Cloud Quick Start/en: Difference between revisions

* For questions about the Compute Canada cloud service send an e-mail to [mailto:cloud@computecanada.ca cloud@computecanada.ca]

</tab>

<tab name="Windows License Pilot">

Compute Canada is currently running a Windows pilot program where a limited number of licensed Windows VMs are provided for users by Compute Canada for a limited period of time. The trial period is approximately until the end of summer 2020.

Before you begin participating in this pilot you should know the following conditions:

* This is a pilot program. While we expect access to continue and service to be fairly smooth it may turn out that neither is true.

* Participants are required to respond to questions about how they are using the system, such as the software installed, their satisfaction with the system, and suggestions they may have for the future.

To request access to the Windows pilot send an email to [mailto:cloud@computecanada.ca cloud@computecanada.ca] acknowledging that you understand and agree to the conditions of the pilot (see above). You will be provided access to a Windows 2019 Dataceter image, a windows flavor to ensure the Windows VM is created on a licensed node, and a username to use when connecting.

[[File:Create-Key-Pair-Form.png|400px|thumb| Create key pair (Click for larger image)]]

Windows VMs encrypt the administrative account password with a public key. The matching private key decrypts the password.  

We recommend creating a new key pair within the OpenStack dashboard rather than importing an existing key pair. To create a new key pairː  

#Click on ''Access & Security'' from the left menu.

#Save the <key name>.pem file on your local drive.

If you would like to use an existing key pair with your Windows VM see the [[Creating a Windows VM#Comments on key pairs|comments on key pairs]] below.

[[File:Windows-launch-instance.png|400px|thumb| Launch Instance (Click for larger image)]]

To create a virtual machine, click on the ''Instances'' menu item on the left, then click on [[File:Launch-Instance-Button.png]]

A form is displayed where you define your virtual machine.

* ''Details'' tab

** ''Availability Zone'': There is only one zone; do not change its name.

* ''Advanced Options'' tab: Leave ''Disk Partition'' on ''Automatic'' for now.

Once you have reviewed all the tabs and defined your virtual machine, click on the Launch button and your virtual machine will be created. The Instances list will be displayed and the Task field will show the current task for the VM; it will likely be "Block Device Mapping" initially. Once the VM has spawned and beginning to boot, it will have the Power State of "Running". It will likely take 10+ minutes to finish creating the volume and coping the image to it before beginning to boot.

[[File:Manage-Floating-IP-Associations-Form.png|400px|thumb| Manage Floating IP (Click for larger image)]]

[[File:Add-Rule-Form-RDP.png|400px|thumb| Add RDP Rule (Click for larger image)]]

On the ''Instances'' page is a list VMs with their IP address(es) displayed in the ''IP Address'' column. Each VM will have at least one private IP address, but some may also have a second public IP assigned to it.

When your OpenStack project is created a local network is also created for you. This local network is used to connect VMs within that project allowing them to communicate with each other and the outside world. Their private IP address does not allow the outside world to reference that VM. Any VM created in your project will have a private IP address assigned to it from this network of the form <code>192.168.X.Y</code>.

Public IPs allow outside services and tools to initiate contact with your VM, such as allowing you to connecting to it to perform administrative tasks or serve up web content. Public IPs can also be pointed to by domain names.

To assign a public IP to a VM, you need to select ''Associate Floating IP'' from the drop-down menu button (indicated by &#x25BC;) of the ''Actions'' column in the ''Instances'' list. If this is your first time associating a floating IP, your project hasn't been assigned an external IP address yet. You need to click on the “+” sign to bring up the ''Allocate Floating IP'' dialog box. There is only one pool of public addresses, so the correct pool will already be selected; click on the ''Allocate IP'' button.

The ''Manage Floating IP Associations'' screen is displayed again, indicating the IP address and the port (or VM) to which it will be associated (or more specifically [https://en.wikipedia.org/wiki/Network_address_translation NATted]); click on the ''Associate'' button.

To connect to your virtual machine using a remote desktop connection client, you will need to allow access for remote desktop protocol (RDP) to your VM.

#On the ''Security Groups'' tab, select ''Access & Security''; on the default row, click [[File:Manage-Rules-Button.png]]

#On the next screen, click [[File:Add-Rule-Button.png]]

#Finally, click the ''Add'' button.

[[File:Retrieve-instance-password.png|400px|thumb| Retrieving Windows instance password (Click for larger image)]]

[[File:Remote-Desktop-Connection-windows.png|400px|thumb| Remote desktop client in Windows (Click for larger image)]]

[[File:Remmina-Ubuntu.png|400px|thumb| Remmina remote desktop client in Ubuntu (Click for larger image)]]

To connect to a Windows VM we will use a Remote Desktop Connection client. To connect to your Windows VM you need to supply a floating IP, user name, and password.

Open the ''Retrieve Instance Password'' form:  

# Go to ''Instances'' on the left menu.

# In the drop down menu next the instance select ''Retrieve Password''.

The password has been encrypted using the public key you selected when creating the VM. To decrypt the password:

# Click the ''Choose File'' button and browse to your private key file. <p>If you followed the steps above in the ssh key section, you should have a private key saved on your local computer with a ".pem" extension which matches the public key.</p>

# Click the ''Decrypt Password'' button at the bottom left.

Keep this form open as we will use the password in the next step. This process can be repeated later to retrieve the password again.

Many Windows systems come with the remote desktop connection tool pre-installed. Try searching for "remote desktop connection" in your Windows system search. If you can not find it, you can go to [https://www.microsoft.com/en-ca/store/p/microsoft-remote-desktop/9wzdncrfj3ps the Microsoft store] and install it. It should be a free installation.  

Once you have run the remote desktop connection tool you should see a window similar to the one displayed on the right. To connect to your Windows VM:

# Enter the public IP address next to ''Computer''.  

# Click the ''OK'' button.  

You will likely be presented with an alert ''The identity of the remote computer cannot be verified. Do you want to connect anyway?''. This is normal click ''Yes'' to continue. Once you connect you should see the desktop of your Windows VM displayed within the RDC window.

'''TODO:''' The specific certificate error is "The certificate is not from a trusted certifying authority". Is seeing this alert really normal? Do we want to register the Windows image certificate with a signing authority? Could we use letsencrypt or should we just ignore this issue?

To connect via RDP from Linux you will need a remote desktop client. There are number of different clients out there but the [https://github.com/FreeRDP/Remmina/wiki Remmina client] appears to work well when tested with Ubuntu. The previous link provides instructions for installing it in Ubuntu, Debian, Fedora and a few other Linux operating systems.  

Once you have installed and launched Remmina to connect to your Windows VM:

# Click on ''Create a new remote desktop file'' (file with a green '+' sign). <p>You should see a window similar to that shown on the right.</p>

# Click ''Connect''.

'''TODO:''' Anyone with a Mac want to write up this section?

Initially Internet Explorer's enhanced security configuration is enabled. This makes using Internet explorer very painful. It is recommended to temporarly turn off this enhanced security feature with the following steps:

* ensure all instances of Internet explorer are closed

Then download an alternative browser, e.g. firefox and then re-enable Internet Explorer's enhanced security configuration.

'''TODO''': need to provide information which would be helpful for users to know what path to take to get a license. Should cover things like:

* Where to go to get a license

* How to apply it to a new VM (if that is different than above bullet item)

There are a couple different formats for key files and you can also choose to protect your private keys with passphrases or not. In order to be able to decrypt the Windows VM password your private key must be in OpenSSH format and not have a passphrase. If you created your key pair with OpenStack and downloaded the <code>.pem</code> key file it will already be in the correct format. If you used the [[Using_SSH_keys_in_Linux|<code>ssh-keygen</code> command]] to create your key pair and didn't specify a passphrase it will also likely be in the correct format. For more general information about key pairs see the [[SSH Keys]] page.

   

An example of an acceptable private key in the OpenSSH format without a passphrase:

-----BEGIN RSA PRIVATE KEY-----

  MIIEowIBAAKCAQEAvMP5ziiOw9b5XMZUphATDZdnbFPCT0TKZwOI9qRNBJmfeLfe

  -----END RSA PRIVATE KEY-----

The <code>...</code> in the middle indicates multiple lines of characters similar to those above and below it.

Below are two examples of private keys which will not work with OpenStack with Windows VMs

OpenSSH format with a passphrase:

-----BEGIN RSA PRIVATE KEY-----

  Proc-Type: 4,ENCRYPTED

  -----END RSA PRIVATE KEY-----

ssh.com format without a passphrase

---- BEGIN SSH2 ENCRYPTED PRIVATE KEY ----

  Comment: "rsa-key-20171130"

  ---- END SSH2 ENCRYPTED PRIVATE KEY ----

* learn about [[security considerations when running a VM]]

* learn about [[creating a Linux VM]]

-->

[[Category:CC-Cloud]]