The Yarkon Admin Console application is running on a dedicated web server, to be installed in EC2. Start the process just like setting up any other EC2 server, from an AMI. To start, go to your EC2 Dashboard, click the “Launch Instance” button and locate the AMI from the AWS Marketplace.
The Yarkon AMI is based on a standard, latest available Ubuntu server, with the Yarkon application installed and pre-configured on it.
To get it fully operational in your environment, you’d need to follow some basic (and usually standard) steps, often followed when launching an instance a Unix based AMIs.
The next section describes these steps.
Go through the next few steps as you do when setting up any EC2 server. As always, the instance type should be chosen based on the expected load. Any of the general purpose instance types should do. We recommend you start with a small one (such as t2.medium) and only scale up if needed. You can always do that later.
The next steps are pretty generic. In the Configure Instance Details step, it is important to set up the correct Role. If you did not create the role yet, you can do it later, but the server will not work without the instance role being set, so you’d have to add the role before trying set up the application. This is because the application uses this role to gain API access to AWS (it does not require you to enter AWS keys). For more about the role, see Setting up the AWS role and policy required for the Yarkon Admin Console.
The storage requirements of the instance are low; we use 20GB as the baseline.
Use the Add Tags step to name the instance and add any tags you use to manage your fleet.
If this is the first time you set up a Yarkon server, you will have to define the security group now.
You can leave the SSH port there, just in case you need direct access to the server. By default, the application is serving content on port 4830. This can be changed, but will require accessing the server directly. Since the recommended set up is using an ELB, you can map this port to the standard https port 433 there, so it is better to leave it as is.
It is important to know that an ELB is not required to be able to run the application. It is, however, the method considered “best practice” to serving content over SSL from EC2. The only downside is the added cost of the ELB, though this is probably insignificant for an organization running in AWS (when this guide was written, March 2017, this cost was $22.39 per month). The benefits of using an ELB are:
If you just want to set up Yarkon quickly skipping the ELB and DNS steps, make sure that port 4830 is open to your current IP in the aforementioned security group, then access the server using http://server-ip/:4830. Note that until you set up HTTPS using either the recommended ELB approach, or by setting it on the instance itself, you will have to access the server using HTTP, which is not secure and therefore not recommended.
To set up an ELB, follow this guide from Amazon: Tutorial: Create a Classic Load Balancer.
When the ELB is ready, set up SSL following this guide: HTTPS Listeners for Your Classic Load Balancer.
Finally, you’d want to create a DNS record for the server, so it can be accessed by your users.
To do that, use the Route 53 service, and follow this guide from Amazon: Configure a Custom Domain Name for Your Classic Load Balancer.
A common choice is to set up a sub-domain under your TLD for the Yarkon server, for instance, yarkon.your-domain-name.com, so to access the Yarkon Admin Console, you’d use the URL https://yarkon.your-domain-name.com.
Note that the end-users will always access the Web client from a URL that is based on this one, and would be (with the aforementioned) https://yarkon.your-domain-name.com/yarkon/.
The setup of the application is simple. Browse to the server URL you just created in R53 using any web browser (using the aforementioned example, it would be https://yarkon.your-domain-name.com), and follow the steps on screen.
The process consists of the following steps:
Go through the Welcome screen and click the Next button to proceed. In the Contact Details put in your contact and the email address you’d like to associate with this account. Note that Yarkon uses your email as a uniquely identifying username for logging in to the system. When your user account is created, a temporary password will be generated for you by the system, and will be sent to this email address, so make sure to use a valid one.
Next, you tell Yarkon how to access your AWS Account.
In the Access Keys form, enter the API Access Keys you created before and downloaded into the CSV file. You can optionally use the Validate button to verify that the access keys you entered could be used by Yarkon. If the keys are invalid for whatever reason, Yarkon will provide feedback to help you resolve the issue.
Choose the Security Model you would like to use. For more details, please review this document.
If you choose the Integrated Security Model, you will have to choose the IAM role you would use for this IAM integration from the drop-down. This should be the role you created for the instance following the document Setup Yarkon Role.
When you are done, move to the next step – S3 Region – and choose from the drop-down the AWS region you use. While the Yarkon client application would work with any region choice you make here, it is preferable to choose the region where most of your buckets are hosted. If you are unsure, use the default which is US Standard.
The final step of the process is used for verification. Review the details displayed to ensure all are correct. If you want to make changes, you can use the Update button available for each section. When done, click the Done button to have the system proceed to create your administrator user account and set up Yarkon for your AWS account.
The system might take a moment to complete the registration after going through some back-end validation process. After it completes, it will send an email with your login credentials to the address you entered before.
Use the temporary password sent to you by email to login to Yarkon for the first time. The system will prompt you to replace the automatically generated temporary password with whichever password you choose.
Note that the same password is used to log in to the Yarkon client application.