TrueStack Direct Connect is a VPN management server made to connect Windows and Mac computers to Windows domain controllers and files servers in the AWS and Azure clouds.  This tutorial will help you set up your own TrueStack Direct Connect instance in your Amazon Web Services account.

Set up your AWS Account

If you don’t have an Amazon Web Services account, create a free tier account.

Non-Profits may be eligible for $2000 in yearly AWS credits through Techsoup that can be applied to their account. Apply through Techsoup.org here.

Launch TrueStack Direct Connect

  1. Once you have an AWS account, click on this link to open TrueStack Direct Connect on the marketplace and click Continue to Subscribe in the upper right-hand corner. TrueStack Direct Connect includes a free 30-day trial.
    If you haven’t already signed into your account, you’ll be prompted to sign in now.
  2. Accept the Terms.
  3. Click Continue to Configuration when it’s available.  It may take a few minutes for this button to become available.
  4. Leave the Fulfillment Option and Software version as default.
  5. Choose your region.  If you’re new to AWS we suggest choose a region that is closest to your location.  It should look like this.
  6. Click Continue to Launch.
    1. Choose Action: leave as default – Launch from Website
    2. EC2 Instance Type: We recommend leaving this as default – t2.micro is sufficient for up to 150 connected devices.
    3. VPC Settings: leave as default – we recommend using the default VPC.  If you don’t have a VPC in your account, click Create a VPC in EC2, then click refresh on this page and your default VPC should appear.  It should look like this.
    4. Subnet Settings: leave as default.
    5. Security Group Settings: Click on Create New Based on Seller Settings.

      Ports 80, 443 and 1194 are required to be open for TrueStack Direct Connect to work properly.  Port 80 redirects to 443 and automatically gives the console a secure certificate for web access.  Port 443 is also used for updates.  Port 1194 is used for the VPN connection.

      1. Name your Security Group, for example, TrueStack SG.
      2. Create a description, for example TrueStack Direct Connect Security Group.
      3. Click Save.  It should look like this.
      4. Click refresh for the newly created Security Group to appear.
    6. Key Pair Settings:  Create a key pair if you don’t already have one.  After creating a key pair, click the refresh button on the Marketplace.  The key pair you created should appear in the drop down.  Important:  Download and save the key pair in a secure location.
    7. It should look like this.
  7. Click Launch.

Access the TrueStack Direct Connect Console

  1. Click on the link on the next page to go to your EC2 Console.  Or click here: https://aws.amazon.com.  Under My Account, click on AWS Management Console, then under the All Services / Compute section click on EC2.  This will bring you to the EC2 Dashboard then click on Running Instances in the middle.
  2. Your TrueStack Direct Connect instance should appear on the list of running instances.  Click the edit button under Name and name it “TrueStack Direct Connect”.
  3. It should look similar to this:
  4. Find the public IP from the description tab of the EC2 instance. The TrueStack Direct Connect interface works best in Google Chrome.
    Description1
  5. Open Chrome and copy the public IP in to the the address bar.  The IP should redirect to a TrueStack web address. The redirected URL will look similar to this: https://nk2g.truestack.com. This redirected URL is the address you can use in the future to access your interface.
    RedirectedIP
    Troubleshoot: If the IP doesn’t redirect wait a few minutes. Your instance may still be starting up. After waiting, if it still doesn’t redirect to your TrueStack web address, reboot the EC2 instance from your AWS EC2 dashboard.  A reboot will take about 3 minutes or less.

    1. To Reboot, high-light the Instance and click on the Actions button, then Instant State and Reboot from the drop down menus.
  6. On the TrueStack Direct Connect console acccept the EULA.
  7. In the AWS EC2 dashboard, find your EC2 Instance ID from the description tab. This is your temporary password. Copy it into the password field in the TrueStack Direct Connect console and login. We recommend that you change this password on the Settings tab after you log in.

Additional Required Steps:

  1. Add an elastic IP: Without an elastic IP, connected computers may have to clear their DNS cache every time the instance restarts and gets a new Public IP. 
    1. Shutdown the instance before adding an elastic IP. To shutdown the instance, in the Ec2 Dashboard, choose the instance then click on Actions, Instance State, Stop.
    2. To add an elastic IP, in the EC2 dashboard, click on Elastic IPs under the Network and Security section.  Allocate a new IP and then using Actions associate it with your TrueStack Direct Connect Instance.  Start the Instance again from the dashboard.  After the server has started access the instance from a Chrome browser by the new IP.  The server may take 2 or 3 minutes to start.  It should look like this.

    Troubleshooting: After changing to an elastic IP if your instance isn’t accessible through Chrome by the new elastic IP try these steps:

    1. Clear your DNS cache on the computer.
    2. Clear the cache in Chrome.
    3. Shutdown your TrueStack Direct Connect instance and start it again.  The elastic IP associates with a Truestack.net DNS name on startup.  By shutting down and re-loading your server you will re-initiate this process.
  2. Disable Change Source/Dest: This is required so your Windows servers will be able to route to the local computers. 
    1. In the Ec2 Dashboard, choose the TrueStack Direct Connect instance. Click on Actions, Networking, Change Source/Dest. Check. Click Yes, Disable.
    2. Leave Change Source/Dest. Check Enabled for your Windows servers and Disabled for your TrueStack Direct Connect server.
  3. Add an Additional Route for the VPC: This will allow the Windows domain controller to communicate with the connected computers. Without this route you will not be able to manage AD connected computers with powershell, the command line or group policies.
      1. On the EC2 Dashboard click on Default VPC on the right side.
      2. On the VPC dashboard, click on Your VPCs.  We recommend using the default VPC. If you have multiple VPCs, choose the VPC that is associated with the subnet connected to your TrueStack Direct Connect instance.
      3. Click on the Route Table link associated with the VPC.  You may have to scroll down to see the Route Table link.  The link will open in a new tab.
      4. Choose the route table, click on the Routes tab and click Edit.
      5. Click Add another Route.  Do not make any changes to the current routes.
      6. In the Destination type 5.5.0.0/20
      7. In the Target begin typing “TrueStack Direct Connect”.  Your TrueStack Direct Connect name should auto-complete along with the network ID.  Choose it.
        Troubleshooting: if your TrueStack Direct Connect Server Instance doesn’t automatically appear in a Target drop down list ensure you are on the route table associated with your default VPC.  If you have multiple VPCs ensure your are on the route table associated with the VPC that your TrueStack Direct Connect Instance is associated with.
      8. Click save. You may have to scroll up to find save.
      9. It should look like this.  If your route table shows Black Hole, it’s because the TrueStack Direct Connect server is turned off.  Turn it on and it should change to Active.
  4. Add a rule for All Traffic. This is required in order for your Windows servers in AWS to communicate with your TrueStack Direct Connect server.  Without this rule your on premise computers will not be able to route to your AWS Windows servers.
    1. On the EC2 Dashboard, Under Network and Security, click on Security Groups and choose the TrueStack Direct Connect Security Group.
    2. Click on the Inbound tab and click Edit.
    3. Click Add Rule.
    4. The Type should be All Traffic.
    5. Set Source to Custom.
    6. Type in the your security name, for example TrueStack Security Group and choose it from the drop down list.
    7. Click Save. It should look like this.

Recommendations:

  1. Use the ? help in the TrueStack Direct Connect Console.
  2. Change the default password after you logon.
  3. Periodically create backups from the Admin tab.
  4. Periodically run the updates from the Admin tab.  Create a backup before you update the server.

What’s next?

  1. Practice navigating the Amazon EC2 dashboard, follow our Try it tutorial.
  2. To take a 48-hour test drive email support@truestack.com with subject “Test Drive”.
  3. If you’re considering migrating your on-premise Windows domain controller and file server to AWS read through the Seamless Migration to help you prepare for a successful migration.
  4. For configuration or migration questions contact TrueStack support at support@truestack.com.
Amazon Web Services – Initial Configuration:

Leave a Reply

Your email address will not be published. Required fields are marked *