NSS AWS EC2 Deployment Guide

This document is intended to assist you with deploying and basic configuration of your virtual NSS within the Amazon Web Services (AWS) cloud platform.

This document assumes that you are already familiar with AWS and that your AWS account has already been created. 

In order for Sansay to share the VSXi Amazon Machine Image (AMI) and to provide accurate VM resource recommendations, you need to provide the following information:

  1. Your AWS Account ID (a numeric ID not your login e-mail)
  2. The AWS region, or regions, you intend to deploy the VSXi image

Before beginning, ensure that you have the following information and files available:

  1. AWS AMI in your AMI Private images repository, which will be shared with you by Sansay Support.

NSS STI-AS and STI-VS query processing capability are mainly driven by your traffic volume measured in queries per second (QPS) and by the number of total entries in your attestation policy table directly related to your network's DIDs/TNs and trunk groups as applicable. For AWS you can choose from a t2, m4/m5, c4/c5 or r4/r5 instance type.

Minimum Requirements:

  • 4vCPU and 12G of RAM, 500GB storage. QPS 250 and up to 20,000 entries.
  • 4vCPU and 24G of RAM, 500GB storage. QPS 250 and up to 2M entries.
  • 6vCPU and 24G of RAM, 1TB storage. QPS 500 and up to 2M entries
  • 8vCPU and 24G or RAM, 2TB storage. QPS 1000 and up to 2M entries.
  • 12vCPU and 32G of RAM, 3TB storage. QPS 2000 and 2M+ entries.
  • 16vCPU and 48G or RAM, 5TB storage. QPS 5000 and 2M+ entries.

This video provides step by step guidance how to launch an EC2 instance for VSXi

Outline summary for the above video:

  1. Select AWS region. This must match the region you provided to Sansay earlier. The AMI will only show up in regions Sansay shared the AMI with you.
  2. Choose AMI.  In the EC2 Dashboard navigation pane, click AMIs located under IMAGES. Select Private Images.  
  3.  Select the AMI that was shared with you and click the Launch button in the upper left corner.
  4. Choose instance type. Next you need to designate the instance type for your VSXi VM, Please follow the sizing guide above for this.
  5. Add storage.  The VSXi AMI comes with a modestly sized HDD and is intended to only contain the OS, system files and Sansay software. An additional HDD will need to be added to the VSXi instance for the storage of CDRs, log files and provisioning uploads (xml and csv). Once you have completed adding the additional HDD to the instance, no other configuration is needed. The AMI instance will automatically recognize the additional HDD and will then mount, format and configure the device for use.
    1. Volume Type = EBS B.
    2. Device = /dev/sdb
    3. Size (GiB) = Set to amount recommend by Sansay
    4. Volume Type = Leave as General Purpose SSD (GP2)
    5. Delete on Termination = Unchecked
    6. Encrypted = Unchecked
  6. Configure security group.  Think of the AWS Security Group as your AWS firewall. This is where you will configure what traffic can come into your new instance and what cannot. If a rule is not created for a particular protocol/port that any traffic which uses that protocol/port will be blocked. During the initial deployment of your VSXi instance the following ports are recommended:
    1. Management:
      1. TCP Port 22: Your IP Address.
      2. TCP Port 22: Sansay HQ
      3. TCP Port 8888: Anywhere
    2. Signaling:
      1. UDP Port: 5060
      2. TCP Port: 3333-3340
  7. Review configuration. After you’ve completed the instance configuration, you have an opportunity to review the configuration prior to launching the instance.
    1. If you are satisfied with the configuration, click the Launch button.
    2. If you see something that needs to be changed, click the Previous button.
    3. If you would like to start the process over from scratch, click Cancel. 
  8. Key pair. Once you select Launch, you will be presented with the following pop-up asking to create a new key pair. You will need this key pair in order for your cdr user to access the system and download CDRs.
    1. Note: The AWS key pair is equivalent to your ssh password for VSXi appliances (e.g hardware servers)
  9. After saving the certificate, click the Launch Instances button.