Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Anchor
TOC
TOC
Include Page
KBCOMMON:KB-CSSstyle
KBCOMMON:KB-CSSstyle

IBM Cloud Security Overview

Access to an IBM cloud instance can be controlled by 

  • an external firewall,
  • the operating system firewall of the instance,
  • IBM-specific security groups, and
  • IBM-specific subnet ACLs.

In addition to allowing SSH access, the different firewall levels must be configured to permit at least access to any required license servers.

IBM Cloud Security Groups

Security Groups are associated with a virtual server instance. They have the following characteristics:

  • Stateful: once an inbound connection is permitted, return traffic is allowed.
  • Only allow rules are possible.
  • All rules are considered to determine if traffic should be permitted.
  • An instance can have several security groups.

IBM Cloud Subnet ACLs

Subnet ACLs are associated with subnets in a VPC. They have the following characteristics:

  • Stateless: inbound and outbound connections must be explicitly allowed.
  • Allow and deny rules are possible.
  • Rules are processed in sequence.
  • One ACL can be assigned to several subnets.
  • The default ACL allows all traffic.

Connecting to the Cloud Instance

During the configuration of your instance you should have created a security group allowing at the minimum SSH access to the instance. If this has been done correctly, you can, for example, use SSH from the command-line or from a tool such as PuTTY to access the command-line of the user sshuser on (for Charon prepackaged marketplace images) or your custom user (for RPM installations) on the Charon -SSP instance. If you select your instance in the instance list and then click on Connect, you will see the instructions for connecting via SSH.

As shown in the image below, you will see in particular

...

host instance.

You will need the following:

  • Access to the private key associated with the public key you uploaded during the configuration of the instance.
  • The public IP address of the instance.

Image Removed

(warning) The Please note:

  • The file permissions of the private key file must be set such that the file is only readable by the user

...

  • (e.g., # chmod 400 <private-key-file>).
  • PuTTY uses a different key file format. It comes with tools to convert between its own .ppk format and the format of OpenSSH used by the default Linux tools.

There are several ways to connect to your Charon -SSP cloud instance using this basic SSH protocol access. Some of them are described in the following sections below.

...