Step 2: Create a Master Instance

Creating an Amazon Machine Image (AMI) for the master computer is a multi-part step that entails: launching an instance from an existing AMI and customization of the instance.

To create a master Instance, follow the steps below. For more information, see: Getting Started with Amazon EC2 Windows Instances in Amazon’s AWS documentation. If you are using a hybrid cloud architecture and running your PhotoMesh Manager locally, there is no need to create a master instance.

Creating an IAM Policy and Role

1.     Open the IAM console at https://console.aws.amazon.com/iam/.

2.     In the navigation pane on the left, choose Policies.
If this is your first time choosing Policies, the Welcome to Managed Policies page appears. Choose Get Started.

3.     Choose Create policy.

4.     Choose the JSON tab.

Note:        You can switch between the JSON and Visual editor tabs any time and add each of the permissions below individually.

5.     Paste the following JSON policy document: 

{

    "Version": "2012-10-17",

    "Statement": [

        {

            "Sid": "VisualEditor0",

            "Effect": "Allow",

            "Action": [

                "ec2:DescribeInstances",

                "ec2:TerminateInstances",

                "ec2:RequestSpotInstances",

                "ec2:DescribeTags",

                "ec2:CreateTags",

                "ec2:DescribeRegions",

                "ec2:RunInstances",

                "s3:ListBucket",

                "ec2:DescribeSpotInstanceRequests",

                "ec2:DescribeSecurityGroups",

                "ec2:DescribeSpotPriceHistory",

                "ec2:DescribeImages",

                "ec2:CancelSpotInstanceRequests",

                "s3:GetObject",

                "iam:CreateServiceLinkedRole",

                "ec2:DescribeSubnets",

                "ec2:DescribeKeyPairs",

                "ec2:DescribeInstanceStatus"

            ],

            "Resource": "*"

        }

    ]

}

6.     When you are finished, choose Next.

7.     On the Review and create page, Policy name: enter PM_RUNFUSER_POLICY. Review the Permissions defined in this policy section to see the permissions that are granted by your policy. Then choose Create policy to save your work.

8.     In the navigation pane, choose Roles, and then choose Create role.

9.     For Trusted entity type, choose AWS service.

10.  For Services or use case, choose EC2. Then choose Next.

11.  In the list of policies, select the PM_RUNFUSER_POLICY policy. Then click Next. You can use the Filter menu to filter the list of policies.

12.  In the Role name, enter PM_RUNFUSER_ROLE.

13.  Review the role and then choose Create role.

Launching an Initial Instance and Creating Storage

To launch an initial instance and create storage:

1.     Open the Amazon EC2 console at https://console.aws.amazon.com/ec2/.

2.     From the Amazon EC2 console dashboard, choose Launch Instance.

3.     In the Name and tags section, tag your instance to help you identify it in the Amazon EC2 console after you launch it. Enter the following information: Under Name add: PM Master.

4.     In the Application and OS Images (Amazon Machine Image) section, search for the following AMI from the AWS Marketplace list:  Microsoft Windows Server 2022 Base, and then choose Select.

5.     In the Instance Type section, select the g4dn.xlarge type.

Note:        Using a GPU instance is recommended for normal operation of PhotoMesh Master over RDP connection. For productions with hundreds of fusers, other types can be used such as g4dn.8xlarge, which has faster network performance. For more information, see Instance Types in Amazon’s AWS documentation.

6.     In the Key pair (login) section,

a.     Choose Create a new key pair.

b.     Key pair name: PM_KeyPair.

c.     Choose Create key pair
A key pair (PM_KeyPair.pem) will be downloaded.

Note:        Store the file in a secure and accessible location since you will need the contents of the private key to connect to your instance after it is launched.

7.     In the Network settings section, click on Edit and then do the following:

a.     VPC – required: Choose the PM VPC VPC created in step 4 of "Configuring a VPC". 

b.     Choose Select an existing security group.

c.     Select the PM_SG group.

d.     Open the Advanced network configuration tab, and enter the following information:
Network interface 1: Set the Primary IP to 10.0.0.10. 

8.     In the Configure storage section, enter the following information:

a.     Change the Volume Type of the Root volume to General Purpose SSD (gp3)

b.     Click Add New Volume. Then set Size based on your expected need (E.g. 100 GiB). This is the EBS storage that will hold your data, projects, PM files, etc.

Note:        The EBS volumes will incur additional charges. For more information, see Amazon EBS Volumes in Amazon’s AWS documentation.

c.     Volume Type: Choose a volume type based on your expected need (e.g., General Purpose SSD (gp2)), and use the default IOS and throughput for this volume type. It is recommended to select General Purpose SSD (gp3).  For more information, see Amazon EBS Volume Types.

9.     In the Advanced details section, enter the following information:

a.     IAM instance profile: Choose the PM_RUNFUSER_ROLE created in step 14 of "Creating an IAM Policy and Role".

b.     Termination protection: Select Enable.

10.  On the Summary side panel, check the details of your instance, and make any changes if necessary. When you are ready, choose Launch instance.

Connecting to the Instance

See: Connecting to Your Windows Instance Using RDP in Amazon’s AWS documentation for more information.

1.     Open the Amazon EC2 console at https://console.aws.amazon.com/ec2/

2.     In the navigation pane, choose Instances.

3.     Select the instance, and then choose Connect.

4.     In the Connect To Your Instance dialog, choose RDP client tab (it will take a few minutes after the instance is launched before the password is available).

5.     Choose Get password -> Upload private key file and navigate to the private key file you created when you launched the instance. Select the file and choose Open to copy the entire contents of the file into the contents box.

6.     Choose Decrypt Password. The console displays the default administrator password for the instance in the Connect To Your Instance dialog, replacing the link to Get Password shown previously with the actual password.

7.     Record the default administrator password, or copy it to the clipboard. You need this password to connect to the instance.

8.     Choose Download Remote Desktop File. Your browser prompts you to either open or save the .rdp file. Either option is fine. When you have finished, you can choose Close to dismiss the Connect To Your Instance dialog.

9.     You may get a warning that the publisher of the remote connection is unknown. Choose Connect to connect to your instance.

10.  When prompted, log in to the instance, using the administrator account for the operating system and the password that you recorded or copied previously. If your Remote Desktop Connection already has an administrator account set up, you might have to choose the Use another account option and enter the user name and password manually.

11.  Due to the nature of self-signed certificates, you may get a warning that the security certificate could not be authenticated. Choose Yes or Continue to continue.

12.  A Windows Networks message is displayed asking if "you want to allow your PC to be discoverable by other PCs and devices on this network?" Click Yes.

13.  After you connect, we recommend that you change the administrator password from the default value. You change the password while logged on to the instance itself, just as you would on any other Windows Server.

Note:        Due to the Remote Desktop Protocol (RDP), the recommended method for changing the password is to press CTRL+ALT+END, and then select Change a password.

Customizing the Instance

See: Making an Amazon EBS Volume Available for Use on Windows and Windows GPU Instances in Amazon’s AWS documentation for more information.

1.     While connected to the Master instance using RDP, start Windows File Explorer.

2.     Start the Disk Management utility. On the taskbar, open the context (right-click) menu for the Windows logo and choose Disk Management.

3.     If Disk 1 requires initialization, right-click on it and choose Initialize Disk.

4.     Open the context (right-click) menu for the right panel for Disk 1 and choose New Simple Volume. Complete the wizard with the default settings.

5.     Give share permissions with Full Control to Everyone on the D drive: In Windows File Explorer, right-click on the D drive and select Properties. Click the Sharing tab, and then click the Advanced Sharing button. Select the Share this folder checkbox. Click Permissions, and then click Add, and type Everyone. Select Full Control. Then click Apply.

6.     Install PhotoMesh using the standard installation to D:\PhotoMesh.

7.     Create the folder D:\PMWorkingFolder, and then then the subfolder A directly below it, so that you have the directory structure: D:\PMWorkingFolder\A.

8.     Create the folder D:\PMProjects.

9.     Start PhotoMesh from "\\10.0.0.10\D\PhotoMesh\PhotoMesh.exe".

10.  From the File menu, select Options (F9).

11.  Change the Working Folder to \\10.0.0.10\D\PMWorkingFolder\A.

12.  Click OK and then close PhotoMesh.

13.  Install NDVIDIA drivers on Windows for your instance. See "NVIDIA gaming drivers (G5 and G4dn instances)" in Amazon’s AWS documentation for more information.