Update Running Instances for the Amazon U-Series Appliance Deployment

The U-Series Appliance available in the Marketplace is based on an AWS Windows AMI that is configured by BeyondTrust. This includes drivers and configurations that support the AWS instance types available when the AMI was built. Over time, these drivers might require updating, as Amazon does not force an update to running virtual machines. BeyondTrust is working on a method of delivering these drivers directly to your U-Series Appliance, and notifying you of the need to update (which requires a reboot of your U-Series Appliance). Until that update method is available, we fully support manually updating these drivers as per the AWS guidance.

Prior to updating any drivers, we recommend taking a snapshot of your running instance.

At this time, we do not recommend using the AWS Systems Manager console and the SSM Agent for updating instances. BeyondTrust packages and distributes updates using the Security Update Package Installer.

The Elastic Network Adapter (ENA) drivers (AWS ENA Drivers below) and the NVMe drivers (AWS NVMe Drivers below) only apply to instance sizes that use the Nitro hypervisor (A1, C5, C5d, C5n, M5, M5a, M5d, p3dn.24xlarge, R5, R5a, R5d, T3, and z1d). Of these, we only recommend using M5, M5a, and R5 instances, so you only need to update these drivers if you deploy a U-Series Appliance to one of these three instance types.

We recommend updating the following drivers:

AWS PV Drivers

  1. Connect to your instance and log in as the local administrator.
  2. To verify the version of the driver, open Control Panel, select Programs and Features, and in the list of installed programs, look for AWS PV Drivers. The version number appears in the Version column. Alternatively, you can verify the driver version currently installed by running the following PowerShell command:
Get-ItemProperty HKLM:\SOFTWARE\Amazon\PVDriver
  1. Check to see if you have the latest version in the AWS PV Driver Package History table. If no value is returned by the above command or if it is not listed in Programs and Features, update the driver.
  2. Download the latest driver package to the instance, or run the following PowerShell command:
PS C:\>invoke-webrequest https://s3.amazonaws.com/ec2-windows-drivers-downloads/AWSPV/Latest/AWSPVDriver.zip -outfile $env:USERPROFILE\pv_driver.zip expand-archive $env:userprofile\pv_driver.zip -DestinationPath $env:userprofile\pv_drivers
  1. Extract the contents of the folder and then run AWSPVDriverSetup.msi.
  2. After running the MSI file, the instance automatically reboots and then upgrades the driver. The instance will not be available for up to 15 minutes.
  3. After the upgrade is complete and the instance passes both health checks in the Amazon EC2 console, you can verify that the new driver was installed by connecting to the instance using Remote Desktop and running the command provided in step 1.

AWS ENA Drivers

This procedure applies to M5, M5a, and R5 instances only.

  1. Connect to your instance and log in as the local administrator.
  2. Click the Windows Start menu button, and type Device Manager (Enter) to open the Device Manager. Under Network Adapters, right-click Amazon Elastic Network Adapter and select Properties. On the Driver tab, verify the driver version that is installed. Verify the version installed against the Amazon ENA Driver Versions list.
  3. Download the latest driver to the instance.
  4. Extract the files from the zip archive.
  5. Install the driver by running the install.ps1 PowerShell script as administrator.
  6. If the installer does not reboot your instance for you, restart the instance.

To download the latest driver package, click https://s3.amazonaws.com/ec2-windows-drivers-downloads/ENA/Latest/AwsEnaNetworkDriver.zip.

AWS NVMe Drivers

This procedure applies to M5, M5a, and R5 instances only.

  1. Connect to your instance and log in as the local administrator.
  2. Click the Windows Start menu button, and type Device Manager (Enter) to open the Device Manager. Under Storage Controllers, right-click AWS NVMe Elastic Block Storage Adapter and select Properties. On the Driver tab, verify the driver version that is installed. Verify the version installed against the AWS NVMe Driver Version History list.
  1. If you need to update, download the latest driver package to the instance.
  2. Install the driver by running dpinst.exe.
  3. You may get disconnected from RDP when the update runs and the instance reboots.

 

EC2Config Application

  1. To verify the version of EC2Config, launch an instance from your AMI and connect to it.
  2. In Control Panel, select Programs and Features, and in the list of installed programs, look for Ec2ConfigService. The version number appears in the Version column. Consult the EC2Config Version History to determine if you need to update.
  3. To update, download and extract the EC2Config installer.
  4. Run EC2Install.exe and follow the prompts.

EC2Launch Application

As of the 2020-R1 image, BeyondTrust does not configure or use EC2Launch, but it may be used in future releases. For this reason, we do not recommend manual updates. If you have a specific need to use or upgrade EC2Launch, please contact BeyondTrust Technical Support.