CrossClave can be deployed through the AWS marketplace. This gives your organization the benefits of self-hosting combined with the stability and uptime of AWS's service. Users on an AWS-hosted CrossClave instance receive the same features as users hosted on SpiderOak's own servers.
This document details prerequisites, filling out deployment details in CloudFormation, accessing the end-user application, and how to connect the application to your CrossClave deployment.
- An AWS account. The CrossClave application stack requires S3, EC2, Route 53, and Elastic Beanstalk. Deployment is automated through the CloudFormation template provided through the AWS Marketplace.
- An SSH key in your AWS account. See AWS documentation for how to add a key to your account.
- A domain or subdomain managed through Route 53 that will be used with CrossClave
Specify Stack Details and Configure Stack Options
To build your CrossClave deployment you simply need to provide some details in a CloudFormation template. Using those details your deployment will be automatically created.
Specify stack details
- Stack Name: This is used to identify your CrossClave deployment within your AWS account.
- 01Route53HostedZoneId: From the dropdown menu select the domain or subdomain managed through Route 53 that will be used
- 02FlowBlockAddr: This is a subdomain of the domain listed above that will be used to connect to the FlowBlock service. If your domain is example.com this value could be flowblock.example.com. The DNS and other settings for this subdomain will be generated for you automatically.
- 03FlowStoreAddr: This is a subdomain of the domain listed above that will be used to connect to the FlowStore service. If your domain is example.com this value could be flowstore.example.com. The DNS and other settings for this subdomain will be generated for you automatically.
- 04EC2KeyName: From the dropdown menu, select the SSH key to be used to access the instance
- 05EC2InstanceType: Select an instance type from the dropdown menu. Each instance type has different charge rates, so choose one that fits your budget while taking into account how many users will be connecting to it. For testing t2.micro is appropriate. For larger teams m5/m5a are appropriate.
- 06EC2VolumeSize: The volume size should be at least 10 GB.
- 07VPCSubnets: Select at least two subnets from the listed options.
- 08VPCID: Select one of the listed options.
Configure stack options
- Tags: Optional. You can specify tags (key-value pairs) to apply to resources in your stack. You can add up to 50 unique tags for each stack. Learn more
- Permissions: In order to create your CrossClave instance an IAM role must be created in your account. Choose an IAM role to explicitly define how CloudFormation can create, modify, or delete resources in the stack. If you don't choose a role, CloudFormation uses permissions based on your user credentials. Learn more
- Advanced Options: These optional settings can be configured based on your needs.
Review the information and settings you have entered, then at the bottom of the page select Create Stack. It will take a few minutes for the services to be created and brought online. You can monitor this in the Events section of the following page.
Accessing the end-user CrossClave application
After your deployment is created and running, you are ready to connect using the CrossClave application. The application is available from the SpiderOak website or within the AMI in the
/installers directory. Direct links are provided below:
Connecting the CrossClave application to your CrossClave deployment
CrossClave was designed to accomodate both SaaS and on-premise deployments. After installing the desktop or mobile application, click the Sign Up button. You will then be prompted for a Team Join URL. The Team Join URL tells the CrossClave application which server to connect to. Your Team Join URL was generated as part of the setup process and is accessible in the Output section of the Stacks information in your AWS account. The Team Join URL consists of the URL you entered in the 02FlowBlockAddr field, along with a hash value.
The Team Join URL looks like this:
Each end user must be given the Team Join URL in order to connect their CrossClave application to your CrossClave deployment.