{"pageModel":{"attributes":{"id":"","name":"120693.dita","viewName":"DitaDetail"},"elements":{"ditaContent":{"name":"DITAContent","value":"<article id=\"deploy-a-connector-in-aws\" class=\"topic concept\">\r\n<h1 class=\"title topictitle1\">Deploy a Connector in AWS</h1>\r\n<div class=\"body conbody\">\r\n<p class=\"p\">A resource connector is a lightweight service deployed in a virtual machine in your cloud environment.\r\n      A resource connector manages the network communications to a configured private resource.\r\n      Cisco Secure Access provides a pre-configured resource connector image for Amazon Web Services (AWS).\r\n      This guide describes the steps to deploy an Amazon Machine Image (AMI) to create your resource connector instances.\r\n    </p>\r\n<section id=\"prerequisites-aws\" class=\"section\">\r\n<h2 class=\"title sectiontitle\">Prerequisites</h2>\r\n<p class=\"p\">Gather the required information, and understand and meet the  <a data-scope=\"local\" target=\"\" href=\"docs/csa/olh/120767.dita\" title=\"\">Requirements and Prerequisites for Resource Connectors and Connector Groups</a>.</p>\r\n<ul class=\"ul\">\r\n<li class=\"li\">An AWS account.</li>\r\n<li class=\"li\">Supported architectures:<ul class=\"ul\">\r\n<li class=\"li\">Intel x86_64</li>\r\n<li class=\"li\">AMD64</li>\r\n</ul>\r\n</li>\r\n<li class=\"li\">Required instance type for deployments in production environments:  C5.xlarge</li>\r\n<li class=\"li\">Create the connector group in the region nearest to the geographical location where you will deploy these connectors.</li>\r\n<li class=\"li\">All connectors in a group must use the same environment, for example: AWS.</li>\r\n<li class=\"li\">Obtain the connector image from the AWS marketplace. For more information, see  <a data-scope=\"\" target=\"\" href=\"docs/csa/olh/120715.dita\" title=\"\">Get Connector Images on the AWS Marketplace</a>\r\n</li>\r\n<li class=\"li\">Copy the provisioning key for the specific connector group where you will deploy these connectors. For more information, see  <a data-scope=\"local\" target=\"\" href=\"docs/csa/olh/120759.dita\" title=\"\">Provisioning Keys for Resource Connectors</a>.</li>\r\n<li class=\"li\">Disk encryption is recommended for your connectors. You configure this during connector deployment, but you should complete any prerequisites before deploying the image. For more information, see the AWS documentation.</li>\r\n</ul>\r\n</section>\r\n<section id=\"uefi-secure-boot-environment-for-resource-connector-images\" class=\"section\">\r\n<h2 class=\"title sectiontitle\">UEFI Secure Boot Environment for Resource Connector Images</h2>\r\n<p class=\"p\">The Secure Access Resource Connector images for AWS support UEFI Secure Boot, which provides a trusted boot environment for the connector instance.\r\n      </p>\r\n<table class=\"olh_note\" border=\"0\" role=\"note\">\r\n<tbody>\r\n<tr>\r\n<td width=\"5%\" class=\"olh_note\" role=\"heading\" border=\"0\" valign=\"top\">\r\n<img src=\"https://www.cisco.com/c/dam/en/us/td/i/esp/icons/icon-notes.svg\">\r\n<br> </td>\r\n<td border=\"0\" class=\"olh_note\">\r\n<div class=\"note__content\">If you choose an AWS instance type that is not recommended by Cisco Secure Access, we can not guarantee that your Resource Connector instance can boot in AWS. Review the AWS documentation to verify whether your instance type supports UEFI Secure Boot.</div>\r\n</td>\r\n</tr>\r\n</tbody>\r\n</table>\r\n<ul class=\"ul\">\r\n<li class=\"li\">You can deploy Resource Connector images with UEFI Secure Boot on these architectures:<ul class=\"ul\">\r\n<li class=\"li\">Intel x86_64</li>\r\n<li class=\"li\">AMD64</li>\r\n</ul>\r\n</li>\r\n<li class=\"li\">We recommend that you redeploy your Resource Connector instances with the UEFI Secure Boot environment.</li>\r\n</ul>\r\n</section>\r\n<section class=\"section\">\r\n<h2 class=\"title sectiontitle\">Save Your Private SSH Key</h2>\r\n<p class=\"p\">After you generate an SSH key pair required for access to the resource connector, you must save your SSH key in your environment.</p>\r\n<p class=\"p\">Cisco cannot recover your SSH key and you will lose remote access and the capability to manage the resource connector.</p>\r\n</section>\r\n<section id=\"whats-next\" class=\"section\">\r\n<h2 class=\"title sectiontitle\">What's Next</h2>\r\n<p class=\"p\">Perform the following tasks once per connector instance. You can use the Cisco Secure Access Resource Connector image to create multiple connector instances. You must deploy each connector instance independently.</p>\r\n<table class=\"olh_note\" border=\"0\" role=\"note\">\r\n<tbody>\r\n<tr>\r\n<td width=\"5%\" class=\"olh_note\" role=\"heading\" border=\"0\" valign=\"top\">\r\n<img src=\"https://www.cisco.com/c/dam/en/us/td/i/esp/icons/icon-notes.svg\">\r\n<br> </td>\r\n<td border=\"0\" class=\"olh_note\">\r\n<div class=\"note__content\">Do not clone the connector instances.</div>\r\n</td>\r\n</tr>\r\n</tbody>\r\n</table>\r\n<ul class=\"ul\">\r\n<li class=\"li\"> <a data-scope=\"\" target=\"\" href=\"docs/csa/olh/120781.dita\" title=\"\">Step 1 – Launch an Amazon Machine Image for each Connector Instance</a>\r\n</li>\r\n<li class=\"li\"> <a data-scope=\"\" target=\"\" href=\"docs/csa/olh/120782.dita\" title=\"\">Step 2 – Configure the Connector</a>\r\n</li>\r\n<li class=\"li\"> <a data-scope=\"\" target=\"\" href=\"docs/csa/olh/120789.dita\" title=\"\">Step 3 – Launch the Connector Instance</a>\r\n</li>\r\n</ul>\r\n</section>\r\n</div>\r\n</article>\r\n","ditaVal":"","format":"html"},"bookTitle":{"value":""},"shortDescription":{"value":""}}},"parameters":{"appId":"SecureAccess","topicAlias":"deploy-a-connector-in-aws"}}