| nectar.org.au NECTAR TRAINING Module 5 The Research Cloud Lifecycle.

Slides:



Advertisements
Similar presentations
Creating HIPAA-Compliant Medical Data Applications with Amazon Web Services Presented by, Tulika Srivastava Purdue University.
Advertisements

SSH Operation and Techniques - © William Stearns 1 SSH Operation and Techniques The Swiss Army Knife of encryption tools…
DSL-2730B, DSL-2740B, DSL-2750B.
B. Ramamurthy 4/17/ Overview of EC2 Components (fig. 2.1) 10..* /17/20152.
Networks. User access and levels Most network security involves users having different levels of user access to the network. The network manager will.
1 Web Servers / Deployment Alastair Dawes Original by Bhupinder Reehal.
Online Banking Fraud Prevention Recommendations and Best Practices This document provides you with fraud prevention best practices that every employee.
System Security Scanning and Discovery Chapter 14.
OAAIS Enterprise Information Security Security Awareness, Training & Education (SATE) Program or UCSF Campus VPN.
Lesson 11-Virtual Private Networks. Overview Define Virtual Private Networks (VPNs). Deploy User VPNs. Deploy Site VPNs. Understand standard VPN techniques.
Amazon EC2 Quick Start adapted from EC2_GetStarted.html.
Installing Virtualisation Software and Virtual Servers.
Remote access and file transfer Getting files on and off Bio-Linux.
4-1 PSe_4Konf.503 EAGLE Getting Started and Configuration.
Additional SugarCRM details for complete, functional, and portable deployment.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.1 ISP Responsibility Working at a Small-to-Medium Business or ISP – Chapter 8.
LGC Website and Customer On-line Tools LGC RESOURCE 2014.
Eucalyptus Virtual Machines Running Maven, Tomcat, and Mysql.
BIF713 Operating Systems & Project Management Instructor: Murray Saul
Customized cloud platform for computing on your terms !
Csci5233 Computer Security1 Bishop: Chapter 27 System Security.
GOLD UNIT 4 - IT SECURITY FOR USERS (2 CREDITS) Thomas Jenkins.
1. Self Awareness You should only access your accounts and private informations from a safe location (only at home as necessary if at all possible) where.
Explain the purpose of an operating system
3.3 Digital Communication Security. Overview Demonstrate knowledge and understanding of basic network security measures, e.g. passwords, access levels,
Module 1: Installing and Configuring Servers. Module Overview Installing Windows Server 2008 Managing Server Roles and Features Overview of the Server.
| nectar.org.au NECTAR TRAINING Module 9 Backing up & Packing up.
| nectar.org.au NECTAR TRAINING Module 10 Beyond the Dashboard.
Your Interactive Guide to the Digital World Discovering Computers 2012.
GOLD UNIT 4 - IT SECURITY FOR USERS (2 CREDITS) Rebecca Pritchard.
AE6382 Secure Shell Usually referred to as ssh, the name refers to both a program and a protocol. The program ssh is one of the most useful networking.
Computer Networking From LANs to WANs: Hardware, Software, and Security Chapter 13 FTP and Telnet.
INTERNET SAFETY FOR KIDS
IT tools to communicate By Suleman Kalam. Podcast What is Podcasts? A podcasts is a downloadable media file which can be downloaded into many electronic.
Computer Security Risks for Control Systems at CERN Denise Heagerty, CERN Computer Security Officer, 12 Feb 2003.
CERN - European Organization for Nuclear Research Beyond ACB – VPN’s FOCUS June 13 th, 2002 Frédéric Hemmer & Denise Heagerty- IT Division.
How to Deploy and Configure the Smart Net Total Care CSPC Collector
XWN740 X-Windows Configuring and Using Remote Access (Chapter 13: Pages )‏
ITGS Network Architecture. ITGS Network architecture –The way computers are logically organized on a network, and the role each takes. Client/server network.
| nectar.org.au NECTAR TRAINING Module 1 Overview of cloud computing and NeCTAR services.
| nectar.org.au NECTAR TRAINING Module 5 The Research Cloud Lifecycle.
| nectar.org.au NECTAR TRAINING Module 10 Beyond the Dashboard.
| nectar.org.au NECTAR TRAINING Module 9 Backing up & Packing up.
1 Day 2 Logging in, Passwords, Man, talk, write. 2 Logging in Unix is a multi user system –Many people can be using it at the same time. –Connections.
SCSC 455 Computer Security Chapter 3 User Security.
Cyber Safety Mohammad Abbas Alamdar Teacher of ICT STS Ajman – Boys School.
LESSON 5-2 Protecting Your Computer Lesson Contents Protecting Your Computer Best Practices for Securing Online and Network Transactions Measures for Securing.
Introduction: Introduction: As technology advances, we have cheaper and easier ways to stay connected to the world around us. We are able to order almost.
Virtual Machines Module 2. Objectives Define virtual machine Define common terminology Identify advantages and disadvantages Determine what software is.
Blogs How to use the bog safely and secure? Create new username. Create a strong password to your account. Create the password to your uploaded files.
Created by Alexis Ford Research done by Rebecca Tanner Ford 1.
Installing the ALSMS Software on a Windows Platform Configuration Example Alcatel-Lucent Security Products Configuration Example Series.
SSH. 2 SSH – Secure Shell SSH is a cryptographic protocol – Implemented in software originally for remote login applications – One most popular software.
Computer Security Sample security policy Dr Alexei Vernitski.
Page ADP Technology Training. 2 Page2 Confidential Copyright © 2007 Pearson Education, Inc. and/or one or more of its direct or indirect affiliates. All.
By the end of this lesson you will be able to: 1. Determine the preventive support measures that are in place at your school.
1 Example security systems n Kerberos n Secure shell.
1 Web Technologies Website Publishing/Going Live! Copyright © Texas Education Agency, All rights reserved.
© 2015 MetricStream, Inc. All Rights Reserved. AWS server provisioning © 2015 MetricStream, Inc. All Rights Reserved. By, Srikanth K & Rohit.
Chapter 7: Using Network Clients The Complete Guide To Linux System Administration.
Lecture 19 Page 1 CS 236 Online 6. Application Software Security Why it’s important: –Security flaws in applications are increasingly the attacker’s entry.
Understanding FTP File Transfer Protocol. Learning Objectives By the end of this lecture, you should be able to: – Describe the purpose of FTP – Install.
Discovering Computers 2012: Chapter 8
Working at a Small-to-Medium Business or ISP – Chapter 8
WikID installation/training
Lab 7 - Topics Establishing SSH Connection Install SSH Configure SSH
Part 3.
REDCap and Data Governance
6. Application Software Security
File Transfer Protocol
Presentation transcript:

| nectar.org.au NECTAR TRAINING Module 5 The Research Cloud Lifecycle

This module provides a high-level overview of the processes involved when using the Research Cloud. Topics will include: How to get onto the Research Cloud. Necessary housekeeping (e.g. updates, backups). How to keep a VM secure. Terminating services without losing anything, and how to get support.

NeCTAR Project Trial Any researcher who logs on to the web Dashboard can immediately have access to a small Project Trial allocation: 2 instances and 2 cores for 3 months You can run a medium (two core) VM, or two small (single core) VMs. To obtain a larger allocation you need to submit an allocation request. You can run VMs of various sizes in the Research Cloud, from 1—16 cores, and up to hundreds of VMs.

Connecting You can easily get onto the Research Cloud via the web Dashboard. You can use your institutional login to connect.

Connecting

Once you have logged onto the Dashboard for the first time, your Project Trial will be activated. Project Trials have names like pt You may launch virtual machines on the Dashboard. You, and anyone else you allow access to the virtual machine, can then log on to it and use it just like a regular server.

Connecting We will refer to a Virtual Machine as an Instance: An instance is a running virtual machine (VM) on the NeCTAR Research Cloud. Instances running inside the Research Cloud are just like real-life computers, but in a remote location. Note: An instance is sometimes also one physical computer, but in the NeCTAR Cloud, all instances are virtual machines.

Connecting Instances originate from Images. Images of VMs are files which capture the configuration of a computer system. To create your virtual machine, you will have to select an Image. NeCTAR has a few pre-configured Images that can make the set-up of a new instance much easier.

Connecting To suit your purposes, the instance may need some tweaking, configuration changes and installing of software. Tipp: You may save the state of your virtual machine in a Snapshot after you have configured it. Share the Snapshot with others, or Re-launch instances from the Snapshot. In Module 9, we will learn how to do this.

Connecting Virtual machines can be accessed via the command line terminal (left), or using a remote desktop (right). In Module 7 we will take a closer look at these two methods.

Housekeeping Updates Always ensure the newest security updates are installed on your virtual machine. We will discuss how to do this in Module 7. Backups The NeCTAR cloud does not backup your data or your instance automatically. There are tools you may use for making backups, which we will discuss in Module 9.

Mitigating risks: Passphrases You will need to choose passphrases at several occasions. For example, you will have to create keys which are generated with a password and which encrypt the connection to the VM. Always choose secure passphrases! Combinations of alphanumeric and characters. It should be at least 10 characters long, and it should be hard to guess. You should be able to remember it, or save it in a secure place! You should never share your password with anyone!

Mitigating risks: Passphrases

Mitigating risks: Firewall Firewall protection: The NeCTAR instances come with a firewall protection already in place. When you launch and manage your virtual machine, you will have to specify the firewall rules for it. You will use the Dashboard to create “Security Groups”: a collection of firewall rules. By default, the firewall allows no access, but you will have to free up Ports to be able to connect.

Mitigating risks: Firewall Think of a Port like a plug: a network connection between two applications is established when two plugs are connected. The two applications communicating are the server application and the client application.

Mitigating risks: Firewall A firewall blocks all ports, unless they are explicitly opened. Each free Port is also a potential entry point to the instance! Connections to a Port are only possible if a server application is “listening” on that Port Make sure your server application is secure!

Mitigating risks: Secure access When you connect to your virtual machine, always use an encrypted connection. It is possible to set up insecure connections if you allow this on your firewall rules of your virtual machine—don’t do this! In Module 7, we will learn how to establish a secure connection via SSH.

Mitigating risks: Secure access SSH (“Secure Shell”) encrypts connections. Two keys are required: The private and the public key.

Mitigating risks: Secure access By default, SSH uses Port 22. On the remote machine (the instance), a ssh server is running which accepts connections from ssh clients. Many applications use ssh to secure a connection. A simple client/server application is the ssh shell, which we will use in Module 7 to communicate with the instance.

Mitigating risks: SSH Tunneling Some applications are not designed for a secure connection. Connection can be secured through the use of ssh tunneling. This technique uses the ssh protocol and operates through the ssh client and server. The application does need to know that encryption is used—this is handled by ssh client and server.

Mitigating risks: SSH Tunneling

Mitigating risks: Limiting access Only grant access to your virtual machine to people you trust! Each user of the instance should ideally Have their own user account and password, and Use their own ssh keys—Module 7 will show how to do this.

Mitigating risks: Protection Software Linux, Unix and other Unix-like computer operating systems are generally regarded as very well-protected against computer viruses, but they are not immune. Your VM is already protected by a firewall, but you may also want to install an Anti-Virus protection.

Mitigating risks: Keep things tidy Know your virtual machine! You can recognise when something abnormal happens. Many types of attacks specifically target Web servers: Use separate virtual machines for them.

Mitigating risks: Keep things tidy Purge (erase) residual data from your storage before you shut your instance down or delete the storage. Module 9 will show how you can do this. Prevent untidy machines: Don’t re-provision virtual machines constantly, rather keep optimising one and then make Snapshots of it (Snapshots will be done in Module 9).

Mitigating risks: Data encryption Encrypt sensitive data before you upload or download it to or from your instance, unless you are already using an encrypted connection to copy files (e.g. scp or sftp). Before encrypting a file, be aware of the risk added: if you lose the encryption key or forget the passphrase, you will lose the data forever! Module 8 will show how you can encrypt your data.

Mitigating risks: Summary In summary, things to watch out for to mitigate risks: Use secure passphrases. Carefully configure the firewall. Always use secure methods of access (e.g. ssh logon terminals or ssh tunneling). Limit access only to trusted users. Know your virtual machine and keep things tidy. Encrypt your data.

Cleaning up When you are finished with your work and don’t need the virtual machine any more, you should terminate it, so it does not take up any more of your allocated resources. resources become available to other researchers. You can easily terminate an instance on the Dashboard. Don’t forget: back up your instance and data before you terminate it! Module 9 will get into detail with this.

Cleaning up If you don’t need your NeCTAR data storage any more, you should delete it. Storage is discussed in detail starting from Module 6. Don’t forget: Before you delete your storage, back up your data and securely erase the drives! Module 9 will show how you can do this.

Getting support There are several ways to get support: For general advise, first contact your local eResearch office or IT services. The NeCTAR project also offers online user guides and technical support through the support site support.nectar.org.au

Allocation request After you have used the Project Trial to gain experience, you may want to request more resources on the Research Cloud. You will have to submit an allocation request via the Dashboard. Before you request an allocation, assess your options: Your association to a local cloud node may provide you with default allocations easily!

Allocation request Submit a request via the Dashboard—it may take up to 4 weeks for your resources to be available. Refer to the On-Line Documentation of this course for details on how to submit an allocation request. You may also request an increase of your existing allocation later.

Closing note In this module you have learned about processes to: Get onto the Research Cloud. Launch an instance and connect to it. Do housekeeping and take other measures to mitigate risks. Clean up after you by terminating VMs and deleting storage. Get support. File an allocation request.

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.