Once you’ve created your network and ensured there’s a route to the internet the next items that need to be configured are your Security Groups and Key Pairs. The Key Pairs are used to provide the SSH keys that will be used to login to your Linux based Instances. The ssh key gets automatically injected into the instance at build time. The key pairs on Windows systems are used slightly differently – they are used to encrypt the password supplied in the portal which then gets injected into the windows build.
The security groups can be thought of as the default firewall rules that get applied to the interface on your new instance. By default all ingress traffic is disabled. In this example we’ll enable SSH access, RDP access and PING access.
- Create a key pair for use with the instances
Step 1. Select Compute followed by Access and Security from the K5 IaaS Dashboard.
Step 2. Select the Key Pair tab
Step 3. Select Create Key Pair
Step 4. Enter a name for your key pair. Select the availability zone and select Create.
Step 5. Ensure to note where the private key is saved.
Step 6. Convert OpenSSH private key to a PuTTY private key (optional)
If using the windows PuTTY application to ssh onto one of your new linux instances it uses a different key format to that of OpenSSH which we just created with in the K5 portal. PuTTY provides an application called PuTTY Key Generator that can be used to convert the K5 OpenSSH key pair as follows:
Launch the PuTTY Key Generator application and select the Load button
Navigate to the directory where you just downloaded the keypair.pem file, highlight the file and select OK.
Follow the on screen instructions and press OK.
Select the Save private key button and select Yes when prompted to save.
That’s pretty much all there is to creating and converting your key pairs. Now lets look at the security groups.
- Configuring the Default Security Group to allow SSH, RDP & PING access to your instance from the internet.
It’s possible to create your own security group and custom rules in OpenStack. However for the purpose of this example we will simply modify the default security group and use the standard rules available.
Step 1. From the K5 IaaS dashboard select Compute, then the Access and Security menu option followed by the Security Group tab. Now click on Actions and select the Manage Security Group from the drop down menu.
Step 2. Select Add
Step 3. Select the required built-in rule (i.e. SSH, RDP or ICMP) from the rule drop down list.
Step 4. In the Connected Virtual Server drop down Select CIDR and then enter 0.0.0.0/0 as the value and select the Add button.
Note: Obviously for a production environment I would recommend that a more restrictive CIDR is utilised to reduce unwanted access from other networks and increase security.
Step 5. Repeat Step 3 and Step 4 for all other protocols that you wish to all enable access to your instance from the internet. In this example RDP and ICMP were also added to the default security group.
Congratulations you now know how to create a key pair and open up ports in the default security group. The next blog will cover building the instances – windows & linux.