AWS plug-in

QlikSense
3.0
Copyright1993-2016QlikTechInternationalAB.Allrightsreserved.

Copyright 1993-2016 QlikTech International AB. All rights reserved.

Qlik, QlikTech, Qlik Sense, QlikView, Sense and the Qlik logo are trademarks which have been
registered in multiple countries or otherwise used as trademarks by QlikTech International AB. Other
trademarks referenced herein are the trademarks of their respective owners.

Contents
1 Introduction

1.1AWSplug-inconventions

Stylecoding
Environmentvariables
1.2Additionaldocumentation

4
4
5

2 AWS plug-in requirements

2.1QlikDeploymentConsole

2.2AmazonWebServicesaccount

Platformsupport
Securitygrouprules
QlikSensesetupfilesstoredintheS3bucket
3 Using the AWS plug-in

6
6
7
8

3.1Creatingsites

Credentials
Instanceinformation
Subnetselection
3.2Addingnewnodes

8
9
10
10

Credentials
Instanceinformation
Subnetselection
3.3Configuration

11
11
12
12

4 AWS object types

14

4.1AWScredentialsobjecttype

14

4.2AWSserviceuserobjecttype

14

AWS plug-in - Qlik Sense, 3.0

1 Introduction

Introduction

ThisguidedescribestheAmazonWebServices(AWS)plug-infortheQlikDeploymentConsole(QDC).
ThisdocumentisderivedfromtheonlinehelpforQlikSense.Itisintendedforthosewhowanttoreadparts
ofthehelpofflineorprintpageseasily,anddoesnotincludeanyadditionalinformationcomparedwiththe
onlinehelp.
Aplug-inisaZIPfilethatcontainsallDLLfilesneededtodeployQlikSensesitesinaspecificcloud
computingenvironment.
Aplug-intypicallyincludesfunctionalityfor:
l Configuringthecloudcomputingenvironmentandfetchingstatusinformationfromit
l Settingandgettingthenameandadescription
l Verifyingtheversionoftheenvironment
l Gettingdatafromtheenvironment
l Creatinganddeletingsitesandnodes
l Uploadingfiles
l Gettingnetworkinformationandhandlingcertificatesforcommunication
l SettingtheQlikSenselicense
l Scalingsitesandnodes
l Handlingerrorsandlogging
l Handlingupgrades

Plug-ins are developed outside of the Qlik Deployment Console (QDC).

1.1 AWSplug-inconventions
ThefollowingconventionsareusedinthedescriptionoftheAmazonWebServices(AWS)plug-in.

Stylecoding
l Menucommandsanddialogoptionsarewritteninbold.
l FilenamesandpathsarewritteninItalics.
l SamplecodeiswritteninLucida Console.

Environmentvariables
ThepathsusedinthedescriptionoftheAWSplug-inmayuseenvironmentvariables.Thevariablesandthe
equivalentpathsintheMicrosoftWindowsoperatingsystemarelistedbelow.

AWS plug-in - Qlik Sense, 3.0

1 Introduction
Environment variable

Microsoft Windows

%LocalAppData%

C:\Users\<username>\AppData\Local

%ProgramData%

C:\ProgramData

%ProgramFiles%

C:\Program Files

%UserProfile%

C:\Users\<username>

1.2 Additionaldocumentation
Besidesthisdocument,thefollowingdocumentationisavailablefortheAmazonWebServices(AWS)plugin:
l QlikDeploymentConsole(QDC):DescribeshowtodeployandmanageQlikSensesitesincloud
computingenvironmentsusingtheQlikDeploymentConsole(QDC).
l PlanQlikSensedeployments:DescribesQlikSenseandprovidesreferenceinformationonthe
architecture,security,logging,andlicensing.

AWS plug-in - Qlik Sense, 3.0

2 AWS plug-in requirements

AWSplug-inrequirements

ThissectionliststherequirementsthatmustbefulfilledtosuccessfullyusetheAmazonWebServices(AWS)
plug-in.

2.1 QlikDeploymentConsole
TheQlikDeploymentConsole(QDC)mustbeinstalledonthetargetmachineandthefollowingitemsmust
beavailableandconfiguredintheQDC:
l QlikSensesetupfile
l QlikSenselicenseobject
l AWSserviceuserobject
See:AWS object types (page 14)

2.2 AmazonWebServicesaccount
AnAWSaccountisneeded.
AmazonWebServices

It is recommended to configure the AWS account so that only certain allowed IP addresses
can access it.

Platformsupport
TheAWSplug-insupportstheEC2-VPCplatformforlaunchingofQlikSensesitesandnodes.

The AWS plug-in does not support the EC2-Classic platform.

Securitygrouprules
Everyinstanceislaunchedinasecuritygroup,whichactsasafirewallandcontrolsthetrafficforoneormore
instances.Instanceswithinthesamesecuritygrouphaveunrestrictednetworkaccesstoeachother.
Instancesrejectnetworkaccessattemptsfrominstancesinothersecuritygroups.
TheruleslistedinthefollowingtablemustbeaddedtothesecuritygroupfortheAWSaccount.

Type

Protocol

Port range

Source

HTTP

TCP

80

0.0.0.0/0

HTTPS

TCP

443

0.0.0.0/0

RDP

TCP

3389

<IPaddress>

AWS plug-in - Qlik Sense, 3.0

2 AWS plug-in requirements

Type

Protocol

Port range

Source

CustomTCPrule

TCP

4242

0.0.0.0/0

CustomTCPrule

TCP

4244

0.0.0.0/0

CustomTCPrule

TCP

4444

0.0.0.0/0

CustomTCPrule

TCP

5050

0.0.0.0/0

CustomTCPrule

TCP

5051

0.0.0.0/0

CustomTCPrule

TCP

5985

<IPaddress>

QlikSensesetupfilesstoredintheS3bucket
TheAWSplug-inusesAmazonSimpleStorageService(S3)tocachetheQlikSensesetupfiles,sothatthey
donothavetobeloadedforeachnewsiteornode.
ThesetupfilesarestoredinS3under<S3_BucketName>\<QDC_ServerName>\CachedFiles,where

<S3_BucketName>istheS3folderthatisusedwhencreatinganAWS-basedsiteoranode.
See:Instance information (page 9)
IftheQlikSensesetupfilesarenotusedfor30days,theyareremovedfromtheS3folder.

AWS plug-in - Qlik Sense, 3.0

3 Using the AWS plug-in

UsingtheAWSplug-in

ThissectiondescribeshowtousetheAmazonWebServices(AWS)plug-inintheQlikDeploymentConsole
(QDC).

3.1 Creatingsites
This procedure is used to create a new central node.
ProceedasfollowstocreateaQlikSensesitebasedontheAmazonWebServices(AWS)plug-in:
1. SelectSitesintheleftpanel.
2. ClickCreate new sitetocreateanewsite.
3. SelecttheAWS environmentplug-in.
4. FillinthefieldsintheSite configurationsection.
ToreturntotheSitesview,click<.
5. Reviewand,ifneeded,editthefieldsintheremainingsections.
See:Credentials (page 8)
See:Instance information (page 9)
See:Subnet selection (page 10)
6. Ifneeded,addadditionalnodestothesite:
a. ClickAdd nodetoaddanewnode.
b. Reviewand,ifneeded,editthefieldsintheNode configurationsection.
c. Reviewand,ifneeded,editthefieldsintheremainingsections.
See:Credentials (page 8)
See:Instance information (page 9)
See:Subnet selection (page 10)
7. ClickDeploy sitetoimplementanychanges.
Thedeploymentisinitiated.Fordetailsontheprogressofaspecificnode,selectthenodeandcheck
theDeployment progresssectioninthePropertiesarea.

Credentials
Proceedasfollowstofillinthefields.

AWS plug-in - Qlik Sense, 3.0

3 Using the AWS plug-in

Credentials

Selectacredentialsobjectinthedrop-downlist.
ThesecuritycredentialsareusedtoauthenticateandauthorizecallstotheAWS.
Ifthelistisempty,youneedtoaddanobject.
See:AWS credentials object type (page 14)

Service
user

Selectaserviceuserobjectinthedrop-downlist.
Theserviceuseris:
l CreatedonthemachinethatisclonedinAWS
l ConfiguredtobeRootAdmininQlikSenseontheclonedmachine
Ifthelistisempty,youneedtoaddanobject.
See:AWS service user object type (page 14)

Region
endpoint

Selectaregionendpointinthedrop-downlist.
TheregionalendpointisusedtoreducedatalatencyinAWSapplicationsandrequests.An
endpointisaURLthatistheentrypointforawebservice.

Instanceinformation
Proceedasfollowstofillinthefields.

Image

Selectanimageinthedrop-downlist.
Animagecontainsasoftwareconfiguration,includinganoperatingsystem,thatdefinesthe
operatingenvironmentfortheQlikSensesite.

Instance
type

Selectaninstancetypeinthedrop-downlist.
Aninstanceisavirtualserverthatcanrunapplications.
TheinstancetypemustfulfillthesystemrequirementsforQlikSenseinstances.Forexample,
thec1.mediumandm1.mediuminstancetypesfulfilltherequirements,whereasthe

t1.microinstancetypedoesnot.Forinformationonthesystemrequirements,seeQlik
DeploymentConsole(QDC).
Key pair

Selectakeypairinthedrop-downlist.
AWSinstancesuseapublic/privatekeypairtologinratherthanapassword.Thepublickey
halfofthepairisembeddedintheinstanceandallowsyoutousetheprivatekeytologin
securelywithoutapassword.

AWS plug-in - Qlik Sense, 3.0

3 Using the AWS plug-in

Security
group

Selectasecuritygroupinthedrop-downlist.
Everyinstanceislaunchedinasecuritygroup,whichactsasafirewallandcontrolsthetraffic
foroneormoreinstances.Instanceswithinthesamesecuritygrouphaveunrestrictednetwork
accesstoeachother.Instancesrejectnetworkaccessattemptsfrominstancesinother
securitygroups.
SelectanS3folderinthedrop-downlist.

S3
folder

AmazonSimpleStorageService(S3)providesawebservicesinterfacethatcanbeusedto
storeandretrievedataontheweb.

Subnetselection
Proceedasfollowstofillinthefields.

Subnet

Selectasubnet(onwhichtohosttheQlikSensesite)inthedrop-downlist.
Subnetsareusedtodivideanetworkintotwoormorenetworks.Thismeansthatasubnetisa
logicallyvisiblesubdivisionofanIPnetwork.

See also:
p

Adding new nodes (page 10)

3.2 Addingnewnodes
ProceedasfollowstoaddanewnodeinaQlikSensesitebasedontheAmazonWebServices(AWS)plugin:

This procedure is used to add new nodes in an existing Qlik Sense site.
1. SelectSitesintheleftpanel.
2. SelectaQlikSensesite.
3. ClickAdd nodetoaddanewnode.
ToreturntotheSitesview,click<.
4. Reviewand,ifneeded,editthefieldsintheNode configurationsection.
5. Reviewand,ifneeded,editthefieldsintheremainingsections.
See:Credentials (page 11)
See:Instance information (page 11)
See:Subnet selection (page 12)
6. Ifyouwanttoaddanothernode,returntostep3.

AWS plug-in - Qlik Sense, 3.0

10

3 Using the AWS plug-in

7. Ifyouwanttocloneanode,selectanodeandthenclickClone:
a. Reviewand,ifneeded,editthefieldsintheNode configurationsection.
b. Reviewand,ifneeded,editthefieldsintheremainingsections.
See:Credentials (page 11)
See:Instance information (page 11)
See:Subnet selection (page 12)
8. ClickDeploy sitetoimplementanychanges.
Thedeploymentisinitiated.Fordetailsontheprogressofaspecificnode,selectthenodeandcheck
theDeployment progresssectioninthePropertiesarea.

Credentials
Proceedasfollowstofillinthefields.

Credentials

Selectacredentialsobjectinthedrop-downlist.
ThesecuritycredentialsareusedtoauthenticateandauthorizecallstotheAWS.
Ifthelistisempty,youneedtoaddanobject.
See:AWS credentials object type (page 14)

Service
user

Selectaserviceuserobjectinthedrop-downlist.
Theserviceuseris:
l CreatedonthemachinethatisclonedinAWS
l ConfiguredtobeRootAdmininQlikSenseontheclonedmachine
Ifthelistisempty,youneedtoaddanobject.
See:AWS service user object type (page 14)

Region
endpoint

Selectaregionendpointinthedrop-downlist.
TheregionalendpointisusedtoreducedatalatencyinAWSapplicationsandrequests.An
endpointisaURLthatistheentrypointforawebservice.

Instanceinformation
Proceedasfollowstofillinthefields.

Image

Selectanimageinthedrop-downlist.
Animagecontainsasoftwareconfiguration,includinganoperatingsystem,thatdefinesthe
operatingenvironmentfortheQlikSensesite.

AWS plug-in - Qlik Sense, 3.0

11

3 Using the AWS plug-in

Selectaninstancetypeinthedrop-downlist.

Instance
type

Aninstanceisavirtualserverthatcanrunapplications.
TheinstancetypemustfulfillthesystemrequirementsforQlikSenseinstances.Forexample,
thec1.mediumandm1.mediuminstancetypesfulfilltherequirements,whereasthe

t1.microinstancetypedoesnot.Forinformationonthesystemrequirements,seeQlik
DeploymentConsole(QDC).
Selectakeypairinthedrop-downlist.

Key pair

AWSinstancesuseapublic/privatekeypairtologinratherthanapassword.Thepublickey
halfofthepairisembeddedintheinstanceandallowsyoutousetheprivatekeytologin
securelywithoutapassword.
Selectasecuritygroupinthedrop-downlist.

Security
group

Everyinstanceislaunchedinasecuritygroup,whichactsasafirewallandcontrolsthetraffic
foroneormoreinstances.Instanceswithinthesamesecuritygrouphaveunrestrictednetwork
accesstoeachother.Instancesrejectnetworkaccessattemptsfrominstancesinother
securitygroups.
SelectanS3folderinthedrop-downlist.

S3
folder

AmazonSimpleStorageService(S3)providesawebservicesinterfacethatcanbeusedto
storeandretrievedataontheweb.

Subnetselection
Proceedasfollowstofillinthefields.

Subnet

Selectasubnet(onwhichtohosttheQlikSensesite)inthedrop-downlist.
Subnetsareusedtodivideanetworkintotwoormorenetworks.Thismeansthatasubnetisa
logicallyvisiblesubdivisionofanIPnetwork.

3.3 Configuration
Todisplaythenodeconfiguration,selectanodeintheSitedetailsview.TheConfigurationsectionis
displayedinthePropertiesarea.
UseUandStoshowandhideinformation.
Iftheselectednodeisacentralnode,thefirstfieldsareasfollows:

Site name

Thenameofthesite.

License

ThenameoftheQlikSenselicenseobjectused.

Iftheselectednodeisnotacentralnode,thefirstfieldsareasfollows:

AWS plug-in - Qlik Sense, 3.0

12

3 Using the AWS plug-in

Node

Thenameofthenode.

name
Node

Thetypeofnode:

type

l Complete:AcompletenodethatincludesallQlikSenseservices.
l Proxy:AnodethatisusedtomanageQlikSenseauthentication,sessionhandling,
andloadbalancing.
l Engine:AnodethatprovidestheanalyticalpowerofQlikSense.
l Proxy&Engine:AnodethatisacombinationoftheProxyandEnginetypeslisted
above.
l Scheduler:AnodethatisusedtomanagescheduledreloadsofQlikSenseappsand
othertypesofreloadtriggering.

TherestofthefieldsarecommontoallnodesbasedontheAmazonWebServices(AWS)plug-in.

Credentials

ThesecuritycredentialsareusedtoauthenticateandauthorizecallstotheAWS.

Service user

Theserviceuseris:
l CreatedonthemachinethatisclonedinAWS
l ConfiguredtobeRootAdmininQlikSenseontheclonedmachine

Region
endpoint

TheregionalendpointisusedtoreducedatalatencyinAWSapplicationsandrequests.
AnendpointisaURLthatistheentrypointforawebservice.

Image

Animagecontainsasoftwareconfiguration,includinganoperatingsystem,thatdefines
theoperatingenvironmentfortheQlikSensesite.

Instance

Aninstanceisavirtualserverthatcanrunapplications.

type
Key pair

AWSinstancesuseapublic/privatekeypairtologinratherthanapassword.Thepublic
keyhalfofthepairisembeddedintheinstanceandallowsyoutousetheprivatekeyto
loginsecurelywithoutapassword.

Security

Everyinstanceislaunchedinasecuritygroup,whichactsasafirewallandcontrolsthe
trafficforoneormoreinstances.Instanceswithinthesamesecuritygrouphave
unrestrictednetworkaccesstoeachother.Instancesrejectnetworkaccessattemptsfrom
instancesinothersecuritygroups.

group

S3 folder

AmazonSimpleStorageService(S3)providesawebservicesinterfacethatcanbeused
tostoreandretrievedataontheweb.

Subnet

Subnetsareusedtodivideanetworkintotwoormorenetworks.Thismeansthata
subnetisalogicallyvisiblesubdivisionofanIPnetwork.

AWS plug-in - Qlik Sense, 3.0

13

4 AWS object types

AWSobjecttypes

Anobjectisusedtoholdacertaintypeofinformationrelatedtoaspecificplug-inorcloudcomputing
environment.
ThissectionprovidesinformationontheobjecttypesthatareprovidedbytheAmazonWebServices(AWS)
plug-in.

4.1 AWScredentialsobjecttype
TheAmazonWebServices(AWS)plug-inprovidestheAWScredentialsobjecttypeintheQlikDeployment
Console(QDC).TheobjecttypeisusedtoholdAWSaccesskeys.
TheAWSaccesskeysareusedtosignprogrammaticrequeststotheAWSandconsistofanaccesskeyand
asecretaccesskey.
ProceedasfollowstofillinthefieldsforanAWScredentialsobject.

Name

Enteranameforthecredentialsobject.

Key

EntertheAWSaccesskey.

Secret key

EntertheAWSsecretaccesskey.

4.2 AWSserviceuserobjecttype
TheAmazonWebServices(AWS)plug-inprovidestheAWSserviceuserobjecttypeintheQlikDeployment
Console(QDC).Theobjecttypeisusedtoholdserviceusers.
Theserviceuseris:
l CreatedonthemachinethatisclonedinAWS
l ConfiguredtobeRootAdmininQlikSenseontheclonedmachine
ProceedasfollowstofillinthefieldsforanAWSserviceuserobject.

User name

Enteranamefortheserviceuser.

Password

Enterapasswordfortheserviceuser.

AWS plug-in - Qlik Sense, 3.0

14