Conﬁgure the Data Defender Streams

Step 1: SSH Into Your EC2 Instance

SSH into your Amazon EC2 instance and enable port forwarding through your SSH session. You will need to access port 80 of your Amazon EC2 instance to conﬁgure the Data Defender streams using the Data Defender web UI. See Connect to Your Linux Instance for more information.

Step 2: Install Data Defender Dependencies Using YUM

1. Update the YUM packages on your Amazon EC2 instance by running the following command.

sudo yum update -y

You will see the following output when the command completes successfully.

2. Install the Development Tools package by running the following command.

sudo yum groupinstall "Development Tools" -y

You will see the following output when the command completes successfully.

Step 3: Download the Data Defender Files

1. Create a new directory to store the Data Defender ﬁles and download them from Amazon S3 by running the following commands.

mkdir "ddx_2.6.2-104"

aws --region us-west-2 s3 cp --recursive "s3://groundstation-customer-assets-us-west-2/

ddx/2.6.2-104" "ddx_2.6.2-104"

An example output is provided below.

2. Verify that the hashcode from the downloaded ISO matches the expected hashcode by running the following commands.

cd "ddx_2.6.2-104"

md5sum "ddx-2.6.2-104.iso" > "downloaded-md5-ddx-2.6.2-104.iso.txt"

diff "md5-ddx-2.6.2-104.iso.txt" "downloaded-md5-ddx-2.6.2-104.iso.txt"

The diﬀ command will only produce output to the console if there is a mismatch in the hashcode.

There will be no output to the console from the diﬀ command if the ISO’s hashcode matches the expected hashcode. An example output is provided below.

Step 4: Install Data Defender

1. Mount the ISO and navigate to the mounted directory by performing the following commands.

mkdir "ddx_iso_mount"

sudo mount -o loop "ddx-2.6.2-104.iso" "ddx_iso_mount"

cd "ddx_iso_mount"

An example output is provided below.

2. Run the Data Defender installer by performing the following command.

Step 5: Conﬁgure Data Defender

sudo ./install.sh

The installer will begin installing Data Defender and will pause to ask if you’d like to use the default values. When prompted, enter “n” to provide non-default values to the installer. An example output is provided below.

3. Enter the following values when prompted.

Enable SSL? (Y/N): y Specify HTTPS port: 443

Enable forwarding from port 80 to HTTPS? (Y/N): y Use password file? (OS is used otherwise) (Y/N): n Single Instance Port (0 to disable): 44892

Enable LAN intelligent merge? (Y/N): n

The following message will be displayed when the Data Defender installation has completed

4. Unmount and remove the ISO directory. Then, reboot the EC2 instance to complete the installation.

Use the following commands.

cd ..

sudo umount "ddx_iso_mount"

rm -rf "ddx_iso_mount"

sudo reboot

Step 5: Conﬁgure Data Defender

1. Open the Data Defender conﬁg ﬁle using a text editor such as VIM. An example command is provided below.

sudo vim /opt/rtlogic/ddx-2.6.2-104/bin/ddx.xml

2. Make the following changes to the Data Defender conﬁg ﬁle and then save the ﬁle.

a. Add <dtlsOverWan>true</dtlsOverWan> to the <dataDefender> section.

b. Replace <plugin>node_locked_licensing_plugin</plugin> with

<plugin>not_locked_licensing_plugin</plugin> in the <plugins> section.

Step 6: Conﬁgure the Data Defender Streams

3. Open the Data Defender security ﬁle using a text editor such as VIM. An example command is provided below.

sudo vim /opt/rtlogic/ddx-2.6.2-104/bin/security.xml

4. Make the following change to the Data Defender conﬁg ﬁle. Then, save the ﬁle.

• Change <securityRequireSSL>true</securityRequireSSL> to

<securityRequireSSL>false</securityRequireSSL> in the security policy settings.

5. Reboot the EC2 instance to apply the settings to Data Defender by using the following command.

sudo reboot

Step 6: Conﬁgure the Data Defender Streams

1. In a web browser, access your DDX Web User Interface by entering the following address in the address bar: localhost:8080. Then, press Enter. As a reminder, you must forward port 80 of your Amazon EC2 instance through your SSH session to your localhost port 8080 to access the Data Defender web UI.

2. On the DataDefender dashboard, choose Go to Details.

Step 6: Conﬁgure the Data Defender Streams

3. In the Streams section, choose + Add Stream.

4. In the WAN Transport page of the Stream Wizard, enter and choose the following details. Then, choose Next.

a. For Stream Name, enter Downlink.

b. For Stream Direction, choose WAN to LAN.

c. For Network Interface, choose eth1.

d. For Port, enter 55888.

Step 6: Conﬁgure the Data Defender Streams

5. In the Local Endpoint page of the Stream Wizard, enter and choose the following stream details.

Then, choose Next.

a. For Network Interface, choose lo.

b. For Local Consumer, enter 127.0.0.1.

c. For Port, enter 50000.

Step 6: Conﬁgure the Data Defender Streams

6. In the Finish page of the Stream Wizard, choose Finish to save the stream conﬁguration.

Step 6: Conﬁgure the Data Defender Streams

7. Open the Data Defender menu by choosing the menu icon in the top left corner of the Stream Details page. Then, choose Conﬁguration Manager.

NoteThe previous steps describe how to conﬁgure a single downlink stream. Depending on your use case, you may need to conﬁgure multiple downlink streams. You can repeat the previous steps in order to create additional downlink streams if needed. Creating an uplink stream is out of the scope of this guide.

8. For Conﬁguration Name, enter default. Then, choose Save. The saved conﬁguration will persist across Amazon EC2 instance restarts.

Next Steps

Your AWS Ground Station account and resources are now conﬁgured and ready for use. These resources are available to use in the AWS Ground Station console where you can enter satellite data, identify antenna locations, communicate, and schedule antenna time for selected satellites. You can also begin using diﬀerent tools to monitor activity and conﬁgure alarms.

Use the following topics for more information:

• Listing and Reserving Contacts (p. 19)

• Monitoring AWS Ground Station (p. 47)

To use cross-region data delivery in the console

Using Cross-Region Data Delivery Service

The AWS Ground Station cross-region data delivery feature gives you the ﬂexibility to send your data from an antenna to an Amazon EC2 instance in your AWS Region. Cross-region data delivery is currently available in all AWS Ground Station supported regions when receiving your contact data in an Amazon S3 Bucket. It is only available in the following antenna-to-destination regions when utilizing data delivery to Amazon EC2:

• US East (Ohio) Region (us-east-2) to US West (Oregon) Region (us-west-2)

• US West (Oregon) Region (us-west-2) to US East (Ohio) Region (us-east-2)

To use cross-region data delivery, you should have an AWS CloudFormation template conﬁgured. For more information about choosing and customizing AWS CloudFormation templates, see ??? (p. 29).

Use the following topics to use cross-region data delivery in AWS Ground Station.

Topics

• To use cross-region data delivery in the console (p. 45)

• To use cross-region data delivery with AWS CLI (p. 46)

To use cross-region data delivery in the console

When you reserve a contact (p. 19) in the AWS Ground Station console, choose the mission proﬁle that is conﬁgured to deliver the contact data to your desired region. Ensure that all of your parameters are correct and choose Reserve contact. If you do not see the desired mission proﬁle in the console, check to make sure you created the mission proﬁle in the region where you are viewing the console.

After reserving your contact, you can view scheduled contacts (p. 21) to verify that you have scheduled cross-region data delivery by viewing the location of the ground station antenna and the destination region. The following image shows a contact that is scheduled for cross-region data delivery. The contact is conﬁgured to use the Ohio ground station antennas and deliver data to Oregon.

To use cross-region data delivery with AWS CLI

When you reserve a contact in AWS CLI, choose the mission proﬁle that is conﬁgured to deliver the contact data to your desired region. Specify the desired mission proﬁle’s ARN with --mission-profile-arn <value>. Ensure that all of your parameters are correct and run the command. If you do not see the desired mission proﬁle ARN when viewing and listing contacts, check to make sure you created the mission proﬁle in the region where you are running AWS CLI.

After reserving your contact, you can view scheduled contacts to verify that you have scheduled cross-region data delivery by viewing the location of the ground station antenna and the destination cross-region.

The following output shows a contact that is scheduled for cross-region data delivery. The contact is conﬁgured to use the Ohio ground station antennas and deliver the data to Oregon.

{

"contactList": [ {

"contactId": "11111111-2222-3333-4444-555555555555", "contactStatus": "SCHEDULED",

"endTime": "2020-05-05T03:16:35-06:00", "groundStation": "Ohio 1",

"maximumElevation": { "unit": "DEGREE_ANGLE", "value": 26.74

"missionProfileArn": "arn:aws:groundstation:us-west-2:123456789012:mission-profile/11111111-2222-3333-4444-555555555555",

"postPassEndTime": "2020-05-05T03:17:35-06:00", "prePassStartTime": "2020-05-05T03:04:08-06:00", "region": "us-west-2",

"satelliteArn":

"arn:aws:groundstation::123456789012:satellite/11111111-2222-3333-4444-555555555555", "startTime": "2020-05-05T03:06:08-06:00"

} ] }

Automating with CloudWatch Events

Monitoring AWS Ground Station

Monitoring is an important part of maintaining the reliability, availability, and performance of AWS Ground Station. AWS provides the following monitoring tools to watch AWS Ground Station, report when something is wrong, and take automatic actions when appropriate.

• Amazon CloudWatch Events delivers a near real-time stream of system events that describe changes in AWS resources. CloudWatch Events enables automated event-driven computing, as you can write rules that watch for certain events and trigger automated actions in other AWS services when these events happen. For more information about Amazon CloudWatch Events, see the Amazon CloudWatch Events User Guide.

• AWS CloudTrail captures API calls and related events made by or on behalf of your AWS account and delivers the log ﬁles to an Amazon S3 bucket that you specify. You can identify which users and accounts called AWS, the source IP address from which the calls were made, and when the calls occurred. For more information about AWS CloudTrail, see the AWS CloudTrail User Guide.

• Amazon CloudWatch Metrics captures metrics for your scheduled contacts when using AWS Ground Station. CloudWatch Metrics enables you to analyze data based on your channel, polarization, and satellite ID to identify signal strength and errors in your contacts. For more information, see Using Amazon CloudWatch Metrics.

Use the following topics to monitor AWS Ground Station.

Topics

• Automating AWS Ground Station with CloudWatch Events (p. 47)

• Logging AWS Ground Station API Calls with AWS CloudTrail (p. 49)

• Metrics with Amazon CloudWatch (p. 51)

Automating AWS Ground Station with CloudWatch Events

Amazon CloudWatch Events enables you to automate your AWS services and respond automatically to system events such as application availability issues or resource changes. Events from AWS services are delivered to CloudWatch Events in near real time. You can write simple rules to indicate which events are of interest to you, and what automated actions to take when an event matches a rule. The actions that can be automatically triggered include the following:

• Invoking an AWS Lambda function

• Invoking Amazon EC2 Run Command

• Relaying the event to Amazon Kinesis Data Streams

• Activating an AWS Step Functions state machine

• Notifying an Amazon SNS topic or an AWS SMS queue

Some examples of using CloudWatch Events with AWS Ground Station include:

• Invoking a Lambda function to automate the starting and stopping of Amazon EC2 instances based oﬀ the event state.

Example CloudWatch Events

• Publishing to an Amazon SNS topic whenever a contact changes states. These topics can be set up to send out email notices at the beginning or end of contacts.

For more information, see the Amazon CloudWatch Events User Guide.

Example CloudWatch Events

Ground Station Contact State Change

If you want to perform a speciﬁc action when an upcoming contact is changing states, you can setup a CloudWatch rule to automate this action. This is helpful for when you want to receive notiﬁcations about the state changes of your contact. The events are sent to the region that the contact was scheduled from.

An example is provided below.

{ "version": "0",

"id": "01234567-0123-0123", "account": "123456789012", "time": "2019-05-30T17:40:30Z", "region": "us-west-2",

"source": "aws.groundstation", "resources": [

"arn:aws:groundstation:us-west-2:123456789012:contact/11111111-1111-1111-1111-111111111111"

"detailType": "Ground Station Contact State Change", "detail": {

"contactId": "11111111-1111-1111-1111-111111111111", "groundstationId": "Ground Station 1",

"missionProfileArn": "arn:aws:groundstation:us-west-2:123456789012:mission-profile/11111111-1111-1111-1111-111111111111",

"satelliteArn":

"arn:aws:groundstation::123456789012:satellite/11111111-1111-1111-1111-111111111111", "contactStatus": "PASS"

"account": "123456789012"

}

Possible states for the contactStatus include PREPASS, PASS, POSTPASS, and COMPLETED.

Ground Station Dataﬂow Endpoint Group State Change

If you want to perform an action when your dataﬂow endpoint group is being used to receive data, you can set up a CloudWatch rule to automate this action. This will allow you to perform diﬀerent actions in response to the dataﬂow endpoint group status changing states. This event will be sent to the region of the dataﬂow endpoint group.

An example is provided below.

{ "version": "0",

"id": "01234567-0123-0123", "account": "123456789012", "time": "2019-05-30T17:40:30Z", "region": "us-west-2",

"source": "aws.groundstation",

Logging API Calls with CloudTrail

"resources": [

"west-2:123456789012:dataflow-endpoint-group/bad957a8-1d60-4c45-a92a-39febd98921d,

west-2:123456789012:contact/98ddd10f-f2bc-479c-bf7d-55644737fb09, arn:aws:groundstation:us-west-2:123456789012:mission-profile/c513c84c-eb40-4473-88a2-d482648c9234"

"detailType": "Ground Station Dataflow Endpoint Group State Change", "detail": {

"dataflowEndpointGroupId": "bad957a8-1d60-4c45-a92a-39febd98921d", "groundstationId": "Ground Station 1",

"contactId": "98ddd10f-f2bc-479c-bf7d-55644737fb09",

"dataflowEndpointGroupArn": "arn:aws:groundstation:us-west-2:680367718957:dataflow-endpoint-group/bad957a8-1d60-4c45-a92a-39febd98921d",

"missionProfileArn": "arn:aws:groundstation:us-west-2:123456789012:mission-profile/

c513c84c-eb40-4473-88a2-d482648c9234",

"dataflowEndpointGroupState": "PREPASS"

"account": "123456789012"

}

Possible states for the dataflowEndpointGroupState include PREPASS, PASS, POSTPASS, and COMPLETED.

Logging AWS Ground Station API Calls with AWS CloudTrail

AWS Ground Station is integrated with AWS CloudTrail, a service that provides a record of actions taken by a user, role, or an AWS service in AWS Ground Station. CloudTrail captures all API calls for AWS Ground Station as events. The calls captured include calls from the AWS Ground Station console and code calls to the AWS Ground Station API operations. If you create a trail, you can enable continuous delivery of CloudTrail events to an Amazon S3 bucket, including events for AWS Ground Station. If you don't conﬁgure a trail, you can still view the most recent events in the CloudTrail console in Event history. Using the information collected by CloudTrail, you can determine the request that was made to AWS Ground Station, the IP address from which the request was made, who made the request, when it was made, and additional details.

To learn more about CloudTrail, see the AWS CloudTrail User Guide.

AWS Ground Station Information in CloudTrail

CloudTrail is enabled on your AWS account when you create the account. When activity occurs in AWS Ground Station, that activity is recorded in a CloudTrail event along with other AWS service events in Event history. You can view, search, and download recent events in your AWS account. For more information, see Viewing Events with CloudTrail Event History.

For an ongoing record of events in your AWS account, including events for AWS Ground Station, create a trail. A trail enables CloudTrail to deliver log ﬁles to an Amazon S3 bucket. By default, when you create a trail in the console, the trail applies to all AWS Regions. The trail logs events from all Regions in the AWS partition and delivers the log ﬁles to the Amazon S3 bucket that you specify. Additionally, you can conﬁgure other AWS services to further analyze and act upon the event data collected in CloudTrail logs.

For more information, see the following:

• Overview for Creating a Trail

• CloudTrail Supported Services and Integrations

• Conﬁguring Amazon SNS Notiﬁcations for CloudTrail

Understanding AWS Ground Station Log File Entries

• Receiving CloudTrail Log Files from Multiple Regions and Receiving CloudTrail Log Files from Multiple Accounts

All AWS Ground Station actions are logged by CloudTrail and are documented in the AWS Ground Station API Reference. For example, calls to the ReserveContact, CancelContact and ListConfigs actions generate entries in the CloudTrail log ﬁles.

Every event or log entry contains information about who generated the request. The identity information helps you determine the following:

• Whether the request was made with root or AWS Identity and Access Management (IAM) user credentials.

• Whether the request was made with temporary security credentials for a role or federated user.

• Whether the request was made by another AWS service.

For more information, see the CloudTrail userIdentity Element.

Understanding AWS Ground Station Log File Entries

A trail is a conﬁguration that enables delivery of events as log ﬁles to an Amazon S3 bucket that you specify. CloudTrail log ﬁles contain one or more log entries. An event represents a single request from any source and includes information about the requested action, the date and time of the action, request parameters, and so on. CloudTrail log ﬁles aren't an ordered stack trace of the public API calls, so they don't appear in any speciﬁc order.

The following example shows a CloudTrail log entry that demonstrates the ReserveContact action.

Example: ReserveContact

{ "eventVersion": "1.05", "userIdentity": { "type": "IAMUser",

"principalId": "EX_PRINICIPLE_ID",

"arn": "arn:aws:sts::123456789012:user/Alice", "accountId": "123456789012",

"accessKeyId": "EXAMPLE_KEY_ID", "sessionContext": {

"eventTime": "2019-05-15T21:14:37Z",

"eventSource": "groundstation.amazonaws.com", "eventName": "ReserveContact",

"awsRegion": "us-east-2", "sourceIPAddress": "127.0.0.1", "userAgent": "Coral/Jakarta", "requestParameters": {

Metrics with Amazon CloudWatch

"satelliteArn":

"arn:aws:groundstation::123456789012:satellite/11111111-2222-3333-4444-555555555555", "groundStation": "Ohio 1",

"startTime": 1558356107,

"missionProfileArn": "arn:aws:groundstation:us-east-2:123456789012:mission-profile/11111111-2222-3333-4444-555555555555",

"endTime": 1558356886 },

"responseElements": {

"contactId": "11111111-2222-3333-4444-555555555555"

"requestID": "11111111-2222-3333-4444-555555555555", "eventID": "11111111-2222-3333-4444-555555555555", "readOnly": false,

"eventType": "AwsApiCall",

"recipientAccountId": "11111111-2222-3333-4444-555555555555"

}

Metrics with Amazon CloudWatch

During a contact, AWS Ground Station automatically captures and sends data to CloudWatch for analysis.

Your data can be viewed on a graph or as source code in the Amazon CloudWatch console. For more information about accessing and CloudWatch Metrics, see Using Amazon CloudWatch Metrics.

AWS Ground Station Metrics and Dimensions

What metrics are available?

The following metrics are available from AWS Ground Station.

Metric Description

Es/N0 The signal to noise ratio.

Units: dBm (decibels relative to milliwatts)

BitErrorRate The unrecoverable error rate on bits in a given number of bit transmissions. Bit errors are caused by noise, distortion, or interference

Units: Bits errors per unit time

BlockErrorRate The error rate of blocks in a given number of received blocks. Block errors are caused by interference.

Units: Erroneous blocks / Total number of blocks

ReceivedPower The measured signal strength in the demodulator/

decoder.

Units: dBm (decibels relative to milliwatts)

What dimensions are used for AWS Ground Station?

You can ﬁlter AWS Ground Station data using the following dimensions.

Viewing Metrics

Dimension Description

Channel The channels for each contact include One, Two, I

(in-phase), and Q (quadrature).

Polarization The polarization for each contact include LHCP (Left Hand Circular Polarized) or RHCP (Right Hand Circular Polarized).

SatelliteId The satellite ID contains the ARN of the satellite for your contacts.

Viewing Metrics

When viewing graphed metrics, it is important to note that the aggregation window determines how your metrics will be displayed. Each metric in a contact can be displayed as data per second for 3 hours after the data is received. Your data will be aggregated by CloudWatch Metrics as data per minute after that 3 hour period has elapsed. If you need to view your metrics on a data per second measurement, it is recommended to view your data within the 3 hour period after the data is received or persist it outside of CloudWatch Metrics.

In addition, any data captured within the ﬁrst 60 seconds will not contain enough information to produce meaningful metrics, and will likely not be displayed. In order to view meaningful metrics, it is recommended to view your data after 60 seconds has passed.

在文檔中 AWS Ground Station (頁 40-59)