Get an SSH port forwarding script to run on Amazon EC2

We need an expert in scalable cloud computing to implement a system for us. We sell a product which people put in their home that has a built-in web server. In order to be able to securely connect to it remotely, the product should make a secure connection to an Amazon server which hosts a site that acts as a relay. We do this already using our own servers. It's very simple. The box runs 1 command: ssh -R localport:[login to view URL]:remoteport. Then on the server, there's a secure login page, which uses a redirect to let the customer connect to his home system remotely. We want to port this to EC2 so it is scalable and has 100% uptime. ## Deliverables We sell a home automation product, basically it's like a wi-fi access point running embedded Linux (OpenWRT), with our own custom software running. You plug it into your network at home and it talks to devices on your home network, like lights and thermostats. It runs a light http web server and has a web page you use to control it, just like a normal access point does. To allow our customers to control it when they are away from home, it makes a connection to one of our servers using ssh port forwarding (ssh -R). In other words, the port 80 in the box in the home, is forwarded to port 'X' on our server. Then when customers want to control their home while they are away, they login on our server and we do a relay, patching them through to their home system. The problem we have is that sometimes our servers get overloaded if too many users are connecting at once. So we want a solution that uses scalable, on-demand, elastic computing, probably Amazon EC2. The idea is that the unit in the home would do the ssh port forward to Amazon's server, and the remote access portal would be hosted by Amazon. We do not know much about Amazon's EC2 services. So we need a real expert to (a) study the existing system (we will provide the scripts/web pages used), (b) confirm that the same thing can be accomplished with EC2, (c) come up with a cost analysis for how much it will cost to do with EC2 vs our own server, (d) implement it in EC2, and (e) document for us how it works and how to maintain and monitor it on EC2. Here's some more details on the implementation: "Vera" is the name of the product that goes in people's home. See [login to view URL] for a picture. It's running OpenWRT. It has lighttpd running which hosts a web site you use to control it. Lighttpd has a mod re-write in the .conf file, so the directory "/port_3480/" redirects to port 3480. Our software runs and listens on port 3480. It takes commands as http get's, along the lines of: [login to view URL] The control web site displays the user's list of devices, and the javascript in the web site makes calls to /port_3480/, as well as to various cgi scripts, to do stuff, like control lights. Each Vera is assigned a port on our server. So my Vera may be assigned to port #18277. When the Vera boots up, it does a ssh -R 18277:localhost:80 [login to view URL] with a shared key. This means that port 18277 on our server ([login to view URL]) is now being redirected to port 80 on the Vera. So, on our server, you could do a wget [login to view URL] and you'd get the web site from the customer's box. On our server we have a mysql database with a list of all the Vera's sold, their serial number, their port number (18277 in my example), a hardware key, and a username/password. When the Vera connects, say, on port 18277, it sends over the ssh connection it's serial number and hardware key which are validated to be sure it's the right one. It then sends a character every 60 seconds to keep the ssh port forward alive, and the server replies with a character when it receives one, in a classic ping-pong manner. If the ping-ping ever fails, the Vera will close the ssh session and start a new one. Now when the customer wants to access his system remotely he goes to our portal login: [login to view URL] and enters his username and password. This is validated against the mysql database to determine his Vera's serial number and the port number. A server-side session variable stores this info, and we use a php page on our server (Apache) to redirect the traffic across the port (18277 in my example), so the user has remote control over his box. Naturally we have redirects so that static things, like images, css, etc., are stored in a cache directory on the server--there's no point in using the ssh tunnel to fetch '[login to view URL]' since it's the same for everybody. But all the cgi requests, and port_3480 requests go through the tunnel. The problems we have with the current system that we want to solve are: 1. Sometimes it goes down because the server fails (hdd failure, service outage, etc.). We need 100% uptime. 2. Sometimes there will be a sudden spike in usage causing the CPU load on the server to go really high and be slow or nonresponsive. 3. We can scale our current solution by adding more servers, but it would be better to have an infinitely scalable EC2 system so we don't need to worry about it.