Original Message:
Sent: 03-29-2023 11:19
From: Thomas Lim
Subject: How to install MXHA in AWS
Hi Jaired,
Single MX deployment works without issue.
Yes wondering if community have experience any issues deploying MXHA in AWS too.
The CFT didnt ask for the DNS name of the ELB. The CFT will create the ELB. I think the statement is for gateway registering to MX
------------------------------
Thomas Lim
IT Consultant
NCS Pte. Ltd.
Singapore
Original Message:
Sent: 03-29-2023 11:04
From: Jaired Anderson
Subject: How to install MXHA in AWS
Hi Thomas,
If you deploy a single MX, (with the single MX template) does it succeed?
It's been my experience with AWS deployments that every single step must succeed or the deployment will be in a "limbo" state. For example, it might be failing the HA deployment because it cannot find the ELB.
Please see: https://docs.imperva.com/bundle/v14.7-waf-on-amazon-aws-byol-installation-guide/page/58647.htm
If the DNS name for the ELB is not entered into the template, the MX will not be able to find it.
------------------------------
Jaired Anderson
Imperva
Original Message:
Sent: 03-28-2023 10:20
From: Thomas Lim
Subject: How to install MXHA in AWS
Hi Jaired,
- No, currently only testing on the MX. During the selection of DAM products, I only select DAM MXHA (BYOL)

- Yes I have created a internet gateways for the vpc that hold the Imperva MX.

While I look at the "impctl show logs" on the MX, it said Secure password not sync with the Database password. Isnt CFT have a password length settings to the Secure password when user enter the password? However, the MX show the following logs. I feel something is wrong here. This have happens everytime and causing the MX to "not running" when I SSH in.

------------------------------
Thomas Lim
IT Consultant
NCS Pte. Ltd.
Singapore
Original Message:
Sent: 03-28-2023 09:37
From: Jaired Anderson
Subject: How to install MXHA in AWS
Hi Thomas,
Two questions:
- Are you entering the DNS name of the ELB into the Cloud Template?
- Do the subnets in which the MXs are deployed both have a route to a NAT-GW for outbound internet access?
Thanks.
------------------------------
Jaired Anderson
Imperva
Original Message:
Sent: 03-27-2023 11:23
From: Thomas Lim
Subject: How to install MXHA in AWS
Hi Jaired,
Yes, but I am using Imperva DAM 14.10.1.10 Cloud Formation Tool

And I noticed everytime the stacks will stop at MxWaitCondition.

Causing the CFT deploy MX to not running and the ha status is not running. Below is the "impctl show log" right after the CFT deployment

Please enlighten me how can I resolve this issues.
Thanks,
Thomas
------------------------------
Thomas Lim
IT Consultant
NCS Pte. Ltd.
Singapore
Original Message:
Sent: 03-27-2023 09:31
From: Jaired Anderson
Subject: How to install MXHA in AWS
Hi Thomas,
If the high availability template for the MX is used when deploying then all should go smoothly.
If you're in a situation where you cannot redeploy, you may be able to adjust the Security Group to allow for the appropriate ports.
https://cloud-template-tool-app-security.imperva.com/

------------------------------
Jaired Anderson
Imperva
Original Message:
Sent: 03-25-2023 06:57
From: Thomas Lim
Subject: How to install MXHA in AWS
Hi,
We deployed 2 AVM150 Imperva MX in AWS and require to install high availability.
When i input the command (impctl server ha install), it require mandatory parameters --elb-name.
And after i input a network load balancer (listener TCP1234, Healthcheck TCP 50007, Target on the 2 MX instance) name, it give the error message "Cannot find Load Balancer"
I nestat on the MX server and I can see the MX does not have port 1234 or 50007.
Can anyone advise on how to install MXHA (impctl server ha install) on 2 MX server (BYOL) on AWS?
Thanks in advance,
Thomas
#DatabaseActivityMonitoring
------------------------------
Thomas Lim
IT Consultant
NCS Pte. Ltd.
Singapore
------------------------------