Add to collection(s) Add to saved
  1. Engineering & Technology
  2. Computer Science
  3. Networking

The Cloud is NOT That Secure

advertisement 
User Guider
Secure Cloud Data Migrator (SCDM)
Trend Micro | 10101 N. De Anza Blvd. | Cupertino, CA 95014| ph:408.257.1500 | toll free: 800.228.5651
www.trendmicro.com
Secure Cloud Data Migrator (SCDM)
Date printed: 3/7/2016
Abstract
SCDM is to migrate the on-premise DC files and Mysql Data to AWS S3 and
RDS with efficient method.
This document briefly introduces the principle, installation, features and
trouble shootings.
Note
It is an evaluation purpose solution; the component may be updated
frequently. Some items in the UI may be changed as this document
descripted, so please track the publish web to get the latest information.
Revision History
Revision
1
2
3
4
Date
6/3/2011
6/25/2011
Author
Page 2 of 16
Comment
create
Update the changes
Secure Cloud Data Migrator (SCDM)
Date printed: 3/7/2016
Contents
Abstract ............................................................................................. 2
Note .................................................................................................. 2
Revision History ................................................................................ 2
1 Introduction ................................................................................ 4
2 Installation.................................................................................. 4
2.1
Launch EC2 instance inherited from predefined AMI ...................... 5
2.1.1
Choose the right AMI. ......................................................... 5
2.1.2
Select the instance type=C1.medium .................................... 5
2.2
Generate SSL key pair for client tools and configure the EC2 instance
5
2.2.1
Assign an Elastic IP for this instance (optional) ...................... 5
2.2.2
Login in to EC2 instance with root account and configure SSL
client certification ........................................................................... 5
2.3
Install the client tool (Data Extractor) and Mysql client.................. 7
2.4
Configure SCDM client tool and do simple test. ............................ 8
3 Feature introduction .................................................................. 11
3.1
File Upload ............................................................................. 11
3.2
DB Upload .............................................................................. 12
4 Troubleshooting ........................................................................ 14
4.1
Networking:............................................................................ 14
4.2
Error Handing ......................................................................... 15
4.2.1
Networking disconnect between AWS and your DC ................ 15
4.2.2
Data conflict in Mysql DB data migration .............................. 15
4.2.3
Some manual actions cause the unexpected result. ............... 15
5 Conclusion & feedback .............................................................. 16
Page 3 of 16
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
1 Introduction
SCDM is a point to point cloud data migration solution, which integrates the
openSSL to secure the data transfer over WAN.
Currently, it is as an evaluation tool to support the data (files and MySQL
data) from on-premises DC to Amazon Web Service data storage service (S3
and RDS).
There are two major components in this solution –Client Data Extractor and
AWS predefined EC2 instance. Secure & high efficient protocol is to improve
the transfer efficiency between the client and AWS EC2 instance over WAN.
Client data extractor is installed into on-premises cloud instance, and
connects on-premise DC’s data over intranet. User can upload files or Mysql
data with SCDM client UI.
Predefined EC2 instance as a data receiver is installed in customer AWS
environment and created from predefined AMI, which receives the data from
data extractor and save the data into S3 or RDS (bases on the data type).
2 Installation
Before installation, please confirm following information:
1. Should have an Amazon account and knowledge to use AWS service,
especially on EC2 instance, S3, RDS and so on.
Trend Micro | 10101 N. De Anza Blvd. | Cupertino, CA 95014| ph:408.257.1500 | toll free: 800.228.5651
www.trendmicro.com
Secure Cloud Data Migrator (SCDM)
Date printed: 3/7/2016
1
2
3
4
5
6
2. Your on-premise DC real WAN upload throughput > 10Mbps will be
better, or you may not get the obvious benefits to compare the
Amazon official solution.
3. It is an evaluation purpose, and you should read and accept license
and agreement in the client installation process.
There are four steps to install the evaluation solution.
7
2.1 Launch EC2 instance inherited from predefined AMI
8
9
10
11
12
13
2.1.1 Choose the right AMI.
Choose the community AMI in US East or US West to create EC2 instance
(instance name is US_West_SCDM_Evaluation and
US_East_SCDM_Evaluation). The AMI ID may be changed in the final version,
but please double check the right AMI ID from final publish web
14
15
16
17
2.1.2 Select the instance type=C1.medium
18
19
20
Other steps are same as launching instance.
21
22
2.2 Generate SSL key pair for client tools and configure the
EC2 instance
23
2.2.1 Assign an Elastic IP for this instance (optional)
24
25
26
27
28
2.2.2 Login in to EC2 instance with root account and configure SSL
client certification
Entry the path of “/home/SDTHome”.
Page 5 of 16
Secure Cloud Data Migrator (SCDM)
Date printed: 3/7/2016
1
2
3
4
5
6
7
8
9
10
11
12
Generate the client Key with “SDTKeyGen”
“clientCert.pem” and “clientKey.pem” will be existed in “/home/SDTHome/”
after running SDTKeyGen.
Download the “clientCert.pem” and “clientKey.pem” to local machine for
client tool.
For example (putty method):
Page 6 of 16
Secure Cloud Data Migrator (SCDM)
Date printed: 3/7/2016
1
2
3
4
5
6
7
8
9
10
11
12
13
14
Download the client setup file (SDTSetup.msi and setup.exe) with same
method.
Then, configure the EC2 instance via SDTS3Cfg and reboot EC2 instance.
Note:
Before run the SDTS3Cfg, you should prepare your S3 bucket (bucket name
shouldn’t have blank char and only support lower case letters), access key
and secret key.
After that, you can run the SDTS3Cfg directly, and reboot the instance after
configure successfully, for example:
15
16
17
2.3 Install the client tool (Data Extractor) and Mysql client
18
19
20
21
22
23
24
25
26
Note:
1) Before install client tool, please make sure your computer has
installed .NET Framework 3.5 or later version.
2) For the windows UAC issue, client tool may don’t have permission to
access their files. This suggests you don’t change the default installation
path.
Install Mysql client is to support the Mysql data migration, which isn’t impact
the file migration to S3.
Page 7 of 16
Secure Cloud Data Migrator (SCDM)
Date printed: 3/7/2016
1
2
Mysql client installation please refers to the official Mysql step, and must
select the “Include Bin Directory in Windows Path”, for example:
3
4
5
6
7
8
9
Entry into the download folder and click the “setup.exe” to install the “Secure
Cloud Data Migrator”, the step is same as normal windows software
installation. You should read and accept the content in the license and
agreement. At the beginning of installation, it may pop up a warning, please
click the yes to continue.
10
11
12
13
14
After successful installation, your desktop will have a shortcut named” Secure
Cloud Data Migrator”, which is a link to the main procedure.
15
16
17
18
2.4 Configure SCDM client tool and do simple test.
Double click the desktop shortcut of “secure Cloud Data Migrator”, select the
setting tab, and begin the client configuration.
Page 8 of 16
Secure Cloud Data Migrator (SCDM)
Date printed: 3/7/2016
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
At first, select your downloaded Key and cert (“clientKey.pem” and
“clientCert.pem”)
Set the S3 bucket name as your filled in the EC2 instance for client display
using.
Set the right AWS EC2 IP address or public DNS name.
About the bandwidth limitation, all bases on your needs.
Others please don’t change in this version.
Then click the Save All button.
16
17
Page 9 of 16
Secure Cloud Data Migrator (SCDM)
Date printed: 3/7/2016
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
Before test the tool, please make sure your network is allowed to access
AWS EC2 instance with UDP: 9000, and allowed to get the response from
that EC2 instance with UDP: 9000. Both send and receive should be allowed
in the test. (Source and destination for EC2 instance UDP: 9000 should be
allowed)
Then you can test the networking status between client tool and AWS EC2
instance in File Upload tag.
Click the files button to select any files, and then click the start button to test
the network status (make sure your selected file path only support English
letters and don’t include blank in the file path).
Successfully status:
Failed status:
Page 10 of 16
Secure Cloud Data Migrator (SCDM)
Date printed: 3/7/2016
1
2
3
4
5
6
7
8
9
10
11
12
13
14
If there appears the init error as above information, pls check following
information:
1. Your AWS EC2 instance is running and the UDP port 9000 is listening.
2. Your intranet is allowed to connect the AWS EC2 instance with UDP 9000
and receive the response from that.
3. Your Setting tag fills the right content, and has saved the information?
4. Please turn off the windows firewall, or check your local additional firewall
to allow UDP connection.
5. More info please refers to troubleshooting session or contacts us.
3 Feature introduction
15
3.1 File Upload
16
17
File upload is to migrate the local files to AWS S3.
Page 11 of 16
Secure Cloud Data Migrator (SCDM)
Date printed: 3/7/2016
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
Warning:
Currently, because of an open source tool’s compatible issue (s3fs), the
directory upload isn’t supported in this version. So directory related feature is
disabled in this version.
If you want to upload some files at a time, please copy the files into one
folder, and select all of them to upload.
3.2 DB Upload
DB upload supports the Mysql database upload (table scheme, table data),
But destination database should be exist at first (or test button will be failed).
Meanwhile, this tool supports the table and row level data migration for your
actual needs.
Before using this tool, you should check the network status from AWS EC2
instance to Mysql database service. You can login into AWS EC2 instance,
and use Mysql client to verify it.
Page 12 of 16
Secure Cloud Data Migrator (SCDM)
Date printed: 3/7/2016
1
2
3
4
5
6
7
8
9
10
11
At first, fill the right source DB information, click the
to list all
the tables of the database, and then the tables will be displayed in the left
list view.
Choose the upload tables and set the temp local backup path (for manual
operation when error occurred, and the
is an optional for
user to clean the temp backup, at the same time the option also impact the
server temp backup in S3).
12
13
: Automatically select all tables in this database; the row filter
feature is disabled at this time.
14
There are four options for user to use:
: Automatically create the table schema before data migration.
15
16
17
: By default, when table’s migration is started, migration tool
will lock this table. If check this option, migration process will unlock the
table.
18
19
20
21
22
23
24
25
26
: It is a faster model to support many tables migration. By
default, migration tool will migrate the table one by one. If user check this
option, all tables data in this database will be merged together to migrate.
We suggest user use this option to improve the efficiency, especially for
many tables migration.
The next is to configure the destination DB information. At first, you should
fill the right information of AWS Mysql database.
Page 13 of 16
Secure Cloud Data Migrator (SCDM)
Date printed: 3/7/2016
1
Then click the
2
3
4
5
This is the successful result, or there is something wrong in your
configuration and pop up message will display the error message for your
reference. Such as:
6
7
8
9
10
button to wait for the response.
Warning:
As previous warning, there is the compatible issue with open source module
(s3fs), the directory isn’t supported in this version, so please don’t fill any
11
12
13
content in
disabled in this version.
14
15
16
17
18
19
20
21
22
After above configuration is right, you can click the
button
to begin the migration process. However, above process’s success can’t make
sure your migration process will be successful.
23
24
25
26
27
28
29
, and it is
Database migration leverages your understanding on database, tables,
schemas and data. User should understand if migration is reasonable at first.
For example, if you want to migrate several rows (with row filter) from local
Mysql to AWS RDS, you should make sure the primary key isn’t conflict, or
you will be failed at last.
4 Troubleshooting
4.1 Networking:
Secure cloud data migrator is anther channel to support on-premise DC data
to Amazon storage, and it leverages the EC2 virtual instance.
So the networking status from on-premise DC to Amazon storage should be
smooth.
Page 14 of 16
Secure Cloud Data Migrator (SCDM)
Date printed: 3/7/2016
1
2
3
4
5
6
7
8
9
1. Between AWS EC2 instance and on-premises DC is a Two-way UDP
communication. The Server Port is 9000.
2. Because it is a secure channel via Openssl, and server should verify
the client certification. So client should get the right Cert & Key for
server to verify, and the Cert & Key should be generated from AWS
EC2 instance inherited from predefined AMI.
3. The network status between AWS EC2 instance and AWS storage (S3
or RDS) refer to the AWS guider.
4.2 Error Handing
10
11
12
The tool will handle some errors in the transfer process. However, it isn’t
designed as final product to trail, so some error should be handled by user
self.
13
14
15
16
17
18
19
20
21
22
23
24
25
26
4.2.1 Networking disconnect between AWS and your DC
For file upload, the client will try to reconnect the AWS EC2 instance for 6
times (around 10 minutes) if reconnect successfully, the data migration will
continue with the previous position. Or client will abort this time file transfer.
27
28
29
30
31
32
33
34
35
36
37
4.2.2 Data conflict in Mysql DB data migration
DB data migration will be more complex than file upload; user should have
db migration knowledge before doing this migration, such as key conflict,
table lock issue, schema issue and so on.
38
39
40
4.2.3 Some manual actions cause the unexpected result.
Some unexpected actions may cause the unknown result, but user can refer
to following suggestions to do trouble shooting.
If user manually cancel the file upload, please wait more than 1 minute to restart the file upload process, because this file is locked in the server for 1
minute to wait for the old session timeout.
About DB upload, it doesn’t try to re-connect, user should base on the temp
storage data to manually handle the error via file upload tag and Mysql client
tool. However, this protocol will support around 1 minute’s network
interruption over the WAN.
Actually, SCDM’s DB upload leverages DB’s feature to support that in this
version (However, it isn’t limit to Mysql database from the principle). SCDM
uses DB client to export the data to local file storage, and through secure
channel to upload the file to S3, and then import the data to RDS. Saving
the temp data to local and S3 storage is the consideration for security,
because this tool doesn’t provide some error handling options for user.
Page 15 of 16
Secure Cloud Data Migrator (SCDM)
Date printed: 3/7/2016
1
2
4.2.3.1
AWS EC2 Instance
Make sure following procedures are running.
3
4
5
If above two procedure aren’t running in the EC2 instance, please verify your
installation process at first, or contact us.
6
7
4.2.3.2
Networking issue
Refer above networking troubleshooting information.
8
9
10
11
12
13
14
15
4.2.3.3
Poor performance
From our testing, 10Mbps WAN upload throughput, RTT~=270ms networking
(from China to AWS US East), the file upload speed is around 6Mbps. From
US DC to AWS US East (RTT~=87ms), file upload will be >130Mbps real
upload speed.
16
17
18
4.2.3.4
Other problems
If other field related problem please read this document at first to make sure
the installation and configuration is right. Then contact us to get help.
19
20
21
22
23
24
25
26
27
28
29
30
31
So if poor performance appears, please check your real network throughout
and any other reason limit the performance (disk IO or network control)
5 Conclusion & feedback
This tool is for evaluation purpose; you can free to use and study. Meanwhile
we strongly hope you can send us your feedback at last with following
schema.
1.
2.
3.
4.
Why use this tool?
Benefits from this tool?
What should to be improved?
Other suggestions…
Feedback Email Account: cn_research@trendmicro.com.cn
Page 16 of 16
Related documents
Theoretical Basis for this Curriculum
Theoretical Basis for this Curriculum
OpenStack Storage
OpenStack Storage
通用学术英语-Orientation
通用学术英语-Orientation
Transitions of Logic
Transitions of Logic
Why Every Law Firm Should be Using AWS
Why Every Law Firm Should be Using AWS
Accessing the Amazon Cloud
Accessing the Amazon Cloud
Cloud Computing Development
Cloud Computing Development
Graduate Developer - Wowcher | Daily Deals
Graduate Developer - Wowcher | Daily Deals
Academic Integration of International Experience: Creative
Academic Integration of International Experience: Creative
Download
advertisement