Anchore Enterprise Cloud Image

1 - Enterprise Cloud Image - Amazon Machine Image (AMI)

Overview

Anchore Enterprise Cloud Image is a fully functional Anchore Enterprise deployment that is pre-configured and ready to use. The cloud image is currently available for our Amazon users. For general information on the Amazon Machine Images (AMI) and how to use them, see the Amazon EC2 documentation.

The Anchore Enterprise Cloud Image Manager is shipped as part of the AMI to aid in the installation, configuration, and management of the Anchore Enterprise Cloud Image. For more information about the Cloud Image Manager, see the Cloud Image Manager.

Recommendations and Requirements

The following are requirements and recommended best practices for deploying the Anchore Enterprise Cloud Image in AWS.

• Memory Requirement - The Cloud Image requires a minimum of 32 GB of memory to operate.
• Disk Requirement - The Cloud Image requires a minimum of 128 GB of disk space for root volume and 1 TB for data volume to operate.
  • Note: The data volume by default will not delete on termination of your AMI.
• CPU Requirement - The Cloud Image requires a minimum of 4 vCPU to operate.

AWS Supported Instance Type

The baseline supported instance type on Amazon Web Services is the r7a.xlarge. This gives the best mix of performance to cost for running Anchore Enterprise.

The Cloud Image Manager will not enforce the use of this instance type but will check for the minimum resources needed to run the software. If you would like to use a different instance type, please contact Anchore Support for guidance.

For more information on AWS Instance Types Please review the following links

• AWS Instance Types Overview
• AWS Pricing Calculator

Key pair type

The Anchore Enterprise Cloud Image is running with FIPS enabled. When creating your Key Pair, you must use an RSA key. The ED25519 key will be rejected as a non-FIPS-compliant algorithm.

Please review the AWS documentation on using Amazon EC2 Key Pairs

Security Group

The Anchore Enterprise Cloud Image requires the following ports to be open in the security group:

• TCP 22 - SSH
• TCP 443 - HTTPS
• TCP 8443 - Grafana

Please review the AWS documentation on Security Groups.

Cloud Image Manager Terminals

Please review the Best Practices for the Cloud Image Manager for the recommended terminal applications to use.

Anchore Cloud Image License

The Anchore Enterprise Cloud Image requires a valid license to operate. The license is provided by Anchore during the purchase process. The license file is required to be uploaded via the Cloud Image Manager during the initial setup.
Please have it available before starting the installation process.

Launching the AMI

To launch the Anchore Enterprise Cloud Image AMI, please refer to the AWS documentation on Launch an Amazon EC2 instance.

You may also want to review the AWS guide for how to Connect to your EC2 instance.

Once the instance is launched, please review the Cloud Image Manager documentation for the next steps on Accessing the Cloud Image Manager. The Cloud Image Manager will walk you through the preflight checks, configuration, and management of your Anchore Enterprise Cloud Image deployment.

Backup and Restore

It is important that you have a backup and restore strategy in place to protect your data. The Anchore Enterprise Cloud Image Manager will prompt you to create a snapshot prior to upgrading your Anchore Enterprise Cloud Image or expanding your disks. It is also reasonable for you to create a snapshot of your EBS volume on a regular basis.

Please refer to the AWS documentation on AWS Backup and Amazon EBS Snapshots.

Expanding your disks

During the course of using the product, you may wish to expand the size of your disks. It is strongly recommended that you create a snapshot of your EBS volume prior to expanding your disks.

Please refer to the AWS documentation on Extend or modify disk volume

Once you have expanded your disk, you will need to resize the filesystem to take advantage of the additional space. The Cloud Image Manager provides a utility to resize the filesystem. Please refer to the Cloud Image Manager Configuration Disk Expansion for more information.

Upgrading the Cloud Image

Occasionally, Anchore will release updates to the Anchore Enterprise Cloud Image. The Cloud Image Manager will provide you with the upgrades that are available to you and allow you to determine when you want to upgrade. It is strongly recommended that you create a snapshot of your EBS volume prior to upgrading your Anchore Enterprise Cloud Image.

Please refer to the Cloud Image Manager upgrade documentation for more information.

Support for your Cloud Image

During operation of Anchore Enterprise or the Cloud Image, you may require support from Anchore Support. The Cloud Image Manager provides you with a seamless way to generate a support bundle and upload it to Anchore Support.

Please refer to the Cloud Image Manager Support documentation for more information.

2 - Anchore Enterprise Cloud Image Manager

Overview

The Cloud Image Manager is a proprietary tool that allows users to seamlessly manage their Anchore Enterprise Cloud Image deployments. It walks users through the process of installing, configuring, and upgrading their Anchore Enterprise Cloud Image deployment.

Best Practices

The Cloud Image Manager uses Textual (a TUI framework for Python) to provide a terminal-based interface. For your best user experience, please use the following terminal emulators when connecting to the Cloud Image Manager.

• On Linux
  • Kitty
  • WezTerm
• On macOS
  • iTerm2
  • Kitty
  • WezTerm
• On Windows
  • PowerShell

Note: We recommend against using the default macOS Terminal application as it may not render the TUI correctly. For more information on why, please see Textual FAQ.

Accessing the Cloud Image Manager

After your instance is launched, you can access the Cloud Image Manager by connecting to the instance via SSH. Using your private key file used for authentication (likely generated when setting up the instance) and the public IP address of the instance, connect using the following example command:

ssh -i ~/my-keypair.pem [email protected]

Potential Issues

1. Permissions on key file - If you get a WARNING: UNPROTECTED PRIVATE KEY FILE error, fix it by setting the correct permissions on your key file. Run the following command to set the correct permissions:

   chmod 400 ~/my-keypair.pem
   

2. Connection Issues - If you experience a Connection Timeout or Host Unreachable error, verify that the instance is running and that the security group allows SSH traffic on port 22.

You should now be connected to the Cloud Image Manager.

Preflight Checks

The Cloud Image Manager will perform a series of preflight checks to ensure that the system is ready for installation. These checks include ensuring that the machine image has met memory, disk space, and CPU requirements. If the system does not meet the requirements, the preflight checks will fail and the installation will not proceed.

Initial Install

The Cloud Image Manager will walk you through the initial installation process. At the end of this process, the Cloud Image Manager will provide you with the URL to access the Anchore Enterprise UI as well as your administrator credentials.

Upgrade

The Cloud Image Manager will determine if there are any upgrades available for your Anchore Enterprise Cloud Image deployment. If an upgrade is available, the Cloud Image Manager will walk you through the upgrade process. If downtime is required, the Cloud Image Manager will notify you prior to proceeding. This will allow you to plan for the upgrade when it is convenient for you. It is highly recommend that you take a snapshot of your EBS volume prior to upgrade.

Configuration

The Cloud Image Manager configuration screen allows the following options:

• Adding and updating the Anchore Enterprise License.
• Providing any Server Certificates required for TLS access to Anchore Enterprise services.
• Providing a custom Root Certificate if one is required for your environment.
• Configuring any optional proxy settings required for your environment.
• Disk Expansion

Re-configuring Proxy Settings

Changing Proxy settings after completing the installation process currently requires manual intervention for the settings to be fully applied. If you must change the Proxy settings, please contact customer support for assistance.

Expanding Disks

The Cloud Image Manager provides a utility to expand the root and data volumes once your virtual hard disk has been increased in size. This step is necessary to take advantage of the additional space. The Cloud Image Manager will shut down Anchore Enterprise during this operation. It is highly recommend that you take a snapshot of your EBS volume prior to any operation that may modify your disk volumes.

System Status

The Cloud Image Manager provides a system status screen that shows the current service and container status of the Anchore Enterprise services. It also provides the list of currently deployed versions of Anchore Enterprise, Anchore Enterprise UI as well as the other infrastructure components that are automatically deployed within the Anchore Enterprise Cloud Image.

Support

The Cloud Image Manager provides a support screen that allows you to:

• Generate a support bundle. This will result with the location of the support bundle.
• Upload a generated support bundle. This will be automatically uploaded to Anchore. You must create a support ticket and provide the Support Bundle ID and Filename to the support team.
• As part of the Cloud Image deployment, you have access to Grafana data that is collected for your deployment. This data can be used to monitor the health of your deployment. The Cloud Image Manager provides a link and credentials to access the Grafana dashboard.