Provision Fleet Service Points in AWS - BlueCat DNS Edge

DNS Edge User Guide (Fleet Service Point)

Locale
English
Product name
BlueCat DNS Edge

This section gives detailed instructions for provisioning the Fleet Service Point in AWS.

Before you begin:

You must have a valid AWS account with the correct permissions to deploy EC2 instances.

Configuring Fleet Service Point configuration details:

  1. Log in to the Edge Cloud Instance.
  2. In the top navigation bar, click and select Fleet Service Points.
  3. To add a new Fleet Service Point click on the Fleet Service Points page.
  4. Under Setup, enter the following information:
    • Name: enter the name of the new Fleet Service Point.
    • Description: add a description. This is optional.
  5. Under Type, select AWS / Azure / GCP from the drop-down menu.
  6. Under Network, enter the following information:
    • Enter the hostname of the Fleet Service Point.
    • (Optional) Enter the IP address or FQDN of any NTP servers that the Fleet Service Point will use. If you do not configure any NTP servers, the Fleet Service Point will use the following default Debian NTP servers:
      • 0.debian.pool.ntp.org
      • 1.debian.pool.ntp.org
      • 2.debian.pool.ntp.org
      • 3.debian.pool.ntp.org
  7. Under Access, enter the following information:
    Note:
    • The SSH Public Key and VM Console Password fields are mandatory and must be filled out to provision the Fleet Service Point.
    • The SSH Public Key and VM Console Password are applied to the operations user account.
    • SSH Public Key: Enter the SSH public key of the Fleet Service Point. This adds the public key to the .ssh directory of the Fleet Service Point and allows you to SSH into the Fleet Service Point.
    • VM Console Password: Enter the console password for the Fleet Service Point. The password must meet the following requirements:
      • It must contain lowercase characters.
      • It must contain uppercase characters.
      • It must contain numbers.
      • It must contain symbols.
      • It must not contain spaces.
      • It must contain at least 12 characters.
    • Confirm Password: Confirm the console password for the Fleet Service Point entered in the VM Console Password field.
  8. (Optional) Under HTTP Proxy, enter the following information:
    • Enter the hostname of the proxy that the Fleet Service Point will use.
    • (Optional) Add the port number used to connect to the proxy server. By default, the value is 443.
    • (Optional) Enter the username and password that will be used to authenticate against the proxy server.
  9. Click Save and Download. A window appears where you can download the configuration file.
  10. Click Download Configuration to download the configuration file.
    Attention: The configuration file of the Fleet Service Point can only be downloaded once and cannot be recovered later. The configuration file is a base64 encoded text file and can contain sensitive information such as HTTP proxy credentials.

    BlueCat strongly recommends storing the configuration file in a secure location and only storing the configuration file for as long as required. The configuration file should be securely destroyed when it is no longer in use.

Provisioning the Fleet Service Point on AWS:
Note: The following instructions are for the new EC2 UI. To enable the new EC2 UI within AWS, toggle the New EC2 Experience button.
  1. Log in to your AWS account.
  2. In the AWS console, navigate to your EC2 service Dashboard and click Launch Instance.
  3. Enter a name for the new EC2 instance. Optionally, you can add a tag to your EC2 instance by clicking Add additional tags and selecting the tag.
  4. Under Applications and OS Images, search for BlueCat DNS Edge Fleet Service Point, select the image and click Select.
  5. For Instance Type, select c5.xlarge, c5.2xlarge, or c5.4xlarge.
    Note: The minimum recommended instance type is c5.xlarge.
  6. For Key pair, select Proceed without a key pair.

    Your SSH key will be configured with the SSH Public Key that was provided when configuring the Fleet Service Point configuration details within the Edge Cloud.

  7. Select the security group that's created automatically, or create a new security group. If you create a new group, the following ports and protocols must be opened on the Fleet Service Point Instance in AWS:
    • Port 22 (TCP)—used for SSH connections.
    • Port 53 (TCP and UDF)—used for DNS service.
    • Port 2021 (TCP)—used for DNS resolver service diagnostics.
    • Port 8083 (TCP)—used for Fleet Service Point diagnostics.
  8. Configure the following storage requirements:
    • For Size, enter 200 GiB
    • For Volume Type, select General Purpose SSD (GP2).
  9. Click Advanced Details and for User Data, paste the contents of the configuration file that you downloaded from the Fleet Service Point configuration page. Make sure to select User data has already been base64 encoded.
  10. Click Launch Instance.

Within your EC2 Instance dashboard, you can monitor the progress of the Fleet Service Point provisioning. Once you see 2/2 checks passed, the Fleet Service Point is ready for use.

Once you have provisioned the Fleet Service Point VM, you can deploy DNS resolver service. For more information, refer to DNS Resolver Services.

Attention: You can use the Fleet Service Point diagnostics API to verify that the Fleet Service Point has successfully registered. The registrationStatus field within the Fleet Service Point diagnostics API response returns a value of REGISTERED when the Fleet Service Point has successfully registered with the DNS Edge Cloud. If the value is not REGISTERED, this may indicate that there is an issue with the Fleet Service Point provisioning and the service point may not operate as intended.

For more information on the Fleet Service Point diagnostics APIs, refer to Fleet Service Point status and diagnostics APIs.