes in the cloud to reduce the amount of data transferred
within the EC2 instance and from the EC2 instance to your main Orion server.
You will need to create a virtual private network tunnel between the Additional Polling Engine (APE) in the
Amazon EC2 instance and your main Orion and Orion database servers.
Hybrid (Main and DB in the cloud; APE on-prem)
This deployment is recommended when your monitored environment still monitors significant amounts of
on-prem devices or if you are migrating your infrastructure to cloud.
page 4
DEPLOYMENT GUIDE: DEPLOY ORION PLATFORM PRODUCTS TO AMAZON WEB SERVICES
Cloud instance requirements for the Orion server
These requirements use NPM licensing as a base for small, medium, and large deployments in Amazon
EC2.
INSTANCE
DETAILS
SMALL (SL100, SL250, SL500) - MEDIUM (SL2000)
LARGE (SLX)
Instance type
m4.xlarge
m4.2xlarge
CPU
4 CPU 8 CPU
RAM
16 GB RAM
32 GB RAM
Disk
150GB
150GB
Cloud instance requirements for the Orion database server
These requirements use NPM licensing as a base for small, medium, and large deployments in Amazon
EC2.
INSTANCE
DETAILS
SMALL (SL100,
SL250, SL500)
MEDIUM (SL2000)
LARGE (SLX)
Instance type
r3.large
r3.xlarge
r3.2xlarge
(EBS with Provisioned IOPS
recommended)
CPU
4 CPU
4 CPU
8 CPU
RAM
16 GB
30.5 GB
61 GB Disk
System SSD 80GB
(included in r3.xlarge) +
Data EBS Volume
500GB*
System SSD 80GB
(included in r3.xlarge) +
Data EBS Volume
500GB*
System SSD 160GB (included in
r3.xlarge) + 1x Data EBS Volume
150GB + 2x Data EBS Volume 500GB*
* EBS volumes are not your dedicated hardware. Consider using dedicated instances of EBS volumes for
both SQL and NTA Flow Storage.
page 5
Cloud instance requirements for the NTA Flow Storage
database
These requirements use NPM licensing as a base for small, medium, and large deployments in Amazon
EC2.
INSTANCE
DETAILS
MEDIUM (SL2000)
LARGE (SLX)
Instance type
r3.xlarge
r3.4xlarge
CPU
4 CPU
16 CPU
RAM
30.5GB RAM (8 GB for every received
122GB RAM (2.5TB is Flowstorage, 300k FPS
sustained 1000 Flows/s with 30-days
retention period)
with 30-days retention, EBS with Provisioned
IOPS recommended)
System SSD 80GB (included in
r3.xlarge) + Data EBS Volume 500GB*
System SSD 320GB (included in r3.xlarge) +
Data EBS Volume 2.5TB*
Disk
* EBS volumes are not your dedicated hardware. Consider using dedicated instances of EBS volumes for
both SQL and NTA Flow Storage.
Prepare for installation checklist
This checklist helps you prepare for Orion Platform product installations.
Review release
notes
Review product release notes and available
documentation in our Success Center.
l DPA
l NCM
l NPM
l NTA
l IPAM
l SAM
l SRM
l VMAN on Orion
l VNQM
The VMAN appliance is not supported in cloud
deployments.
page 6
DEPLOYMENT GUIDE: DEPLOY ORION PLATFORM PRODUCTS TO AMAZON WEB SERVICES
Review system
requirements
Ensure your cloud instance has the required
hardware and software specifications for your
installed products. Certain products may require more
or additional resources than the base cloud
requirements.
If you install multiple products, a good rule of
thumb is to add one CPU core per additional
product.
Product requirements include:
l DPA 11.1
l NCM 7.7
l NPM 12.2
l IPAM 4.5.2
l SAM 6.4
l SRM 6.5
l NTA 4.2.3
l VMAN 8.0
l VNQM 4.4.1
You may need to also check the administrator guide
for your product to locate the requirements.
For all port requirements, see Port Requirements for
all SolarWinds products.
Determine your
Which components are you hosting in the cloud? Keep
deployment type
in mind the pricing model and your estimated usage.
If you intend to set up SolarWinds High Availability
now or in the future, review the Enable High
Availability section before setting up your cloud
instances. The VPC and port requirements are
different and may be difficult to change in the future.
If you intend to deploy agents, review the
Deploy Agents in the cloud section. Agents have
additional port requirements.
Review licenses and
gather keys
page 7
Review your product licenses and determine if you
need to make any changes. You can download license
keys for your new Orion Platform products through
your Customer Portal. Verify any license upgrades
and needs with your SolarWinds account manager or
contact SolarWinds.
Gather credentials
Make sure you have all account credentials, such as
your SQL database credentials, your SolarWinds
Customer Portal account, your AWS credentials,
and Windows local admin server credentials.
Schedule the
installation
Set up the maintenance window, preferably during
off-peak hours. Depending on the number of
products, size of database(s), and size of environment,
you may require multiple hours to complete your
installation.
Notify your
Send a message to your company of the upgrade
company
schedule and maintenance window. If you need
additional help, contact and allocate specific staff to
be available.
Prepare the environment
Depending on your licensed Orion Platform products, you may need to prepare multiple servers and
configure ports in your firewall before installation.
Prepare the cloud
network (optional)
SolarWinds recommends using a public DNS
hostname and a public IPv4 address.
Create your VPC
Create the VPC that will contain your SolarWinds Orion
environment.
Create security
group and open
ports
1. Define the security group for your Orion
environment. All SolarWinds Orion components
installed in the cloud, such as your main Orion
server, Orion database, and APE, must be part
of the same security group. 2. Define ports in the security group.
3. Modify port rules for the ports used by your
SolarWinds products.
page 8
DEPLOYMENT GUIDE: DEPLOY ORION PLATFORM PRODUCTS TO AMAZON WEB SERVICES
For your server ports and firewall, open ports
according to the port and feature requirements. Orion
uses these ports to send and receive data, issue
management commands, and additional actions
depending on the features. For example, SolarWinds
High Availability has additional port requirements
beyond product needs.
For more information, see Amazon's help.
If you set a public IP address, you may want to use
stricter security settings, including strong passwords.
Prepare the servers
Prepare server instances as needed for your Orion
Platform products and deployment:
Any server instance in the cloud must be part of the
same security group.
l Orion server: based on your product
deployment size and system requirements.
l Orion SQL server: based on your product
deployment size and system requirements.
l Primary and Secondary servers for
SolarWinds High Availability: review the HA
requirements.
l Additional polling engine servers: see the
SolarWinds Scalability Guidelines.
l Additional web server: see the SolarWinds
Scalability Guidelines.
l Additional database server: Some products
have additional needs. For example:
l NTA requires a dedicated server for the
Flow Storage Database.
l Products with integration components,
like DPA, require a separate database.
Run all Windows
updates
page 9
Before installation, check for and run all Microsoft
Windows Updates on all servers. As you install, if a
Windows update runs, your system may restart as
needed by Windows. The installation may not
complete if your system is waiting to restart.
Check for antivirus
software
Determine if any antivirus software is installed on the
server or servers where you plan to install. To ensure
the installation goes smoothly, exclude the SolarWinds
directory. For example, on Windows Server 2012 R2,
exclude C:\ProgramData\SolarWinds\. For a full list of
antivirus exclusions, see Files and directories to
exclude from antivirus scanning.
SolarWinds assumes that C:\ is the default
volume.
Verify connectivity
Ensure that you can connect to your nodes from your
cloud instance and vise versa. Polling Engines and
Additional Web Servers must be able to connect to the
database server.
Gotchas
The following are the most important ones to know:
l Carefully review the port requirements for your products. Incorrect ports can cause network
communication and polling issues. See the Port requirements for all SolarWinds products for
details.
l Review your DNS settings or your hosts file to ensure that you can successfully resolve hosts
names, including LDAP servers for user authentication, in your environment.
Installation instructions
Follow these instructions every time you run the SolarWinds Orion Installer. You can run the installer
multiple times as needed to upgrade and install Orion Platform products. As you install products in an
existing Orion Platform environment, you may also have options to upgrade products.
What you should know:
l If you have products out of maintenance, the Orion Installer will provide the latest possible
upgrades for your products. Information and a link will display warning you of the issues that can
occur. Having even one product out of maintenance can restrict the upgrade options for products
currently under maintenance. For example, if you have IPAM out of maintenance and want the
latest NPM upgrade, you may not be able to upgrade until IPAM is also upgraded due to
compatibility.
Recommendation: Renew. We highly recommend renewing to receive the latest upgrades and
installs for all products.
page 10
DEPLOYMENT GUIDE: DEPLOY ORION PLATFORM PRODUCTS TO AMAZON WEB SERVICES
l The Orion Installer will alert you to warning or critical level requirements issues during the
System Check.
Recommendation: Verify product requirements before you get started. View the checklist at the
beginning of this guide for links to help.
1. Create an
Amazon EC2
instance with
SQL(optional)
Follow this step if you are hosting your Orion database server in the cloud.
1. Sign in to your Amazon EC2 console and launch an instance according to your
recommended deployment size.
2. Choose your instance type.
3. Select the Security Group that will contain all of your Orion servers.
The SQL server must use the same timezone as your main Orion server.
2. Create an
Amazon EC2
instance
1. Sign in to your Amazon EC2 console and launch an instance according to your
recommended deployment size.
2. Choose your instance type.
3. Select the Security Group that will contain all of your Orion servers.
Use this instance for any of your Orion servers in the cloud
3. Run the
installer and
select
products to
install
1. Save and run the installer .exe on the server dedicated to your main Orion
server.
2. A Welcome screen displays with a list of products to install. The installer walks
you through upgrading and installing in one process.
3. Select the product(s) you want to install.
4. Optionally, select the option to Send usage metrics to help SolarWinds improve
products. We only receive data collected for the installation and upgrade.
5. Click Next.
page 11
3. Create the
NTA
database
(optional)
Follow this step if you are hosting your NTA FastBit database in the cloud.
1. Sign in to your Amazon EC2 console and launch an instance according to your
recommended deployment size.
2. Choose your instance type.
3. Select the Security Group that will contain all of your Orion servers.
4. Run the NTA database installer.
If you are not hosting your NTA FastBit database in the cloud, run the NTA database
installer on a physical server. Do not install the NTA database on the same SQL server
that hosts your Orion database.
4. Review the
System
Check
A series of system checks run per product to verify if your server meets recommended
and required system requirements. These checks include:
l Hardware and resources such as RAM, hard drive space, number of CPUs and
more
l Software such as installed Operating System version, .NET, and other required
tools
l Ports for data access and tasks
l Product specific checks for configurations and additional requirements
If your environment does not meet specifications, the installer provides:
page 12
DEPLOYMENT GUIDE: DEPLOY ORION PLATFORM PRODUCTS TO AMAZON WEB SERVICES
l Warning message: does not block an installation. Details advise recommended
actions and best practices to update your environment for better performance.
l Critical issue: blocks an installation until resolved. Details provide required
updates for your environment to support the products. After addressing the
issues, run the installer again.
For more information, Click for more details. Click Save Install Report to save a
list of issues to resolve. You can also click Copy the issue to clipboard to paste
the details in a text file.
The following is an example of a report.
5. Review the
EULA
agreement
The EULA displays to review and accept. To continue, click the accept option and click
Next.
6. Watch
installation
progress
Products begin installing with messages for the progress. Any issues display in the
installer, halting the installation to allow you to review and remediate. The installer
may run multiple product installations prior to running the Configuration Wizard. If the
installs require the Configuration Wizard, it opens and walks you through those steps.
You can always run the SolarWinds Orion Installer again to check for updates.
page 13
If a reboot is required as part of the installation, a message displays. You cannot
continue the installation until you have restarted the computer.
7. Complete
the
Configuratio
n Wizard
When the installation completes, the Configuration Wizard opens. Depending on your
product, the wizard may include additional options and screens.
1. In the Welcome dialog box, click Next.
2. If prompted to stop services, click Yes.
page 14
DEPLOYMENT GUIDE: DEPLOY ORION PLATFORM PRODUCTS TO AMAZON WEB SERVICES
3. If you performed a Standard installation with an existing SQL database, select
one of the following for authentication:
l Authenticate as currently logged in user: pass through authentication
to the SQL server using the account currently logged in for installing the
Orion product.
l Switch user: provide separate SQL credentials.
Unless you have joined your on-prem and cloud domains, you must use a
dedicated SQL Server account. Windows authentication may not work as
expected in the cloud.
4. In the Database Settings dialog box, create a new database in your SQL server.
SolarWinds recommends that your main Orion server and your SQL server
are both hosted on-prem or in the cloud to prevent alerting loss or other
undesirable behaviors in case of network connectivity issues.
page 15
5. In the Database Account dialog box, create an account or use an existing
account that the polling engine and Orion Web Console use to access the
database. The account must be a SQL account.
We do not support creating a new SQL account through the Configuration
Wizard when the database is in the cloud.
page 16
DEPLOYMENT GUIDE: DEPLOY ORION PLATFORM PRODUCTS TO AMAZON WEB SERVICES
6. In the Website Settings dialog box, complete selections for your installation:
If you select Skip website binding, the Configuration Wizard does not
make changes within the website configuration in your IIS. This option
blocks IP address, port, and SSL certificate options.
a. Select All Unassigned unless your environment requires a specific IP
address for the Orion Web Console. The Port is 80 by default.
b. Specify the Port and the Website Root Directory where the system installs
the Web Console files.
If you specify any port other than 80, include that port in the URL
used to access the Web Console.
c. To configure SSL, click Enable HTTPS and select your SSL certificate.
You must install your SSL certificate on the server before running the
Configuration Wizard. You can install the certificate and run the
Configuration Wizard again.
If a certificate is not available, select the option to Generate Self-Signed
Certificate. The Configuration Wizard automatically generates a self-signed
certificate issued to the hostname or FQDN and adds it to the trusted
certificate store.
7. If prompted to create a directory or website, click Yes.
8. Review the list of services to install, and click Next.
9. Click Yes if prompted to disable the SNMP Trap Service and enable the
SolarWinds Trap Service.
10. In the Completing the Orion Configuration Wizard dialog box, click Next.
page 17
11. When completed, click Finish to launch the Orion Web Console.
Click Start > All Programs > SolarWinds > Orion Web Console
or
Open a web browser on your Orion server and enter http://ipAddress or
http://hostname, where ipAddress is the IP address of your server and
hostname is the host name of your server.
SolarWinds recommends using a public DNS name or IPv4 address.
12. Log in with user name admin and leave the password field blank.
For security purposes, SolarWinds recommends that you change the password to
your admin account.
Deploy Orion agents in the cloud
If you are deploying Orion agents from the cloud to on-prem devices, follow the manual deployment steps.
Review agent
requirements
SolarWinds Orion agent requirements
Update security
groups ports
Update ports based on the agent communication type.
Agent-initiated communication
l The monitored device must be able to reach the Orion server using the
IP address.
l Port 17778 must be open on the Orion server or APE
l Open port 17791 on the monitored device if it runs on Windows 2008 R2.
Server-initiated communication
l The Orion server must be able to reach the monitored device using the
IP address.
l Port 17790 must be open on the monitored device.
l Open port 22 on Linux-based devices to install the agent.
l Open ports 135 and 445 on Windows devices to install the agent.
Manually deploy an
agent on Amazon
Web Services
(Optional)
You can manually deploy agents to a virtual machine using Remote Desktop
Connection in two ways.
Deploy through the command prompt
1. Click Settings > All Settings in the menu bar.
2. Under Product Specific Settings, click Agent Settings > Download Agent
Software.
3. Click Windows, and click Next.
page 18
DEPLOYMENT GUIDE: DEPLOY ORION PLATFORM PRODUCTS TO AMAZON WEB SERVICES
4. Click Mass Deploy to Multiple Machines, and click Next.
5. Download the MSI and MST files.
6. Run a command prompt as administrator from the context menu.
7. Enter the following command:
msiexec /i "SolarWinds-Agent.msi"
TRANSFORMS="SolarWinds-Agent.mst"
Deploy the agent using the interactive wizard
1. Click Settings > All Settings in the menu bar.
2. Under Product Specific Settings, click Agent Settings > Download Agent
Software.
3. Click Windows, and click Next.
4. Click Install Manually, and click Next.
5. Click Download MSI.
6. Copy the MSI file to the client machine, and run it.
7. In the Installation wizard, select Agent Initiated Communication or Orion
Server Initiated Communication.
8. Enter the Orion server IP address or hostname, and the SolarWinds
Orion administrator account credentials.
9. Optional: For Server-initiated communication (passive), in the Orion
Web Console click Settings > All Settings > Node & Group Management
> Manage Agents > Add Agent > Connect to a previously installed agent
> Next. Enter the name, IP address, and port number for the agent and
click Server-initiated communication.
Automatically deploy
an agent to
established
instances on
Amazon Web
Services (Optional)
1. Click Settings > All Settings in the menu bar.
2. Under Product Specific Settings, click Agent Settings > Download Agent
Software.
3. Click Windows, and click Next.
4. Click Mass Deploy to Multiple Machines, and click Next.
5. Download the MSI and MST files.
6. Log in to your Amazon Web Services S3 account.
7. Create a bucket and upload the MSI and MST files.
http://docs.aws.amazon.com/AmazonS3/latest/gsg/CreatingABucket.html
8. Create a PowerShell script to run on each virtual machine when it is
launched for the first time, downloading and executing the MST and MSI
files on each virtual machine where you want to install the agent.
page 19
9. Log in to your Amazon Web Services account.
You can perform the following steps through the API or AWS
command line interface.
10. Create an instance, and paste your PowerShell script under Advanced
Details in the User Data text box. Select the As Text option.
11. For instances that are already created, take the following steps:
a. Stop the instance where you want to deploy the agent
b. Right-click the instance and click Instance Settings > View/Change
User Data.
c. Paste your PowerShell script in the text box as Plain Text.
12. Optional: For Server-initiated communication (passive), in the Orion
Web Console click Settings > All Settings > Node & Group Management
> Manage Agents > Add Agent > Connect to a previously installed agent
> Next. Enter the name, IP address, secret, and port number for the
agent and click Server-initiated communication.
Install an additional polling engine or additional web server
If you have Additional Polling Engines (APE) or an Additional Websites (AWS), the final installation screen
reminds you of those installations. SolarWinds recommends using the Scalability Engine Installer.
1. Create an
EC2 instance
for your APE
or SolarWinds
AWS.
1. Sign in to your Amazon EC2 console and launch an instance according to your
recommended deployment size.
2. Choose your instance type.
3. Select the Security Group that will contain all of your Orion servers.
2. Ensure your If the DNS does not resolve the host names in Amazon's AWS, update your hosts file.
APE or
1. On your main Orion server, add your APE or SolarWinds AWS information to
SolarWinds
your hosts file.
AWS can
2. On your APE or SolarWinds AWS, add your main Orion server to your hosts file.
communicate
with your
See this SolarWinds KB article for more detailed instructions.
main Orion
server
3. Install APE
and
SolarWinds
AWS
page 20
1. Log in to the cloud instance for your Additional Polling Engine.
DEPLOYMENT GUIDE: DEPLOY ORION PLATFORM PRODUCTS TO AMAZON WEB SERVICES
2. Download this installer through the Orion Web Console.
l For the APE installer, click Settings > All Settings > Polling Engines.
l For the AWS installer, click Settings > All Settings > Web Console Settings.
3. Run the installer to your APE or AWS.
4. Repeat installing on all additional polling engines in your environment.
Enable High Availability
Create an Amazon
Create a VPC with a Single Public Subnet Only
Virtual Private Cloud
See Amazon's help for more information.
Create or update
security groups
1. Open port 5671 (TCP) on the primary and standby servers.
Create a primary
server
1. Build your primary server.
Create a secondary
1. Build a standby server. SolarWinds recommends that your standby
server has similar specifications as the primary server.
server
2. Open ports 4369 and 25672 (TCP) on the main Orion server and its
standby server. These ports are not required when protecting additional
polling engines.
Download and
install secondary
server hardware
Download and install the secondary server software.
Create your
Create your HA pool using a virtual hostname.
HA pool.
Do not use a Virtual IP (VIP) address when enabling High Availability in
the cloud. Instead, you must use a virtual hostname.
Activate your
HA pool licenses.
page 21
Activate your HA pool licenses.
Troubleshooting
If you receive errors, try the following:
l If you cannot connect to the main Orion server from your APE or SolarWinds AWS, check that the
hosts file has been successfully updated to include the main Orion server.
l If you experience issues and are not on the latest product versions, we recommend completing a
full upgrade. Use the Product Upgrade Advisor to create the upgrade path. Many of these updates
solve issues you may experience part way through your upgrade.
l Check our Success Center for troubleshooting. We recommend searching the name of the product,
the version number, any error codes or messages displayed, and the general issue you found.
l Check your Customer Portal for any new hotfixes.
l If you receive (500) internal server error after an upgrade, use the Orion permission checker to
make sure your Group Policy is not locked. See this article for full details.
l If your views do not load when first opening the console, run the Configuration Wizard again.
If an issue occurs you need additional help with, contact Support. We recommend gathering diagnostics, a
screenshot of the issue, and any error codes you receive. Attach and add this information to your ticket.
You may also want to gather additional diagnostics on your additional pollers and web servers.
page 22