VPCs are a private space for your compute instances (aka servers). They define the network and security of your instances and are highly configurable. For this scenario, we’ll use the default VPC that AWS provides in new accounts. This VPC uses public subnets so you can connect and configure your instances over the internet. This configuration can offer a reasonable level of security if you are careful to configure the network access rules as we describe below. It makes it easy for new users to connect to all the server instances directly. You will need a VPC that resembles the AWS default:
- Has one or more public subnets (one subnet for each availability zone is best, this is the default)
- Each subnet has “auto-assign public IP4” set to true
- A routeing table that routes local traffic within the subnets, and other traffic to an internet gateway
- An internet gateway
- A network ACL allowing all traffic
Create a VPC
Use the “VPC Wizard” to create everything for you. You can inspect your VPC configuration on the VPC service page of the AWS console.
- From the VPC page click on "Launch VPC Wizard"
- Name your VPC and take note
- Ensure "Enable DNS Hostnames" is checked. This allows for remote access to your instances.
- Click "Create VPC"
Create a security group
A security group further configures the network access to your server instances. For this scenario, we’ll set up 2 simple rules:
- All network traffic between servers in this group is permitted. This is needed for the FDTD engines to communicate and share a single job. It’s also needed for the network license manager. It is a very open policy, but we assume we trust all traffic between the servers.
- Allow SSH and RDP access to any of the servers from "My IP address". The AWS console has a nice feature to figure out your IP address for you. If you change networks you will have to log into the console and update this IP address before you can access your instances.