Milestone Systems

XProtect® on AWS 2022 R1

Getting started guide - XProtect Essential+

ContentsCopyright, trademarks, and disclaimer 3

Overview 4

About this guide 4

Introduction 4

Requirements and considerations 6

Getting started checklist 6

Before you start deployment 6

Have an AWS account 6

Have a key pair 7

Deployment 8

Configure and deploy 8

Subscribe 8

Configure and deploy XProtect Essential+ CloudFormation 9

Connecting to your deployment 10

Connect using XProtect Web Client and XProtect Mobile 10

Connect via secure network protocol (HTTPS) 10

Connect via non-secure network protocol (HTTP) 13

Connect via Remote Desktop Protocol 16

Secure the communication 18

After you deploy 19

Securing your deployment 19

Update and secure your deployment 19

Change your XProtect license 20

Unsubscribe 21

Unsubscribe from XProtect Essential+ 21

Getting started guide - XProtect Essential+ | XProtect® on AWS 2022 R1

2 | Contents

Copyright, trademarks, and disclaimerCopyright © 2022 Milestone Systems A/S

Trademarks

XProtect is a registered trademark of Milestone Systems A/S.

Microsoft andWindows are registered trademarks of Microsoft Corporation. App Store is a service mark ofApple Inc. Android is a trademark of Google Inc.

All other trademarks mentioned in this document are trademarks of their respective owners.

Disclaimer

This text is intended for general information purposes only, and due care has been taken in its preparation.

Any risk arising from the use of this information rests with the recipient, and nothing herein should be construedas constituting any kind of warranty.

Milestone Systems A/S reserves the right to make adjustments without prior notification.

All names of people and organizations used in the examples in this text are fictitious. Any resemblance to anyactual organization or person, living or dead, is purely coincidental and unintended.

This product may make use of third-party software for which specific terms and conditions may apply. When thatis the case, you can findmore information in the file 3rd_party_software_terms_and_conditions.txt located in yourMilestone system installation folder.

Getting started guide - XProtect Essential+ | XProtect® on AWS 2022 R1

3 | Copyright, trademarks, and disclaimer

Overview

About this guideThis single computer installation guide for XProtect® on AWS helps you get started with your XProtect VMSdeployment in your AWS infrastructure. The guide has checklists and tasks that help you deploy and configureyour system and verify connections between server and clients.

IntroductionMilestone XProtect® Essential+ in AWS Marketplace provides the free, Essential+ version of XProtect in an AWSCloudFormation template that you can deploy in your AWS service account. The XProtect Essential+CloudFormation stack contains an Amazon Elastic Compute Cloud (EC2) instance and an Amazon Virtual PrivateCloud (VPC), which runs Windows Server 2019.

The XProtect Essential+ CloudFormation template includes four preinstalled virtual cameras with prerecordedvideo streams that are used to demonstrate a basic VMS installation. With XProtect Essential+ you can replaceor add to the preinstalled virtual cameras and connect up to eight cameras. You can also use XProtect Essential+without restriction.

If you already have an XProtect license, or if you want to deploy another MilestoneXProtect version, use theMilestone XProtect® Bring Your Own License (BYOL)CloudFormation instead. For more information, see the getting started guide for XProtectBYOL on AWS.

The XProtect Essential+ CloudFormation template creates a Virtual Private Cloud (VPC) and deploys the XProtectVMS software on a c5.xlarge EC2 instance. The EC2 instance uses Amazon Elastic Block Storage (EBS), whichprovides expandable storage based on your usage.

The charges for using the AWS services required by the XProtect Essential+CloudFormation are listed when you subscribe to XProtect Essential+ in AWS Marketplace.For more information, see the documentation for XProtect on AWS.

After you deploy, use Remote Desktop Protocol (RDP) to connect to your EC2 instance, or use the XProtect WebClient and XProtect Mobile to access the VMS via HTTPS.

This guide explains how to deploy and use the XProtect Essential+ CloudFormation, and is divided as follows:

l Overview – Information about this guide and an introduction to the XProtect Essential+ CloudFormation

l Requirements and considerations – Prerequisites for deploying the XProtect Essential+ CloudFormationand a deployment checklist

Getting started guide - XProtect Essential+ | XProtect® on AWS 2022 R1

4 | Overview

l Deployment – How to configure the XProtect Essential+ CloudFormation template parameters andconnect to the deployed EC2 instance

l After you deploy – Important steps to take after you have connected

l Unsubscribe – How to unsubscribe from XProtect Essential+

To get started, see the Getting started checklist.

It is recommended that you have a good understanding of application deployment in AWSVPC environments and know how to manage EC2 instances and storage as well assecurity and network services in the AWS Management Console. For more informationabout the competencies recommended by AWS, consult the AWS Learning Path Tool.

Getting started guide - XProtect Essential+ | XProtect® on AWS 2022 R1

5 | Overview

Requirements and considerations

Getting started checklistFollow the checklist to make sure that you carry out the steps of your XProtect Essential+ deployment andconfiguration in the correct order. Each step is detailed in the later sections of this guide.

Prerequisitesl Have an AWS account

l Have a key pair

Configuration anddeployment

l Subscribe to XProtect Essential+ in AWS Marketplace

l Configure and deploy the XProtect Essential+ CloudFormationtemplate

Connecting to yourdeployment

l Connect via HTTPS using XProtect Web Client

l Connect via XProtect Mobile

Connecting via RDP l Connect via Remote Desktop Protocol (RDP)

Securing your deployment

l Change the Windows administrator account password of yourEC2 instance

l Install Windows updates

Before you start deploymentBefore you deploy the XProtect Essential+ CloudFormation, youmust meet the following prerequisites.

It is highly recommended that you consult the Milestone Cloud Solutions training track forinteractive courses that cover Milestone cloud fundamentals.

Have an AWS account

Youmust create or use an existing AWS account with the necessary permissions.

Getting started guide - XProtect Essential+ | XProtect® on AWS 2022 R1

6 | Requirements and considerations

It is not recommended to use root user credentials to manage or deploy your AWSinfrastructure.

If you are an AWS Identity and Access Management (IAM) user, then you have thenecessary permissions by default. However, youmight need to contact yourIT department for account access settings depending on the network infrastructure ofyour organization.

Have a key pair

To connect to the EC2 instance, youmust create or use an existing key pair.

For information about how to create a key pair in the EC2 console or to import your ownpublic key, see Create a key pair using Amazon EC2.

Getting started guide - XProtect Essential+ | XProtect® on AWS 2022 R1

7 | Requirements and considerations

Deployment

Configure and deployThe XProtect Essential+ CloudFormation stack includes a Virtual Private Cloud (VPC) and the requiredAWS services, to create a cloud-based VMS deployment. The XProtect Essential+ CloudFormation template usesa custom AmazonMachine Image (AMI) to configure and deploy the XProtect VMS software on a c5.xlargeElastic Compute Cloud (EC2) instance.

The XProtect Essential+ CloudFormation template deploys an Elastic Block Storage (EBS) volume that containsthe Windows Server 2019 operating system, XProtect Essential+ software, and a Microsoft SQL Server Expressdatabase containing VMS logs and configuration entries.

If youmeet the prerequisites then you are ready to configure and deploy the XProtect Essential+CloudFormation template.

Subscribe

To deploy the XProtect Essential+ CloudFormation template, youmust first subscribe to XProtect Essential+ inAWS Marketplace:

Getting started guide - XProtect Essential+ | XProtect® on AWS 2022 R1

8 | Deployment

1. Go to the Milestone XProtect Essential+ marketplace listing.

2. In the upper right-hand corner, select Continue to Subscribe.

3. Read the Terms and Conditions and in the upper right-hand corner, select Continue to Configuration.

4. In the Region dropdown list, select your region. In the upper right-hand corner, select Continue toLaunch.

5. In the lower right-hand corner, select Launch to open the AWS CloudFormation console.

Configure and deploy XProtect Essential+ CloudFormation

After you subscribe, configure and deploy the XProtect Essential+ CloudFormation template:

1. In the lower right-hand corner of the Specify template screen, selectNext.

2. In the Stack name field, enter a name to identify the XProtect Essential+ CloudFormation stack with.

3. In the Key Pair Name field, select a key pair to decrypt the EC2 instance password with.

4. In the Server Ingress CIDR Block field, enter the Classless Inter-Domain Routing (CIDR) block of inboundIP addresses used to connect to the XProtect Web Client and XProtect Mobile.

Milestone recommends that you use the secure network protocol (HTTPS). Use only the non-securenetwork protocol (HTTP) for installations for simple test or demo scenarios.

HTTPS uses port 8082 for the secure communication, while HTTP uses port 8081. If you use HTTPS,remove port 8081 in the Security Group for improved protection of your installation.

XProtect Web Client and XProtect Mobile let you view your XProtect VMS withouthaving to connect to the VPC directly. For more information about how to connectvia XProtect Web Client and XProtect Mobile after deployment, see Connect viasecure network protocol (HTTPS) on page 10 and Connect via non-secure networkprotocol (HTTP) on page 13.

5. In the RDP Ingress CIDR Block field, enter in the CIDR block of inbound IP addresses used to connect viaRemote Desktop Protocol (RDP).

6. In the lower right-hand corner, selectNext.

7. In the Configure stack options screen, configure any additional options and permissions, and selectNext.

8. In the Review screen, verify your configuration and select Create stack.

Deploying the XProtect Essential+ CloudFormation stack takes about 20 minutes.

Getting started guide - XProtect Essential+ | XProtect® on AWS 2022 R1

9 | Deployment

Connecting to your deploymentThere are different options of establishing a connection to your deployment.

To view video from your XProtect Essential+ installation on CloudFormation using XProtect Web Client andXProtect Mobile, see Connect using XProtect Web Client and XProtect Mobile on page 10.

To manage your XProtect Essential+ installation on CloudFormation with XProtect Management Client and viewvideo using Smart Client, see Connect via Remote Desktop Protocol on page 16.

Connect using XProtect Web Client and XProtect Mobile

The XProtect Essential+ CloudFormation lets you access video from XProtect Essential+ using the XProtect WebClient and XProtect Mobile.

How you establish the connection depends on the network protocol you chose during your configuration anddeployment of the XProtect Essential+ CloudFormation. No additional configuration through the VPC is needed.

For more information, see:

l Connect via secure network protocol (HTTPS) on page 10 (recommended)

l Connect via non-secure network protocol (HTTP) on page 13 (only for test and demo purposes)

Connect via secure network protocol (HTTPS)

After you deploy the XProtect Essential+ CloudFormation stack, you first establish secure communicationbetween the XProtect components. You do this by connecting to the VPC using the RDP key pair that youspecified during configuration and by generating and installing an SSL certificate.

Youmust secure the communication to XProtect Web Client and XProtect Mobile beforeestablishing the connection. For more information, see Secure the communication onpage 18.

Getting started guide - XProtect Essential+ | XProtect® on AWS 2022 R1

10 | Deployment

1. In the AWS Management Console, open the CloudFormation page.

2. Select the XProtect Essential+ CloudFormation stack that you created. It is identified by the Stack namethat you specified during configuration.

3. In the Resources tab, you will see all the stack elements that were created by the XProtect Essential+CloudFormation template. Select the Physical ID link that corresponds to the EC2 instance.

4. In the AWS Management Console, open the CloudFormation page.

5. Select the XProtect Essential+ CloudFormation stack that you created. It is identified by the Stack namethat you specified during configuration.

Getting started guide - XProtect Essential+ | XProtect® on AWS 2022 R1

11 | Deployment

6. In the Resources tab, you will see all the stack elements that were created by the XProtect Essential+CloudFormation template. Select the Physical ID link that corresponds to the EC2 instance.

7. In the Description tab of the EC2 Instances page, locate the Instance ID and Public DNS (IPv4)fields.

5. If the HTTP port 8081 is not used, remove port 8081 in the Security Group for improved protection ofyour installation.s

Getting started guide - XProtect Essential+ | XProtect® on AWS 2022 R1

12 | Deployment

For XProtect Web Client: For XProtect Mobile:

6. Open a web browser and enter the PublicDNS (IPv4) followed by port 8082 in thefollowing format:

https://<Public DNS of the EC2instance>:8082

7. On the login screen, enter the followingcredentials, using the Instance ID locatedabove:

User name: ec2-user

Password: AWS<Instance ID of the EC2instance>

8. Select Login.

You are now connected to your AWS deploymentthrough XProtect Web Client.

For more information, see the user manual forXProtect Web Client.

6. Install XProtect Mobile onto your smartdevice from Google Play for Android or AppStore for iOS.

7. Open the application on your smart device.

8. In the mainmenu, select Add server, thenselect Add server manually.

9. Enter the following information:

Name: <Custom name for the server>

Address: <Public DNS of the EC2instance>

User name: ec2-user

Password: AWS<Instance ID of the EC2instance>

10. Enable the Secure connection toggle toconnect over HTTPS.

11. Select the connection check box.

You are now connected to your AWS deploymentthrough XProtect Mobile.

For more information, see the user manual forXProtect Mobile.

If you are having problems connecting, make sure that the IP address that you areaccessing the EC2 instance from is part of the RDP Ingress CIDR Block.

Connect via non-secure network protocol (HTTP)

Milestone recommends that you use the secure network protocol (HTTPS). However, if you are deployingXProtect Essential+ CloudFormation stack for a simple test and demo scenario, you can use the non-securenetwork protocol (HTTP) which is simpler to configure. HTTP uses port 8081.

The XProtect Essential+ CloudFormation lets you access XProtect Essential+ using the XProtect Web Client andXProtect Mobile. No additional configuration through the VPC is needed.

Getting started guide - XProtect Essential+ | XProtect® on AWS 2022 R1

13 | Deployment

1. In the AWS Management Console, open the CloudFormation page.

2. Select the XProtect Essential+ CloudFormation stack that you created. It is identified by the Stack namethat you specified during configuration.

3. In the Resources tab, you will see all the stack elements that were created by the XProtect Essential+CloudFormation template. Select the Physical ID link that corresponds to the EC2 instance.

4. In the AWS Management Console, open the CloudFormation page.

5. Select the XProtect Essential+ CloudFormation stack that you created. It is identified by the Stack namethat you specified during configuration.

Getting started guide - XProtect Essential+ | XProtect® on AWS 2022 R1

14 | Deployment

6. In the Resources tab, you will see all the stack elements that were created by the XProtect Essential+CloudFormation template. Select the Physical ID link that corresponds to the EC2 instance.

7. In the Description tab of the EC2 Instances page, locate the Instance ID and Public DNS (IPv4)fields.

Getting started guide - XProtect Essential+ | XProtect® on AWS 2022 R1

15 | Deployment

For XProtect Web Client: For XProtect Mobile:

5. Copy the DNS name.

6. Open a web browser and paste the DNSname into the address bar followed byt theHTTP port number 8081 in the followingformat:

http://<Public DNS of the EC2instance>:8081

7. On the login screen, enter the followingcredentials, using the Instance ID locatedabove:

User name: ec2-user

Password: AWS<Instance ID of the EC2instance>

8. Select Login.

You are now connected to your AWS deploymentthrough XProtect Web Client.

For more information, see the user manual forXProtect Web Client.

5. Install XProtect Mobile onto your smartdevice from Google Play for Android or AppStore for iOS.

6. Open the application on your smart device.

7. In the mainmenu, select Add server, thenselect Add server manually.

8. Enter the following information:

Name: <Custom name for the server>

Address: <Public DNS of the EC2instance>

User name: ec2-user

Password: AWS<Instance ID of the EC2instance>

9. Disable the Secure connection toggle toconnect over HTTP.

10. Select the connection check box.

You are now connected to your AWS deploymentthrough XProtect Mobile.

For more information, see the user manual forXProtect Mobile.

If you are having problems connecting, make sure that the IP address that you areaccessing the EC2 instance from is part of the RDP Ingress CIDR Block.

Connect via Remote Desktop Protocol

To configure the XProtect Essential+ CloudFormation installation through XProtect Management Client and viewvideo using XProtect Smart Client , access the VPC you deployed via Remote Desktop Protocol (RDP):

1. In the AWS Management Console, open the CloudFormation page.

2. Select the XProtect Essential+ CloudFormation stack that you created. It is identified by the Stack namethat you specified during configuration.

Getting started guide - XProtect Essential+ | XProtect® on AWS 2022 R1

16 | Deployment

3. In the Resources tab, you will see all the stack elements that were created by the XProtect Essential+CloudFormation template. Select the Physical ID link that corresponds to the EC2 instance.

4. At the top of the EC2 Instances page, select Connect .

5. In the Connect to your instance window, select Get Password.

6. The Key Name shows the name of the key pair that you specified during configuration. To associate thekey pair with the Key Pair name, select Choose File and locate the key pair file on your local machine.

7. Select Decrypt Password to view the password for the RDP connection.

Getting started guide - XProtect Essential+ | XProtect® on AWS 2022 R1

17 | Deployment

8. Select Back to return to the previous screen, then select Download Remote Desktop File.

9. Open the downloaded .rdp file and select Connect on any identification warnings that may appear.

10. Enter the password you decrypted in step 7 and select Connect.

You are now connected to the VPC, which is running XProtect Essential+.

If you are having problems connecting, make sure that the IP address that you areaccessing the EC2 instance from is part of the RDP Ingress CIDR Block.

Secure the communication

You secure the communication between XProtect Essential+ and XProtect Web Client and XProtect Mobile bygenerating and installing an SSL certificate on your server. When installed, the XProtect componentscommunicate through HTTPS and port 8082.

1. Generate an SSL certificate. For more information, see the certificates guide about how to secure yourXProtect VMS installations.

2. Connect to the deployed computer via a remote desktop protocol. For more information, see Connect viaRemote Desktop Protocol on page 16.

3. From the tray area, right-click the Milestone XProtect Mobile Server tray manager

4. From the menu, select Server Configurator.

5. From the Encryption tab, enableMobile streaming media certificate.

6. Select your SSL certificate.

7. Click Apply to start the installation of the SSL certificate.

8. Wait until all services are restarted.

Getting started guide - XProtect Essential+ | XProtect® on AWS 2022 R1

18 | Deployment

After you deploy

Securing your deploymentBecause your XProtect Essential+ deployment is connected to the internet, there are steps that you should taketo ensure the security and stability of your installation.

Your XProtect Essential+ license is activated automatically online after you deploy theXProtect Essential+ CloudFormation. Make sure that your deployment has internetconnectivity to activate your license and to be able to use XProtect Essential+ after the 30-day activation grace period.

Update and secure your deployment

To ensure the continued stability and security of the installation, keep your installation upto date with the latest updates to your Windows Server 2019 version.

Install Windows updates

Install relevant Windows updates according to the security policy of your organization. If you restrict onlineconnectivity to your VPC, you can connect your XProtect Essential+ deployment to a Windows update servicewithout exposing the VPC to the internet.

Change the password of your EC2 instance

After you deploy, you should change the Windows administrator password of the EC2 instance according to thesecurity policy of your organization.

Get help

Milestone does not provide any direct technical support on the XProtect Essential+product. Customers who deploy XProtect Essential+ can find wide set of self-service andsupport resources to end-users usingMilestone Support. You can also use MilestoneSupport Community to ask questions and help other customers by answering theirquestions.

Getting started guide - XProtect Essential+ | XProtect® on AWS 2022 R1

19 | After you deploy

Change your XProtect licenseTo upgrade your deployment to a version other than XProtect Essential+, deploy theMilestone XProtect BringYour Own License (BYOL) CloudFormation template and obtain a license for your desired XProtect version froma Milestone distributor or reseller.

If you decide to deploy XProtect BYOL through AWS, unsubscribe from XProtect Essential+in the AWS Management Console and terminate any added services. For moreinformation, see Unsubscribe from XProtect Essential+.

Getting started guide - XProtect Essential+ | XProtect® on AWS 2022 R1

20 | After you deploy

Unsubscribe

Unsubscribe fromXProtect Essential+1. Delete the CloudFormation stack:

1. In the AWS Management Console, open the CloudFormation service page.

2. Select the deployed XProtect Essential+ CloudFormation stack.

3. Select Delete, and in the confirmation dialog, select Delete stack .

2. Unsubscribe from the marketplace listing:

1. In the AWS Management Console, open the AWS Marketplace Subscriptions service page.

2. Select the XProtect Essential+marketplace listing.

3. In the upper right-hand corner, select Actions > Cancel subscription.

4. In the Cancel subscription dialog box, select the confirmation check box, then select Yes, cancelsubscription.

You are now unsubscribed from XProtect Essential+.

Any services that you deploy other than those deployed by the XProtect Essential+CloudFormation, such as EBS storage services or EC2 instances, will not be removedwhen you unsubscribe from the marketplace listing. Youmust delete or terminate theseservices separately.

Getting started guide - XProtect Essential+ | XProtect® on AWS 2022 R1

21 | Unsubscribe

About Milestone

Milestone Systems is a leading provider of open platform video management software; technology that helpsthe world see how to ensure safety, protect assets and increase business efficiency. Milestone Systemsenables an open platform community that drives collaboration and innovation in the development and use ofnetwork video technology, with reliable and scalable solutions that are proven inmore than 150,000 sitesworldwide. Founded in 1998, Milestone Systems is a stand-alone company in the Canon Group. For moreinformation, visit https://www.milestonesys.com/.

helpfeedback@milestone.dk