| layout |
|---|
default |
SURFsara provides pre-made appliances to their HPC Cloud users. These appliances are available via the AppMarket in the HPC Cloud user interface and are meant to help users instantiating secure Vm's quickly. Currently we provide a set of basic appliances for CentOS and Ubuntu.
The AppMarket appliances are endorsed by SURFsara HPC Cloud team and are kept up to date. In order to provide our customers with a secure working environment, a set of configurations are applied to the images at boot time via cloud-init contextualization. Here bellow you can find the configuration details.
-
Root account
The root account is not accessible via SSH. There is also no password for the root account, and only accessible locally (from inside the VM).
-
Access to the VM
To access the Virtual Machine, an SSH public key needs to be injected to the VM. The ssh access to the VM is granted via a super user account.
-
Firewall
A firewall is active at boot time with all ports closed with exception of the port for SSH access. CentOS based images are configured with iptables, whereas Ubuntu firewall is configured with ufw.
-
SSH server
An ssh server is installed and auto-starts upon boot time.
-
Software updates
The images are configured to auto-update the OS and packages. It can be disabled by the user afterwards.
-
Intrusion prevention
fail2ban is installed and will protect the image from brute-force break-in attempts via ssh / http(s) protocols. A jail ban of 15 min. is applied.
-
Image template
The image template has basic settings to instantiate and operate correctly a VM, namely:
- acpi = yes
- memory = 1GB
- (v)CPU = 1
- localtime = no
- internet connection
-
Network connectivity
The images come with a default internet connection, and a static IP will be assigned to your VM. In case you need to have multiple VM's that need to communicate with each other, please update the template and add a second network with your internal range.
Note:
More details are described in the appliances themselves at the AppMarket.