Imperva Cyber Community

communities_1.jpg
 View Only
  • 1.  AWS Images

    Posted 11-04-2019 10:29
    Anyone deploy in AWS using the Imperva provided AMIs?  Any complications with patching or upgrades?  Any surprises or features that were missing when compared to your on-prem deployment?
    #DatabaseActivityMonitoring

    ------------------------------
    Tyler Somers
    Marriott International
    Bethesda MD
    ------------------------------


  • 2.  RE: AWS Images

    Posted 11-04-2019 13:25
    @Tyler Somers As we wait for our customer community to respond with their experience, I wanted to add just a couple of comments.Internally we do not encounter issues with the Imperva AMI or see customers open incidents in this regard.I noticed your title and assume you are most interested in DAM deployments within AWS.
    So I just wanted to  pass along a couple of notes in that regard:
    - we recommend using ec2 devices for your DB and installing the DAM agent on those, the same as you would for any on-site deployment
    - there is no terminate done for the DAM GW's as there is for WAF GW's - there is no need for the ELB to send keep-alives through the GW
    - If you are considering a hybrid deployment please review with your account team so we can properly guide you to a successful deployment


  • 3.  RE: AWS Images

    Posted 11-05-2019 16:31
    Thanks @phil Klassen (csp) - Imperva.  Based on the above statements, it sounds like we should have feature parity between the AWS images and on-prem SecureSphere.  Will we also have the same access to the appliances cli and elevate our privileges to root?
    ​​

    ------------------------------
    Tyler Somers
    Marriott International
    Bethesda MD
    ------------------------------



  • 4.  RE: AWS Images

    Posted 11-05-2019 16:59
    Yes to the feature set 

    As to the CLI access - by default AWS instances have the CLI sealed 
    There is a way to unseal them if you need that level of access

    We seal them because they are deployed in a public network so we try and provide an additional level of security
    Once unsealed it cannot be resealed 

    Once in, the privileges are the same


  • 5.  RE: AWS Images

    Posted 11-11-2019 09:57
    Hi Tyler,

    Please be aware that supported SecureSphere DB's between on-prem and AWS are different depending upon DB architecture chosen in AWS. For example, RDS instances require a log collector configuration as we do not have access to the instance to install an agent. SecureSphere DAM in AWS supports PostgreSQL and Oracle RDS instances using this method. (log collector)

    Thank you.

    ------------------------------
    Jaired Anderson
    Senior Professional Services Consultant
    imperva
    Tulsa OK
    ------------------------------



  • 6.  RE: AWS Images

    Posted 11-11-2019 13:26
    Thanks for the response Jaired.  At the moment we are generally deploying our DBs on top of EC2 and I am not aware of any plans to leverage RDS or other DBaaS platforms.  We will keep those support concerns in mind if our plans change.

    In your experience, have you seen customers leverage an AWS deployment to support a hybrid model supporting both AWS based agents and on-prem based agents?

    ------------------------------
    Tyler Somers
    Marriott International
    Bethesda MD
    ------------------------------