SURFsara provides pre-made appliances to their HPC Cloud users. These appliances are available via the Apps option in the Storage section in the HPC Cloud user interface and are meant to help users instantiating VM’s quickly. Currently we provide some basic Apps for CentOS, Ubuntu and Debian.
The Apps are endorsed by the SURFsara HPC Cloud team and are kept up to date. In order to provide our customers with a secure working environment, a set of configurations are applied to the images at boot time via
one-context contextualization. Here you can find some of these configuration details.
The root account is not accessible via SSH. There is also no password for the root account, and only accessible locally (from inside the VM).
Access to the VM
To access the Virtual Machine, an SSH public key needs to be injected to the VM. Ssh access to the VM is granted via a user account which can become root once logged in. The username is specified in the App description.
A firewall is active at boot time with all ports closed with exception of the port for SSH access. CentOS based images are configured with iptables, whereas Ubuntu/Debian firewall is configured with ufw.
An ssh server is installed and auto-starts upon boot time.
The images are configured to auto-update the OS and packages. It can be disabled by the user afterwards.
fail2ban is installed and will protect the image from brute-force break-in attempts via ssh / http(s) protocols. A jail ban of 15 min. is applied.
The image template has basic settings to instantiate and operate correctly a VM, namely:
The images come with a default internet connection, and a static IP will be assigned to your VM. In case you need to have multiple VM’s that need to communicate with each other, please update the template and add a second network with your internal range.
More details are described in the appliances themselves at the Apps.