- Generate a unique network key via the Glasnostic UI,
- Install Glasnostic as a GWLB appliance,
- Connect your architecture to the Glasnostic appliance.
A unique network key is needed to identify the data that you’re sending from the VPC whose ingress and egress interactions you want to control to Glasnostic. To create the key, you need to sign up for an account at glasnostic.com and log into the Glasnostic UI.
Glasnostic visualizes and controls interactions between services from one or more VPCs in environments. Once you are logged in, you’ll find a number of demo environments as well as an empty environment ready to receive data from your VPCs called “My environment”. To configure this environment, choose “Manage…” from the menu.
Under “Environments,” click on “Settings” to configure the environment:
Click on “+ Add network” to add a VPC to the environment:
This creates a new network under “Networks” to represent your VPC. Copy the generated key by clicking on the icon:
With that network key, you are ready to create the Glasnostic GWLB Service.
After subscribing to Glasnostic Traffic Controller on the AWS Marketplace, you can configure the software by selecting the AWS region and software version:
Once the software is configured, choose “Launch CloudFormation” as launch action. AWS Marketplace will redirect you to the CloudFormation console, where you can create a CloudFormation stack to install Glasnostic.
Currently, the following parameters can be changed for the installation:
- networkKey - the network key retrieved in the first setup step
- instanceType - the instance type of Glasnostic VM, should be greater than or equal to t2.xlarge which is sufficient for most workloads.
- keyName - the name of the EC2 key pair that you can use to login into the router instance.
Finally, create at least one subnet per GWLBE in your VPC, then create a GWLBE connected to the GWLB Endpoint Service created in Step 2 in each subnet and change your routing rules so that traffic that should be controlled by Glasnostic is directed to the corresponding GWLBE.
This step depends very much on your own AWS architecture. Here’s an example of a commonly used setup where a GWLBE is deployed into each Availability Zone:
This setup lets Glasnostic control ingress and egress traffic of the entire VPC. The orange arrows show the connection of the GWLBEs to the GWLB provided by the Glasnostic appliance. In white, you can see the routes that have been added to each application subnet and the Internet Gateway to send ingress and egress traffic to GWLB.
A more advanced setup is to attach a GWLB to a Transit Gateway (TGW), which lets Glasnostic control east-west traffic between VPCs as well.
To actually create a GWLBE, you have to call the following command:
aws ec2-gwlbe create-vpc-endpoint --vpc-endpoint-type GatewayLoadBalancer --vpc-id $vpc_id --subnet-ids $subnet_id --service-name $service_name --region $region
As usual, you have to specify the AWS region where to create the resource with the parameter
region. The parameters
subnet_id specify the subnet to create the GWLBE in and
service_name is the name of the GWLB Endpoint Service created in Step 2.
Please check the GWLB documentation for more details on how to set up a GWLBE.
That’s it! Now, you just have to log in to the Glasnostic UI at https://glasnostic.com with the account that you created in Step 1. Select “My environment” from the environment drop-down and, once the GWLBE has started up (this can take a minute), you’ll see VPC ingress and egress traffic in the UI.
By deploying Glasnostic as a GWLB appliance, you can now, with a single click, detect, respond to and proactively manage your unpredictable and disruptive traffic patterns—automatically, in any environment and in real-time.