Login to the Virtual Datacentre Portal
To access with the Virtual Datacentre (VDC) portal you must go to the following web page https://portal.claranet.com/cloud.
When you go to the cloud portal the following web page is displayed, to enabled you to login to the portal. All configuration changes need to be made within the portal.
The User entry box is where you enter the User Name you have been allocated, this is the email address that you provided.
This is your password that was sent via email when you signed up the Claranet VDC service.
If you select this box then when you next login to the portal, your user name and password will be remembered. Do not select this on a public/shared computer.
Select your primary language.
Click here to login to the VDC portal.
After you have logged onto the VDC portal you are presented with the main portal screen. This screen is your looking glass into the VDC platform.
The screen is broken down into 5 sections:
1. Menu Bar
2. Enterprise Resources
3. Virtual Datacentres
4. Running Virtual Appliances
5. Events
The Menu Bar allows you to switch the display from the main screen to the following screens:
· Virtual Datacenters
· App library
· Users
· Events
· Documentation
· Support
· User Details
The Enterprise Resources section of the main screen shows the allocated resources as well as the amount of resources used.
In the above example the Enterprise Resources allocated are as follows:
· 3 – Virtual CPUs
· 40GB – Storage
· 6GB – Memory
· 100GB – External Storage
· 2 – VLANs
· 1 – Public IP Address
One of the VLANs is already in use, depicted by the red colour.
Note: The difference between Storage and External Storage is:
· Storage is the disk space that is used by the running operating system and is ephemeral in nature, i.e. when the virtual instance is un-deployed the changes made to the operating system is lost.
· External Storage is storage that is persistent in nature and is mounted on the ephemeral operating system instance.
Virtual Datacentres
This section of the main screen shows the Virtual Datacenters that you have allocated resources in.
Running Virtual Appliances
This section of the main screen shows the amount of running Virtual Appliances. A Virtual Appliance is a collection of Virtual Machines.
Events
This section of the main screen shows the events pertaining to you Virtual Datacenter.
Change Your Password
When you first login to the VDC Portal you will need to change the password you have been allocated, this is to ensure that only you know the password and increases security within your environment.
To change your password you need to click on your name in the top right hand corner of the menu bar, as highlighted in the red box on the graphic below:
When you click on your name, you will be presented with the following screen:
Enter your current password into the Current Password field, followed by your new password into the New Password and Repeat Password fields shown in the above screen shot. Then click the accept button. There will be no feedback, but rest assured your password will be changed to what you have entered into the New Password field.
Pre-Requisites to Your First Virtual Appliance
We first need to allocate a public IP address to your enterprise so that we can allocate it to the Virtual Firewall later in this guide.
· Click on the Virtual Data Centres icon in the top menu bar
· Click on the network tab.
· Select you Virtual Data Centre on the left, in this example it’s STAFF_UK_HIT1.
· Select Public to list the Public AP addresses allocated.
· Click on the “+” key to add a public IP address.
You will then be presented with a list of available public IP addresses. Select one and click accept:
Your First Virtual Appliance
The best way to learn how to use the Claranet VDC is to jump straight in and create a simple environment.
We will be creating a single Virtual Appliance (a container) containing a single firewall and a single web server. We will configure the firewall (basic configuration), allow traffic to the web server and patch the web server. The end environment will look like the following diagram.
Create Virtual Appliance
To create a Virtual Appliance you need to select the “Virtual Datacenters” button on the Menu Bar. The following screen will appear:
You will need to click on the + button in the bottom left of the right hand pane. The following window will appear:
Enter the name for the Virtual Appliance and select, from the drop down menu, the Virtual Datacenter you want to deploy this Virtual Appliance into. Click Accept.
An empty Virtual Appliance will be created for you, and the following screen will be displayed:
Click and drag the pfSense Firewall image from the left hand side to the right hand pane, labeled Virtual Machines.
Next click and drag the Ubuntu image from the left hand side to the right hand pane, labeled Virtual Machines.
Finally click the icon that looks like a floppy disk at the top left of the right hand pane to save the Virtual Appliance.
Configuring the Virtual Appliance
After saving the Virtual Appliance we need to configure the interfaces on the firewall at the Virtual Appliance level. Move your mouse over the pfSense Virtual Machine, two icons will appear, a wheel and a X. Click on the wheel, which configures the virtual machine. The following screen will appear:
You will now want to add a public IP address to the firewall, so go ahead and select the Network tab and then click on the + button near the bottom of the pane. The following window will appear:
Click on the Public Tab.
Select one of the available public IP addresses, and click accept:
The default gateway is now set to a public IP address. This is the firewalls default gateway.
We need to now move the public IP address from NIC1 to NIC0 as NIC0 is to be used as the outside interface of the firewall. So we first need to delete the existing NIC 0.
Select the line for NIC 0 and clicking the – button.
As you can see the public IP address is now on NIC0.
Now we need to re-add the internal network back on NIC 1 so click the + button and click default network.
Select the 192.168.0.1 . This will be the default gateway for your virtual servers on the LAN.
Click Accept.
Make sure the Default Gateway is in the same range as the Public IP Address, if it is not select the right gateway address from the dropdown box. If the right gateway is not listed in the dropdown, click save and try again.
Finally we need to secure the VNC access password, select the “General Information” tab, type a password into the Password field.
Click save then close.
Finally click on the deploy Virtual Appliance button on the top right hand side of the Virtual Machines pane.
The following windows will appear:
Updating the diagram with IP Addresses
We now need to update the diagram of the environment showing the IP addresses we have allocated.
Firewalling
This chapter outlines the basics around firewalling and how you configure your firewall within the VDC platform.
Configure the Firewall
You now need to configure the firewall to allow traffic to and from the firewall, as well as allowing traffic from inside to outside and finally allowing port 80 (HTTP to the web server).
Firstly open up a web browser enter the IP address of the public interface of the firewall that we allocated earlier in this procedure, in this case https://195.157.13.168.
Ignore the certificate error by clicking on “Continue to web site”. The following screen will appear:
The default user id and password is located on the ‘cloudhelp’ site. . For the pfSense firewall it is “admin” and “v1rtu4LDC”.
You will not be presented with the main web page of the firewall.
The first step we need to complete is changing the default password for the admin user. Move your mouse over the System menu item at the top left hand side of the page until a drop down box appears and select “User Manager”.
The following screen will appear:
Move the mouse over the edit icon to the right of the admin user’s line to edit the user.
The following screen will appear:
Type a new password where indicated (Twice). Scroll down and click save.
Next we need to move the SSH port, this will allow you to access the Web Server via SSH.
Select “System” – “Advanced” and the following screen will appear:
Scroll down to the SSH section:
Click to “Enable Secure Shell” and set the SSH port to “8022”.
Scroll down and click “Save”.
Next we need to configure the firewall with the following rules:
· Allow SSH on port 8022 to Firewall
Select “Firewall” – “Rules”
Select “WAN” and then click to add a new rule:
Enter the following:
Action: Pass
Disabled: not selected
Interface: WAN
Protocol: TCP
Source: any
Destination: Wan Address
Destination Port Range – From: 8022
Description: SSH to Firewall on Port 8022
Click Save
Click Apply Changes
You are now able to ssh using your preferred tool on port 8022.
· Allow SSH on port 22 to Web Server
Select “Firewall” – “Nat” and the select “Port Forward”
Click on the Add NAT Rule button
Disabled: Not selected
No RDR (NOT): Not selected
Interface: WAN
Protocol: TCP
Source: Ignore
Destination: Wan Address
Destination Port Range – SSH
Redirect Target IP Address: 192.168.2.2
Redirect Target Port: SSH
Description: SSH to Web Server
NAT Reflection: leave as default
Filter Rule Association: Pass
Click on Save and then apply rule.
You can now SSH into the web server (IP address as firewall with port 22), with user sysadmin and password “v1rtu4LDC”.
· Allow HTTP on port 80 to Web Server
· Select “Firewall” – “Nat” and the select “Port Forward”
Click on the Add NAT Rule button
Disabled: Not selected
No RDR (NOT): Not selected
Interface: WAN
Protocol: TCP
Source: Ignore
Destination: Wan Address
Destination Port Range – HTTP
Redirect Target IP Address: 192.168.2.2
Redirect Target Port: HTTP
Description: HTTP to Web Server
NAT Reflection: leave as default
Filter Rule Association: Pass
Click on Save and then apply rule.
· Allow all from inside out (NAT rule).
Select “Firewall” – “NAT”
Select Outbound:
A default rule has been applied, so no rule change is required:
Patching the Web Server
Now SSH to the public IP address of the firewall on port 22, you will get a security alert that states the public key is different from what is stored in the SSH client. You can safely connect, because we have moved the destination for the IP address and port to a different end point.
Logon to the Web Server using the default userid and password.
The default user id and password is located on the ‘cloudhelp’ site. For server image information follow this url: https://portal.claranet.com/cloudhelp/templates/logindetails.html.
When you are logged in change the default password by typing the following into the terminal window:
passwd
You will be prompted for the existing default password and prompted twice for the new password. Remember this password, because Claranet cannot obtain the password for you.
Next we will patch the operating system. Type the following into the terminal window:
And type the password you have just changed.
This will update the local repository for patches.
Next type the following into the terminal window:
After a few seconds you will be prompted to continue, type Y and press the Enter key.
After a few minutes the web server will be patched.
We now need to install the apache package to enable the server to be a web server. Type the following into the terminal window:
Again you will be prompted to continue, Select Y and press Enter.
The web server will start automatically. You can test this by starting your favorite web browser and entering the address for the public IP address of the firewall into the address box, and pressing Enter.
The following screen should be displayed.
This is the end of the example “Your First Virtual Appliance”, it provides a foundation for building on and can be extended to enhance your cloud infrastructure into whatever you want it to do.
By Jay Fearn Google
If your interested in using the Claranet VDC product please fill in your contact details below:
[recaptcha_form]
You must be logged in to post a comment.