Use cases

Scheduled starting and stopping of the VM

Starting and stopping of the VM can be managed using the following instruction:

  1. Install c2-ec2 utility on Windows or Linux machine to be used for management. This can be either a cloud-based VM or any other computer with Internet access. Installation process is described in CROC Cloud API Client paragraph.

  2. Download API settings Open CROC cloud management console at https://console.cloud.croc.ru/, click Settings link in the top right corner, and then click Download API settings

  3. Change one line in these settings: export C2_PROJECT="your project ID here". Put your project ID in the quotation marks. You can view it on the cloud management console at https://console.cloud.croc.ru/

    ../_images/zapusk.png
  4. You will need to export API access settings to the machine, which will start and stop the VM.

  5. Use the following commands (also performed on the machine used to start/stop the instance) to start/stop the instance:

    c2-ec2 StartInstances InstanceId.1 <instance_id> InstanceId.2 <instance_id>
    c2-ec2 StopInstances InstanceId.1 <instance_id> InstanceId.2 <instance_id>
    
  6. The schedule is set using a task planner (such as crond in Linux).

See more detailed description of using c2-ec2 utility here: http://docs.storage.cloud.croc.ru/ru/api/index.html

Adding public SSH key in Linux

Follow the instruction below to add public key in Linux distribution:

  1. Determine a file, in which public keys are stored in the system by executing the following command:

    $ cat /etc/ssh/sshd_config | grep -i authorizedkeysfile
    AuthorizedKeysFile .ssh/authorized_keys
    
  2. In home directory, create a subdirectory with a file in it if they do not exist (from command output at clause 1 - this is .ssh directory where the authorized_keys file is stored).

    Important

    The .ssh directory and authorized_keys file should belong to user who will log in to the system (if the directory is created by a superuser then root will be its owner). To change the directory owner, use sudo chown -R ec2-user command:ec2-user /home/<username>/.ssh/

  3. Use a text editor (vim, nano, etc.) to add public key content to the authorized_keys file (if another public key is already stored there, do not delete it; instead, add new one to the file. This will let you use two different private keys to log in to the system using ssh). An example of public key is shown below:

    ../_images/chern.png

    Important

    Public key shall be a continuous text without any spaces or line breaks.

  4. After a new public key is added, you have to restart sshd:

  • For systems running SysVinit (CentOS 6):

    sudo /etc/init.d/sshd restart
    
  • For systems running Systemd (CentOS 7):

    sudo systemctl restart sshd
    

Correcting the resetting time error in Windows

To solve the time problem, you have to edit Windows registry so that it accepts time from BIOS as UTC:

  1. Open Windows registry (Win+R -> regedit -> Enter)

  2. Open HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\TimeZoneInformation

  3. Create new DWORD, name it RealTimeIsUniversal, and set value to 1

    ../_images/okno.png
  4. Reboot your instance

Advanced file storage management features

The s3cmd utility provides advanced features. Follow the steps below to install and set it up in CentOS 6.

  1. Before installation, you have to obtain the API access settings on Cloud management console: https://console.cloud.croc.ru. Click Settings, then click “Download API settings”.

  2. Installation:

    # cd /etc/yum.repos.d
    # wget http://s3tools.org/repo/RHEL_6/s3tools.repo
    # yum -y install s3cmd
    
  3. Then you have to configure s3cmd (secret and secret key can be obtained from API access settings):

    # s3cmd --configure
    
    Enter new values or accept defaults in brackets with Enter.
    Refer to user manual for detailed description of all options.
    Access key and Secret key are your identifiers for Amazon S3. Leave them empty for using the env variables.
    
    Access Key: <имя проекта в облаке КРОК>:<Учётная запись в облаке КРОК>
    Secret Key: XXXXXXXXXXXXXXXXXXXXXX
    
    Default Region [US]:
    
    Encryption password is used to protect your files from reading by unauthorized persons while in transfer to S3
    Encryption password:
    
    Path to GPG program [/usr/bin/gpg]:
    
    When using secure HTTPS protocol all communication with Amazon S3 servers is protected from 3rd party eavesdropping. This method is slower than plain HTTP, and can only be proxied with Python 2.7 or newer
    
    Use HTTPS protocol [No]: yes
    
    New settings:
    Access Key: <имя проекта в облаке КРОК>:<Учётная запись в облаке КРОК>
    Secret Key: XXXXXXXXXXXXXXXXXXXXXX
    Default Region: US
    Encryption password:
    Path to GPG program: /usr/bin/gpg
    Use HTTPS protocol: True
    HTTP Proxy server name:
    HTTP Proxy server port: 0
    Test access with supplied credentials? [Y/n] y
    Save settings? [y/N] y
    
  4. Then edit /root/.s3cfg configuration file:

    host_base = storage.cloud.croc.ru
    host_bucket = %(bucket)s.storage.cloud.croc.ru
    signature_v2 = True
    

Now you can use s3cmd utility. Enter s3cmd –help command to learn how to use the utility

Allocating multiple Public IP addresses to single VM

Follow the below instructions to associate several Public IP addresses to single VM:

  1. Select the virtual network where the instance exists.

  2. Select Private addresses tab.

  3. Click Allocate address.

  4. In a window that opens, select your desired options. Select Particular address, fill in the Address field and confirm the address by clicking Allocate address

    Important

    The address should be Allocated in the same subnet where the VM exists. If you attempt to Allocate address, which is already Allocated to VM or belongs to other subnet, then error message will appear. The addresses ending with 1 or 255 cannot be Allocated either.

    ../_images/naznach.png
  5. Open Address section, select shared Public address, and click Allocate address.

  6. In a window that opens, select Allocate to Private Address option, enter Private address Allocated at step 4, and click Allocate address.

    ../_images/assoc.png
  7. Then allocate this Private address as the second address of the interface in the operating system. An example below shows how to do this in Windows:

  1. Start -> Control Panel -> Network and Internet -> Network and Sharing Center -> Change Adapter Settings.

  2. Select Local network connection, right-click it and select Properties.

    ../_images/svoi.png
  3. Select Internet Protocol version 4 (TCP/IPv4) and click Properties

    ../_images/protokol.png
  4. In a window that opens, select Use the Following IP Address and click More…

    ../_images/protokol2.png
  5. In a window that opens, enter private address, which was Allocated by cloud DHCP server when creating the Instance, and the new one, which was Allocated at step 4. To view the current local address, use the following command: ipconfig (WIN+R->cmd->ipconfig) or open CROC cloud management console https://console.cloud.croc.ru by clicking the instance ID.

    Important

    When Allocating addresses manually, please note that 255.255.255.0 mask and a gateway with the last octet of the address with a value of 1 are used. For example, address 10.70.120.4 will have 10.70.120.1 as default gateway. Configuration example is shown below:

    ../_images/protokol3.png

Now the VM will be shared at the additional Public IP address.

Adding SSH public key in Putty

Putty uses its own format for keys (.ppk). To use a third-party private key in Putty, you have to convert it to puttygen first:

  1. Open PuTTY Key Generator application and select Conversions-> Import key

    ../_images/putty.png
  2. In a window that opens, select private key (usually it is in OpenSSH format and has the name .private)

  3. After selecting, the window will be filled with the data from the key.

    ../_images/putty2.png
  4. In this window you can leave a comment in the Key Comment line. In addition, you need to add a password to the private key in Key Passphrase and Confirm Passphrase lines.

  5. Click Save Private Key to save the private key in the format acceptable by PuTTY.

If the same public key is used on multiple severs then you do not need to store private key on each server in order to attach to another server. You can use Pagent (PuTTY authentication agent) for this purpose. To add a key to Pagent:

  1. Run pagent.exe. After startup, the program icon will appear in the system tray.

    ../_images/putty3.png
  2. Double-click the icon in the system tray to manage keys.

    ../_images/putty4.png
  3. In a window that opens, click Add Key and select private key in .ppk format. If the key has a password, enter it in the dialog when adding the key.

Alternatively, you can use the following feature to add a private key to Pagent easier:

  1. Create a shortcut for Pagent software
  2. Right-click the shortcut and select Properties
  3. In the Target field add space and add complete path to the private key in .ppk format

When you open this shortcut next time, private key will be automatically added to Pagent.

To use Pagent in PuTTY:

  1. Run putty.exe
  2. Select Attachment->SSH->Auth
../_images/putty5.png
  1. Check Allow Agent Forwarding box on this tab
  2. Open Session tab, select Default Settings, and click Save
../_images/putty6.png

Now, when a new attachment is created, its settings will include the use of Pageant for key transmission. The use of Pagent can be avoided if you select Browse instead of Allow Agent Forwarding on step 3 and select a private key to be used for attaching to the VM via ssh.

VM migration to CROC cloud

CROC cloud uses KVM hypervisor. So, before migration, please make sure that virtio drivers are installed and operating system supports using virtio controller. You can start the VM in CROC cloud even if drivers are not installed, however, when using Volumes and network, the VM will show lower performance than with drivers installed.

  1. If operating system supports virtio controller then install virtio driver to use Volumes and network.

  2. Download Volumes from your virtualization platform

  3. Convert Snapshots to qcow2 format using qemu-img utility. Below is a sample command for conversion from vmdk format:

    qemu-img convert -f vmdk -O qcow2 -p <image_name>.vmdk <image_name>.qcow2
    
  4. Upload Snapshots to CROC cloud file storage. Steps to take…

    1. Open CROC cloud management console at https://console.cloud.croc.ru/
    2. open File Storage tab
    3. If you do not have a storage, click Create Storage, allocate a name, and confirm the creation
    4. Select a storage
    5. Click Upload File
    6. Repeat the upload procedure for all Volumes
  5. Select the uploaded Snapshots one by one

  6. Click Create Snapshot

  7. When all Snapshots are created, open Console tab

  8. Open Templates section

  9. Click Create Template

  10. In a window that opens, click Add Volume to add Volumes for the template

  11. Add Snapshots created at step 6, one by one

  12. Position your Volumes so that the root device is the first in the list

  13. If your VM has does not have virtio drivers, check Revoke Optimization box

  14. Enter template description and click Create Template

  15. Now you can deploy the VM from this template.

Setting VM start/stop management options using cs.exapark.com web resource

You can use free web service http://cs.exapark.com to quickly configure automatic start and stop of VMs in CROC cloud. Below is a guide on how to start using exapark:

  1. You need to sign up. Follow Create Account link

    ../_images/onof.png
  2. Fill in the fields marked with “*” and select your time zone. Moscow time zone is UTC+03:00. Enter required data and click Save

    ../_images/onof2.png
  3. Then a registration confirmation email with login password will be sent to your address specified during registration.

  4. Log in at http://cs.exapark.com.

  5. Link your cloud account by clicking Link Your Cloud Account

../_images/onof3.png
  1. Fill in the fields marked with “*”. Necessary settings can be obtained on CROC cloud management console at https://console.cloud.croc.ru. Then open Settings and click Download API settings. Open the obtained file and enter secret ID from export EC2_ACCESS_KEY line in the following form: project_name:login_name. Secret Account Key is in EC2_SECRET_KEY line. Fill in all fields and click Save

    ../_images/onof4.png
  2. Open Tasks section and click Create New Task.

  3. Create the desired task by filling the fields marked with “*”.

    ../_images/onof5.png
  4. You can use this method to configure automatic scheduled start, stop and restart of selected instances.

Instruction for creating Windows Server 2008 R2 DC virtual machine

To create a Windows Server 2008 R2 Datacenter virtual machine:

  1. Log in to CROC cloud console at https://console.cloud.croc.ru/

  2. To create instances, at least one virtual network should be created. To create it, click Create Network, set network’s IP address in CIDR notation, and confirm the network creation. If a virtual network is already created, then proceed to the next step.

  3. Open Instances tab.

  4. Click New Instance. In a window that opens, select win2k8R2DC and click Next.

    ../_images/2dc.png
  5. Select the desired Instance Type. For Windows, selecting an instance type with at least 2 GB RAM is recommended. You can also set additional options: Virtualization Type, Placement Group, Cluster, Allocate Public address, High Availability, Terminate on instance stopped, and Monitoring. Then click Start New Instance.

    ../_images/2dc2.png
  6. Then click ID of the instance. In a window that opens, click Remote Console.

    ../_images/2dc3.png
  7. Select the desired options and click Next.

    ../_images/2dc4.png
  8. Accept the license agreement and click Start.

    ../_images/2dc5.png
  9. The operating system will prompt you to change the password for logging in to the system for the first time. Click “OK”.

    ../_images/2dc6.png
  10. Then enter your password and press Enter.

    ../_images/2dc7.png
  11. Windows Server 2008 R2 Datacenter virtual machine is now created.

    ../_images/2dc8.png
  12. To access virtual machines using RDP, you need to set up the cloud firewall. Open your virtual network, click Access Rules, and then click Grant access from network. In a window that opens, set address range (prefix notation is used: to add a single host, set ip_address/32, to add a subnet, use a smaller mask). Then set protocol to tcp, set port to 3389, and click Grant access from network.

    ../_images/2dc9.png

Instructions for creating Windows Server 2008 R2 DC + MS SQL Server virtual machine

To create virtual machine for Windows Server 2008 R2 Datacenter with MS SQL Server 2008/2012 Standard:

  1. Log in to CROC cloud console at https://console.cloud.croc.ru/

  2. To create instances, at least one virtual network should be created. To create it, click Create Network, set network’s IP address in CIDR notation, and confirm the network creation. If a virtual network is already created, then proceed to the next step.

  3. Open Instances tab.

  4. Click New Instance. In a window that opens, select win2k8R2DC+MSSQL and click Next.

    ../_images/win.png
  5. Select the desired Instance Type. For Windows, selecting an instance type with at least 2 GB RAM is recommended. You can also set additional options: Virtualization Type, Placement Group, Cluster, Allocate Public address, High Availability, Terminate on instance stopped, and Monitoring. Then click Start New Instance.

    ../_images/win2.png
  6. Then click ID of the instance. In a window that opens, click Remote Console.

    ../_images/win3.png
  7. Select the desired options and click Next.

    ../_images/win4.png
  8. Accept the license agreement and click Start.

    ../_images/win5.png
  9. The operating system will prompt you to change the password for logging in to the system for the first time. Click “OK”.

    ../_images/win6.png
  10. Enter your password and press Enter.

    ../_images/win7.png
  11. Windows Server 2008 R2 Datacenter virtual machine is now created.

    ../_images/win8.png
  12. To install MS SQL Server 2008 Standard, run the following script C:Program Files (x86)CROCdeploy_mssql(2008).bat. To install MS SQL Server 2012 Standard, run the following script C:Program Files (x86)CROCdeploy_mssql(2012).bat. The scripts contain standard components for installing the server and setting up the firewall for MS SQL. Password for sa user will be generated automatically when installation script is used and will be placed to the file C:Program Files (x86)CROCpassword_for_MSSQL.txt.

  13. To access virtual machines using RDP, you need to set up the cloud firewall. Open your virtual network, click Access Rules, and then click Grant access from network. In a window that opens, set address range (prefix notation is used: to add a single host, set ip_address/32, to add a subnet, use a smaller mask). Then set protocol to tcp, set port to 3389, and click Grant access from network.

    ../_images/win9.png

Instruction for creating Windows Server 2012 R2 DC virtual machine

To create a Windows Server 2012 R2 Datacenter virtual machine:

  1. Log in to CROC cloud console at https://console.cloud.croc.ru/

  2. To create instances, at least one virtual network should be created. To create it, click Create Network, set network’s IP address in CIDR notation, and confirm the network creation. If a virtual network is already created, then proceed to the next step.

  3. Open Instances tab.

  4. Click New Instance. In a window that opens, select win2k12R2DC and click Next.

    ../_images/r2dc.png
  5. Select the desired Instance Type. For Windows, selecting an instance type with at least 2 GB RAM is recommended. You can also set additional options: Virtualization Type, Placement Group, Cluster, Allocate Public address, High Availability, Terminate on instance stopped, and Monitoring. Then click Start New Instance.

    ../_images/r2dc2.png
  6. Then click ID of the instance. In a window that opens, click Remote Console.

    ../_images/r2dc3.png
  7. Select the desired options and click Next.

    ../_images/r2dc4.png
  8. Read the license agreement and click I accept.

    ../_images/r2dc5.png
  9. Enter the administrator password, which will be used for logging in to the system. Then click Finish

    ../_images/r2dc6.png
  10. To log in to the system, press Ctrl+Alt+Delete. This key combination can be transferred to the operating system by clicking a marked button in the top right corner of CROC cloud remote console.

    ../_images/r2dc7.png
  11. To log in to the system, enter the password, which was set at previous step, and press Enter.

    ../_images/r2dc8.png
  12. Windows Server 2012 R2 Datacenter virtual machine is now created.

    ../_images/r2dc9.png
  13. To access virtual machines using RDP, you need to set up the cloud firewall. Open your virtual network, click Access Rules, and then click Grant access from network. In a window that opens, set address range (prefix notation is used: to add a single host, set ip_address/32, to add a subnet, use a smaller mask). Then set protocol to tcp, set port to 3389, and click Grant access from network.

    ../_images/r2dc10.png

Instructions for creating Windows Server 2012 R2 DC + MS SQL Server virtual machine

To create a Windows Server 2012 R2 Datacenter virtual machine with MS SQL Server 2008/2012 Standard:

  1. Log in to CROC cloud console at https://console.cloud.croc.ru/
  2. To create instances, at least one virtual network should be created. To create it, click Create Network, set network’s IP address in CIDR notation, and confirm the network creation. If a virtual network is already created, then proceed to the next step.
  3. Open Instances tab.
  4. Click New Instance. In a window that opens, select win2k12R2DC+MSSQL and click Next.
../_images/sql.png
  1. Select the desired Instance Type. For Windows, selecting an instance type with at least 2 GB RAM is recommended. You can also set additional options: Virtualization Type, Placement Group, Cluster, Allocate Public address, High Availability, Terminate on instance stopped, and Monitoring. Then click Start New Instance.

    ../_images/sql2.png
  2. Then click ID of the instance. In a window that opens, click Remote Console.

    ../_images/sql3.png
  3. Select the desired options and click Next.

    ../_images/sql4.png
  4. Read the license agreement and click I accept.

    ../_images/sql5.png
  5. Enter the administrator password, which will be used for logging in to the system. Then click Finish

    ../_images/sql6.png
  6. To log in to the system, press Ctrl+Alt+Delete. This key combination can be transferred to the operating system by clicking a marked button in the top right corner of CROC cloud remote console.

    ../_images/sql7.png
  7. To log in to the system, enter the password, which was set at previous step, and press Enter.

    ../_images/sql8.png
  8. Windows Server 2012 R2 Datacenter virtual machine is now created.

    ../_images/sql9.png
  9. To install MS SQL Server 2008 Standard, run the following script C:Program Files (x86)CROCdeploy_mssql(2008).bat. To install MS SQL Server 2012 Standard, run the following script C:Program Files (x86)CROCdeploy_mssql(2012).bat. The scripts contain standard components for installing the server and setting up the firewall for MS SQL. Password for sa user will be generated automatically when installation script is used and will be placed to the file C:Program Files (x86)CROCpassword_for_MSSQL.txt.

  10. To access virtual machines using RDP, you need to set up the cloud firewall. Open your virtual network, click Access Rules, and then click Grant access from network. In a window that opens, set address range (prefix notation is used: to add a single host, set ip_address/32, to add a subnet, use a smaller mask). Then set protocol to tcp, set port to 3389, and click Grant access from network.

    ../_images/sql10.png

Setting up Palo Alto Networks firewall in CROC cloud

CROC cloud supports using Palo Alto Networks firewall implemented as a virtual machine. Below are the instructions for Preparing the virtual machine for running in CROC cloud, and configuration for easy firewall setup via the web interface:

  1. Create an instance from cmi-857B0B32 PaloAlto 7.0.1 template. Select an instance type with at least 4 GB RAM. We recommend you to select a type with 2 or more processors because network traffic analyzing produces high CPU loads.

  2. Click the instance ID and go to Remote Console.

  3. Log in to operating system by entering admin/admin as login/username

  4. Go to configuration mode:

    admin@PA-VM> configure
    
  5. Allow the firewall to use automatic MAC address identification

    admin@PA-VM# set deviceconfig setting auto-mac-detect yes
    
  6. Set up the managing (mgt) interface:

    admin@PA-VM# set deviceconfig system ip-address <IP-ADDRESS> netmask <NETMASK> default-gateway <GATEWAY> dns-setting servers primary <DNS_SERVER>
    
    где <IP-ADDRESS>- “Внутренний адрес”, <NETMASK>- маска подсети, равная 255.255.255.0, <GATEWAY>- IP адрес шлюза (для подсети с внутреннего адреса 10.69.150.0 шлюзом по умолчанию будет 10.69.150.1), <DNS_SERVER>- адрес шлюза. Данные настройки можно получить в консоли управления облаком КРОК при нажатии по коду экземпляра.
    
    ../_images/alto.png
    • The following network command should be entered for these network settings:
    admin@PA-VM# set deviceconfig system ip-address 10.69.150.116 netmask 255.255.255.0 default-gateway 10.69.150.1 dns-setting servers primary 10.69.150.1
    
  7. Confirm the settings

    admin@PA-VM# commit
    
  8. Then you need to allow port 443 to log in to web interface of the firewall: go to the virtual network where Palo Alto virtual machine exists, and open Access Rules tab. Then click Grant access from network. In a window that opens, select tcp protocol, port 443 and hosts according to your security requirements (otherwise, grant access from all hosts, or from particular subnet by using prefix notation. For example, enter 109.252.47.0/24 to add access from external subnet 109.252.47.1-109.252.47.254)

    ../_images/alto2.png
  9. Follow Public address of the instance using https protocol:

    https://внешний_адрес_инстанса
    
  10. Log in to firewall management web interface using admin/admin as login/password

    ../_images/alto3.png

Now you can configure the firewall via web browser.

../_images/alto4.png

Configuring Kaspersky Endpoint Security in CROC cloud

Operation of Kaspersky Antivirus 8.0 was tested in CROC cloud on a VM running Windows Server 2008/2012 and CentOS 6/7. Below are instructions for the antivirus installation and setup in CentOS 6/7:

  1. Install the required packages:

    • For CentOS 6:

      $ sudo yum install glibc.i686 perl gcc binutils glibc glibc-devel kernel-devel
      
    • For CentOS 7:

      $ sudo yum install perl gcc binutils glibc glibc-devel glibc.i686 perl-Data-Dumper kernel-devel
      
  2. Install the antivirus software:

    $ sudo rpm -i <полный_путь_до_файла.rpm>
    
  3. You can set up the antivirus using the following script:

    $ /opt/kaspersky/kav4fs/bin/kav4fs-setup.pl
    
  4. If you did not set a web console password at previous step, you will not be able to start the antivirus management service via your web browser.

    $ /opt/kaspersky/kav4fs/bin/kav4fs-setup.pl -W
    
  5. Set up the firewall:

    • CentOS6:

      $ iptables -I INPUT -p tcp --dport 9080 -j ACCEPT
      $ /etc/init.d/iptables save
      
    • CentOS7:

      $ firewall-cmd --add-port=9080/tcp --permanent
      $ firewall-cmd --reload
      
  6. Start the antivirus management web console:

    $ /etc/init.d/kav4fs-wmconsole start
    
  7. The antivirus management web console is shared from the browser via port 9080.

Setting up HP VSA in CROC cloud

  1. Deploy the VM from HP_VSA template.

  2. In the VM remote console, type start in the Login field and press Enter

    ../_images/chern2.png
  3. First, you need to set up network adapter: Open Network TCP/IP Settings

    ../_images/bl.png
  4. Select the interface for setup

  5. Then configure the network interface properly. If the interface is in a virtual network, you can receive IP address automatically using DHCP. Press TAB key to switch between the lines.

    ../_images/bl2.png
  6. Now initial setup for VH VSA is completed. Further setup and management are performed using CMC (Centralized Management Console), which has to be installed on another virtual machine to be used for management. This can be based either on Linux or Windows.

  7. Having installed CMC, click Find System on Getting Started tab and add storage by its IP address.

    ../_images/bl3.png
  8. Product license is required for clustering. You can get a 3-year trial license (1 TB) on HP web-site.

    ../_images/bl4.png