07-17-2019 03:03 AM
Does anyone have a reliable method of accessing AWS Master Server Admin Console from outside AWS? I have had it working via a Windows "bastion host" running the Java Console as AWS supports RDP but I now have a customer who has deployed a Linux bastion. Any thoughts? Thanks, Andrew
Solved! Go to Solution.
07-21-2019 04:31 AM
Hi Andew,
If your client's only way to get into the VPC is a bastion, then that bastion, or another one, would need to be setup to run the JAVA console.
Alternatively, you have the following options;
Like I said before, don't get off track because it's AWS (or AZURE, or whatever cloud provider), treat it as a data center you need access and your customer needs to provide it.
07-17-2019 03:10 AM
I'm guessing your NBU Master is on Windows right? You can try install the netbackup linux server binaries. Don't configure it. You can then try launch jnbSA and point it at the other master.
07-17-2019 03:59 AM
07-17-2019 09:39 AM
Hi Andrew,
AWS, or the VPC in AWS is really just a data center. Yes, it is virtual and you can't go in the building but the same rules apply really as if it was hosted in some DC on prem. Your customer should really have a direct connect or VPN connection from their offices to the VPC. If there only way of getting into their VPC is via the bastion, then they make sure that bastion can facilitate the connection to where you need to go.
I'm going assume their bastion is shell only so you can't run any GUIs?
So, this is really not a question about the console, but a question about what type of connections they're allowing in through the bastion, or the secuirty groups/NACL in general.
07-18-2019 01:20 AM
> I'm going assume their bastion is shell only so you can't run any GUIs?
Yes this is correct but I believe this is a general AWS limitation and not specific to my customer. From what I understand, AWS only provides ready access to a GUI via RDP on Windows; there are a number of examples of getting xrdp to work on Ubuntu within AWS but I've not been able to get these working on RHEL for NetBackup support.
Given all the publicity around NetBackup support for AWS I find it rather disappointing this key requirement doesn't seem to be addressed. In my case we are going to use RDP to the AWS OpsCenter server which is Windows.
Thanks, Andrew
07-18-2019 11:41 AM
Hi Andrew,
This is not accurate "From what I understand, AWS only provides ready access to a GUI via RDP on Windows;"
AWS does not dictate what you can't and can't do on your instances. Your customer is free to install RHEL with what ever configuration they please, GUI or no GUI. They can install one, two, five, linux, or windows hosts. You customer is also free to open what ever ports they want to the internet. If they wished to, they could open up a connection direct from the internet to the JAVA GUI on their master server, but this is all up to them and does not aling with security best practices.
As I mentioned previously, AWS in just a "data center" and your customer controls what can get in or out.
If you want some more guidance on AWS, feel free to reach out.
07-19-2019 01:53 AM
Riaan, thanks for this.
I was advised by an AWS architect (OK, not an Amazon empoyee) it would be best to use RDP to a Windows bastion for GUI access but the summary is I am reaching out for methods to run the NBU Admin Console locally to manage NBU within AWS (without Windows RDP).
I guess it can be done via tunnelling and port forwarding; but does anyone have any examples or experience of doing this?
Thanks again, Andrew
07-21-2019 04:31 AM
Hi Andew,
If your client's only way to get into the VPC is a bastion, then that bastion, or another one, would need to be setup to run the JAVA console.
Alternatively, you have the following options;
Like I said before, don't get off track because it's AWS (or AZURE, or whatever cloud provider), treat it as a data center you need access and your customer needs to provide it.
07-24-2019 01:46 AM