Jump to content
  • Deploying Spotfire on AWS


    Overview

    This article describes how to deploy a basic Spotfire Server environment on Amazon Web Services (AWS) using Virtual Machines

    Note: For a production environment that fits your needs you may need to iterate some of the steps:

    • deploy a Spotfire Server cluster
    • add more Spotfire services

    See the Spotfire Server documentation for further information.

    Prerequisites

    • A AWS subscription with an existing project and VPC network for Spotfire resources 
    • A Spotfire Server installation kit.

    Procedure

    To deploy a Spotfire Server on AWS, complete the following steps.

    Prepare the network

    Note you may skip some of these steps if you already have a dedicated VPC with subnets, internet gateway associated, DHCP enabled and DNS resolution. The steps are described in order to provide a more detailed view on required AWS network setup.

    Create a VPC

    1. From the AWS Services menu, select VPC.
    2. Within the VPC navigation pane, select Your VPCs, and click on Create VPC.
    3. Provide a VPC name (e.g., spotfire-vpc), an IPv4 CIDR block (e.g., 10.0.0.0/16)
    4. The new VPC is listed in the VPC Dashboard.

    EEnable DHCP and DNS

    1. Within the VPC navigation pane, select Your VPCs, select your VPC (e.g., spotfire-vpc) and click Actions>Edit DHCP Options set
    2. Assign an existing DHCP options set to your VPC and click Save.
    3. Click Actions>Edit DNS resolution, make sure it is enabled and click Save.
    4. Click Actions>Edit DNS hostnames, make sure it is enabled and click Save.

     

    Create Subnets

    We need at least two subnets in two different Availability zones.

    1. Within the VPC navigation pane, select Your VPCs, and select Subnets, and click on Create subnet.
    2. Provide a Name tag (e.g., spotfire-subnet-eun1a), a VPC where it belongs (e.g., spotfire-vpc), an Availability Zone (e.g., eu-north-1a) and an IPv4 CIDR block (e.g., 10.0.0.0/24). Click Create.
    3. The subnet is created.
    4. Repeat the process at least for creating a second subnet. For example, with a Name tag (e.g., spotfire-subnet-eun1b), same VPC (e.g., spotfire-vpc), an Availability Zone (e.g., eu-north-1b) and IPv4 CIDR block within the VPC CIDR block (e.g., 10.0.1.0/24). Click Create.
    5. The subnet is created.
    6. The subnets are listed in the Subnets table.

    Create an Internet gateway associated with the VPC

    We need an internet gateway associated with the VPC to provide external internet access to our servers.

    1. Within VPC, select Internet gateways and click Create internet gateway.
    2. Provide an internet gateway name (e.g., spotfire-gw) and click Create internet gateway. The gateway is created.
    3. Click on Actions > Attach to VPC
    4. Select an Available VPC and click Attach internet gateway.
    5. From the navigation pane, select Route Tables, select the route associated with your VPC, and click on the Routes tab to make sure it has a route to the internet (destination 0.0.0.0/0) via your internet gateway.

       

     

    Create a Security Group

    1. From the AWS Services menu, select EC2, and from the EC2 navigation pane, select Security Groups.
    2. You may use the default security group or create a new one for your Spotfire environment. 
    3. Within Basic details, provide a Security group name (e.g., spotfire-sg) and a VPC (e.g., spotfire-vpc). Click Create security group
    4. The security group is listed in the Security groups table.

    Configure firewall rules in the Security Group

    1. Within the Security Groups, select your security Group (e.g., spotfire-rg) and click Actions>Edit inbound rules.
    2. We need to add the following Inbound rules:
      • Allow HTTP (port 80) from our laptop (or anywhere if we want to provide access our deployment)
      • Allow PostgreSQL (port 5432) from within our Security Group and our laptop. 
      • Allow SSH (port 22) from our laptop.
      • Allow RDP (port 22) from our laptop.
      • Allow Spotfire registration ports 9501-502 from within our Security Group.
      • Allow Spotfire communication port 9080 from within our Security Group.
      • Allow Spotfire communication port 9433 from within our Security Group.

    aws-sg-inbound-rules.thumb.png.e5f54ab75500bb145552ab4ea85027a0.png

    It is recommended to delete rules allowing access from your laptop after the Spotfire environment has been configured.

    For detailed information on required ports, see the Spotfire Server and Environment Security documentation.

    Setting up the Spotfire Database

    Follow the corresponding article for setting up the Spotfire Database in AWS:

     

    Deploy a Spotfire Server

    Create a new Virtual Machine to host the Spotfire Server

    We will use a CentOS VM for Spotfire. Look for an official Centos 8 AMI https://wiki.centos.org/Cloud/AWS in your Region (e.g., ami-0474ce84d449ee66f in region eu-north-1).

    1. Within EC2 navigation pane, under Instances, select Instances. If any instance, the list of existing instances is displayed.
    2. Click Launch Instance to create a new EC2 instance.
    3. Within Choose an Amazon Machine Image (AMI), search for that AMI id in AWS and click Enter.
    4. Select the CentOS AMI and click Select.
    5. Within Choose an Instance Type, pick one according to your needs. For a standard Spotfire Server deployment and for the purposes of this exercise, the recommended selection is a General-purpose machine (e.g., t3.medium). Click Next.
    6. Within Configure Instance Details, select the Network (e.g., spotfire-vpc) and Subnet (e.g., spotfire-subnet). When you are ready, click NextNote you may verify the CPU options that match your Spotfire license.
    7. Within Add Storage, select the appropiated size (e.g., 10 GB). Click Next.
    8. Within Add Tags, you may add tags for later instance identification. Click Next.
    9. Within Configure Security Group, select your previously created security group (e.g., spotfire-sg). Click Review and Launch.
    10. Within Review instance, confirm all settings are correct and click Launch.
    11. Within the Select an existing key pair or create a new key pair pop up, select Create a new key pair. provide a Key pair name (e.g., spotfireserver-vm-1-key). Click Download Key Pair. Click Launch Instances.
    12. A launch status page confirmation is displayed and the EC2 instance is launching. You can click View instances
    13. Additionally, you can assign the EC2 instance a friendly name (e.g., spotfireserver-vm-1) to the instance within the EC2 instances table by clicking on the pencil icon within the Name column.

    Allocate an Elastic IP address

    1. Within EC2 navigation pane, under Network & Security, select Elastic IPsand click Allocate an Elastic IP
    2. The default Elastic IP address setting is to use one of Amazon's pool of IPv4 addresses. Click Allocate.
    3. A new Elastic IP address is allocated. Note that IP address (e.g., 13.26.39.52).
    4. You can assign it a name for easier identification (e.g., spotfireserver-pip).

    Assign IP

    1. Within EC2 navigation pane, under Network & Security, select Elastic IPs
    2. Select Actions > Associate Elastic IP address.
    3. Select the Resource type with which to associate the Elastic IP address (e.g., Instance), the Instance (e.g., spotfireserver-vm-1) and enable Allow this Elastic IP address to be reassociated. Click Associate.
    4. The Elastic IP address association is listed in the table. 

    Copy the Spotfire Server software

    1. Copy the previously created keys to a secure place with proper permissions.

       cp Downloads/spotfireserver-key.pem /home/mdiez/.ssh/spotfireserver-key.pem sudo chmod 400 $HOME/.ssh/spotfireserver-key.pem
       
    2. Copy the installation package

       scp -i .ssh/spotfire-keys.pem /mnt/c/in/tss-10.10.1.x86_64.rpm centos@13.26.39.52:/tmp
       
    3. Now you can ssh into the server

       ssh -i .ssh/spotfireserver-key.pem centos@13.26.39.52
       

     

    Install the Spotfire Server software

    1. Install the Spotfire Server package:

       sudo yum install -y tss-10.10.1.x86_64.rpm
       

     

    Configure the Spotfire Server software

    1. Configure Spotfire Server ports:

       export TSS_VERSION=10.10.1 export TSS_HOME=/opt/tibco/tss/$TSS_VERSION sudo /opt/tibco/tss/$TSS_VERSION/configure -s 80 -r 9080 -b 9433
       
    2. Set node manager to not use IP addresses:

       cd $TSS_HOME/tomcat/spotfire-bin/ sudo bash -c "echo 'nodemanager.use.ip=false' >> ${TSS_HOME}/nm/config/nodemanager.properties"
       
    3. Install the PostgreSQL JDBC driver:

       sudo yum install -y postgresql-jdbc
       
    4. Copy the PostgreSQL JDBC driver to Spotfire's custom-ext folder:

       sudo cp /usr/share/java/postgresql.jar $TSS_HOME/tomcat/custom-ext
       
    5. Set some variables for easier execution. For the SPOTFIRE_DB_HOST use the DB Endpoint (see your instance's RDS Connectivity & Security details, e.g., _spotfire-db.halflife3.eu-north-1.rds.amazonaws.com_). Note the usernames and passwords below are just examples for illustration purposes, please use always secure passwords.

       export SPOTFIRE_DB_HOST=spotfire-db.halflife3.eu-north-1.rds.amazonaws.com export SPOTFIRE_CONFIG_TOOL_PASSWORD=cfgadmin123 export SERVERDB_NAME=spotfire_server export SERVERDB_USER=dbspotfire export SERVERDB_PASSWORD=dbspotfire123 export SPOTFIRE_ADMIN_USER=spotfire export SPOTFIRE_ADMIN_PASSWORD=admin123
       
    6. Create a bootstrap file:

       cd $TSS_HOME/tomcat/spotfire-bin/ sudo ./config.sh bootstrap --no-prompt \   --driver-class=org.postgresql.Driver \   --database-url=jdbc:postgresql://${SPOTFIRE_DB_HOST}:5432/${SERVERDB_NAME} \   --username=${SERVERDB_USER} --password="${SERVERDB_PASSWORD}" \   --tool-password="${SPOTFIRE_CONFIG_TOOL_PASSWORD}"
       
    7. Create the default configuration:

       sudo ./config.sh create-default-config
       
    8. Import the configuration to the database:

       sudo ./config.sh import-config --tool-password="${SPOTFIRE_CONFIG_TOOL_PASSWORD}" --comment="First config"
       
    9. Create the '${SPOTFIRE_ADMIN_USER}' user and promote him to become administrator:

       sudo ./config.sh create-user --tool-password="${SPOTFIRE_CONFIG_TOOL_PASSWORD}" \   --username="${SPOTFIRE_ADMIN_USER}" --password="${SPOTFIRE_ADMIN_PASSWORD}" sudo ./config.sh promote-admin --tool-password="${SPOTFIRE_CONFIG_TOOL_PASSWORD}" \   --username="${SPOTFIRE_ADMIN_USER}"
       
    10. Start the service:

       sudo service tss-10.10.1 start
       
    11. Verify your installation by opening a web browser to log into the Spotfire Server Admin UI using the public IP address http://<spotfireserver-public-ip>. 

    For a production environment, we recommend reviewing Configure HTTPS.

     

    Deploy a node manager with WebPlayer

    Create a new Virtual Machine to host the node manager

    1. Within EC2 navigation pane, under Instances, select Instances. If any instance, the list of existing instances is displayed.
    2. Click Launch Instance to create a new EC2 instance.
    3. Within Choose an Amazon Machine Image (AMI), search for Windows Server, and click Enter.
    4. Select the Microsoft Windows Server 2019 Base and click Select.
    5. Within Choose an Instance Type, pick one type according to your needs. For a standard Spotfire Server deployment and for the purposes of this exercise, the recommended selection is a General-purpose machine (e.g., t3.medium). Click Next.
    6. Within Configure Instance Details, select the Network (e.g., spotfire-vpc) and Subnet (e.g., spotfire-subnet). When you are ready, click NextNote you may verify the CPU options that match your Spotfire license.
    7. Within Add Storage, select the appropriate size (e.g., 10 GB). Click Next.
    8. Within Add Tags, you may add tags for later instance identification. Click Next.
    9. Within Configure Security Group, select your previously created security group (e.g., spotfire-sg). Click Review and Launch.
    10. Within the Review instance, confirm all settings are correct and click Launch.
    11. Within the Select an existing key pair or create a new key pair pop-up, select Create a new key pair. provide a Key pair name (e.g., webplayer-vm-1-key). Click Download Key Pair. Click Launch Instances.
    12. A launch status page confirmation is displayed and the EC2 instance is launched. You can click View instances
    13. Additionally, you can assign the EC2 instance a friendly name (e.g., webplayer-vm-1) to the instance within the EC2 instances table by clicking on the pencil icon within the Name column.

    Connect to the Virtual Machine

    1. Allocate a new IP address and associate it with the new EC2 instance (follow the previous steps for the spotfireserver VM). 
    2. From the EC2 instances, select the created EC2 instance and click Actions>Get Windows password.
    3. In the popup window, upload the Key Pair file to show the user name and automatically generated password.
    4. From your laptop, open your Remote Desktop Client and connect to the node manager VM using the VM's public IP address and the created specific username and password.

    Configure the node manager Windows OS firewall to allow back-end communication

    1. Once you logged in to the Windows VM instance via RDP, from the Windows Start menu, open the Windows Defender Firewall.
    2. Select Inbound Rules, and click on New Rule.
    3. Under Rule Type, select Port and click Next.
    4. Select TCP, and add rules for the Specific local ports intervals (e.g., 9080,9443,5701-5702) and click Next.
    5. Leave all selections where the rule applies by default and click Next.
    6. Provide a Name for the rule (e.g., Allow back-end communication) and click Next.

    Install the node manager

    1. Copy the nm-setup.exe installation package to the Windows VM. 
    2. Verify you can ping the Spotfire Server VM using its hostname (e.g., spotfireserver-vm-1):
       ping spotfireserver-vm-1	 
       
    3. Open the File Browser, and run the node manager installer nm-setup.exe.
    4. Follow the Node manager installation procedure as specified in the Spotfire Server documentation. For Spotfire Server name, enter the Spotfire Server VM hostname (e.g., spotfireserver-vm-1) or Private DNS (see the EC2 detais) since the assigned IP address may change between VM restarts. For the same reason, for the Node Manager network names, remove the IP address and Windows OS hostname, and use instead the Private DNS.

    Start the node manager service

    1. Open Control Panel > System and Security > Administrative Tools > Services
    2. Find the Spotfire node manager service, and then click Start

    Add the node manager to trusted nodes

    1. On your computer, open a browser and navigate to the Spotfire administration dashboard using the Spotfire server's public IP address.
    2. Click Nodes & Services > Untrusted nodes.
    3. Under Untrusted nodes, select the check box next to the new node manager, and then click Trust nodes.
    4. In the Trust node dialog box, click Trust
    5. The new node appears on the Your network page when you select the Nodes view.

    Add node manager services

    For information about adding node manager services, see the chapter Service installation on a node within the Spotfire Server documentation.

     

    Next steps

    There are additional steps to configure and secure your Spotfire Server environment, see the Spotfire Server documentation for further information.


    User Feedback

    Recommended Comments

    There are no comments to display.


×
×
  • Create New...