Deploying the Private Access Connector on AWS Marketplace

Connect your AWS applications with Zero Trust Secure Access Private Access and prevent unauthorized intrusions.

Private Access Connectors connect your internal applications with Zero Trust Secure Access Private Access, which allows you to control access to sensitive corporate resources. To ensure high availability (HA) and facilitate load-balancing on high traffic apps, install and group together at least 2 connectors in each environment. Before attempting to deploy the Private Access Connector, ensure that your environment meets the minimum system requirements.

  1. In the Trend Micro Vision One console, go to Zero Trust Secure Access > Secure Access Configuration > Private Access Configuration.
  2. For customers that need to create a new connector group, click Add Private Access Connector Group.
    1. Provide a unique name and description for the group.
    2. Click Save.
  3. Locate your Connector group name in the list and click the New connector () icon.

    The Private Access Connector Virtual Appliance panel appears.

  4. Select Amazon AWS from the Platform list.
  5. Copy the Registration token for later use.
  6. Sign in to the AWS Marketplace and locate the Trend Micro Vision One - Zero Trust Secure Access app.
    Important:

    The steps and screens contained in these instructions were valid as of October 2022.

  7. Click Continue to Subscribe.
  8. Click Continue to Configuration.
  9. Select your fulfillment options and software version, and click Continue to Launch.
    Note:

    Make sure that you always select the latest software version.

  10. In the Choose Action field, select Launch CloudFormation and click Launch.

    The Create stack screen opens.

  11. Keep the default settings and click Next.
  12. In the Stack name section, specify a Stack name for the CloudFormation stack of your Private Access Connector.
  13. In the Parameters section, specify each field, and then click Next.
    Important:

    To use automatic scaling of the VM instances via dynamic scaling policies, you must set MonitoringGranularity to 1 min for EC2 detailed monitoring. Detailed monitoring incurs charges. For more information, see Amazon CloudWatch documentation.

  14. Keep the default settings and click Next.
  15. Click Create stack.
    Note:

    The system launches two instances when creating the stack. Allow some time for the process to complete.

  16. (Optional) Scale the VM instances either by manually specifying a fixed Auto Scaling group size or via dynamic scaling policies.
  17. (Optional) Launch and configure a Private Access Connector VM.
    1. On the auto scaling group screen, click the Instance Management tab.
    2. Click the instance ID of an instance you just launched and copy the public IPv4 address of the instance.
    3. Open a command prompt and run the following ssh command to log on to the Connector virtual appliance with the default credentials.

      ssh -i <path_of_the_private_key_file> admin@<public_IP_address_of_the_instance>

      Important:

      AWS automatically creates a user for the VM. Make sure you use admin rather than the created user to log on.

    4. Set your password for the enable command by running the following command and pressing the ENTER key:

      passwd

      The admin user and privileged mode share the same password.

    5. Switch to privileged mode by typing the enable command, pressing the ENTER key, and provide the updated password.

      The command prompt changes from > to #.

    6. Run the following command to change the time zone of the connector:

      configure timezone <timezone>

      The default time zone is America/Los_Angeles.

    7. Check whether the Connector can connect to the NTP server 0.pool.ntp.org.

      The Connector requires connectivity to an NTP server to synchronize its clock. By default, Trend Micro Vision One uses the public NTP server 0.pool.ntp.org. You can also configure the Connector to connect to another public NTP server or a local NTP server within your organization.

      Run the following command to configure the NTP server: configure ntp server <address>

      Note:

      To use public NTP servers, make sure that your firewall configuration allows outbound UDP traffic on port 123.

  18. Use the CLI to configure other settings, if required.

    For more information on available commands, see Private Access Connector CLI Commands.

    After successful deployment, the connector virtual appliance appears under the corresponding connector group on the Private Access Connectors tab.