“Hello Fujitsu K5 World – Access & Security”

Once you’ve created your network and ensured there’s a route to the internet the next items that need to be configured are your Security Groups and Key Pairs. The Key Pairs are used to provide the SSH keys that will be used to login to your Linux based Instances. The ssh key gets automatically injected into the instance at build time. The key pairs on Windows systems are used slightly differently – they are used to encrypt the password supplied in the portal which then gets injected into the windows build.

The security groups can be thought of as the default firewall rules that get applied to the interface on your new instance. By default all ingress traffic is disabled. In this example we’ll enable SSH access, RDP access and PING access.

  • Create a key pair for use with the instances

Step 1. Select Compute followed by Access and Security from the K5 IaaS Dashboard.

kp1

Step 2. Select the Key Pair tab

kp2

Step 3. Select Create Key Pair

kp3

Step 4. Enter a name for your key pair. Select the availability zone and select Create.

Networking9-AZ

Step 5. Ensure to note where the private key is saved.

kp6

Step 6. Convert OpenSSH private key to a PuTTY private key (optional)

If using the windows PuTTY application to ssh onto one of your new linux instances it uses a different key format to that of OpenSSH which we just created with in the K5 portal. PuTTY provides an application called PuTTY Key Generator that can be used to convert the K5 OpenSSH key pair as follows:

Launch the PuTTY Key Generator application and select the Load button

kp7

Navigate to the directory where you just downloaded the keypair.pem file, highlight the file and select OK.

kp8

Follow the on screen instructions and press OK.

kp9

Select the Save private key button and select Yes when prompted to save.

kp10

That’s pretty much all there is to creating and converting your key pairs. Now lets look at the security groups.

  • Configuring the Default Security Group to allow SSH, RDP & PING access to your instance from the internet.

It’s possible to create your own security group and custom rules in OpenStack. However for the purpose of this example we will simply modify the default security group and use the standard rules available.

Step 1. From the K5 IaaS dashboard select Compute, then the Access and Security menu option followed by the Security Group tab. Now click on Actions and select the Manage Security Group from the drop down menu.

SG1

Step 2. Select Add

SG2

Step 3. Select the required built-in rule (i.e. SSH, RDP or ICMP) from the rule drop down list.

SG4A

Step 4. In the Connected Virtual Server drop down Select CIDR and then enter 0.0.0.0/0 as the value and select the Add button.

Note: Obviously for a production environment I would recommend that a more restrictive CIDR is utilised to reduce unwanted access from other networks and increase security.

SG3

Step 5. Repeat Step 3 and Step 4 for all other protocols that you wish to all enable access to your instance from the internet. In this example RDP and ICMP were also added to the default security group.

SG5

Congratulations you now know how to create a key pair and open up ports in the default security group. The next blog will cover building the instances – windows & linux.

Happy Stacking!

 

4 thoughts on ““Hello Fujitsu K5 World – Access & Security”

    1. Get a very long crypted string. For a windows guy nothing to understand… what shall I do with it? Tried to use it on a RDP, without luck. Used the new UI, where I can’t populate the PW.

      Like

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s