Launching secure-by-default SLES on Amazon EC2 instances ...€¦ · Launching secure-by-default...
Transcript of Launching secure-by-default SLES on Amazon EC2 instances ...€¦ · Launching secure-by-default...
Launching secure-by-default SLES on Amazon EC2 instances with Amazon Virtual Private Cloud (VPC)
Rick AshfordSUSE Sales Engineer
Mike FrieseneggerSUSE Sales Engineer
Page 2
SUSE and AWS Partnership Overview
• SUSE Linux Enterprise Server on Amazon EC2 launched Fall 2010
• Available in all AWS regions and instance types
• Same mission-critical Enterprise Linux from data center to public cloud
• Seamless support through AWS Support
• One-click build and simplified management with SUSE Studio and SUSE Manager
• Trial at no cost through AWS Free Usage Tier
Page 3
Agenda
• What are you going to accomplish in this lab?
• Accessing the lab
• What you will do during the lab
‒ Building the Web Server image using SUSE Studio
‒ Connecting Studio to AWS
‒ Uploading the Web Server image as an EC2 AMI
‒ Create Virtual Private Cloud (VPC)
‒ Launch the AMI in the private side of the VPC
‒ Access the Web Server through public side of the VPC
Page 4
Important items before we begin...
• Make sure the browser does not block pop-ups
• Review the pages carefully as you do the lab
‒ Use the arrows to guide you through the steps
‒ Some pages have notes to highlight information
‒ Some pages are informational with nothing to do
‒ A suggestion - open “gedit” because some pages ask you to take a note of certain information
• Please tell us the page number whenever you are having a problem with the lab
What are you going to accomplish in this lab?
Page 6
Build a Web Server AMI using SUSE Studio
AMI
Page 7
Upload the Web Server AMI to AWS(Normally you would do this but step has been done ahead of time)
AMI
Page 8
Build an AWS Virtual Private Cloud (VPC)
Internet
Public Subnet10.0.0.0/24
Private Subnet10.0.1.0/24
Page 9
Launch the Web Server AMI in the Private Subnet Allowing SSH Inbound
Internet
AMI
ssh
Public Subnet10.0.0.0/24
Private Subnet10.0.1.0/24
Page 10
Launch an AWS SLES image in the Public Subnet Allowing SSH Inbound
Internet
AMI
sshssh
Public Subnet10.0.0.0/24
Private Subnet10.0.1.0/24
Page 11
Access the Web Server AMI through the Public SLES Image
Internet
AMI
sshssh
Public Subnet10.0.0.0/24
Private Subnet10.0.1.0/24
Page 12
How might an AWS VPC be used in your organization?This option is shown on slide 49
Hardware VPN
Your Datacenter
Accessing the Lab
Page 14
http://suse.qwiklab.com
Page 15
Page 16
Page 17
Save files to the desktop...
Right click onindex.html and
select Save File
1
2
No need to download.Should be onthe desktop...
Page 18
Ignore the username and passwordfields above the button and the popup
after clicking the button.
Building the Web Server imageusing SUSE Studio
Page 20
Page 21
Use the account of your choice
Page 22
Page 23
2
3
4
5
1
Page 24
12
3
Page 25
1
2
Page 26
1
2
3
Page 27
1
Browse to the index.htmlthat was saved to
the desktop2
Page 28
1 23
4
Page 29
1 24
5
3
Page 30
Building the image takes around5 minutes...
1
3
2
Connecting Studio to AWS
Page 32
Back to the qwikLAB tab
1
Page 33
Page 34
Copy & paste the Access Keys into a temp document
1
Thank you.
Stop to learn how to find the AWS Access Keys using slides 35 – 38.
Page 36
Where can one find the Access Keys in AWS (1 of 2 ways)... This page is for reference.
Nothing to do on this page.
Page 37
Where can one find the Access Keys in AWS (1 of 2 ways continued)...
This page is for reference.Nothing to do on this page.
Page 38
Where can one find the Access Keys in AWS (2 of 2 ways)... This page is for reference.
Nothing to do on this page.
Page 39
Where can one find the Access Keys in AWS (2 of 2 ways continued)...
This page is for reference.Nothing to do on this page.
Page 40
Back to the SUSE Studio tab
1
2
Page 41
Paste from the temp document
12
43
Uploading the Web Server image as an EC2 AMI
Page 43
Normally the AMI would need to be uploaded to EC2We are cheating because the AMI is already uploaded...
Do not uploadfor this lab!
This is normallywhat you would see
during an upload
Thank you.
Stop to see how to uploadthe AMI using a CLI.
Create Virtual Private Cloud (VPC)
Page 46
Back to the qwikLAB tab
1
2
Page 47
Copy and paste the AWS credentials
1
2
Page 48
Page 49
Page 50
1
2
Page 51
Page 52
Page 53
Launch the AMI in the private side of the VPC
Page 55
Page 56
Make a note of these...
Page 57
Page 58
Page 59
1
2
3
4
Page 60
1
2
3
Page 61
Page 62
Page 63
Page 64
1
2
Page 65
1
2
3
Page 66
Save to the desktop...
Page 67
Page 68
2
1
Page 69
1
2
Page 70
Page 71
3
1
2
4
Verify this is the 10.0.1.0 subnet
Page 72
Page 73
Page 74
23
1
Page 75
Page 76
1
2
3
4
Page 77
Page 78
The web server running in the private side of the VPC
Rename this instance to “web server” by clicking
in the Name area.
Access the Web Serverthrough public side of the VPC
Page 80
Page 81
1
2
Page 82
Page 83
1
2
Verify that thesubnet used is
10.0.0.0/24 3
4
5
Page 84
Page 85
Page 86
23
1
Page 87
Page 88
1
2
3
4
Page 89
Page 90
The SLES server running in the public side of the VPC
Rename this instance to “public” by clickingin the Name area.
Page 91
Make note of the public hostname or IP address
2
1
Page 92
Open a terminal...
2
1
3
Page 93
1
2
Page 94
1
Page 95
Make note of the web server hostnameor IP address
2
1
Page 96
1
Page 97
1
2
Page 98
Thank you.
We hope you enjoyed the lab!!
v0.6