Cloud Technologies

Exercise 3: Cloud Computing with CSC – Episode 1

v1.3
Tampere University Cloud Technologies
Teemu Alapaholuoma Exercise 3: Cloud Computing with CSC – Episode 1

Exercise 3: Cloud Computing with CSC – Episode 1

The CSC data center is built at an old paper factory in Kajaani. The data center uses OpenStack cloud computing
platform. OpenStack is an open-source software that has been used to build the cPouta and Rahti cloud services.
cPouta offers IaaS services and Rahti offers CaaS services (in-house video). The first we focus on cPouta service.
With the cPouta cloud service, it is possible to run virtual machines in the CSC cloud. Virtual machines can be
connected to the Internet, but the cloud customer is responsible for the virtual machines and their data security.
In this exercise, we will launch a virtual machine in the cPouta cloud service using a web-based user interface.
(Image 1). At the same time, we improve the data security of virtual machines and install system tools.

Image 1. An overview of virtual machine.

Do not be a resource hoarder. Use only necessary resources. CSC offers cloud services for free. Let's make sure
that this is also the case in the future.

Using cPouta web interface

Use cPouta web interface to create an Ubuntu virtual machine in the CSC cloud. The user interface differs from
commercial cloud services, but the basic principles are the same.

1. The teacher has created a CSC course project for you and sent an invitation link to the project. The
invitation link is a group specific. Join to the project as a member (Link).

2. When you have applied the project membership, teacher will confirm the membership. Rember, that
the teacher has full access to the course projects.

3. Log in to the ePouta cloud service and familiarize yourself with the user interface (Link). Answer the
following questions:

• How much resources you have (VCPUs, RAM, storage, public IPs, etc)? Fill the Appendix 1.
• How much resources do standard.xlarge and io.160GB reserve? Fill the Appendix 2.

4. Launch a virtual machine in cPouta. Type virtual machine name and choose flavor standard.small.
Boot the virtual machine from image and select image Ubuntu-20.04. Under the Access & Security
tab, choose your key pair and SSH-VPN security group. Finally, launch your virtual machine (Link).
Tampere University Cloud Technologies
Teemu Alapaholuoma Exercise 3: Cloud Computing with CSC – Episode 1

5. When a virtual machine is ready, it only has a private IP address. To connect a virtual machine to the
Internet, we need to assign it a public IP address. In our case, the address is a floating IP address. The
address is automatically selected from the predefined IP address pool. The pool is predefined by CSC
and we have no rights to modify this pool (Link).

6. Check the floating IP from cPouta web interface and open the SSH connection on the virtual machine.
If you have problems using Windows PowerShell, you can use Putty (Link).

Author's comment. At this point, it is good to remind that you are responsible for the management
and security of the virtual machine. Every second, malicious individuals look for vulnerabilities in
virtual machine services. If the virtual machine gets infected or hacked, you are responsible for it.
Avoid unwanted events by keeping your virtual machine up to date and using security groups to
restrict network connections (Link).

7. Update the APT package index and upgrade packages. Use the current version of the Ubuntu. Do not
run do-release-upgrade command (Link). The command will update to the latest version of Ubuntu
server. We use Ubuntu-20.04.

8. The SSH service is a common attack target in a virtual machine. In our case it is difficult because we
use SSH keys for authentication but to maximize the protection of the SSH service, we install Fail2ban.

9. Fail2ban is a tool that protect your Linux machine from brute-force and other automated attacks by
monitoring the services logs for malicious activity. It controls the operating system firewall, not
security groups in the CSC cloud (Link). You do not have to edit configuration files. Use the default
values.

Author's comment. Some environments use password-based SSH authentication. This is not a
recommended option. A better option is to use SSH key-based authentication. If you still choose
password-based SSH authentication, install Fail2ban to secure your SSH service.

10. Take a 30-minute break. Run the following commands and paste the outputs in Appendix 3. Do not
paste the screen captures. Paste the text only. As we can see, Fail2ban has effectively banned a bunch
of IP addresses.

Author's comment. The first command displays the DNS name of the virtual machine. The second
command shows all banned IP addresses with the fail2ban command.

ubuntu@ubuntu-cloud:~$ host -a <floating IP address>

ubuntu@ubuntu-cloud:~$ sudo zgrep 'Ban' /var/log/fail2ban.log*

Finally

1. Stop ubuntu-cloud virtual machine and disassociate the floating IP address. Finally, delete the virtual
machine.

2. Save the final report in Word Doc and Adobe PDF format (Word / File / Save as / PDF).

3. Return the final report in PDF format to the correct Moodle return area. Do not send the final report
to the teacher by e-mail.

4. Good work! It is time to go for lunch or coffee.

Tampere University Cloud Technologies
Teemu Alapaholuoma Exercise 3: Cloud Computing with CSC – Episode 1

Appendix 1

Group name
Project number

Compute Maximum number of instances

VPUs
RAM
Volume Maximum amount of storage
Network Floating IPs

Appendix 2

standard.xlarge VCPUs
Root Disk
Ephemeral Disk
Total Disk
RAM

io.160GB VCPUs
Root Disk
Ephemeral Disk
Total Disk
RAM

Appendix 3

Paste text only. No screen captures.