Versions Compared

Old Version 1

changes.mady.by.user W.Erber

Saved on

compared with

New Version 2

changes.mady.by.user W.Erber

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Anchor
TOC
TOC
Include Page
KBCOMMON:KB-CSSstyle
KBCOMMON:KB-CSSstyle

...

Please note:

  • In this scenario any direct traffic between host and guest system (if configured with a public IP address) and external systems reachable via the Internet gateway is not encrypted by default. If this traffic runs across a public network, it is exposed to being monitored and even modified by third parties. The user is responsible for ensuring data protection conforming to the user's company security rules. It is strongly recommended to use encrypted VPN connections for any sensitive traffic.
  • Guest operating systems are often old and no longer maintained by the original vendor. This means they are more easily compromised by attacks from the Internet. Therefore, direct Internet access for the guest system is not recommended.
  • The actual configuration steps vary depending on the cloud environment used. The sample configuration below will have to be adapted to the specific environment.

Configuration Example

Important information:

  • The example assumes that a Charon-SSP cloud-specific marketplace image is used. This means in particular:
    The host the host operating system is a CentOS 7 system.
  • NetworkManager is disabled and the ifcfg-files in /etc/sysconfig/network-scripts are used to set up the configuration.
    • RHEL version 7 or 8 compatible Linux system. If you use a different host operating system version, you must adapt the example accordingly.If you use a RHEL/CentOS 8 system, you must use NetworkManager to configure the interface. A similar procedure as the one described here can be used, but the interfaces must be under NetworkManager control and instead of restarting the network, you must restart the NetworkManager after editing the ifcfg-files. Alternatively, you can use nmcli commands to configure the connection. Please refer to your Linux documentation and manual pages for further information.
  • As explained for AWS, remember that any automatically assigned public IP addresses will be removed by the cloud provider once the instance is restarted with a second NIC. Hence, on AWS Elastic IP addresses must be used.
  • For Google cloud, note the following:
    • The default is that all interfaces are configured with IP addresses automatically by GCP services on the Linux host. Please refer to the Network Management section in the respective Getting Started guide for information on how to disable this automatic configuration.
    • Some base images used to create a Charon host instance may be configured to use /32 netmasks for additional interfaces, and only ARP requests for the default gateway are answered by Google. This can cause communication problems between Solaris and other instances on the same subnet (ARP requests are not answered). The workaround is to use static ARP entries on Solaris. Please refer to the Getting Started guide for more information. The latest Current images provided by Stromasys use /24 netmasks, so this point does not apply to them.
  • The interface names used in this example (eth0 and eth1) may be different on your system. Please verify the names on your system and refer your cloud provider's documentation for more detail. Make sure you use the correct names!
  • The example uses only a private address for the dedicated interface. If a public address is required, the basic steps for making the interface available to the guest system are the same.If you use the Charon Manager for the interface configuration (steps 4 and 5 of the example), use None as the interface configuration. Charon Manager will also activate the changes (step 6 in the manual example below).


Div
classpagebreak


Step 1:

...

Prepare the Second NIC on the Charon

...

Host for

...

Use by the Solaris

...

Guest

The host system interface configuration must ensure that the private IP address associated with allocated to the new interface by the cloud provider is not configured on the Linux Ethernet interface. This address will be used by the guest system.Please note:

The

...

The sample configuration assumes a CentOS 7 system and that the interface is configured outside the control of the NetworkManager.

To make the second interface usable for the Charon guest system, perform the following steps:

...

Expected result of the exampleconfiguration depends on whether the network configuration on the LInux host is file-based (typically Linux 7.x) or NetworkManager-based (typically LInux 8.x). Examples for both are shown below. Typically, the NetworkManager is disabled on Charon-SSP marketplace images based on Linux 7.x, and enabled on Charon-SSP marketplace images based on Linux 8.x.

Expected result of the examples in this section:

  1. The system should still be reachable via eth0.
  2. Interface eth1 should be up without having an IP address configured.

File-based Configuration Examples

Insert excerpt
PDC:__Include: Charon-SSP Cloud Networking v5.x : v2
PDC:__Include: Charon-SSP Cloud Networking v5.x : v2
nameNICBasicsNoNM
nopaneltrue

NetworkManager-based Configuration Examples

The following sections show two examples:

  • Configuration using nmcli commands
  • Configuration using the Charon-SSP Manager

Using nmcli Commands

Insert excerpt
PDC:__Include: Charon-SSP Cloud Networking v5.

...

Please note: Make sure to use the correct interface names in use on your instance.

Step 2: add the dedicated Ethernet interface to the emulator configuration.

x : v2
PDC:__Include: Charon-SSP Cloud Networking v5.x : v2
nameNICBasicsCLI
nopaneltrue

Using the Charon Manager

Insert excerpt
PDC:__Include: Charon-SSP Cloud Networking v5.x : v2
PDC:__Include: Charon-SSP Cloud Networking v5.x : v2
nameNICBasicsCM
nopaneltrue

Step 2: Add the Dedicated NIC to the Emulator Configuration

  • Start the Charon Manager and open the configuration window for the emulated system.
  • Configure the emulated system with the dedicated Ethernet interface as its interface.
  • Set the MAC address to the same value as used by the host interface (the value assigned by your cloud provider).
  • Save your configuration.
Div
classpagebreak


Step 3:

...

Configure the

...

the Solaris

...

Guest to

...

Use the Private Cloud-assigned IP Address

Using the steps below, the Solaris guest system is configured to use the second NIC configured on the host system (please refer to your Solaris documentation for configuration details).

  1. Boot Solaris and configure the IP address assigned to the dedicated guest NIC for the Solaris Ethernet interface as shown in the examples below:
    # ifconfig <interface-name> <private-guest-nic-ip>/<netmask up (Solaris 10 example)
    or
    # ifconfig <interface-name> <private-guest-nic-ip> netmask<mask> up     (Solaris 2.6 example)
    or
    # ipadm create-ip netX and ipadm create-addr -T static -a <private-guest-nic-ip>/<netmask> netX/v4 (Solaris 11 example)
    For Solaris versions before version 11, make permanent by editing /etc/hosts and set the new address for the systems hostname. Then edit /etc/netmask and add the netmask for the subnet-network.

  2. Add default route on Solaris:
    # route add default <default-gateway-of-cloud-lan> <metric>
    Make permanent by editing /etc/defaultrouter and add the address of the gateway (use route -p for newer Solaris versions).

  3. Add DNS server to Solaris (if needed)
    1. Edit /etc/resolv.conf and add a nameserver line for the DNS server.
    2. Make sure, DNS is used for hostname translation: ensure that /etc/nsswitch.confis configured to allow dns (in addition to files) for the hostname resolution.

...