Step 1: Setup Basic Security

Before using the Eucalyptus cloud you will need to perform the following tasks:

  1. Create a Key Pair
  2. Create a Security Group

Create a Key Pair

Eucalyptus uses cryptographic key pairs for access to instances. Before you can run an instance, you must create a key pair. Creating a key pair generates two keys:

  • a public key (saved within your Eucalyptus cloud) and
  • a corresponding private key (automatically downloaded by your browser).

To enable this private key you must save it to a file and set appropriate access permissions (using the chmod command), as shown in the example below. When attempting to login to the VM instance using SSH, the public key is checked against your private key to verify access.

  1. Log into the Eucalyptus Management Console
  2. In the navigation bar select Network & Security
  3. Select Key Pairs
  4. Click Create New Key Pair
  5. In the Name field enter "demo-key"
    Screenshot of creating a key pair
  6. Click Create and Download
  7. Your browser will automatically download the file containing your private key (demo-key.pem)
  8. If necessary, move the private key file under your home directory.
  9. Use chmod to restrict access to the file (Linux and Mac users only)

    chmod 400 ~/path/demo-key.pem
    

Key Pair Safety

Keep your private key file in a safe place. If you lose it, you will be unable to access instances created with the key pair.

Create a Security Group

Security groups let you control network access to instances by applying firewall rules to instances associated with a group. To create a security group do the following:

  1. In the navigation bar select Network & Security
  2. Select Security Groups
  3. Click Create New Security Group
  4. In the Name field enter "demo-security-group"
    Screenshot of creating a security group
  5. In the Description field describe the security group.
  6. In the Inbound Rules section, select ssh in the Protocol field
    Screenshot of creating security group rules for SSH
  7. In the Allow traffic from IP address field, enter "0.0.0.0/0"
  8. Click Add Rule
  9. Add another rule and select http in the Protocol field
    Screenshot of creating security group rules for http
  10. In the Allow traffic from IP address field, enter "0.0.0.0/0"
  11. Click Add Rule
  12. Click Create Security Group

You are now ready to launch an instance.