Firewall Considerations
Access to a cloud cloud instance may be controlled by
- an external firewall,
- the operating system firewall of the instance,
- cloud-specific firewall and security rules and groups.
In addition to allowing SSH access, the different firewall levels must be configured to permit at least TCP port 8080 to enable license server access.
Azure Network Security Groups
Network Security Groups (NSG) can be associated to interfaces or subnets. Security rules in network security groups enable you to filter the type of network traffic that can flow in and out of virtual network subnets and network interfaces. When a cloud instance is created, you can assign a default security group to its interface (allowing SSH). Please refer to the following tutorial for more information: https://docs.microsoft.com/en-us/azure/virtual-network/tutorial-filter-network-traffic.
Connecting to the Cloud Instance
During the configuration of your instance you should have created security rules allowing at the minimum SSH access to the instance. If this has been done correctly, you can, for example, use SSH from the command-line or from a tool such as PuTTY to access the command-line of the user sshuser (for Charon-SSP prepackaged marketplace images) or your custom user (for RPM installations) on the Charon-SSP instance.
You will need the following:
- Access to the private key associated with the public key you uploaded during the configuration of the instance.
- The public IP address of the instance.
Please note: the file permissions of the private key file must be set such that the file is only readable by the user (e.g., #
chmod 400 <private-key-file>
).
There are several ways to connect to your Charon-SSP cloud instance using this basic SSH protocol access. Some of them are described in the following sections below.