Using xGT on AWS
The xGT server runs as a Linux daemon on an AWS instance you spin up and listens on a local port for commands.
The server is driven by a Python client, which can be run either locally on the AWS instance or any other client by installing the xgt
package.
There are three general modes of operation for working with xGT on AWS:
Local to AWS
All Python scripts are run locally within the same AWS instance.
This strategy involves:
- logging in to the instance as described earlier;
- bringing your own data to the instance; and
- running scripts from any shell on the instance
SSH tunneling
All Python scripts are run on a remote system such as your laptop or desktop that is connected using an SSH Tunnel.
- First, create an encrypted ssh tunnel. On an openssh-based platform (most UNIX-based systems) this can be done on the command line:
$ ssh -i <private key file> -N -L 4367:localhost:4367 ec2-user@<instance DNS name or IP address>
-
Tunneling from a windows platform can be done using a third party package such as
PuTTY
using the provided graphical interface. -
Users must install the
xgt
Python package on their client machine. -
Once tunneling is set up, run your Python scripts on the client machine.
Using an open port
Warning: This method is insecure without enabling SSL support.
This is similar to the previous scenario but the EC2 instance has a port opened up for clients to connect.
The default port for xgt
and the one used on AWS is 4367.
- Configure your EC2 instance to open port 4367.
- The client machine running Python scripts will connect to the remote server at the open port.
Connecting to a remote server using the xgt
package is straightforward:
$ python
>>> import xgt
>>> conn = xgt.Connection("<DNS name or IP address>")
Note that because this mode allows for data between client and server to be sent unencrypted, it is insecure and should really only be used in development. xGT supports SSL authentication for both client and server, which both encrypts all traffic back and forth as well as verifying client and server identities. Enabling SSL requires adding certificate files and restarting the server. More information can be found here: Using an SSL secure channel