Deploying Pexip Infinity on Amazon Web Services (AWS)
You can use AWS to launch as many or as few virtual servers as you need, and use those virtual servers to host a Pexip Infinity Management Node and as many Conferencing Nodes as required for your Pexip Infinity platform.
AWS enables you to scale up or down to handle changes in requirements or spikes in conferencing requirements. You can also use the AWS APIs and the Pexip Infinity management API to monitor usage and bring up / tear down Conferencing Nodes as required to meet conferencing demand.
Pexip publishes Amazon Machine Images (AMIs) for the Pexip Infinity Management Node and Conferencing Nodes. These AMIs may be used to launch instances of each node type as required.
This flowchart provides an overview of the basic steps involved in deploying the Pexip Infinity platform on AWS:
This topic covers:
There are three main deployment options for your Pexip Infinity platform when using the AWS cloud:
- Private cloud: all nodes are deployed within an AWS Virtual Private Cloud (VPC). Private addressing is used for all nodes and connectivity is achieved by configuring a VPN tunnel from the corporate network to the AWS VPC. As all nodes are private, this is equivalent to an on-premises deployment which is only available to users internal to the organization.
- Public cloud: all nodes are deployed within the AWS VPC. All nodes have a private address but, in addition, public IP addresses are allocated to each node. The node's private addresses are only used for inter-node communications. Each node's public address is then configured on the relevant node as a static NAT address. Access to the nodes is permitted from the public internet, or a restricted subset of networks, as required. Any systems or endpoints that will send signaling and media traffic to those Pexip Infinity nodes must send that traffic to the public address of those nodes. If you have internal systems or endpoints communicating with those nodes then you must ensure that your local network allows this.
- Hybrid cloud: the Management Node, and optionally some Conferencing Nodes, are deployed in the corporate network. A VPN tunnel is created from the corporate network to the AWS VPC. Additional Conferencing Nodes are deployed in the AWS VPC and are managed from the on-premises Management Node. The AWS-hosted Conferencing Nodes can be either internally-facing, privately-addressed (private cloud) nodes; or externally-facing, publicly-addressed (public cloud) nodes; or a combination of private and public nodes (where the private nodes are in a different Pexip Infinity system location to the public nodes).
The following limitations currently apply:
All of the Pexip Infinity node instances that are hosted on AWS must be deployed in a single AWS region, so that inter-node communication between the Management Node and all of its associated Conferencing Nodes can succeed. (In a hybrid cloud deployment, some nodes may be deployed in the corporate network, but those deployed in the VPC must all be in the same AWS region.)
Each AWS region contains multiple Availability Zones. A Pexip Infinity system location is equivalent to an AWS Availability Zone.
Note that service providers may deploy multiple independent Pexip Infinity platforms in any AWS location (subject to your licensing agreement).
SSH access to AWS-hosted Pexip Infinity nodes requires key-based authentication. (Password-based authentication is considered insufficiently secure for use in the AWS environment and is not permitted.) An SSH key pair must be set up within the AWS account used to launch the Pexip Infinity instances and must be assigned to each instance at launch time. You can create key pairs within AWS via the EC2 Dashboard Key Pairs option, or use third-party tools such as PuTTYgen to generate a key pair and then import the public key into AWS.
- Pexip Infinity node instances only support a single SSH key pair.
- If you are using a Linux or Mac SSH client to access your instance you must use the chmod command to make sure that your private key file on your local client (SSH private keys are never uploaded) is not publicly viewable. For example, if the name of your private key file is my-key-pair.pem, use the following command: chmod 400 /path/my-key-pair.pem
See http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-key-pairs.html for more information about creating a key pair.
AWS instances come in many different sizes. In general, Pexip Infinity Conferencing Nodes should be considered compute intensive and Management Nodes reflect a more general-purpose workload.
For deployments of up to 30 Conferencing Nodes, we recommend using:
- an m4.large instance for a Management Node
- a c4.2xlarge instance for Conferencing Nodes
This should provide capacity for approximately 15 HD / 34 SD / 175 audio-only calls per Conferencing Node.
Note that m3.large and c3.2xlarge can be used instead if m4.large and c4.2xlarge are not available in your region. Larger instance types (such as c4.4xlarge and c4.8xlarge) may also be used for a Conferencing Node, but the call capacity does not increase linearly so these may not represent the best value.
Within a VPC, private IP addresses may be allocated dynamically (using DHCP) or statically, by defining an instance's IP address at launch time. After a private IP address has been assigned to an instance, it will remain associated with that instance until the instance is terminated. The allocated IP address is displayed in the AWS management console.
Public IP addresses may be associated with an instance dynamically (at launch/start time) or statically through use of an Elastic IP. Dynamic public IP addresses do not remain associated with an instance if it is stopped — and thus it will receive a new public IP address when it is next started.
Pexip Infinity nodes must always be configured with the private IP address associated with its instance. To associate the instance's public IP address with the node, configure that public IP address as the node's Static NAT address (via ).
The deployment instructions assume that within AWS you have already:
- signed up for AWS and created a user account, administrator groups etc
- created a Virtual Private Cloud network and subnet
- configured a VPN tunnel from the corporate/management network to the VPC
- created or imported an SSH key pair to associate with your VPC instances
- created a security group (see Configuring AWS security groups for port requirements)
- decided in which AWS region to deploy your Pexip Infinity platform (one Management Node and one or more associated Conferencing Nodes).
For more information on setting up your AWS environment, see http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/get-set-up-for-amazon-ec2.html.
To deploy and manage your Pexip Infinity platform nodes see:
- Configuring AWS security groups
- Deploying a Management Node in AWS
- Deploying a Conferencing Node in AWS
- Managing AWS instances
To look at the steps taken in setting up an example lab deployment of a Management Node in AWS, see http://www.graham-walsh.com/2016/01/deploying-pexip-management-node-in-amazon-web-services/, and to see an example of deploying a Conferencing Node in AWS, see http://www.graham-walsh.com/2016/01/deploying-pexip-conference-node-in-amazon-web-services/.