Introduction -

As you build your applications and severs in Amazon and other cloud services it is critical to patch those servers on a regular basis to guard them from security incidents. Securing these servers from attacks are very tedious tasks and involves fleet of people or an application that needs to be maintained and managed by a group of IT engineers to keep the servers patched. To address this problem The Globalsolutions have released a web based software in Amazon Market Place which would help to patch the servers in Amazon in two easy steps. In the first step we bring in all the servers under your account and in the second step you choose the servers that you want to patch. This will be a pay as go model where you would pay a very little upfront cost and on an ongoing basis you will paying for the GS Console server from which the end point servers can be patched.

Key terms and definition of certain actions -

GSConsole Server – This is the main console server bundled and distributed in the Amazon market place. Once the server is configured with the required amazon credential it will pull the server under the configured account. From the list of your servers you select the ones you want to patch in one click.

Global User Name – This will be your common Admin user for all of your EC2 instances. If you don’t have one please go ahead and create a common user account which will have admin level privileges.

Global Password – This will be the password for the Global Admin user

Refresh –   - Will refresh the home screen

Reload -     - Will refresh to the current state(running/stopped/terminated) of EC2 instances.

AWS Access and Secret keys – These are your account specific and can be found by going in to your account -> Security credentials.

NOTE – We do not store the access key ID and Security Keys in our databases, as we don’t store them we will request this information to refresh the newly added machine from AWS to display in our console or to update the status (running/stopped) of EC2 instances to be reflected in GS console server.

 

REQUIREMENTS

·         Need to have a Global Admin user name and password

·         The servers that needs to be patched should have the following ports opened in their security group

o   Protocol – TCP, Port – 9090

o   Protocol – TCP, Port – 445

o   Protocol – TCP , port – 135

·         The tomcat in the GS console servers need to be run with the local administrator account

·         The GS Console server should have the Protocol – http and port 8080 opened to be accesses from external servers.

 

Steps to add your servers/EC2 instances to GS CONSOLE SERVER for patching -

·         Launch “Patch AWS EC2 instances Powered by theGlobalSolutions” from the market place.

·         RDP to the box , got to Administrative tools -> services

o   Double click on tomcat and make sure it run under the Administrative account and provide the password to your account.

o   Restart the tomcat server

·         Once the instance is up connect to the GSConsole server with the below URL ( you can do this from the same servers or from any other server.)

o   http://Your-public-DNS-name:8080/gsconsole

·         Click the login tab in the top right corner of the page

o   Register your company name, username(email ID) and password to create a GS console server account

o   Once successfully registered use the same username and password under MEMBER LOGIN to login in to the GS Console server.

·         Once logged in to the console for the first time you will be prompted to provide the AWS related information to start patching your servers.

o   You can have multiple AWS accounts paired to one GS console account created in the previous step.

o   There is a FAQ in the right side detailing every field.

o   Provide the AWS account name, AWS access Key ID, Secret keys, select the availability zone, COMMON Admin user name and password for the EC2 instances

§  As mentioned earlier we do not store the Access and secret key information.

§  If you added more instances to your account you have to re-enter the keys to add those servers (EC2 Instances) to GS console server for patching.

·         Enter the Global EC2 Admin and password in the configuration, before you start patching you need makes sure the Global user account with admin level privileges mentioned in the below configuration page exists in your EC2 instance this is required to deploy our agent.

·         Below is the snapshot of the initial configuration page-

         

·         Once you fill up the above information hit continue and you will be able to see the list EC2 instances in your account (as shown below).

 

·         Select the instances you want to patch and hit the patching button

o   The patching solution that is available from “The GlobalSolutoions” in AWS MARKET PLACE will allow you to patch up to 50 unique servers/EC2 instances.

o   You can add multiple times till you reach the 50 servers from the home page.

o   Once you add a server it will be counted as one server even if you terminate the server in AWS after adding to the GS console server for patching.

o   If you want to patch beyond the 50 servers you can use our SAAS solution at www.theglobalsolutions.net

 

Steps to patch your Server/EC2 instance after adding to GS CONSOLE SERVER –

·         You can do a bulk patching or patch the machines individually

·         To do bulk patching select the servers that you want to patch and run the “Run Compliance” or “Install patch” as show below

 

·         To run compliance for a single server you can got to the ACTIONS column for a specific server and run the compliance.

·         The first step in patching is to run compliance. Running the compliance against the servers will provide you if the servers ( EC2 instances) are in compliant with all the required patches.

o   You cannot install patches without running compliance

·         Once the compliance is run you will see the missing patches under the “COMPLIANT” column.

o   As you run the compliance you can see the following status under the “STATUS” column ,Checking for Agent, Downloading Agent, Patch scan initiated, Idle

§  Once you see the status as idle your compliance scan is completed.

§  Refresh  the screen, you will see the number of patches missing in the compliant column.

·         Currently there is a known bug which requires you to refresh the screen the first time after the patch scan completes.

·         This action is required only during the first run, subsequent runs will not need this manual refresh

·         The next step is patch the missing patches. You can either patch a single server or select a specific patch to be installed on multiple servers.

·         To install patch on a single server go to “Actions” and select Install patch.

o   This will bring you the list of patches. Select the patches that you want to deploy and hit install.

·         If you want to do a bulk install hit the wheel like icon  and select “Install patch”

o   The above will pop up a window with all the missing patches and number of servers/EC2 instances the patches are missing.

o   Select the patch and it will show you the list of server.

o   Select the servers you want to install patch and hit install -> close.

·         YOU WILL BE ABLE TO SEE THE STATUS OF THE PATCHES IN STATUS COLUMN.

o   The status is updated every 30 seconds

·         You can keep adding more servers from the home page until you reach 50 servers.

 

For questions/support you can send an email to support@theglobalsolutions.net