CrossClave can be deployed through the AWS marketplace. This gives your organization the benefits of self-hosting combined with the stability and uptime of AWS's service. Users on an AWS-hosted CrossClave instance receive the same features as users hosted on SpiderOak's own servers.
This document details prerequisites, filling out deployment details in CloudFormation, accessing the end-user application, and how to connect the application to your CrossClave deployment.
Prerequisites
- An AWS account. The CrossClave application stack requires S3, EC2, Route 53, and Elastic Beanstalk. Deployment is automated through the CloudFormation template provided through the AWS Marketplace.
- An SSH key in your AWS account. See AWS documentation for how to add a key to your account.
- A domain or subdomain managed through Route 53 that will be used with CrossClave
Specify Stack Details and Configure Stack Options
To build your CrossClave deployment you simply need to provide some details in a CloudFormation template. Using those details your deployment will be automatically created.
Specify stack details
- Stack Name: This is used to identify your CrossClave deployment within your AWS account.
- 01Route53HostedZoneId: Enter ID for route53 hosted zones for Dns Information
- 02FlowBlockAddr: This is a subdomain of the domain listed above that will be used to connect to the FlowBlock service. If your domain is example.com this value could be flowblock.example.com. The DNS and other settings for this subdomain will be generated for you automatically.
- 03FlowStoreAddr: This is a subdomain of the domain listed above that will be used to connect to the FlowStore service. If your domain is example.com this value could be flowstore.example.com. The DNS and other settings for this subdomain will be generated for you automatically.
- 04EC2FlowLicenseAddr: Enter a URI for Flow License e.g. flowlicnse-cf.cloud.spideroak.com
- 05EC2KeyName: From the dropdown menu, select the SSH key to be used to access the instance
- 06EC2InstanceType: Select an instance type from the dropdown menu. Each instance type has different charge rates, so choose one that fits your budget while taking into account how many users will be connecting to it. For testing t2.micro is appropriate. For larger teams m5/m5a are appropriate.
- 07EC2VolumeSize: The volume size should be at least 10 GB.
- 08VPCSubnets: Select at least two subnets from the listed options.
- 09VPCID: Select one of the listed options.
- 10ELBIngressCidr: To allow all connections without IP address filtering, enter
0.0.0.0/0
. If you have specific IP filtering within your organization, enter the CIDR value. This value applies to end users connecting to your CrossClave instance. - 11AdminIngressCidr: To allow all connections without IP address filtering, enter
0.0.0.0/0
. If you have specific IP filtering within your organization, enter the CIDR value. This value applies to accessing the EC2 instance via SSH only. - 12FlowLicenseAdminUsername: Create a Username used when accessing the Flow License service.
- 13FlowLicenseAdminPassword: Password used when accessing the Flow License service.
Configure stack options
- Tags: Optional. You can specify tags (key-value pairs) to apply to resources in your stack. You can add up to 50 unique tags for each stack. Learn more
- Permissions: In order to create your CrossClave instance an IAM role must be created in your account. Choose an IAM role to explicitly define how CloudFormation can create, modify, or delete resources in the stack. If you don't choose a role, CloudFormation uses permissions based on your user credentials. Learn more
- Advanced Options: These optional settings can be configured based on your needs.
Confirm ACM Certificates
- Go into certificate manger to the pending validation and click "Create Record" in route 53 for each pending certificate.
Review
Review the information and settings you have entered, then at the bottom of the page select Create Stack. It will take a few minutes for the services to be created and brought online. You can monitor this in the Events section of the following page.
Accessing the end-user CrossClave application
After your deployment is created and running, you are ready to connect using the CrossClave application. The application is available from the SpiderOak website or within the AMI in the /installers
directory. Direct links are provided below:
Connecting the CrossClave application to your CrossClave deployment
CrossClave was designed to accomodate both SaaS and on-premise deployments. After installing the desktop or mobile application, click the Sign Up button. You will then be prompted for a Team Join URL. The Team Join URL tells the CrossClave application which server to connect to. Your Team Join URL was generated as part of the setup process and is accessible in the Output section of the Stacks information in your AWS account. The Team Join URL consists of the URL you entered in the 02FlowBlockAddr field, along with a hash value.
The Team Join URL looks like this:
https://flow-block.example.com/e5e22675300d4f057b20132c4a5cf0803ac03a6f31eeab80057d83034cd7d4c7
Each end user must be given the Team Join URL in order to connect their CrossClave application to your CrossClave deployment.
Generating a #LicenseKey for team creation
When creating a Team you will need a #LicenseKey. Use the provided script to pull the license key.
# *nix/Mac curl -s -u 12FlowLicenseAdminUsername:13FlowLicenseAdminPassword -X POST https://04FlowLicenseAddr/licenses | python -c ‘import json; import sys; print(json.load(sys.stdin)[“key”])’ # Windows PowerShell $Header = @{“Authorization” = “Basic “+[System.Convert]::ToBase64String([System.Text.Encoding]::UTF8.GetBytes(“12FlowLicenseAdminUsername:13FlowLicenseAdminPassword”))} Write-Output $(Invoke-RestMethod -Method POST -Header $Header -uri “https://04FlowLicenseAddr/licenses”).key
The 12FlowLicenseAdminUsername
and 13FlowLicenseAdminPassword
are the username and password you created in the set up.
This will output the #LicenseKey. This can be done as needed for each Team you wish to create.
Comments
0 comments
Please sign in to leave a comment.