Use the following procedure to deploy
Dell APEX Block Storage for AWS.
Steps
Select storage product and cloud
From the Dell Premier home page, select
Discover and Deploy > Available Services.
In the
APEX Storage for Public Cloud tile, click
Configure.
Select
APEX Block Storage for AWS.
Enter the following information as you go through the deployment wizard:
Table 1. Select storage product and cloudEnter values for the following fields.
Field or Action
Enter
Product Version
(Recommended) Select the latest version of
Dell APEX Block Storage for AWS.
AWS Region
Select the AWS region. You can select only one region.
Grant cloud access
Enter the following information as you go through the deployment wizard:
Table 2. Grant cloud accessEnter values for the following fields.
Field or Action
Enter
Connect your AWS account
You can choose to connect to an existing or a new AWS account.
For an existing AWS account, select a previously entered AWS account ID.
For a new AWS account, enter your AWS account ID.
This ID is required to generate a custom trust policy and create an AWS role. For more information about AWS account ID, see
Viewing account identifiers and
Finding your AWS account ID in
AWS Account Management Reference Guide.
Copy your permission policy
The permission policy grants levels of access for managing and deploying storage resources in the AWS account. You must copy your permissions policy and create a policy in your AWS account which is attached to the AWS role that is granted to
Dell APEX Navigator. For more information, see "Understanding permissions granted by a policy" in AWS documentation.
Copy your trust policy
The trust policy grants the trust to an AWS principal for
Dell APEX Block Storage for AWS. The AWS principal is an AWS Identity and Access Management (IAM) user who is allowed to manage and deploy resources.
Dell APEX Navigator generates a unique external ID for each AWS account that is to be trusted to
Dell APEX Navigator. Use this policy as the custom trust policy when you create an AWS role that is used to grant access to
Dell APEX Navigator. For more information about a trust policy, see "Roles terms and concepts - AWS Identity and Access Management" in AWS documentation.
AWS Role ARN
The ARN includes the AWS Account ID and other information that uniquely identifies the AWS resources. Once the role is created using the permission policy and trust policy, you must copy the AWS role ARN from AWS and provide the ARN to
Dell APEX Navigator. Your AWS account is now connected to
Dell APEX Navigator.
Verify your EBS encryption status
Click
Verify to check the status of elastic block storage (EBS) encryption on your AWS account. Once verified, select how the EBS default encryption key is managed:
Managed by AWS or
Customer-managed.
If the EBS default encryption key is
Managed by AWS, click
Continue and continue to the following section:
Select deployment configuration.
If the EBS default encryption key is
Customer-managed: Review and, if needed, update your key policy in AWS to ensure that the
Dell APEX Navigator role has the required permissions to access the key for a successful deployment. Be sure to replace the placeholder text for
<account-id> and
<APEXNavigator-role-name-with-path> with your own inputs. Select where your key comes from:
From the same AWS account as you are deploying to or
From a different AWS account.
If selecting
From the same AWS account: Click
Continue and continue to the following section:
Select deployment configuration.
If selecting
From a different AWS account: Select
Copy Policy, update the values for
<region>,
<account-id>, and
<key-id>, paste the resulting JSON into AWS as a policy, and attach it to the role
Dell APEX Navigator will use to manage the deployed system. Then click
Continue.
Select deployment configuration
Enter the following information as you go through the deployment wizard:
Table 3. Select deployment configurationEnter values for the following fields.
Field or Action
Enter
Deployment name
Provide a name for the deployment. Use a naming convention that lets you identify the deployment as
Dell APEX Block Storage for AWS. Use the following guidelines for the deployment name:
Minimum characters:
One and Maximum characters:
31
Non-ASCII, Unicode characters, and spaces are not allowed.
Hyphens and underscores are allowed.
Special characters ((*&^%$#@!)) are allowed.
The deployment name does not have to be unique. Duplicate names are allowed.
Storage performance
Select the storage performance that you need for your deployment. If you select
Performance optimized, Dell Technologies recommends backing up your storage.
Minimum usable capacity
Enter the minimum amount of storage that you need for your deployment.
Minimum IOPS
Enter the minimum IOPS needed for your deployment.
Availability level
Select single or multiple availability zones. Selecting multiple availability zones may incur more charges from AWS. If you select
Performance optimized storage option, by default,
Multiple availability zones option is selected for you.
NOTE:If you choose
Balanced storage option, you can deploy
Dell APEX Block Storage for AWS only in a single availability zone.
Virtual Private Cloud (VPC)
You must select an existing VPC or create a VPC that forms a connection with your on-premises network. This connection helps you to launch the PowerFlex Manager after you have deployed
Dell APEX Block Storage for AWS.
NOTE:Ensure that you enable
DNS resolution and
DNS hostnames attributes in the AWS console to a VPC. See
DNS attributes in your VPC in
Amazon Virtual Private Cloud User Guide for more information.
Select an existing VPC: This option lets you deploy Dell APEX Block Storage in an existing VPC in your AWS account.
Select an existing VPC name: You must select an existing VPC with a subnet whose IPs are routable from the network you intend to access PowerFlex Manager.
External Subnet: Select a routable subnet from your VPC. A routable subnet ensures that the IP addresses assigned to the resources within that subnet are accessed from your company's network. Dell uses the routable subnet to deploy PowerFlex Manager. Choosing routable IP ranges establishes the connection with resources in other networks or VPCs. The routable subnet must have at least eight free IPs. If you choose a multi-availability zone option, provide three different routable subnets for the different availability zones.
Internal subnet: Select an internal subnet from your VPC. The number of required IPs for storage nodes of Powerflex is calculated based on the configuration selected for Powerflex. Dell uses the provided subnet for inter-node communications within the cluster.
Secure Connect Gateway subnet:
NOTE:Before you select a SCG subnet, ensure that you set up an Internet gateway in the VPC to enable communication between SCG and
Dell APEX Navigator, and add the route in the route table of SCG subnet. See
Configure network settings for the Secure Connect Gateway to set up SCG subnet.
Select a subnet that can be used to establish secure connections to the cluster. If a Secure Connect Gateway (SCG) exists in the VPC, then the subnet that is associated with the SCG instance will be preselected as the SCG subnet. The subnet must have at least 1 free IP, a route table, and a route to the Internet gateway for outbound Internet traffic.
Create a new VPC: With this option, Dell creates a VPC in your AWS account and uses it to deploy
Dell APEX Block Storage for AWS.
VPC name: Provide a name for the VPC that you want to create.
External subnet IP address : Provide a range of IP addresses, or CIDR block, that are routable from your company's network. Dell associates the routable IP range as a secondary CIDR block to the newly created VPC, creates a subnet and a load balancer. This load balancer routes the traffic to the Powerflex Element Manager. AWS may apply IP range restriction. For more information, see
VPC CIDR blocks topic in
Amazon Virtual Private Cloud User Guide.
IP range for internal and SCG subnets: Dell uses the provided IP range as primary CIDR block during VPC creation and to create subnets for the storage system and SCG.
Table 4. IP range of external, internal and SCG subnetsIP range example
Deployment options
Maps to AWS VPC IP addresses
Example
Valid/Invalid
IP range for internal and SCG subnets
Primary IPv4 CIDR block
172.31.0.0/27
Valid
External subnet IP address
Secondary IPv4 CIDR block
172.32.0.0/27
Valid as this range is not in the restricted associated range of 172.31.0.0/16
External subnet IP address
Secondary IPv4 CIDR block
172.31.0.32/27
Invalid. Although this range does not overlap with the Primary VPC CIDR block (172.31.0.0/27), it is invalid as it is in the restricted associated range of 172.31.0.0/16
Key pair
Provide a name for the key pair that is used to connect to PowerFlex nodes through SSH. During deployment,
Dell APEX Navigator creates the key pair using the name that you enter in this field.
Use the following guidelines for your key pair name:
Only letters, numbers, hyphens, and underscores are allowed.
Non-ASCII and Unicode characters are not allowed.
Minimum characters:
One and Maximum characters:
31
The key pair name must be unique. Provide a name that does not exist in your AWS account.
Once the deployment is complete, the key pair is stored in AWS Secrets Manager with the same name for you to retrieve.
Review and deploy
On the
Review deployment page, review the infrastructure—instance types and instance count—that is provisioned as part of deployment. Ensure that sufficient AWS infrastructure, and networking quotas are available in your account for the specific region.
To make any changes, click the pencil to edit your selections.
Assess the AWS charges that you may incur for this deployment.
Read and acknowledge the statements regarding the evaluation period, AWS infrastructure costs, and legal terms.
Click
Deploy. A message indicates that the deployment has started. This action takes several hours to complete. You can monitor the progress under the
Jobs menu.
To learn about the resources created with the deployment, reference this
documentation.
Next steps
If you have not already, switch to an ITOps role to manage IT operations. See "Switch access roles in Dell Premier" in this document for more information.
To access
Dell APEX Block Storage for AWS for I/O operations, you must install the PowerFlex Storage Data Client (SDC) device driver. See "Setting up Application Hosts to Access
Dell APEX Block Storage for AWS" in the appendix of this document.
Data is not available for the Topic
Please provide ratings (1-5 stars).
Please provide ratings (1-5 stars).
Please provide ratings (1-5 stars).
Please select whether the article was helpful or not.
Comments cannot contain these special characters: <>()\