Knowledge Base
All KB
Documents DT Documents
Articles & FAQs AR Articles
Trouble Reports TR Trouble Reports
Software Updates SU Software Updates
Searching in : Article
ID: AR0101184
Applies to: NoMachine Server
Added on: 2023-01-11
Last Update: 2025-02-28

How to use NoMachine cluster functionalities on AWS

NoMachine Enterprise Terminal Server Cluster and Enterprise Cloud Server Cluster can be installed and used on Amazon EC2 (AWS) hosts, but it's necessary to perform some manual configurations in order to use the failover cluster functionality with the Elastic IP. Using the failover cluster functionalities on EC2 machines requires to install a NoMachine server v8.3 or later. 

Instructions to configure AWS:

1) Connect to your AWS Console(aws.amazon.com).
2) Go to Services -> IAM and create an new user  and select "Access key" with existing policies on EC2 and (Elastic IP) . Make sure you keep your API username and passphrase in a safe place.
3) Under EC2 -> Elastic IP and define one new public ip or use one that you have not assigned  already .
4) Connect to one of the two EC2 instances where the NoMachine Cluster server is installed and then repeat operations below on every instance.
5) Install the following packages on the instance: awscli and amazon-ec2-utils
6) After the installation, setup the AWS Command Line Interface (AWS CLI). Run the following command as root in the AWS CLI:
$ aws configure
7) After the configuration completed, verify if all works properly by running:
$ aws ec2 describe-instances
This command will list all instances defined in the availability zone.
8) Next, create in root home folder a new file called activate_public_ip.sh
9) In the activate_public_ip.sh file paste the following script:

#!/bin/bash

# get instance id
instance_id=$(ec2-metadata -i | awk '{print $2}')

# assign ip to the current host
aws ec2 associate-address --instance-id $instance_id --public-ip REPLACE_ME

10) Once done, make the script executable.
11) Then create another file called deactivate_public_ip.sh with the following content:

#!/bin/bash

# get public ip
public_ip=$(ec2-metadata -v | awk '{print $2}')
# get instance id
instance_id=$(ec2-metadata -i | awk '{print $2}')
if [[ $(aws ec2 describe-addresses --filters Name=instance-id,Values=$instance_id | grep "\[\]" ; echo $? ) == 1 ]] ;then
        aws ec2 disassociate-address --public-ip $public_ip
fi

12) Make the deactivate_public_ip.sh script executable.
13) Repeat operations above on the second machine in the cluster.

Instructions to configure NoMachine servers
Before configuring the NoMachine cluster, perform the following operations on both machines
1) Enable sudo
2) Edit /usr/NX/etc/server.cfg and set the following two keys to:
ScriptClusterSetSharedIP "/root/activate_public_ip.sh"
ScriptClusterClearSharedIP "/root/deactivate_public_ip.sh"
and set:
DisableClusterRemoteHostIpCheck 1

When creating a cluster, NoMachine generates a new cluster certificate
assigned exclusively to the cluster IP (the shared IP of the cluster). 
In order to make the cluster to work on AWS, it's necessary that primary and secondary server have the same host certificate. The same certificate must be used for all connections.
 
3) Copy the host certificate from the primary server M1 to the secondary server M2.
 
4)  On M1 run the following command to give the primary role to the NoMachine server:
$ sudo /etc/NX/nxserver --clusteradd --local  private_AWS_IP_of_M1  --shared elastic_IP --single-cert yes
 
With option '--single-cert yes', NoMachine will use the same host certificate for every client connection to the cluster.

5) On M2 run the following command to give the secondary role:
$ sudo /etc/NX/nxserver --clusteradd private_AWS_IP_of_M2
6) Restart the NoMachine server on M1 and M1 by executing on both machines:
$ sudo /etc/NX/nxserver --restart