TAC can be deployed in Amazon Web Services environment by importing the TAC image into AWS.
See AWS official guide on how to upload and create a VM using VM image here:
TAC supports single NIC deployment and ensures the AWS Network Security Group (NSG) has proper rules in place to allow HTTP/HTTPS connection and RDP connection to the TAC Gateway.
By Default TAC require Port 80 and 443 opened in the security group assigned to the TAC instance and the VPC.
You may use their own licensing or AWS Licensing.
IMPORTANT: TAC Server is only accessible with in private network range. To connect to TAC server in AWS you will be required to use a jump server in AWS or any other VM with in your local AWS subnet.
After powering on the TAC Gateway, use following credential to log in to the TAC VM:
- Login = PortsysSuper
- Password = #12P0rtsys12#
Note: Above credential is an alternate credentials to default admin credentials because AWS VM does not allow to Change password at first logon if the user account is checked for "Change password at first logon"option.
The default administrator account details are as below:
- Login = TACAdmin
- Password = $12TACGateway12$
After logged in, do the following:
- Change TACAdmin account password in Computer Management.
- Log off from TAC server and log in back using TACAdmin account.
- Open TAC Management Console.
- Configure TAC Management IP ranges. It may be important for you to allow your TAC appliance(s) and infrastructure servers to be managed remotely. For this, the TAC console will add exception rules to the local firewall for source IP address or ranges and ports. This will ensure and secure your TAC appliance(s) by blocking at the firewall level, and allow inbound connections only to the configured IP:Port of the published sites and management ports from remote IP ranges you define.
To configure TAC Management IP ranges, follow the steps below:
- Go to TAC configuration console. Click on Configuration and select Network Setup. This will open the Network Setup box..
- Enter Remote (Source) IP ranges that will initiate the connection to the TAC server in "IP Ranges" box. To insert a new entry, hit the Insert key. To remove an entry, hit the Delete key. To modify an entry, Double click on it. To finish the modification(s), hit the Enter key.
- Enter the port numbers separated by a comma in the "Ports" box.
NOTE: The default port is 3389. If it is configured to use different port those ports needs to be opened from AWS Security groups assigned to the TAC VM.
- Click OK.
Note: After configuring the Network Setup, TAC will lock and block all local firewall rules except the TAC Management rule created by network setup, and the inbound connection on only the IP:Port of the sites that you are publishing through TAC.
Important: It is important to configure the network setup and IP:port ranges correctly. Misconfiguration of this may cause blocking of RDP connection.
Additionally, you can create manual firewall policies through the Local Firewall console. By default, TAC blocks all public inbound access in the Windows firewall, leaving only the site’s IP:port open for public access. All existing firewall rules with ANY source address scope become the local subnet as the source scope. To add an exception in firewall, you need to create an inbound rule (or rename existing rule) prefixed with “TACGW_Exception_”. Such rules are ignored by TAC.
Next, obtain TAC license to apply to the configuration. Read more about obtaining TAC License HERE.