Milestone Systems

XProtect® on AWS

Getting started guide - XProtect Essential+ 2020 R2

Getting started guide - XProtect Essential+ 2020 R2 | XProtect® on AWS

Contents
Copyright, trademarks, and disclaimer 3

Overview 4

About this guide 4

Introduction 4

Requirements and considerations 6

Getting started checklist 6

Before you start deployment 6

Have an AWS account 6

Have a key pair 7

Deployment 8

Configure and deploy 8

Subscribe 8

Configure and Deploy XProtect Essential+ CloudFormation 9

Connect to your deployment 9

Connect via HTTPS using XProtect Web Client and XProtect Mobile 10

Connect via Remote Desktop Protocol 11

After you deploy 14

Securing your deployment 14

Keeping your deployment secure and updated 14

Changing your license 14

Unsubscribe 15

Unsubscribe from XProtect Essential+ 15

2 | Contents
Getting started guide - XProtect Essential+ 2020 R2 | XProtect® on AWS

Copyright, trademarks, and disclaimer

Copyright © 2020 Milestone Systems A/S

Trademarks

XProtect is a registered trademark of Milestone Systems A/S.

Microsoft and Windows are registered trademarks of Microsoft Corporation. App Store is a service mark of Apple
Inc. Android is a trademark of Google Inc.

All other trademarks mentioned in this document are trademarks of their respective owners.

Disclaimer

This text is intended for general information purposes only, and due care has been taken in its preparation.

Any risk arising from the use of this information rests with the recipient, and nothing herein should be construed
as constituting any kind of warranty.

Milestone Systems A/S reserves the right to make adjustments without prior notification.

All names of people and organizations used in the examples in this text are fictitious. Any resemblance to any
actual organization or person, living or dead, is purely coincidental and unintended.

This product may make use of third-party software for which specific terms and conditions may apply. When that
is the case, you can find more information in the file 3rd_party_software_terms_and_conditions.txt located in your
Milestone system installation folder.

3 | Copyright, trademarks, and disclaimer

Getting started guide - XProtect Essential+ 2020 R2 | XProtect® on AWS

Overview

About this guide

This single computer installation guide for XProtect VMS serves as a point of reference to getting started with your
XProtect VMS deployment in your AWS infrastructure environment. The guide helps you perform the basic
deployment and configuration of your system and to verify connections between clients and server.

The guide has checklists and tasks that help you get started with the software and prepare you for working with the
system.

Introduction
Milestone XProtect Essential+ on AWS Marketplace provides the free Essential+ version of XProtect in a
CloudFormation template that you can deploy in your AWS service account. The CloudFormation stack contains an
Amazon Elastic Compute Cloud (EC2) instance and a Virtual Private Cloud (VPC) running Windows Server 2019.

The XProtect Essential+ CloudFormation AMI includes four preinstalled virtual cameras with prerecorded video
streams used to demonstrate a basic VMS installation. With XProtect Essential+ you can replace or add to the
preinstalled virtual cameras and connect up to eight cameras while using the XProtect software suite without
restriction.

If you already have an XProtect license, or if you want to deploy another Milestone XProtect
version, use the Milestone XProtect® Bring Your Own License (BYOL) 2020 R2
CloudFormation and XProtect BYOL getting started guide instead.

The XProtect Essential+ CloudFormation template creates a Virtual Private Cloud (VPC) and deploys the XProtect
VMS software on a c5.xlarge Elastic Compute Cloud (EC2) instance running Windows Server 2019. Amazon Elastic
Block Storage (EBS) is used for the EC2 instance, providing expandable storage based on your usage.

The charges for using the AWS services required by the XProtect Essential+

CloudFormation are listed when you subscribe to XProtect Essential+ in the
AWS marketplace. For more information about the XProtect Essential+ AMI, including
service cost analysis and coverage areas, see XProtect on AWS.

Once deployed, connect to your EC2 instance using Remote Desktop Protocol (RDP), or access the VMS via HTTPS
using the XProtect Web Client and XProtect Mobile.

This guide will explain how to deploy and use the XProtect Essential+ CloudFormation, and is divided as follows:

4 | Overview
Getting started guide - XProtect Essential+ 2020 R2 | XProtect® on AWS

l Overview – Information about this guide and an introduction to the XProtect Essential+ CloudFormation

l Requirements and considerations – Prerequisites for deploying the XProtect Essential+ CloudFormation
and a deployment checklist

l Deployment – How to configure the CloudFormation template parameters and connect to the deployed
EC2 instance

l After you deploy – Important steps to take after you have connected

l Unsubscribe – How to unsubscribe from XProtect Essential+

To get started, see the Getting started checklist.

It is recommended that you have a good understanding of application deployment in AWS

VPC environments, and know how to manage EC2 instances and storage as well as security
and network services using the AWS Management Console. Consult the AWS Learning Path
Tool for more information about the competencies recommended by AWS.

5 | Overview
Getting started guide - XProtect Essential+ 2020 R2 | XProtect® on AWS

Requirements and considerations

Getting started checklist

Follow the checklist below to ensure that you carry out the steps of your XProtect Essential+ deployment and
configuration in the right order. Each step is detailed in the subsequent sections.

l Have an AWS account

Prerequisites
l Have a key pair

l Subscribe to XProtect Essential+ on AWS

Marketplace
Configuration and deployment
l Configure and deploy the CloudFormation
template

Connecting via XProtect Web Client and l Connect via HTTPS using XProtect Web Client
XProtect Mobile l Connect using XProtect Mobile

Connecting via RDP l Connect via Remote Desktop Protocol (RDP)

l Change the Windows administrator account

Securing your deployment password of your EC2 instance

l Install Windows updates

Before you start deployment

Before deploying the XProtect Essential+ CloudFormation, there are several prerequisites you must meet.

Have an AWS account

You must create or use an existing AWS account with the appropriate permissions.

IAM users will have the appropriate permissions by default. However, you may need to
contact your IT department for account creation settings depending on the network
infrastructure of your organization.

6 | Requirements and considerations

Getting started guide - XProtect Essential+ 2020 R2 | XProtect® on AWS

Have a key pair

You must create or use an existing key pair to connect to the EC2 instance.

For information about how to create a key pair using the EC2 console or to import your own
public key, see Create a key pair using Amazon EC2.

7 | Requirements and considerations

Getting started guide - XProtect Essential+ 2020 R2 | XProtect® on AWS

Deployment

Configure and deploy

The XProtect Essential+ CloudFormation stack includes a Virtual Private Cloud (VPC) alongside the required
AWS services to create a cloud-based VMS deployment. The CloudFormation template uses a custom Amazon
Machine Image (AMI) to configure and deploy the XProtect VMS software on a c5.xlarge Elastic Compute Cloud
(EC2) instance.

As defined by the configuration parameters , the CloudFormation template deploys an Elastic Block Storage
(EBS) volume that contains the Windows Server 2019 operating system, XProtect Essential+ software, and a
Microsoft SQL Server Express database containing VMS logs and configuration entries.

If you meet the prerequisites you are ready to configure and deploy the CloudFormation template.

Subscribe
To deploy the CloudFormation template, you must first subscribe to XProtect Essential+ on AWS Marketplace:

8 | Deployment
Getting started guide - XProtect Essential+ 2020 R2 | XProtect® on AWS

1. Go to the Milestone XProtect Essential+ marketplace listing.

2. In the upper right-hand corner, select Continue to Subscribe.

3. Read through the Terms and Conditions and in the upper right-hand corner, select Continue to
Configuration.

4. In the Region dropdown list, select your region. In the upper right-hand corner, select Continue to
Launch.

5. In the lower right-hand corner, select Launch to open the AWS CloudFormation console.

Configure and Deploy XProtect Essential+ CloudFormation

After you have subscribed, configure and deploy the CloudFormation template using the following steps:

1. In the lower right-hand corner of the Specify template screen, select Next.

2. In the Stack name field, enter a name with which to identify the CloudFormation stack.

3. In the Key Pair Name field, select a key pair with which to decrypt the EC2 instance password.

4. In the XProtect Mobile Server Ingress CIDR Block field, enter the Classless Inter-Domain Routing (CIDR)
block of inbound IP addresses used to connect to the XProtect Web Client and XProtect Mobile.

XProtect Web Client and XProtect Mobile allow you to view your XProtect VMS
without having to connect to the VPC directly. For more information about how to
connect via XProtect Web Client and XProtect Mobile after deployment, see Connect
via HTTPS.

5. In the RDP Ingress CIDR Block field, enter in the CIDR block of inbound IP addresses used to connect via
Remote Desktop Protocol (RDP).

6. In the lower right-hand corner, select Next.

7. In the Configure stack options screen, configure any additional options and permissions and select Next.

8. In the Review screen, verify your configuration and select Create stack.

Deploying the CloudFormation stack should take about 20 minutes.

Connect to your deployment

Once the XProtect Essential+ CloudFormation stack has been deployed, you can access XProtect Essential+ via
HTTPS using the XProtect Web Client or XProtect Mobile, or connect to the VPC using the RDP key pair specified
during configuration.

9 | Deployment
Getting started guide - XProtect Essential+ 2020 R2 | XProtect® on AWS

Connect via HTTPS using XProtect Web Client and XProtect Mobile
The XProtect Essential+ CloudFormation allows you access XProtect Essential+ using the XProtect Web Client or
XProtect Mobile without having to do additional configuration through the VPC. To connect follow these steps:

1. From the AWS management console, open the CloudFormation page.

2. Select the CloudFormation stack that you created. It is identified by the Stack name specified during
configuration.

3. In the Resources tab, you will see all of the stack elements that were created by the CloudFormation
script. Select the Physical ID link that corresponds to the EC2.

4. In the Description tab of the EC2 Instances page, locate the Instance ID and Public DNS (IPv4)
fields.

10 | Deployment
Getting started guide - XProtect Essential+ 2020 R2 | XProtect® on AWS

For XProtect Web Client: For XProtect Mobile:

5. Download XProtect Mobile onto your smart

device from Google Play for Android or App
Store for iOS.
5. Open a web browser and enter in the Public
6. Open the application on your smart device.
DNS (IPv4) followed by port 8082 in the
following format: 7. From the main menu, select Add server,
then select Add server manually.
https://<Public DNS of the EC2
instance>:8082 8. Enter in the following settings:

6. On the login screen, enter the following Name: <Custom name for the server>
credentials, using the Instance ID located
Address: <Public DNS of the EC2 instance>
above:
User name: ec2-user
User name: ec2-user
Password: <Instance ID of the EC2
Password: <Instance ID of the EC2 instance>
instance>
7. Select the login button.
9. Enable the Secure connection toggle to
You are now connected to your AWS deployment connect over HTTPS.
through XProtect Web Client.
10. Select the connection check box.

For more information about You are now connected to your AWS deployment
how to use XProtect Web through XProtect Mobile.
Client, see XProtect Web Client
user manual. For more information about
how to use XProtect Mobile,
see XProtect Mobile user
manual.

If you are having problems connecting, ensure the IP address you are accessing XProtect
Web Client or XProtect Mobile from is part of the XProtect Mobile Server Ingress CIDR
Block.

Connect via Remote Desktop Protocol

To view and configure XProtect Essential+ through XProtect Smart Client and XProtect Management Client, access
the created VPC via Remote Desktop Protocol (RDP) using these steps:

11 | Deployment
Getting started guide - XProtect Essential+ 2020 R2 | XProtect® on AWS

1. From the AWS management console, open the CloudFormation page.

2. Select the CloudFormation stack that you created. It is identified by the Stack name specified during
configuration.

3. In the Resources tab, you will see all of the stack elements that were created by the CloudFormation
script. Select the Physical ID link that corresponds to the EC2.

4. Select Connect at the top of the EC2 Instances page.

5. In the Connect to your instance window, select Get Password.

6. The Key Name shows the name of the key pair you specified during configuration. To associate the key pair
with the Key Pair name, select Choose File and locate the key pair file on your local machine.

12 | Deployment
Getting started guide - XProtect Essential+ 2020 R2 | XProtect® on AWS

7. Select Decrypt Password to view the password for the RDP connection.

8. Select Back to return to the previous screen, then select Download Remote Desktop File.

9. Open the downloaded (.rdp) file, and select Connect on any identification warnings that may appear.

10. Enter in the password you decrypted from step 7 and select Connect.

You are now connected to the VPC running XProtect Essential+.

If you are having problems connecting, ensure the IP address you are accessing the EC2
instance from is part of the RDP Ingress CIDR Block.

13 | Deployment
Getting started guide - XProtect Essential+ 2020 R2 | XProtect® on AWS

After you deploy

Securing your deployment

Because your XProtect Essential+ deployment is connected to the internet, there are steps you should take to
ensure the security and stability of your installation.

Your XProtect Essential+ license is activated automatically online after deployment. Ensure
that your deployment has internet connectivity to activate your license and use XProtect
Essential+ beyond the 30-day activation grace period.

Keeping your deployment secure and updated

To ensure the continued stability and security of the installation, keep your installation up to
date with the latest updates to your Windows Server 2019 version.

Installing Windows updates

Install relevant Windows updates according to the security policy of your organization. Alternatively, if you restrict
online connectivity to your VPC, you can connect your XProtect Essential+ deployment to a Windows update
service without exposing the VPC to the internet.

Change the password of your EC2 instance

After deployment, you should change the Windows administrator password of the EC2 instance according to the
security policy of your organization.

Changing your license

To upgrade your deployment to a version beyond XProtect Essential+, it is recommended that you deploy the
Milestone XProtect® Bring Your Own License (BYOL) 2020 R2 CloudFormation template and obtain a license for
your desired XProtect version from a Milestone distributor or reseller.

If you decide to deploy XProtect BYOL through AWS, it is important to unsubscribe from
XProtect Essential+ through the AWS management console and terminate any additional
services. For more information, see Unsubscribe from XProtect Essential+.

14 | After you deploy

Getting started guide - XProtect Essential+ 2020 R2 | XProtect® on AWS

Unsubscribe

Unsubscribe from XProtect Essential+

To unsubscribe from XProtect Essential+:

1. Delete the CloudFormation stack:

1. Open the CloudFormation service page in AWS Management console.

2. Select the deployed XProtect Essential+ CloudFormation stack.

3. Select Delete, then select Delete stack in the confirmation dialog.

2. Unsubscribe from the marketplace listing:

1. Open the AWS Marketplace Subscriptions service page in AWS Management console.

2. Select the XProtect Essential+ marketplace listing.

3. In the upper right-hand corner, select Actions > Cancel subscription.

4. In the Cancel subscription dialog box, select the confirmation check box, then select Yes, cancel
subscription.

You are now unsubscribed from XProtect Essential+.

Any services you have deployed in addition to those deployed by the XProtect Essential+
CloudFormation, such as EBS storage services or EC2 instances, will not be removed by
unsubscribing from the marketplace listing and must be deleted or terminated separately.

15 | Unsubscribe
 helpfeedback@milestone.dk

About Milestone

Milestone Systems is a leading provider of open platform video management software; technology that helps
the world see how to ensure safety, protect assets and increase business efficiency. Milestone Systems
enables an open platform community that drives collaboration and innovation in the development and use of
network video technology, with reliable and scalable solutions that are proven in more than 150,000 sites
worldwide. Founded in 1998, Milestone Systems is a stand-alone company in the Canon Group. For more
information, visit https://www.milestonesys.com/.