Skip to content

AWS

Configuration of PPA should take around 15 minutes.

You will:

  • Configure networking
  • Setup an SSH key
  • Set a strong admin password
  • Setup up Active Directory integration

Setting a static IP address for AWS

After deploying the virtual machine it is good idea to set a static IP address for the appliance.

Navigate to the Elastic IPs sub-menu in the EC2 Dashboard in AWS.

Allocate a new address or choose an existing address to assign to the PPA appliance.

Apply Actions > Associate address to the elastic IP address.

Associate Elastic IP address

Select the PPA appliance machine from the dropdown.

Navigate to the Instances sub-menu in the EC2 Dashboard, and apply Actions > Instance State > Reboot to the PPA appliance machine.

Reboot the appliance

Update the PPA Configuration

Connect to the PPA machine using SSH.

Update the /var/disk/config/fqdn configuration file with your Elastic IP address.

For example, if your Elastic IP address is 10.20.30.40, you can use the following command:

sudo bash -c "echo 10.20.30.50 > /var/disk/config/fqdn"

Securing the Appliance

After configuring the network, the next step is to secure it.

Check Fingerprint

Browse to the appliance address using the IP address shown in the VM/cloud console.

PPA creates a self-signed certificate on first boot that will be reported as insecure by browsers:

Chrome - Browser warning

Confirm the connection is secure by comparing the fingerprints displayed in:

  • The browser certificate viewer
  • The console after running the fingerprint command

Running the fingerprint command

The fingerprint command can be run via:

  • The VM console on VMware & Hyper-V
  • SSH on AWS & Azure
Chrome - Certificate Web Console - Fingerprint

Once you have confirmed the fingerprints match, trust the certificate & navigate to PPA interface.

Connect via SSH

PPA does not support password authentication over SSH.

You will need to use username ec2-user & the key pair provided during instance deployment.

Admin password

Back in the web-browser, you will need to provide a strong password for the admin user:

Admin Password

The admin user has complete control over the appliance.

We recommend:

  • generating a strong password & storing it in a password manager
  • using an Active Directory account to access PPA after initial configuration

The admin user can be managed in the web interface, see Admin User for more information.

Vault Setup

[Recommended]

Tasks in PPA use Vaults to securely store & retrieve secrets.

PPA will now offer to configure a local Hashicorp Vault for your tasks to use.

All the tasks built into PPA are pre-configured to use this local Hashicorp Vault.

If you wish to set up this local Hashicorp Vault, click 'Setup Vault' & PPA will configure it for you.

Vault: Setup

After it has been configured, you must download the vault keys & keep them safe.

To do this, click the Download button shown below.

Vault: Secrets

Vault Keys

If you have chosen to configure the local Hashicorp Vault, you must download the vault keys.

Without the keys you will not be able to use the vault after a PPA reboot.

If you want to use a different vault or credential store, you can skip this step & configure it later.

Licence Setup

[Recommended]

In evaluation mode only the built in admin user can start tasks.

Uploading a licence will allow other imported users to start tasks too.

If you already have a licence you can upload it now, or later on the Licensing & Credits page.

Licence: Upload

Active Directory

[Recommended]

Configuring Active Directory is an important step during PPA deployment.

It enables you to do the following:

  • Import users & groups
  • Delegate roles & tasks
  • Authenticate to PPA using Active Directory credentials

See the Active Directory feature page for more information.

You can set the Active Directory domain during initial setup, or choose to do it later.

If you would like to do it later, just click the 'Skip' button.

Prerequisites

You will need:

  • An Active Directory domain to use for authentication
  • A domain controller with LDAP(S) enabled

The form fields are explained underneath.

Active Directory: Setup

Domain

The fully qualified Active Directory domain.

Host

One or more Domain Controller IP/DNS addresses.

When supplying multiple addresses, each much be comma-separated.

Protocol

The protocol PPA will use to communicate with Active Directory.

LDAPS vs LDAP

PPA supports LDAP for user authentication into the appliance.

However, all Active Directory tasks require LDAPS to be enabled on the domain controller.

This is because the tasks perform write operations which are not supported by the LDAP protocol.

For this reason we strongly recommend using LDAPS instead of LDAP.

Pinned Certificates

The certificate to use when communicating with Active Directory.

This is optional & by default PPA will accept any certificate.

Test Connection

This button tests the connection using the supplied network details.

You will be prompted for a set of one-time credentials if either:

  • Active Directory is being configured for the first time
  • You are modifying an existing configuration & group synchronisation is not enabled

Task Setup

[Recommended]

PPA includes a selection of example tasks for automating operations in:

  • Active Directory
  • Azure AD

Installing these tasks during the setup process makes them ready to use when you first sign in.

Alternatively, you can download and import these tasks from the Resource Hub later.

Task: Setup

Initial Setup Complete

After setting a password for admin you will be asked to log in.

Setup is now complete.

Further Configuration & Features

There are many extra configuration options & features available in PPA.

These include but are not limited to:

Visit the Configuration & Features area on the left for more information & instructions.