Skip to content

BYOL 4.0 Docs - AWS #904

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
haberkornsam wants to merge 5 commits into
base: master
Choose a base branch
from
Open

BYOL 4.0 Docs - AWS #904

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
5 commits
Select commit Hold shift + click to select a range
aff5594
aws byol docs
haberkornsam Dec 18, 2025
faed771
add ha tags
haberkornsam Dec 19, 2025
f9ae715
Merge branch 'master' into shaberkorn/aws-byol-4-0
haberkornsam Dec 19, 2025
21a727e
add ha naming to table
haberkornsam Dec 19, 2025
b71512a
Merge branch 'shaberkorn/aws-byol-4-0' of https://github.com/128techn…
haberkornsam Dec 19, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
67 changes: 47 additions & 20 deletions docs/intro_installation_quickstart_byol_conductor_aws.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -22,6 +22,21 @@ The **Bring Your Own License (BYOL)** AMI allows you to install your own license

Once you have selected the AMI for your deployment, proceed to the section [Session Smart Conductor Deployment](#session-smart-conductor-deployment) to deploy a Session Smart Conductor, or proceed to the section [Session Smart Conductor Managed Router Deployment](#session-smart-conductor-managed-router-deployment) to deploy a Session Smart Conductor Managed Router.

## Selecting the Instance Size
The following instance sizes are supported for virtual SSR in AWS. Choose the size that best meets your requirements. More information can be found in the [AWS Documentation](https://docs.aws.amazon.com/ec2/latest/instancetypes/instance-types.html)

| Recommended AWS VM Size | Max vNICs Supported | vCPU Cores | Memory |
| ----------------------- | ------------------- | ---------- | ------ |
| c5.xlarge | 4 | 4 | 8 |
| c5.2xlarge | 4 | 8 | 16 |
| c5.4xlarge | 8 | 16 | 32 |
| c5.9xlarge | 8 | 36 | 72 |
| c5n.xlarge | 4 | 4 | 10.5 |
| c5n.2xlarge | 4 | 8 | 21 |
| c5n.4xlarge | 8 | 16 | 42 |
| c5n.9xlarge | 8 | 36 | 96 |


## Session Smart Conductor Deployment

Use the following information to deploy a BYOL Session Smart Conductor in AWS.
Expand Down Expand Up @@ -144,15 +159,15 @@ A description of the parameters of the template are listed in the following tabl

| Parameter | Description |
| -------------------- | ----------- |
| Name | The Instance Name field provides a name to the VM for the device.|
| Name | The Instance Name field provides a name to the VM for the device.|
| Instance Type | Size of the EC2 instance.|
| SSR Version | SSR software version installed on the instance. |
| SSR Version | SSR software version installed on the instance. |
| Artifactory Username | User portion of the artifactory credentials used to install the SSR software. |
| Artifactory Token | Token for the artifactory credentials used to install the SSR software. |
| Artifactory Token | Token for the artifactory credentials used to install the SSR software. |
| VPC ID | ID of the existing VPC where the device is going to be deployed. |
| Control Subnet ID | ID of the control subnet within the VPC. |
| Control Subnet ID | ID of the control subnet within the VPC. |
| Control Subnet Allowed CIDR | The IP CIDR range of the endpoints allowed to originate traffic to the Conductor's management interface in the management subnet. |
| Admin Allowed CIDR | The IP CIDR range of the endpoints allowed to SSH to the EC2 instance as well as login to the Conductor's GUI. |
| Admin Allowed CIDR | The IP CIDR range of the endpoints allowed to SSH to the EC2 instance as well as login to the Conductor's GUI. |
| Key Name | IAM user key (SSH public key) to login to the EC2 instance (Linux) via SSH.|


Expand Down Expand Up @@ -192,7 +207,7 @@ Paste the following JSON content. Please adjust the values to your specific envi
{
"Name": "<instance name>",
"Version": "<ssr-version>",
"InstanceType": "c5.xlarge",
"InstanceType": "c5n.xlarge",
"ArtifactoryUsername": "<username>",
"ArtifactoryUsername": "<password>",
"VpcId": "<ID of the VPC>",
Expand Down Expand Up @@ -363,11 +378,11 @@ write_files:
```
| Option | Meaning |
| ------ | ------- |
| name | The name of the Router. |
| ssr-version | The SSR software version to be installed on the instance. (BYOL only) |
| artifactory-user | User portion of the artifactory credentials. |
| name | The name of the Router. |
| ssr-version | The SSR software version to be installed on the instance. |
| artifactory-user | User portion of the artifactory credentials. |
| artifactory-password | Password portion of the artifactory credentials. |
| conductor-hosts | The list of Conductor control IPs used to manage the router. |
| conductor-hosts | The list of Conductor control IPs used to manage the router. |


### Manual Onboarding
Expand All @@ -379,13 +394,23 @@ If a user does not supply the onboarding configuration before launching the inst

### Network Interfaces Layout

The _Session Smart Router Template_ deploys an EC2 instance for the SSR with two network interfaces. The template attaches the network interfaces to the EC2 instance in the following order: Public, and Private. The network interfaces to be used are as follows:
The _Session Smart Router Template_ deploys an EC2 instance for the SSR with two network interfaces. The template attaches the network interfaces to the EC2 instance in the following order: Management (optional), Public, and Private.

If a management interface is provided, the interfaces to be used are as follows

| Network Interface name | Subnet | PCI Address |
| ---------------------- | ---------------- | ----------------|
| ge-0-0 | Public | 0000:00:05.0 |
| ge-0-1 | Private | 0000:00:06.0 |
| ge-0-2 | Management | 0000:00:07.0 |
| ge-0-0 | Management | 0000:00:05.0 |
| ge-0-1 | Public | 0000:00:06.0 |
| ge-0-2 | Private | 0000:00:07.0 |

If no management interface is provided, the interfaces to be used are as follows
| Network Interface name | Subnet | PCI Address |
| ----------------------- | --------------- | ----------------|
| ge-0-0 | Public | 0000:00:05.0 |
| ge-0-1 | Private | 0000:00:06.0 |
| ge-0-2 (If Applicable) | HASync | 0000:00:07.0 |
| ge-0-3 (If Applicable) | HAFabric | 0000:00:08.0 |

### Launch the Conductor Managed Template

Expand All @@ -397,11 +422,11 @@ A description of the parameters of the template are listed in the following tabl

| Parameter | Description |
| -------------------- | ----------- |
| Name | Fill out the Instance Name field to provide a name to the VM for the conductor-managed router.|
| Version | SSR software version installed on the instance. |
| Name | Fill out the Instance Name field to provide a name to the VM for the conductor-managed router.|
| Version | SSR software version installed on the instance. |
| Artifactory Username | User portion of the artifactory credentials used to install the SSR software. |
| Artifactory Token | Token for the artifactory credentials used to install the SSR software. |
| Primary Control IP | The primary IP address of the Conductor |
| Artifactory Token | Token for the artifactory credentials used to install the SSR software. |
| Primary Control IP | The primary IP address of the Conductor |
| Secondary Control IP | The secondary IP address of the Conductor |
| Key Name | IAM user key (SSH public key) to login to the EC2 instance (Linux) via SSH.|
| Instance size | Size of the EC2 instance.|
Expand Down Expand Up @@ -454,7 +479,7 @@ Paste the following JSON content. Please adjust the values to your specific envi
"ArtifactoryToken": "<password>",
"conductorPrimaryControlIP": "<control-ip>",
"conductorSecondaryControlIP": "<control-ip>",
"InstanceType": "c5.xlarge",
"InstanceType": "c5n.xlarge",
"KeyName": "<username>"
"VpcId": "<ID of the VPC>",
"PublicSubnet": "<ID of the public subnet within the VPC>",
Expand Down Expand Up @@ -533,7 +558,9 @@ In addition to using the cloud formation template, the admin can tag the interfa
| --------- | ------- |
| WAN | Interface is marked as WAN for onboarding purposes. |
| LAN | Interface is marked as LAN and is assumed to be used as a private network for internal workflows. |
| MGMT | Interface is marked as MGMT and is assumed to have SSH connectivity. |
| MGMT | Interface is marked as MGMT and is assumed to have SSH connectivity. |
| HAFabric | Interface is marked as HAFabric and is used as the fabric link in an HA deployment. |
| HASync | Interface is marked as HASync and is used as the redundancy link in an HA deployment. |

:::note
The EC2 instance must be assigned the IAM role containing the `ec2_describeNetwork` permission to leverage the interface tagging.
Expand Down
57 changes: 43 additions & 14 deletions docs/intro_installation_quickstart_byol_mist_aws.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -9,14 +9,29 @@ This guide describes the process for deploying a Mist-managed instance through A

Proceed to the next section [Selecting the AMI](#selecting-the-ami).

### Selecting the AMI
## Selecting the AMI

**Bring Your Own License (BYOL):** This allows you to install your own licensed copy of the SSR software on an AWS VM. The device registration code is used to authenticate access to the Mist installation repositories. Refer to the [Session Smart Networking Platform (BYOL)](https://aws.amazon.com/marketplace/pp/prodview-lz6cjd43qgw3c?sr=0-2&ref_=beagle&applicationId=AWSMPContessa) offering.

For the latest information about SSR BYOL offereings, please refer to the [Cloud Images BYOL Release Notes](release_notes_byol.md).

Once you have selected the AMI that suits the needs of your deployment, proceed to the [Session Smart Router Deployment](#session-smart-router-deployment) to deploy a Session Smart Router.

## Selecting the Instance Size
The following instance sizes are supported for virtual SSR in AWS. Choose the size that best meets your requirements. More information can be found in the [AWS Documentation](https://docs.aws.amazon.com/ec2/latest/instancetypes/instance-types.html)

| Recommended AWS VM Size | Max vNICs Supported | vCPU Cores | Memory |
| ----------------------- | ------------------- | ---------- | ------ |
| c5.xlarge | 4 | 4 | 8 |
| c5.2xlarge | 4 | 8 | 16 |
| c5.4xlarge | 8 | 16 | 32 |
| c5.9xlarge | 8 | 36 | 72 |
| c5n.xlarge | 4 | 4 | 10.5 |
| c5n.2xlarge | 4 | 8 | 21 |
| c5n.4xlarge | 8 | 16 | 42 |
| c5n.9xlarge | 8 | 36 | 96 |


## Session Smart Router Deployment

Use the following steps to deploy a Mist-managed Session Smart Router in AWS.
Expand All @@ -26,8 +41,9 @@ Use the following steps to deploy a Mist-managed Session Smart Router in AWS.
The following infrastructure must exist in your AWS account:
* A VPC where the Session Smart Router will be deployed.
* The existing VPC is segmented with the following subnets. The role of each subnet is described below.
- Public Subnet: This subnet must provide connectivity to enable communication with external/remote SSR peers as well as access to the Mist cloud infrastructure.
- Public Subnet: This subnet must provide connectivity to enable communication with external/remote SSR peers as well as access to the Mist cloud infrastructure if no management subnet is provided.
- Private Subnet: This subnet must provide connectivity to internal workloads within the cloud.
- Management Subnet [Optional]: This subnet must provide connectivity to the Mist cloud and is reachable for SSH administration purposes.
* [Enable enhanced network](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/enhanced-networking-ena.html#enabling_enhanced_networking) with ENA for maximum throughput performance. For SSR routers, execute the following command from your local computer

```
Expand Down Expand Up @@ -125,7 +141,7 @@ If a user does not supply the onboarding configuration before launching the inst

### Mist-Managed Setup

Once the EC2 instance is launched with the correct registration-code, the device will self-onboard to appropriate Mist organization. The device is visible as Unassigned in the Mist organization once onboarding is complete. At this point, the SSR install process will begin. This process can take up to 15 minutes to complete.
Once the EC2 instance is launched with the correct registration-code, the device will self-onboard to appropriate Mist organization. The device is visible as Unassigned in the Mist organization once onboarding is complete. At this point, the SSR install process will begin. This process can take up to 15 minutes to complete. Once complete the `Version` will be populated in the Mist inventory.

If the device does not show up in the Mist organization or the desired SSR version was not installed after 15 minutes, SSH into the instance. If the instance was created using the BYOL template, the default username will be `t128`. If not, the username will be `ec2-user`.

Expand All @@ -136,13 +152,24 @@ If the device does not show up in the Mist organization or the desired SSR versi

### Network Interfaces Layout

The _Session Smart Router Template_ deploys an EC2 instance for the SSR with two network interfaces and an optional third network interface. The template attaches the network interfaces to the EC2 instance in the following order: Public, Private, and Management. The network interfaces to be used in Mist configuration are as follows:
The _Session Smart Router Template_ deploys an EC2 instance for the SSR with two network interfaces and an optional third management interface. The template attaches the network interfaces to the EC2 instance in the following order: Management (Optional), Public, Private.

If a management network interface is provided, the names to be used in the Mist configuration are as follows:

| Network Interface Name | Subnet | Mist Config Name |
| ---------------------- | ---------------- | ---------------- |
| ge-0-0 | Management | Out Of Band Management |
| ge-0-1 | Public | ge-0/0/1 |
| ge-0-2 | Private | ge-0/0/2 |

If no management network interface is provided, the names to be used in the Mist configuration are as follows:

| Network Interface Name | Subnet | Mist Config Name |
| ---------------------- | ---------------- | ----------------|
| ge-0-0 | Public | ge-0/0/0 |
| ge-0-1 | Private | ge-0/0/1 |
| ge-0-2 | Management | Out Of Band Management |
| Network Interface Name | Subnet | Mist Config Name |
| ----------------------- | --------------- | ---------------- |
| ge-0-0 | Public | ge-0/0/0 |
| ge-0-1 | Private | ge-0/0/1 |
| ge-0-2 (If Applicable) | HASync | ge-0/0/2 |
| ge-0-3 (If Applicable) | HAFabric | ge-0/0/3 |

#### Interface Tagging

Expand All @@ -152,7 +179,9 @@ In addition to using the cloud formation template, the admin can tag the interfa
| --------- | ------- |
| WAN | Interface is marked as WAN for onboarding purposes. Without a MGMT interface, it is assumed to have connectivity to Mist cloud infrastructure. |
| LAN | Interface is marked as LAN and is assumed to be used as a private network for internal workflows. |
| MGMT | Interface is marked as MGMT and is assumed to have connectivity to Mist cloud infrastructure. |
| MGMT | Interface is marked as MGMT and is assumed to have connectivity to Mist cloud infrastructure and SSH access prior to site assignment. |
| HAFabric | Interface is marked as HAFabric and is used as the fabric link in an HA deployment. |
| HASync | Interface is marked as HASync and is used as the redundancy link in an HA deployment. |

:::note
The EC2 instance must be assigned the IAM role containing the `ec2_describeNetwork` permission to leverage the interface tagging. This is automatically done when using the provided templates.
Expand Down Expand Up @@ -183,10 +212,10 @@ A description of the parameters of the template are listed in the following tabl
| Parameter | Description |
| -------------------- | ----------- |
| Router Name | Name of the VM for the Mist-managed router.|
| Version | SSR software version installed on the instance. |
| Registration Code | The Mist registration used for adoption of the EC2 instance to a Mist organization. |
| Version | SSR software version installed on the instance. |
| Registration Code | The Mist registration used for adoption of the EC2 instance to a Mist organization. |
| Instance size | Size of the EC2 instance.|
| SSH IAM Key | IAM user key (SSH public key) to login to the EC2 instance (Linux) via SSH.|
| SSH IAM Key | IAM user key (SSH public key) to login to the EC2 instance (Linux) via SSH.|
| VPC ID | ID of the existing VPC where the Mist-managed router is going to be deployed. |
| Public Inteface Subnet | ID of the public subnet within the VPC. |
| Public Interface Allowed CIDR | The IP CIDR range of the endpoints allowed to originate traffic to the Router's public interface in the public subnet. |
Expand Down Expand Up @@ -232,7 +261,7 @@ Paste the following JSON content. Please adjust the values to your specific envi
"Name": "<instance name>",
"Version": "<ssr-version>",
"RegistrationCode": "<Registration-code>",
"InstanceType": "c5.xlarge",
"InstanceType": "c5n.xlarge",
"KeyName": "<ssh-key-name>"
"VpcId": "<ID of the VPC>",
"PublicSubnet": "<ID of the public subnet within the VPC>",
Expand Down