Deploy using EC2 Instances

The deployment options vary depending on what are the number of instances where MetaDefender ICAP Server will be installed.

Options:

1. Single Instance deployment of MetaDefender Core and MetaDefender ICAP Server
2. Multi-Instance with Autoscaling for MetaDefender Core and autoscaling for MetaDefender ICAP Server.

OPSWAT provides a terraform project to deploy MetaDefender ICAP Server and MetaDefender Core in different instances using AWS services.

Prerequisites

AWS knowledge: This guide assumes familiarity with AWS Services

AWS account: needs permission to create AWS Services depending on the examples listed in Architecture Examples in CSPs

Tools installation: Terraform, AWS CLI

Single Instance Deployment

Deploy using Terraform

OPSWAT provides a terraform project to create the infrastructure needed to deploy

• Locally clone the metadefender-csp repository and go to AWS/single-ec2

git clone git@github.com:OPSWAT/metadefender-csp.git

cd AWS/single-ec2

• Modify terraform.tfvars with the desired options
• To deploy MetaDefender Core, modify the section for MetaDefender Core variables
  • LICENSE_KEY required if wanted to have the MetaDefender Core instance activated automatically
  • APIKEY_GENERATION=true to have the apikey generated by terraform
  • There is one general section and one section for each product that is supported using this Terraform project

# General variables

​

MD_ENV_NAME             = "metadefender" # Prefix to add to all the resources

MD_REGION               = "eu-central-1" # Region for all the resources

EC2_KEY_NAME            = "" # Key pair to attach to EC2 instances (Optional)

#ACCESS_KEY_ID          = "<ACCESS_KEY_ID>"

#SECRET_ACCESS_KEY      = "<SECRET_ACCESS_KEY>"  # To give access to terraform (Optional, can use other ways to authenticate)

PUBLIC_ENVIRONMENT      = true

APIKEY_GENERATION       = true

​

# MetaDefender Core variables

​

DEPLOY_CORE             = true

MD_VPC_CIDR             = "192.168.0.0/16"  # VPC CIDR where to create the MetaDefender products

CORE_PRODUCT_ID       = "ani6v4vb5z4t87cymrfg3m451" #MetaDefender Core ID in AWS Marketplace || For Windows it is "9s8powksm1cj7fuafdnv0sfj9"

CORE_INSTANCE_TYPE      = "c5.2xlarge"   # Instance type for MetaDefender Core

LICENSE_KEY_CORE        = ""

• To deploy MetaDefender ICAP Server, modify the section for ICAP Server

# MetaDefender ICAP variables

​

DEPLOY_ICAP             = false         # true to deploy ICAP together with Core

ICAP_PRODUCT_ID         = "b1w10ei2pw2vgpdsjw44pbffr" #MetaDefender ICAP LINUX ID in AWS Marketplace  

ICAP_INSTANCE_TYPE      = "c5.2xlarge"   # Instance type for MetaDefender ICAP Server

LICENSE_KEY_ICAP        = ""

• Run terraform init and apply. Check the resource to be created, after that enter "y"

terraform init

terraform apply

Deploy using AWS Console

Select MetaDefender ICAP Server AMI

• Go to the EC2 Management Console in AWS and select Launch Instance

• Select the desired MetaDefender ICAP Server, based on the OS support:

• Choose the Instance type

Please review MetaDefender ICAP Server's system requirements before choosing the desired AMI and instance type. General System Requirements

Networking for EC2

• Select the desired VPC and subnet you would like to have MetaDefender ICAP Server deployed.

Depending on the deployment model, the recommendation would be to deploy MetaDefender ICAP Server in a private subnet.

Storage configuration

Storage step can be skipped

In general there's no need for additional storage by MetaDefender ICAP Server. Follow the system requirements for Storage.

Security Groups configuration

There are 2 rules that are needed to be opened during the installation phase, after which only one rule should remain:

• Custom TCP: 8048

  • MetaDefender ICAP Server exposes the web UI by default to port 8048. However this port can be changed during the installation phase or updated during it's lifetime.

• RDP / SSH

  • In order to install MetaDefender ICAP Server on Windows add access for RDP and for Linux add support for SSH
    • Highly recommended would be not to allow traffic to RDP or SSH from anywhere, but to limit to your IP address

Launch the instance

After you review the settings, hit Launch. In a few minutes the instance should become available

Multi-Instance Deployment

Deploy using Terraform

OPSWAT provides a terraform project to create the infrastructure needed to deploy

• Locally clone the metadefender-csp repository and go to AWS/autoscaling-group

git clone git@github.com:OPSWAT/metadefender-csp.git

cd AWS/autoscaling-group

• Modify terraform.tfvars with the desired options

# General variables

​

MD_ENV_NAME             = "metadefender"

MD_REGION               = "eu-central-1"

#ACCESS_KEY_ID          = "<ACCESS_KEY_ID>"

#SECRET_ACCESS_KEY      = "<SECRET_ACCESS_KEY>"

MD_VPC_CIDR             = "192.168.0.0/16"

PUBLIC_ENVIRONMENT      = true

WARM_POOL_ENABLED       = true

​

# MetaDefender Core variables

​

DEPLOY_CORE             = "false"

CORE_PRODUCT_ID       = "ani6v4vb5z4t87cymrfg3m451" # For Windows it is "9s8powksm1cj7fuafdnv0sfj9"

CORE_INSTANCE_TYPE      = "c5.2xlarge"

LICENSE_KEY_CORE        = ""

CORE_PWD                = "admin"

CORE_PORT               = 8008

​

# MetaDefender ICAP variables

​

DEPLOY_ICAP             = false

ICAP_PRODUCT_ID         = "b1w10ei2pw2vgpdsjw44pbffr" # For Windows it is 

ICAP_PORT               = 8048

ICAP_INSTANCE_TYPE      = "c5.2xlarge"

ICAP_PWD                = ""

LICENSE_KEY_ICAP        = ""

• Run terraform apply and check the resource to be create, after that enter "y"

terraform apply