Creating the Transfer Node Security Group

Security groups are virtual firewalls for your Amazon instances. In order for you and the Cluster Manager to communicate with the cluster nodes, you must open a few specific ports. The following describes how to create the Transfer Node Security Group.

From the AWS Console, go to EC2 and select Security Groups from the NETWORK & SECURITY section of the left sidebar.
Click Create Security Group.
Name this security group atc-node.
Select your VPC from the VPC drop-down menu.

Click Add Rule and create an inbound rule for each of the ports and protocols listed below to enable connectivity from external systems.

Type	Protocol	Port Range	Source	Port Range	Description
Custom TCP Rule	TCP	443	Anywhere	0.0.0.0/0	The Cluster Manager and external systems communicate to the asperanoded service on this port.
Custom TCP Rule	TCP	33001	Anywhere	0.0.0.0/0	The fasp protocol uses this port to connect to the node.
Custom UDP Rule	UDP	33001	Anywhere	0.0.0.0/0	The fasp protocol uses this port to connect to the node.
SSH	TCP	22	Anywhere	0.0.0.0/0 (or your custom IP address)	Administrators use this port to SSH into the node.
Custom TCP Rule	TCP	43001 - 43010	Custom	VPC subnet of cluster nodes	Nodes use this port for node-to-node communication through ScaleKV.
Custom TCP Rule	TCP	5002	Custom	VPC subnet of cluster nodes	When launched, nodes use this port to retrieve launch configuration information from other nodes if the Cluster Manager is unreachable.

Note: The transfer node runs SSH on port 22 for administrative purposes only. You must use an SSH key when connecting through this port.

For security reasons, Aspera recommends restricting access to port 22 to your own IP address and the subnet used by your transfer nodes.

To do so, configure the SSH TCP rule as follows:

Set the Source to Custom.
Set the Port Range to your IP address and the subnet used by your transfer nodes.

Click Create.