Elastic Compute Cloud

A web service that enables you to launch and manage Linux/UNIX and Windows server instances in Amazon's datacenters.

Amazon Machine Image

An AMI provides the information required to launch an instance, which is a virtual server in the cloud.

The VM-Series AMI is an encrypted machine image that includes the operating system required to instantiate the VM-Series firewall on an EC2 instance.

Elastic Load Balancing

ELB is an Amazon web service that helps you improve the availability and scalability of your applications by routing traffic across multiple Elastic Compute Cloud (EC2) instances. ELB detects unhealthy EC2 instances and reroutes traffic to healthy instances until the unhealthy instances are restored. ELB can send traffic only to the primary interface of the next hop load-balanced EC2 instance. So, to use ELB with a VM-Series firewall on AWS, the firewall must be able to use the primary interface for dataplane traffic.

Elastic Network Interface

An additional network interface that can be attached to an EC2 instance. ENIs can include a primary private IP address, one or more secondary private IP addresses, a public IP address, an elastic IP address (

optional

), a MAC address, membership in specified security groups, a description, and a source/destination check flag.

An EC2 instance can have different types of IP addresses.

An instance in a public subnet can have a Private IP address, a Public IP address, and an Elastic IP address (EIP); an instance in a private subnet will have a private IP address and optionally have an EIP.

Amazon-defined specifications that stipulate the memory, CPU, storage capacity, and hourly cost for an instance. Some instance types are designed for standard applications, whereas others are designed for CPU-intensive, memory-intensive applications, and so on.

Virtual Private Cloud

An elastic network populated by infrastructure, platform, and application services that share common security and interconnection.

Internet gateway provided by Amazon.

Connects a network to the internet. You can route traffic for IP addresses outside your VPC to the internet gateway.

Identity and Access Management

Required for enabling High Availability for the VM-Series firewall on AWS. The IAM role defines the API actions and resources the application can use after assuming the role. On failover, the IAM Role allows the VM-Series firewall to securely make API requests to switch the dataplane interfaces from the active peer to the passive peer.

An IAM role is also required for VM Monitoring. See List of Attributes Monitored on the AWS VPC.

A segment of the IP address range of a VPC to which EC2 instances can be attached. EC2 instances are grouped into subnets based on your security and operational needs.

There are two types of subnets:

A security group is attached to an ENI and it specifies the list of protocols, ports, and IP address ranges that are allowed to establish inbound/outbound connections on the interface.

A set of routing rules that controls the traffic leaving any subnet that is associated with the route table. A subnet can be associated with only one route table.

A set of security credentials you use to prove your identity electronically. The key pair consists of a private key and a public key. At time of launching the VM-Series firewall, you must generate a key pair or select an existing key pair for the VM-Series firewall. The private key is required to access the firewall in maintenance mode.