Sandfly can be rapidly deployed on Amazon Web Services (AWS) with a single pre-built Amazon Machine Image (AMI). Images deployed in this way will have most configuration options automated, reducing setup time.

Installation Overview

For the basic cloud installation, the server and node are located on the same system. This is not the optimal security configuration for Sandfly as we prefer customers to run the server and nodes on separate Virtual Machines (VMs). However, for small production use and testing, this may be sufficient and allows the product to be deployed with little overhead.

The Sandfly server hosts the User Interface (UI), REST API, and database. A server instance must always be installed and running for Sandfly to work. Likewise, the system will start scanning nodes that are used when searching for compromises and intruders. These nodes also must always be running on the system after installation.

Cloud Image Requirements and Provisioning

When you provision a VM to use with Sandfly, we recommend a minimum of 8GB of RAM and sufficient CPU cores. For small deployments, this is the minimum but may have to be scaled upwards as more hosts are added. The VM image has Sandfly pre-installed and is ready to be configured.

From your EC2 Management Console, launch the Sandfly Security image from the AMI Catalog, or start your provisioned instance and wait a couple of minutes for the VM to start.

Set a Sandfly Admin Password

Open the public IP address of the Sandfly VM in your browser. You will be prompted to set an admin password. Once set, you can log in to Sandfly as the admin using that password.

Optional SSL Signed Certificate

If you want to use an SSL signed certificate with the cloud image, two options are available.

Custom Certificate

To use a custom certificate, perform the following steps:

1. Obtain command line access.
   1. Gain access to the VM's command line by accessing the Console or via SSH, for example: ssh -i <privatekey.pem> admin@<server_hostname>
2. Follow the steps in Installing a Custom SSL Certificate.
   1. The sandfly-setup directory is located under /opt/.

ACME Certificate Service

Ensure that the hostname is publicly resolvable and port 443 can be reached from the internet. The ACME service will not sign any certificate for servers that are not reachable on the internet.

❗️

IMPORTANT: Port 443 Must Be Visible from the Internet During Signing!

Make sure the server has a legitimate hostname that is reachable from the internet and resolves correctly. Port 443 will need to be open for the Let's Encrypt server to validate the host.

To use a Let’s Encrypt certificate, perform the following steps:

1. Navigate to Settings > Application Settings > General Settings.
2. In the Server and Data Retention section, change the following:
   1. Server Hostname - Set this field to the hostname to be used by Let’s Encrypt.
3. In the Server HTTPS Certificate (TLS) section, change the following:
   1. TLS Mode - Set this field to "acme" .
   2. ACME Email - Set this field to the email address that will be used by the ACME certificate service.
4. Obtain command line access.
   1. Gain access to the VM's command line by accessing the Console or via SSH, for example: ssh -i <privatekey.pem> admin@<server_hostname>.
5. Restart the Sandfly containers.
   1. Shutdown Sandfly - Run /opt/sandfly-setup/start_scripts/shutdown_sandfly.sh to gracefully shutdown all of the containers.
   2. Start Sandfly Server - Run /opt/sandfly-setup/start_scripts/start_sandfly.sh to start the server-associated containers and load the new SSL certificate.
   3. Start Sandfly Node - Run /opt/sandfly-setup/start_scripts/start_node.sh to start a single node container. If there is sufficient RAM, a second container can be started for node redundancy by running the same command an additional time.

Setup Complete

Sandfly is now ready for use. To continue following the documentation, proceed to Quick Start Overview.