Deploy USM Appliance with AMI

Applies to Product: USM Appliance™ AlienVault OSSIM®

In this section, you will learn

Before You Start

After purchasing the USM Appliance AMI, you must send your Amazon identifier and the region you want the AMI deployed to AlienVault Support, who will use that information to share the private USM Appliance AMI with you.

Supported AWS regions:

  • ap-northeast-1
  • ap-northeast-2
  • ap-south-1
  • ap-southeast-1
  • ap-southeast-2
  • eu-central-1
  • eu-west-1
  • eu-west-2
  • us-east-1
  • us-west-1
  • us-west-2

Deploy the USM Appliance AMI

To deploy the AlienVault USM Appliance AMI

  1. Sign in to your Amazon portal.
  2. Click EC2.
  3. Click Launch Instance.
  4. Click My AMIs (on the navigation tree located on the left).
  5. In the search field, enter "AlienVault_USM" and click Select.

  6. Choose an Instance Type based on the following recommendation:

    Recommended Instance Type for the USM Appliance AMI
    Image Name Recommended Instance Type
    USM Appliance All-in-One m4.2xlarge (8 cores/30GB ) or c3.4xlarge (16 cores/30GB )
    USM Appliance All-in-One Lite m4.2xlarge (8 cores/30GB ) or c3.4xlarge (16 cores/30GB )
    USM Appliance Federation Server m4.2xlarge (8 cores/30GB ) or c3.4xlarge (16 cores/30GB )
    USM Appliance Remote Sensor m4.xlarge (4 cores/15GB )
    USM Appliance Remote Sensor Lite m4.xlarge (4 cores/15GB )
    USM Appliance Standard Logger m4.2xlarge (8 cores/30GB ) or c3.4xlarge (16 cores/30GB )
    USM Appliance Standard Server m4.2xlarge (8 cores/30GB ) or c3.4xlarge (16 cores/30GB )
    USM Appliance Standard Sensor m4.2xlarge (8 cores/30GB ) or c3.4xlarge (16 cores/30GB )
  7. Click the square to the left of an instance, and then click Next: Configure Instance Details.
  8. Select Launch as EBS-optimized instance to improve the disk performance.
  9. Click Next: Add Storage.
  10. Click Volume Type and choose "Provisioned IOPS". For optimal performance, set the IOPS value to "20000". See Amazon documentation for more details.
  11. Click Next: Tag Instance.
  12. In the Value field, type a name for your appliance, and then click Next: Configure Security Group.

  13. Click Add Rule to add HTTPS. This protocol allows Internet traffic to reach your USM Appliance instance.

    Note: You do not need to add this rule if you are configuring a USM Appliance Sensor, which does not have a web interface.

  14. (Optional) Click Add Rule to add HTTP. This protocol allows web traffic redirection to work in your USM Appliance instance.

    Note: You do not need to add this rule if you are configuring a USM Appliance Sensor, which does not have a web interface.

  15. Click Review and Launch.
  16. Review your configuration and click Launch.
  17. Select Proceed without a key pair and I acknowledge that I have....
  18. Click Launch Instances.

  19. Click the instance launched.

    The instance can have the following status checks:

    Initializing. The image has not yet been deployed by Amazon.

    1/2 checks. The image has been deployed, but it is not accessible. The image is still configuring.

    2/2 checks. The image is ready and completely configured.

Note: Wait a few minutes before trying to log in for the first time. The database may need more time to finish initializing. If you try to log in before, you may see a Database Connection error in the browser.

Connect to the AMI Through a Console

To access the AMI through a console

  1. Open a terminal and enter the following command:

    SSH root@<publicDNS>

    where

    <publicDNS> refers to the default DNS assigned to AlienVault USM Appliance.

  2. Login to the system.

    The default credential is root/alienvault.

  3. After logging in for the first time, the system will request a password change.