Before you start deployment

Before you deploy the XProtect BYOL CloudFormation template, you must meet the prerequisites below.

Consult the Milestone Cloud Solutions training track for interactive courses that cover Milestone cloud fundamentals, and XProtect on AWS design and deployment.

AWS deployment prerequisites

Prerequisite	Description
AWS account	You must create or use an existing AWS account. Milestone recommends that you use the AWS managed policy for the developer power user job function that you can assign to an AWS user account. This policy allows the user to deploy the AWS CloudFormation stack, view and manage the EC2 instance, create and access S3 buckets, and more. See Developer power user job function. Amazon strongly recommends that you don't use the root user for your everyday tasks. To keep you infrastucure secure, create users, and only give them the permissions required to run the relevant tasks.
AWS Elastic Block Store (EBS)	The XProtect BYOL CloudFormation deploys two EBS gp2 volumes. You select the storage size during deployment. Milestone recommends that the media volume size be configured to hold a minimum of 24 hours of video recordings. If you have a large number of connected cameras or users, you must increase the size of disk that holds Microsoft SQL Server Express above the default size. You can increase the volume size but you cannot reduce it.
AWS region and availability zone	Each AWS region is a separate geographic area. Each AWS region has multiple, isolated locations known as availability zones. XProtect on AWS is available in almost all regions. Milestone recommends that you select the region that is closest to you. You can use any availability zone within a region to deploy XProtect on AWS in.

Prerequisite

Description

AWS account

You must create or use an existing AWS account. Milestone recommends that you use the AWS managed policy for the developer power user job function that you can assign to an AWS user account. This policy allows the user to deploy the AWS CloudFormation stack, view and manage the EC2 instance, create and access S3 buckets, and more. See Developer power user job function.

Amazon strongly recommends that you don't use the root user for your everyday tasks. To keep you infrastucure secure, create users, and only give them the permissions required to run the relevant tasks.

AWS Elastic Block Store (EBS)

The XProtect BYOL CloudFormation deploys two EBS gp2 volumes.

You select the storage size during deployment. Milestone recommends that the media volume size be configured to hold a minimum of 24 hours of video recordings.

If you have a large number of connected cameras or users, you must increase the size of disk that holds Microsoft SQL Server Express above the default size.

You can increase the volume size but you cannot reduce it.

AWS region and availability zone

Each AWS region is a separate geographic area. Each AWS region has multiple, isolated locations known as availability zones.

XProtect on AWS is available in almost all regions. Milestone recommends that you select the region that is closest to you.

You can use any availability zone within a region to deploy XProtect on AWS in.

XProtect VMS prerequisites

For general XProtect VMS prerequisites, refer to the XProtect VMS administrator manual.

Prerequisite	Description
XProtect product license	XProtect BYOL requires a software license (.lic) file and associated Software License Code (SLC), see XProtect on AWS licensing .
Sensitive data	When you configure your XProtect VMS, secure your installation and the collected surveillance data. For more information about data protection and the usage data collection, see the GDPR privacy guide.

Network prerequisites

Prerequisite	Description
EC2 host name	Prepare a name for your EC2 instance that will also act as a Windows Active Directory (AD) host name and domain name in your network. You cannot change the host name of the EC2 instance after you have deployed the XProtect BYOL CloudFormation stack. For more information about AD naming conventions and character limits, see Naming conventions in Active Directory.
Network bandwidth consumption	When you design the network topology that connects to the customer site, consider the required bandwidth, network load, and need for redundancy. The main load on your network consists of three elements: Camera video streams Clients displaying video Archiving of recorded video

Prerequisite

Description

EC2 host name

Prepare a name for your EC2 instance that will also act as a Windows Active Directory (AD) host name and domain name in your network.

You cannot change the host name of the EC2 instance after you have deployed the XProtect BYOL CloudFormation stack.

For more information about AD naming conventions and character limits, see Naming conventions in Active Directory.

Network bandwidth consumption

When you design the network topology that connects to the customer site, consider the required bandwidth, network load, and need for redundancy.

The main load on your network consists of three elements:

Camera video streams
Clients displaying video
Archiving of recorded video