Setting up a Linux Instance in the IBM Cloud

Owned by W.Erber
Last updated: Feb 18, 2022
1 min read

Contents

General Prerequisites

As this description shows the basic setup of a Linux instance in the IBM cloud, it does not list specific prerequisites. However, depending on the use case, the following prerequisites should be considered:

  • To set up a Linux instance in the IBM cloud, you need an IBM account.
  • Secondly, prerequisites will be different depending on the planned use of the instance:
    • Option 1: the instance is to be used as a Charon emulator host system:
      • Refer to the hardware and software prerequisite sections of the User's Guide and/or Getting Started guide of your Charon product to determine the exact hardware and software prerequisites that must be fulfilled by the Linux instance. The image you use to launch your instance and the instance type you chose determine the software and hardware of your cloud instance.
      • A Charon product license is required to run emulated legacy systems. Contact your Stromasys representative or Stromasys VAR for details.
    • Option 2: the instance is to be used as a dedicated VE license server:
      • Refer to the VE License Server Guide for detailed prerequisites.
  • Certain legacy operating systems that can run in the emulated systems provided by Charon emulator products require a license of the original vendor of the operating system. The user is responsible for any licensing obligations related to the legacy operating system and has to provide the appropriate licenses.

IBM Cloud Login and New Instance Launch

Logging in to IBM Cloud

To log in perform the following steps:

  • Go to https://cloud.ibm.com. You will see the login screen.
  • Enter your login credentials.
  • Upon successful login, your cloud dashboard screen will be displayed.

Preparation

Please note: if you want to use an existing resource group and VPC, select the correct VPC from the resource list (click on the menu symbol at the top left of the cloud console screen and select Resource List).


Creating a Resource Group if Required

To organize resources in your account, you can group related resources in a resource group. If you have not already created a resource group, you can do so by selecting:

Manage > Account > Resource Groups and then clicking on the Create button. Add the name of the group in the pop-up window and confirm with Create.

A sample screen is shown below.

Creating VPCs and Subnets for Instance

If the necessary VPC and the associated subnets do not exist yet, create them before you create your virtual server. A virtual server can be a member of one VPC.

Step 1: go to the VPC section.

Select the Menu at the top left, and then VPC Infrastructure > Network > VPCs. This will open the list of existing VPCs or an empty list as shown in the sample below:


Step 2: start the VPC creation.

To open the VPC creation window, click on the Create button at the top right of the VPC list.


Step 3: enter the required information for the new VPC and the first subnet.

At the top of the VPC creation window, enter the following information as shown in the sample below:

  • VPC Name
  • Resource group to which the VPC belongs
  • Tags (optional)
  • Access allowed by the default security group.


In the middle of the VPC creation window enter the following information as shown in the sample below:

  • Whether a default address prefix should be created for each zone.
  • Information for the first subnet in the VPC:
    • Subnet name
    • Resource group for the subnet
    • Location of the subnet


At the bottom of the VPC creation window enter at least the following information as shown in the sample below:

  • IP range for the subnet (the size of the subnet cannot be changed later!)
  • Whether a public gateway for Internet traffic should be attached to the subnet (enables outgoing Internet access for systems on this subnet)

You can add additional subnets later.


Step 4: confirm your data and create VPC and subnet.

To complete the creation of VPC and subnet, click on the blue button Create virtual private cloud on the right pane of the window:

After this, your new VPC should be visible in the VPC list.

If required, you can now configure the ACL for the subnet (by default, it allows all traffic), or other parameters of the VPC. To get to these options, click on the name of the VPC in the list.


Creating a New Virtual Server Instance

Step 1: open the virtual server list and start the creation of a new server.

In the VPC infrastructure section under Compute, click on Virtual server instances. This opens the list of existing virtual servers. At the top right of this list click on Create. The image below provides an illustration of these steps:

This will open the section for creating a virtual server.


Step 2: enter the required information to create a new virtual server.

At the top of the Virtual Server creation window, enter the following information as shown in the sample below:

  • Name of the virtual server
  • Resource group to which the server will belong
  • Tags (optional)
  • Location of the virtual server


In the next section of the Virtual Server creation window, enter the following information as shown in the sample below:

  • Operating system and version for your instance (refer to the general Charon product User's Guide for supported distributions and versions).
  • Select the hardware profile (it must fulfill the requirements of the emulated SPARC system(s) you plan to run on the instance. To select the profile you need, click on View all profiles. The profile cannot be changed after the instance has been created.
  • If necessary add a new SSH key or use an existing one.
  • Please note: if your management system supports it, for RHEL 9.x, Rocky Linux 9.x, and Oracle Linux 9.x use SSH key types ECDSA or ED25519. This will allow connecting to these Charon host Linux systems using an SSH tunnel without the default crypto-policy settings on the Charon host having to be changed for less secure settings. This is, for example, important for the Charon-SSP Manager. See also: https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/html/security_hardening/using-the-system-wide-cryptographic-policies_security-hardening.


In the next section of the Virtual Server creation window, enter the following information as shown in the sample below:

  • Verify the boot volume configuration.
  • Add a new or existing data volume as required.
  • Select the VPC for the virtual server.

At the bottom of the Virtual Server creation window, enter the the required network interfaces. Editing them allows adding IP Spoofing (necessary for routing).

Then, in the right pane, click on Create virtual server instance to create the server instance. The new server will be displayed in the virtual server list.

Step 3: add a public IP address if required.

Once the virtual server is available in the list of active servers, perform the following steps to add a public IP address:

  • Click on the server name. This will open the virtual server details window.
  • Scroll down to the network interfaces and click on the edit symbol next to the primary interface (default name: eth0).
  • In the configuration window that opens, click on Reserve a new floating IP.
  • Save the changes by clicking on Save at the bottom of the edit window.


Initial Access to the Instance

Once you have access to the instance, you can create the access you require for your applications. This section just shows the basic steps for initial access to the instance.

SSH Interactive Access

To connect to the instance interactively, you must connect as the management user of your instance. Use the following command:

$ ssh -o ServerAliveInterval=30 -i <path-to-your-private-key> <management-user-name>@<cloudhost-IP-address>

The parameter ServerAliveInterval will protect the connection from timing out.

Please note:

  • Depending on the type of connection, you will have to use either the public IP address of the cloud system or its address in a customer-specific VPN.
  • The private key used must correspond to the public key installed in the authorized_keys file of the cloud instance management user. This is usually done during initial cloud instance launch.
  • The management user account normally allows sudo access to privileged commands (use sudo -i).
  • If the instance was created using a Stromasys-provided AL or VE marketplace image, the management user for interactive login is the user sshuser.

File Transfer with SFTP

SFTP enables file transfers to and from the cloud instance. Use the management user of your instance. The security rules must allow SSH access to allow SFTP access to the cloud instance.

Please note: Depending on the type of connection, you will have to use either the public IP address of the cloud system or its address in a customer-specific VPN.

To connect to the instance, use the following command:

$ sftp -i <path-to-your-private-key> <management-user-name>@<cloudhost-IP-address>


Please note:

  • Depending on the type of connection, you will have to use either the public IP address of the cloud system or its address in a customer-specific VPN.
  • The private key used must correspond to the public key installed in the authorized_keys file of the cloud instance management user. This is usually done during initial cloud instance launch.
  • If the instance was created using a Stromasys-provided AL or VE marketplace image, the management user for file transfer is the user charon.
  • If the user charon is used to transfer files, the home directory for the file transfer will be /charon/storage.


© Stromasys, 1999-2024  - All the information is provided on the best effort basis, and might be changed anytime without notice. Information provided does not mean Stromasys commitment to any features described.