You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 7 Next »

The Technical platform is deliverd by SURFcloud, the SURFnet IAAS cloud.

Resources

Current resources cover:

  • 10 instances
  • 10 CPUs
  • 20GB RAM
  • 10 v4/v6 IPs

VMs can be created by Niels, addition resources available if needed

Unless otherwise defined, VMs run debian 8.x

The VM list has an overview of the VMs currently availabel

Access

Access to the VMs is restricted by default.

PORTS

No ports will be publicly available until requested. Normally only port 443 will be available publicly, unless specifically requested.

All port, including SSH and other ports will be available trough VPN access.

VPN

VPN is needed to access the machines. ZeroTier (ZT) VPN clients (https://www.zerotier.com/download.shtml) are needed to get access to the virtual LANs of the VMs

Install ZeroTier client in your device and report client ID to Niels using the VOpaas Access List. Only client that are registered in the list will get access.

Joining a ZeroTier network

The netwerk to join is "e5cd7a9e1c6a4bbb " ()

niels@Einstein:~$ sudo zerotier-cli join e5cd7a9e1c6a4bbb
[sudo] password for niels: 
200 join OK

Joining the network wit the CLI client

niels@Einstein:~$ sudo zerotier-cli listnetworks
200 listnetworks <nwid> <name> <mac> <status> <type> <dev> <ZT assigned ips>
200 listnetworks e5cd7a9e1c6a4bbb - ba:77:2e:0a:02:f6 ACCESS_DENIED PRIVATE zt1 -

No access given yet

niels@Einstein:~$ sudo zerotier-cli listnetworks
200 listnetworks <nwid> <name> <mac> <status> <type> <dev> <ZT assigned ips>
200 listnetworks e5cd7a9e1c6a4bbb GEANT-SA5-VOpaas-Pilot-platform ba:77:2e:0a:02:f6 OK PRIVATE zt1 10.147.19.113/24,fde5:cd7a:9e1c:6a4b:bb99:933c:4416:9c8c/88

Access granted

 

SSH access and SUDO rights

SSH access is only available trough the ZT vlan. Your accoutn will be using the "Name" as listed in the VOpaas Access List.

SSH access is only possible using ssh public key authentication. Please provide your public certificate using the the VOpaas Access List.

SUDO is available for all users, using their Yubikey. Please provide the yubikey ID (the first 12 characters of a yubikey authentication string) using the VOpaas Access List.

 

 

 

 

 

 

  • No labels