Zum Seitenanfang

Frequently Asked Questions

Sie bestellen eine bestimmte Anzahl an Ressourcen (CPUs, RAM, Festplattenspeicher). Safe Swiss Cloud stellt Ihnen diese Ressourcen zur Verfügung und erstellt Ihre Cloud für Sie.

Als Kunde erhalten Sie Zugriff auf eine Web-Management-Schnittstelle zu Ihrer Cloud. Über diese Schnittstelle können Sie virtuelle Maschinen anlegen, Vorlagen definieren, Netzwerkkonfigurationen vornehmen und vieles mehr.

Wir benutzen das Interxion Rechenzentrum in Glattbrugg, bei Zürich. Dieses erfüllt die FINMA (Schweizer Finanzmarkt Aufsicht) Anforderungen für Banken - die Details finden Sie in dem folgenden KPMG Dokument:

FINMA-RS 08/7 - Outsourcing - Banken

Wir verwenden die besten Open Source-Technologien, um unseren Kunden hervorragende Dienste zur Verfügung stellen zu können.

Falls nötig,  können Kunden ihre Virtual Data Center intern oder zu anderen Anbietern mit kompatibler Technologie transferieren. Das gleiche gilt auch für Own Drop.

Wir tun alles, um Ihre Daten vor dem Lock-In-Effekt zu bewahren und sicherzustellen, dass die Systeme portabel sind.

Dank unserer AWS-kompatiblen APIs sind auch Umwandlungen von AWS zu unserem Compute Cloud-Angebot möglich. Sie können Ihre AWS-Scripts laufen lassen, um Ihre Systeme auf Safe Swiss Cloud auszuführen.

Virtual Data Center (VDC) A Virtual Data Center is a single customer account with Safe Swiss Cloud. It can contain one or more VPCs.
Software Defined Data Center (SDDC) Software Defined Data Center is just another name for a VDC, a virtual data center.
Virtual Private Cloud (VPC)

Virtual Private Cloud (VPC) is a private, isolated part of Safe Swiss Cloud. A VPC acts as a container for multiple isolated networks that can communicate with each other via its virtual router.

 

Two Factor Authentication functionality is optional and available for any user at the "Two-factor authentication settings" page :

A user may activate or deactivate the TFA.

When navigating to "Two-factor authentication settings" page (via menu or via link), the user sees:

In order to activate the TFA, the user needs to click on the "Set up SMS delivery" link.

After the password confirmation the user sees the page where he can enter his mobile phone number:

 
If the user enters his mobile phone and presses "Send SMS", he receives the verification code. This verification code needs to be entered in the next window:

In the next step the user gets to the list of recovery codes, which can be used in emergency cases (no mobile, ect.).

The user can save these codes somewhere or skip them.  

The idea of the recovery codes is that the user can enter these codes instead of an SMS code. The recovery codes can be used if the user does not have access to his mobile phone.

As soon as the TFA is activated, the client sees the page like:

 

The user can reset SMS delivery, view unused recovery codes, get new recovery codes,  disable TFA:
 If the user skips the recovery codes, he can get the recovery codes later.  

You can reset your Safe Swiss Cloud Control panel password by going to My Account (if you are logged in) on the Safe Swiss Cloud website (https://www.safeswisscloud.ch). If you are not logged in, please login by going to https://www.safeswisscloud.ch/user or click the Login link at the top right hand corner of the Safe Swiss Cloud website.

Once logged in, you will be able to reset the password of your VDC from the "My Account" area.

If you forgot your password to the Safe Swiss Cloud website, please click on https://www.safeswisscloud.ch/en/user/password to request a password reset.

If you need additional help, you can always raise a ticket by going to the support tab of the "My Account" area on the Safe Swiss Cloud website.

Contact Safe Swiss Cloud support at Tel: +41 43 541 5704 if you still need help.

WARNING: We will never send you emails asking for your password. In fact we should never know your password. Do not ever give your password to anybody you do not trust and never share your password by Email.

Limited support is available on a best effort basis between 08:00 to 20:00 Central European Time (CET - Switzerland). 

If you are logged in to the website https://www.safeswisscloud.ch request support here: https://www.safeswisscloud.ch/en/node/add/support-ticket

If you forgot your password you can request support here without logging in:

Request support here 

Support contracts that guarantee certain service levels (SLAs) are available on request:

Please contact us if you need an SLA or a "Managed Service".

Wie kann ein Safe Swiss Cloud VDC Account gekündigt werden?

Um einen Safe Swiss Cloud VDC Account zu kündigen, muss der Benutzer die User page (Konto verwalten>>Konto) im Safe Swiss Cloud Portal aufrufen.

  1. In der Sektion Account löschen am Ende der Seite muss der User auf die Fläche "Benutzerkonto löschen" klicken (nicht verfügbar für Accounting und Technische Sub-User).
  2. Wenn ein Kunde auf "Benutzerkonto löschen" klickt, wird automatisch eine Anfrage an seine Email Adresse versendet.
  3. Als nächstes kann der Kunde seinen Safe Swiss Cloud VDC Account kündigen, indem er auf den Link in dem an ihn versendeten Email klickt (oder durch kopieren und einfügen des Links in einen Browser).
  4. Wenn der Kunde den Link zu Kündigung erfolgreich geöffnet hat, wird sein Account inaktiv gesetzt.
  5. In den folgenden 15 Tagen kann sich der Kunden noch in seinen Safe Swiss Cloud Portal Account einloggen und sein Safe Swiss Cloud VDC erneut aktivieren.

Wie kann ein Safe Swiss Cloud VDC Account aktiviert werden, nachdem er gekündigt wurde?

Wenn der Safe Swiss Cloud Portal Account eines Kunden noch nicht permanent von einem Safe Swiss Cloud Administrator blockiert wurde, kann der Kunde seinen Safe Swiss Cloud VDC Account innert 15 Tagen reaktivieren. Dazu muss er sich in das Safe Swiss Cloud Portal einloggen und die "Account aktivieren" Fläche auf der User page auswählen (Konto verwalten>>Konto).

Wenn der Safe Swiss Cloud VDC Account erfolgreich reaktiviert wurde, kann der Kunde sich erneut in sein Safe Swiss Cloud VDC Account einloggen.

Zu beachten!  Wenn ein Kunde eine oder mehrere Virtuelle Maschinenen (VMs) betreibt, werden diese VMs nach der Kündigung des Accounts gestoppt. Der Kunde kann seine VMs nach der Reaktivierung seines Benutzerkontos in seinem Safe Swiss Cloud VDC Account wieder hochfahren.

Unsere Kunden sind in der Lage ihre Team Mitglieder in das Safe Swiss Cloud VDC Account Management miteinzubeziehen. 
Der Kunde, als VDC Eigentümer, ist der Parent-User. Über das Safe Swiss Cloud Portal kann ein Parent-User einen oder mehrere Sub-User kreieren. Jeder Sub-User hat Zugriff auf seinen Sub-Account im Safe Swiss Cloud Portal.

Wir offerieren zwei verschiedene Zugriff-Levels für:

  • Technical staff (Technische Mitarbeiter)
  • Accounting staff (Accounting Mitarbeiter)

 

Der Unterschied zwischen technischen Sub-Usern und Accounting Sub-Usern werden in der folgenden Tabelle erläutert:





  Use Case Technischer Sub-User Accounting Sub-User
       
1 Der Sub-User kann alle tickets des Parent-Users (VDC Eigentümer) Accounts sehen/kreieren/editieren.  Ja Ja
2 Der Sub-User hat Zugriff auf die Übersicht der Ressourcennutzung und den monatlichen Gesamtkosten. Ja Ja
3 Two-Factor Authentication (TFA) Ja Ja
       
4 Der Sub-User hat vollen Zugriff auf den VDC Account des Safe Swiss Cloud VDC Eigentümers (Parent-User) Ja Nein
5 Der Sub-User kann über den Safe Swiss Cloud Portal Account VDCs und VRs zum VDC hinzufügen Ja Nein
6 Der Sub-User kann sein VDC Passwort mit seinem Safe Swiss Cloud Portal Account ändern Ja Nein
       
7 Der Sub-User kann Rechnungsdaten ändern. Nein Ja
8 Der Sub-User kann eine Änderung der Rechnungs-Währung beantragen (CHF/EURO). Nein Ja
9 Der Sub-User kann einen Promotion Code ändern/hinzufügen. Nein Ja
10 Der Sub-User kann Kreditkarten-Informationen hinzufügen/ändern. Nein Ja
11 Der Sub-User hat Zugriff auf die monatlichen Rechnungen. Nein Ja

Zu beachten! Alle oben genannten Funktionen sind auch für den Parent-User verfügbar.

Wie erstellt man einen Sub-User?

Um einen Sub-User zu erstellen, bedarf es folgender Schritte:

  1. Gehen Sie zu Konto verwalten >> Sub-users im Menü Ihres Kundenkontos;
  2. Klicken Sie auf den "Sub-User hinzufügen" Button;
  3. Definieren Sie: Username, e-mail address, password, role, personal information;
  4. Klicken Sie " Benutzer über neues Konto benachrichtigen", wenn der Sub-User über die Account-Eröffnung benachrichtigt werden soll. Wenn diese Check-Box selektiert ist, bekommt der neu erstellte Sub-User einen one-time Login Link für seinen Sub-Account.
  5. Spezifizieren sie die Sparche für den Sub-Account;
  6. Klicken Sie den "Create new account" Button.

Wenn ein Parent-User bereits einen oder mehrere Sub-User erstellt hat, sieht er die Tabelle mit seinen aktiven Sub-Usern:

 

Nein. Wir beschränken die Anzahl der virtuellen Maschinen nicht. Die einzige Beschränkung ist die der verfügbaren Ressourcen für Ihre Cloud.

Yes.

We use KVM for our virtualisation, so we will be able to take your KVM VMs and run them practically unchanged.  We might suggest some tuning to improve I/O and network throughput at Safe Swiss Cloud.

Yes - there are various ways to do this.

You need to export your VM to a file and convert it to qcow2 format. Safe Swiss Cloud uses KVM virtualization using the qcow2 format, so VMs in this format can easily be imported.

We have migrated VMs from most commonly used hypervisors including VMware, Hyper-V and KVM. If you need assistance with your migration we will be happy to help you.

Additional Public IP addresses are usually added to the Virtual Router which guards each Virtual Private Cloud (VPC). Each Virtual Data Center has at least one VPC.

We recommend adding virtual machine (VM) instances to an internal network segment of the Virtual Router of a VPCs. The VM instance will have a private IP address. After obtaining an additional public IP address, setup port forwarding or a static NAT from the Virtual Router to the VM.

To add a new public IP address follow this menu trail:

Network > Select view: VPC > Click Configure next to your VPC name

Now you will see a graphical representation of your VPC (Virtual Private Cloud):

  • On the Router click the box: N PUBLIC IP ADDRESSES
  • Now click the button "Acquire New IP" in the top right hand corner.

You will need to setup a static NAT or Port Forwarding rule to an internal virtual machine instance of your choice in order to allow traffic to the new public IP address to reach its intended destination.

In the Safe Swiss Cloud administration (control) panel:

  1. Click on the "Instances" menu in the left sidebar
  2. Click on the name of the virtual machine (VM) instance you want to an additional (secondary) IP address for
  3. Click on "NICs" tab
  4. Click on "View Secondary IPs" (this is next to the primary IP address) 
  5. Click on "Acquire new secondary IP"
  6. In the pop-up dialog, LEAVE THE IP FIELD EMPTY and click on OK,

The NIC of your VM will now be allocated an additional IP.

Don't forget to manually configure/add the new IP inside the VM.

See attached screenshots for details.

  1. Stop the VM
  2. Click on the rightmost + icon (circled in red in image)
  3. Select new Compute Offering (this determines the size)
  4. Restart VM

Resizing on the fly is coming soon.

Es kann jedes gewünschte Betriebssystem installiert werden, z.B. Linux oder Windows.

Stellen Sie sicher, dass Sie die richtigen Lizenzen für kommerzielle Betriebssysteme wie Windows haben.

KVM ist der Standard Hypervisor.

Xen und VMWare ESXi (mit vSphere) können bei Bedarf eingerichtet werden.

Unser Virtual Data Center Angebot basiert auf Apache CloudStack - der führenden, bewährten Open Source-Technologie.

VirtIO drivers are paravirtualization drivers, that enables VMs running on KVM hypervisor, to perform much better than with regular hardware emulation (intel nic and ide drivers), and these drivers are required for normal Windows OS functioning on KVM hypervisor.

SSC/HIAG uses latest version of VirtIO drivers inside all Windows templates, at the time the templates are built for our customers. Before templates are published to our customers, we do our best to test drivers stability by running series of rigorous tests, including heavy load tests, that stress CPU/RAM/NETWORK/STORAGE subsystems.

Still in very rare cases of customers having issues with system stability (i.e. certain combination of some new software and existing drivers), it is sometimes advised to update VirtiO drivers inside VM to the latest versions available, as per official recommendation from http://libvirt.org

Please find below the general instructions on how to update VirtIO drivers.

Note: VirtIO drivers are distributed as part of ISO file, containing all necessary drivers. You can either attach the already provided VirtIO drivers ISO file in our cloud platform, or you can download your own ISO with drivers. If you choose the second option, please follow the instructions for ISO upload to Cloud platform.

Download ISO file with VirtIO drivers

  1. Please download ISO file containing the latest version of VirtIO drivers for Windows, to your PC. Main page from which the drivers should be downloaded is https://fedoraproject.org/wiki/Windows_Virtio_Drivers, while the direct ISO download link of the latest driver version (at the moment of writing) is https://fedorapeople.org/groups/virt/virtio-win/direct-downloads/latest-virtio/virtio-win.iso
  2. Please upload the  ISO file to plain HTTP web server (we currently don't support uploading ISO from HTTPS server into the cloud platform)
  3. In the Cloud platform, choose the Templates section, then from drop-down menu, choose ISO.
  4. Click on Register ISO button, and fill in the all required fields (name, description, URL of the ISO file on HTTP server and finally uncheck the Bootable flag.
  5. After the ISO file has been successfully uploaded it will be in State of "Ready" (please check the image below), and you will be able to attach it to your running VM.

Driver update procedure and explanation

There are total of 5 devices currently using VirtIO drivers inside your VMs - and all 4 devices need to have updated driver version (when you choose to update the drivers).

On the image below is shown the folder structure of the ISO file, where in the root of ISO file, there are folders for every VirtIO devices available, including the 4 already mentioned devices. Please check how the folder with drivers names, correspond the the exact device inside your VM, and then choose the correct folder and later subfolder (with Operating System version - Windows 2008 R2, or Windows 2012 R2, etc).

Please make sure to not make mistake during choosing the correct folder with specific version of the driver, or you might cause issues within VM, and even total system crash. We suggest following  the procedure first time on the test VM, and only continue with production VMs once you feel comfortable with the procedure.

NOTE: Please note that the VirtIO Baloon Driver and VirtIO Serial Drivers can not be started by Windows - yellow  exclamation sign (since we are not providing these features on VM) -  which is fine and expected behaviour, and should not be considered a problem. Although these 2 devices are not really available, it is still advised to update these drivers together with the other 2 VirtIO devices/drivers (Network Adapter and SCSI Controller)

Actual  driver upgrade procedure is the same as for any other driver update - please right click on the device and choose "Upgrade Driver Software..."  and on the new screen, select the "Browse my computer for drivers" button and then browse for the correct drivers (main folder with driver and subfolder with correct OS version). 

Please check the images below

NOTE: During the driver upgrade procedure for VirtIO Baloon and Virtio Serial drivers, at the end of the procedure, you will get confirmation that the driver has been successfully installed, but the device can not be started. We already explained this is fine and expected result.

After all drivers are updated, please reboot the Windows, so the new drivers are active.

I just started a new VM from the Continuous Integration template. What do I have to do next?

  1. To get started, you will need the IP address of your appliance / VM instance and make a DNS entry for it with your DNS provider.
  2. Generate Jenkins ssh key pair and register the public key in all GitLab projects as a deployment key. This is needed to allow Jenkins to poll your repositories at GitLab.
  3. Configure Jenkins from the web interface to to use the DNS entry you made in Step 1.
  4. Configure Jenkins security from: Manage Jenkins / Configure Global Security
  5. Edit the following files and replace "localhost" with your domain name (e.g. ci.example.com):
  •    /etc/nginx/sites-enabled/gitlab
  •    /home/git/gitlab/config/gitlab.yml
  •    /home/git/gitlab-shell/config.yml

In the Safe Swiss Cloud Control Panel:

  1. Click on the VM you want to create a template from.
  2. Stop the VM. Templating functionality is only active when the VM is stopped.
  3. Click "View Volumes"
  4. Click the "Root Volume"
  5. The + icon is the "Create Template" function - click on it.
  6. Give your template Name and Description.
  7. Make sure that the correct operating system is selected. If your version of the operating system is not shown, please choose the closest version.
  8. If you have implemented Reset Password feature, please make sure that you check the checkbox "Password Enabled". For instruction on how to implement the Reset Password feature in your template, please check official CloudStack guide: http://cloudstack-administration.readthedocs.org/en/latest/templates.htm...
  9. Please make sure the rest of the checkbox fields are not checked.
  10. There is a notification when the template creation completes. You can do other things in the control panel in the meantime.
  11. After completion, the template will be available in the "Add Instance" wizard and the Templates menu.

Nein. Wir beschränken die Anzahl der virtuellen Maschinen nicht. Die einzige Beschränkung ist die der verfügbaren Ressourcen für Ihre Cloud.

Es kann jedes gewünschte Betriebssystem installiert werden, z.B. Linux oder Windows.

Stellen Sie sicher, dass Sie die richtigen Lizenzen für kommerzielle Betriebssysteme wie Windows haben.

KVM ist der Standard Hypervisor.

Xen und VMWare ESXi (mit vSphere) können bei Bedarf eingerichtet werden.

You can add an additional storage volumes to an existing virtual machine (VM) instance:
 
1. Log in to Safe Swiss Cloud VDC control panel.
 
2. In the left navigation bar, click Storage:
 
3. Create a new volume by clicking the button  "Add" (to view an existing volume, choose Volumes in Select View)
 
4. Provide the following details, and click OK:
- Name. Give the volume a unique name so you can find it later.
- Availability Zone. Where do you want the storage to reside? This should be close to the VM that will use the volume.
- Disk Offering. Select  a desired Disk Offering from the list of available offerings.
 
The new volume appears in the list of volumes with the state “Allocated.” The volume data is stored in Safe Swiss Cloud, but the volume is not yet ready for use.
 
5. To start using the volume, continue to Attaching a Volume to an existing VM. Note! This VM has to be stopped before Attaching.
If the existing VM is not stopped, go to "Instances" in the left navigation bar, choose the VM and press Stop Instance icon:
 
6. Go to "Storage" in the left navigation bar, search the volume ("NewVolume" in our case), click on this volume ("NewVolume" in our case) and then click the Attach Disk button:
 
7. Select the necessary VM from the list of existing VMs and press OK:
 
The Volume is now attached to the VM and ready for use within the VM.
 
The process has to be completed by logging into the VM and configuring the newly attached storage volume in the operating system. 

Instructions for Linux

The newly attached volume will appear as a device called /dev/vdb or /dev/vdc etc. (instead of /dev/sdb, /dev/sdc etc.). For more information about how to partition, format and mount the device, please see http://www.cyberciti.biz/faq/linux-disk-format/

Instructions for Windows

For more information on how to use the newly attached volume, please see http://technet.microsoft.com/en-us/magazine/dd637755.aspx  

If you are logged in SafeSwissCloud VDC, perform the following steps to add an affinity group:

1. On the left panel, click Affinity Groups.

2. The Affinity Groups page displays. You need to press '+Add new affinity group'

3. The Add new affinity group dialog box displays. Define a name using which you can identify the affinity group; enter a description for the affinity group (this description will help you to identify the affinity group when you need to select one for creating an instance) and press "OK".

New affinity group will be created and added.

 

 

Here are the CloudMonkey commands to Create/Deploy a virtual machine in a stopped state (and with IP Address).
 
To deploy a VM, the minimum information you need are the following:
  • ZoneID
  • ServiceOfferingID
  • TemplateID
To get the ZoneID type the following command:
List Zones filter=name,id
This will return the following:
name id
DC-ZURICH-GLATTBRUGG 3d1dcf11-d482-4f28-a2dd-6afcb51545d2
 
 
Next use the following command to get the ServiceOfferingID:
List ServiceOfferings filter=name,id
This will return the following:
name id
FREE - Clustered (1 vCPU - 512M RAM)   bbd12548-9a33-46df-a9f9-97b190c4d2a2
Micro - Clustered HA (1 vCPU - 1 GB) 632e628e-4ee9-4808-a27b-53a8e580187f
Mini - Clustered HA (2 vCPU, 2GB) efd10c0c-431e-4819-abb4-c13c5a28e8fd
Small - Clustered HA (2 vCPU - 4GB) 013c5e22-2f83-48e5-afec-31e1307f4b15
Medium-S Clustered HA (4 vCPU - 4 GB) 90ffeca2-1116-4bbe-bce4-61351a60fcd6
Medium - Clustered HA (4 vCPU - 8GB) f202ca2c-790a-4047-85cb-d831e4e94e7e
Medium-L - Clustered HA (4 vCPU - 16GB) 992ec625-9180-44a2-8bf1-e08bb87025d5
Large-S - Clustered HA (8 vCPU - 8 GB) 9a953625-8081-4e56-aa14-5507ae0b0bcf
Large-6-16 - Clustered HA (6 vCPU - 16 GB) 482a5570-2f7e-4fec-9aa8-ff8ef10bd311
Large - Clustered HA (8 vCPU - 16 GB) 6dadbc20-2020-4980-af15-5ce3c247e21c
XLarge - Clustered HA (8 vCPU - 32 GB)  b738293e-98bf-49c8-837b-09dc0b192ec7
 
Next you need the TemplateID. Since you have created your own template from a transfer, you use the following command:
List Templates TemplateFilter=self filter=name,id
This will return (using my own as an example):
id name
0c8f4b3b-cc0a-488e-b3c5-214b9b63ec0a tv-Template-MS-Server-2012R2-RDP
 
If you wish to use the SafeSwissCloud provided templates, use TemplateFilter=featured.
 
Now that you have this information you are ready to deploy your VM with the following command:
 
Deploy VirtualMachine ZoneID=<zoneid> ServiceOfferingID=<serviceofferingid> TemplateID=<templateid> StartVM=false IPAddress=192.168.30.10 Name=My-VirtualMachine DisplayName=“My Virtual Machine”
 
(Replace <zoneid> etc with valid IDs) (Command line is not case sensitive)
 
StartVM=false allows you to create the VM in a “stopped” state. Default value is “true”.
IPAddress=<IP Address> allows you to manually set the VM IP address, must be within the network CIDR range and not already allocated. An error will be returned if you try to set a wrong or pre-allocated IP.
Name and DisplayName should be set otherwise the VM name will be the GUID. Once created you can only change the DisplayName. To change the VM Name you will have to destroy and recreate the VM.

We will use Ubuntu here as an example.

  • 1. Install cloudmonkey:

apt-get install python-pip

pip install --upgrade pip

pip install cloudmonkey

  • 2. Then create config file for cloudmonkey:

mkdir .cloudmonkey

cat <<'EOF' > .cloudmonkey/config

[core]

profile = ssc

asyncblock = true

paramcompletion = true

history_file = /root/.cloudmonkey/history

log_file = /root/.cloudmonkey/log

cache_file = /root/.cloudmonkey/cache

 

[ui]

color = true

prompt = >

display = default

 

[swiss1]

url = https://swiss1.safeswisscloud.ch:443/client/api

username = [YOUR USER NAME]

apikey = [YOUR API KEY]

secretkey = [YOUR SECRET KEY]

timeout = 3600

expires = 600

domain = /[YOUR DOMAIN]

signatureversion = 3

verifysslcert = true

password = [YOUR PASSWORD]

 

[swiss2]

url = https://swiss2.safeswisscloud.ch:443/client/api

username = [YOUR USER NAME]

apikey = [YOUR API KEY]

secretkey = [YOUR SECRET KEY]

timeout = 3600

expires = 600

domain = /[YOUR DOMAIN]

signatureversion = 3

verifysslcert = true

password = [YOUR PASSWORD]

EOF

  • 3. Then run cloudmonkey and type in the following commands:

3.1 First for swiss1

# cloudmonkey -p swiss1

Apache CloudStack  cloudmonkey 5.3.2. Type help or ? to list commands.

 

Using management server profile: ssc 

 

(ssc) > sync

274 APIs discovered and cached

(ssc) > 

3.2 Now add the ssh key

(ssc) > register sshkeypair name=my-ssh publickey='ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAuvwUV7YLiOpjJoNMeD3dNlcLVejDrYOK1yH9GGnpgL7QeuQ/8vltUSzS1D9IaDEpdRQS8MxkDQWH4zToh0HeqIGI5Y WrEQfSTl5ZhySWWRAid4/FN56KgsSK2A5KlHbQkXMpyKQooI96aCjVzDMB8pqhyhYyyDhnCYVuV9b0/qzuAX8E9S8dMwvrBrUaStWBNaDBpPvDibEAlQ465 GNVAHvsDRq4w9TYCHizHuvl1Idr67POm7eJcJYvbUel71VkEH/b7LaKRU1iQyWOmRb65ROjI3qLVu2DzbSRnKujIUye3ABoo/gjNH0zc/sYnMfEwFGESKsfJFbt 5sOV7tdiQ=='

 

3.3 Next deploy a VM containing the ssh key

(ssc) > deploy virtualmachine serviceofferingid=a0236e81-1152-4191-9f14-3fe322dc40c4 templateid=09e9b37e-9435-49c8-85b8-ee915c1bc155 keypair=my-ssh networkids=[YOUR_NETWORK_ID] name=my-coreos displayname=my-coreos zoneid=1d954519-907f-45c0-bd56-36b38ff6bbe4 

 

3.4 Use the same procedure for swiss2, but with different ids for zone, network, template and serviceoffering:

# cloudmonkey -p swiss2

Apache CloudStack  cloudmonkey 5.3.2. Type help or ? to list commands.

 

Using management server profile: ssc 

 

(ssc) > sync 

274 APIs discovered and cached

(ssc) > 

 

3.5 Add the ssh key

(ssc) > register sshkeypair name=my-ssh publickey='ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAuvwUV7YLiOpjJoNMeD3dNlcLVejDrYOK1yH9GGnpgL7QeuQ/8vltUSzS1D9IaDEpdRQS8MxkDQWH4zToh0HeqIGI5Y WrEQfSTl5ZhySWWRAid4/FN56KgsSK2A5KlHbQkXMpyKQooI96aCjVzDMB8pqhyhYyyDhnCYVuV9b0/qzuAX8E9S8dMwvrBrUaStWBNaDBpPvDibEAlQ465 GNVAHvsDRq4w9TYCHiz/Huvl1Idr67POm7eJcJYvbUel71VkEH/b7LaKRU1iQyWOmRb65ROjI3qLVu2DzbSRnKujIUye3ABoo/gjNH0zc/sYnMfEwFGESKsfJF bt5sOV7tdiQ=='

 

3.6 Now deploy a VM containing the ssh key

(ssc) > deploy virtualmachine serviceofferingid=1e0a3524-abcf-479d-8a8c-146d74c8e81b templateid=f0f96794-7904-4dab-828d-94bdd4401f5c keypair=my-ssh networkids=[YOUR_NETWORK_ID] name=my-coreos displayname=my-coreos zoneid=9e165259-d754-4704-9813-f235c4f613f7

 

 

NOTE: Replace the ssh key and network id with your own. You can also change the serviceoffering ID to suit your needs.

You are able to list your own networks with the following commands:

 

#For Swiss1

cloudmonkey -p swiss1 list networks filter=name,id

#For Swiss2

cloudmonkey -p swiss2 list networks filter=name,id

 

Similar for serviceofferings:

 

cloudmonkey -p swiss1 list serviceofferings filter=name,id

 

cloudmonkey -p swiss2 list serviceofferings filter=name,id

 

  • 4. Then it is possible to do port forward port 22 from a public IP in the VR to the newly created VM and to ssh with the keys without needing to type the password

ssh core@[YOUR_VMs_PUBLIC_IP]

 

  1. Ssh into your virtual machine (or get some other shell command line access to the virtual machine)
  2. Use fdisk to see which disks are available
  3. The Data Disk will show up as the second disk e.g. /dev/sdb or /dev/vdb depending on the Linux variant or as the D disk in Windows.

 

In the Safe Swiss Cloud Control Panel:

  1. Click on the VM you want to create a template from.
  2. Stop the VM. Templating functionality is only active when the VM is stopped.
  3. Click "View Volumes"
  4. Click the "Root Volume"
  5. The + icon is the "Create Template" function - click on it.
  6. Give your template Name and Description.
  7. Make sure that the correct operating system is selected. If your version of the operating system is not shown, please choose the closest version.
  8. If you have implemented Reset Password feature, please make sure that you check the checkbox "Password Enabled". For instruction on how to implement the Reset Password feature in your template, please check official CloudStack guide: http://cloudstack-administration.readthedocs.org/en/latest/templates.htm...
  9. Please make sure the rest of the checkbox fields are not checked.
  10. There is a notification when the template creation completes. You can do other things in the control panel in the meantime.
  11. After completion, the template will be available in the "Add Instance" wizard and the Templates menu.

We provide the following templates "out of the box". You can always create your own with your own ISO.

Linux:

  1. CentOS-6-x86_64-Minimal
  2. CentOS-6-x86_64-LAMP-Virtualmin
  3. CentOS-7-x86_64-Minimal
  4. CentOS-7-x86_64-LAMP-Virtualmin
  5. Debian-7-x86_64-Minimal
  6. Debian-7-x86_64-LAMP-Virtualmin
  7. Debian-8-x86_64-Minimal
  8. Debian-8-x86_64-LAMP-Virtualmin
  9. Ubuntu-14.04-x86_64-Minimal
  10. Ubuntu-14.04-x86_64-LAMP-Virtualmin
  11. CoreOS

Windows

  1. Windows-Server-2008-R2-Standard-x64
  2. Windows-Server-2012-R2-Standard-x64
  3. Windows-Server-2012-R2-Core-Standard-x64

Please make sure to get the proper licenses for commercial operating systems like Windows. These are not included by default.

Yes.

We use KVM for our virtualisation, so we will be able to take your KVM VMs and run them practically unchanged.  We might suggest some tuning to improve I/O and network throughput at Safe Swiss Cloud.

Yes - there are various ways to do this.

You need to export your VM to a file and convert it to qcow2 format. Safe Swiss Cloud uses KVM virtualization using the qcow2 format, so VMs in this format can easily be imported.

We have migrated VMs from most commonly used hypervisors including VMware, Hyper-V and KVM. If you need assistance with your migration we will be happy to help you.

  1. Stop the VM
  2. Click on the rightmost + icon (circled in red in image)
  3. Select new Compute Offering (this determines the size)
  4. Restart VM

Resizing on the fly is coming soon.

Yes we do.

You can run IPSec tunnels with a multitude of encryption and other options.

Everything is fully software configurable from the Safe Swiss Cloud Control Panel.

How can I use advanced network featues like NAT, Portforwarding, Loadbalancing, VPN ?

Safe Swiss Cloud allows its users to create and deploy network components with a few clicks. The virtual router is implemented in Safe Swiss Cloud as something called a VPC (virtual private cloud).

Video: Safe Swiss Cloud Networking

Some basic Terms in Safe Swiss Cloud and what they mean:

Virtual Router (VR) Router, Firewall, VPN, Local Networks, HA Proxy web load balancer
Virtual Machine (VM) VM, instance, VPS etc. are all one and the same thing in Safe Swiss Cloud - an instance of a virtual machine.
Virtual Private Cloud (VPC) When a virtual router is created, it defines and creates a virtual private cloud. Each VPC can contain multiple virtual machine instances, network segments, load balancers etc.
Virtual Data Center (VDC) A virtual data center is a single customer account with Safe Swiss Cloud. It can contain one or more VPCs.
Guest Network or Tier

A private network segment in Safe Swiss Cloud connected to a VR and managed from this virtual router.

 

A VPC is an isolated part of Safe Swiss Cloud, with the virtual router (VR) as the gatekeeper. It can have one or more private networks (i.e. 10.0.1.0/24, 10.0.2.0/24), connected together through the Virtual Router (VR) which is also connected to the internet. Inside these private networks you can deploy one or more VMs which will not be direcly accessible from the Internet since they are on a private network.

Safe computing is enabled in Safe Swiss Cloud by making access to internal VMs go through Virtual Router Firewall. The following network features can be activated:

Public IP Addresses Public IP is needed for any of the following services: Port Forwarding rule, Load Balancing rule, Static NAT etc.
Port forwarding Forward traffic on a particular port e.g. 443 to access an internal VM's https service.
Static NAT Static Network Address Translation enables forwarding of public network traffic on all ports one to one to an internal VM.
Remote VPN Access a VM in the cloud from a single machine (desktop, mobile phone, tablet etc.) through a VPN tunnel
Site to Site VPN Connect two networks through a VPN tunnel, e.g connect your office and your virtual data center with an IPsec VPN tunnel
ACLs Specify what kind of traffic is allowed between different private networks, and also from any private network to the internet
Public Load Balancer Load balancing for web traffic coming in through the Internet and implemented in the virtual router (VR) as an HA Proxy.
Internal Load Balancer A load balancer for internal workloads, not accessible from the Internet.

 

​With this approach, you can really create your own Virtual Data Centar by having different private networks that are protected by one or more virtual routers.

 

An example of a VR (VPC in the GUI), which is using public load balancer features, is shown in the diagram below.

In this example we have one VR with public IP address, and two private networks behind the VR (web tier and app tier). We have activated load balancing features on the VR, so VR accepts web traffic from internet and distributes connection in i.e. round-robin fashion to 3 web servers. Inside app network, beside having 6 app servers, we also have activated 2 internal load balancers (small VMs) which accept connections from web servers, and distribute them among the 6 app servers.
This scenario is an example of using both public and private load balancing features of the VR/VPC.

See this post of Roger L. on how to configure a remote VPN on Windows 7.

Additional Public IP addresses are usually added to the Virtual Router which guards each Virtual Private Cloud (VPC). Each Virtual Data Center has at least one VPC.

We recommend adding virtual machine (VM) instances to an internal network segment of the Virtual Router of a VPCs. The VM instance will have a private IP address. After obtaining an additional public IP address, setup port forwarding or a static NAT from the Virtual Router to the VM.

To add a new public IP address follow this menu trail:

Network > Select view: VPC > Click Configure next to your VPC name

Now you will see a graphical representation of your VPC (Virtual Private Cloud):

  • On the Router click the box: N PUBLIC IP ADDRESSES
  • Now click the button "Acquire New IP" in the top right hand corner.

You will need to setup a static NAT or Port Forwarding rule to an internal virtual machine instance of your choice in order to allow traffic to the new public IP address to reach its intended destination.

  1. Log in to Safe Swiss Cloud VDC control panel
  2. In the left navigation bar, click Storage: 
     
  3. Select the desired volume and click on the name of this volume (ex. DATA-8): 
     
  4. Click on the "Make Backup" button: 
     
  5. Specify a name of the backup: 
     
  6. Press "OK"

New created backup "testbackup" will be available: "Storage" left navigation menu --> Select view "Backups" --> Find your backup by name --> Click on the name of volume, which was backuped. 

You can set up the schedules for:

  • Daily backup: the volume will be backuped once per day at the same time;
  • Weekly backup: the volume will be backuped once per week at the same day and same time;
  • Monthly backup: the volume will be backuped once per month at the same day and same time.
  1. Log in to SafeSwissCloud VDC control panel
  2. In the left navigation bar, click Storage: 
     
  3. Select the desired volume and click on the name of this volume (ex. DATA-8): 
     
  4. Click on the "Set up recurring backup" button: 
     
  5. You can set up the backup schedules for Daily backups, Weekly backups, Monthly backups separately.
    5.1 In order to set up "Daily" schedule, Click on the "Daily" tab --> In the field "Time" specify the time, when recurring backup has to be created --> In the field "Timezone" select the desired Time zone --> In the field "Keep"specify maximum number of backups to be kept(If "Keep" field has value 2 and 3d backup is created, the oldest backup will removed automatically.) --> press "Add" blue link --> press "Done"

    5.2 In order to set up "Weekly" schedule, Click on the "Weekly" tab --> In the field "Time" specify the time, when recurring backup has to be created -->In the field "Day of Week" select the desired day of week --> In the field "Timezone" select the desired Time zone -->In the field "Keep" specify maximum number of backups to be kept(If "Keep" field has value 3 and 4th backup is created, the oldest backup will removed automatically.) --> press "Add" blue link --> press "Done"

    5.3 In order to set up "Monthly" schedule, Click on the "Monthly" tab --> In the field "Time" specify the time, when recurring backup has to be created --> In the field "Day of Month" select the desired day of month --> In the field "Timezone" select the desired Time zone --> In the field "Keep"specify number of backups to be kept(If "Keep" field has value 1 and 2d backup is created, the oldest backup will removed automatically.) --> press blue "Add" link --> press "Done"
     

If all possible schedules are defined, the "Recurring Backups" window looks like: 

If user wants to change/remove the schedules, at first he has remove the previous schedules, by clicking  tool near the previous schedule.

You can add an additional storage volumes to an existing virtual machine (VM) instance:
 
1. Log in to Safe Swiss Cloud VDC control panel.
 
2. In the left navigation bar, click Storage:
 
3. Create a new volume by clicking the button  "Add" (to view an existing volume, choose Volumes in Select View)
 
4. Provide the following details, and click OK:
- Name. Give the volume a unique name so you can find it later.
- Availability Zone. Where do you want the storage to reside? This should be close to the VM that will use the volume.
- Disk Offering. Select  a desired Disk Offering from the list of available offerings.
 
The new volume appears in the list of volumes with the state “Allocated.” The volume data is stored in Safe Swiss Cloud, but the volume is not yet ready for use.
 
5. To start using the volume, continue to Attaching a Volume to an existing VM. Note! This VM has to be stopped before Attaching.
If the existing VM is not stopped, go to "Instances" in the left navigation bar, choose the VM and press Stop Instance icon:
 
6. Go to "Storage" in the left navigation bar, search the volume ("NewVolume" in our case), click on this volume ("NewVolume" in our case) and then click the Attach Disk button:
 
7. Select the necessary VM from the list of existing VMs and press OK:
 
The Volume is now attached to the VM and ready for use within the VM.
 
The process has to be completed by logging into the VM and configuring the newly attached storage volume in the operating system. 

Instructions for Linux

The newly attached volume will appear as a device called /dev/vdb or /dev/vdc etc. (instead of /dev/sdb, /dev/sdc etc.). For more information about how to partition, format and mount the device, please see http://www.cyberciti.biz/faq/linux-disk-format/

Instructions for Windows

For more information on how to use the newly attached volume, please see http://technet.microsoft.com/en-us/magazine/dd637755.aspx  

Check your Linux Kernel version. If it is below version 3.19.0-65 please upgrade to at least version 3.19.0-65 We know that version 3.19.0-65 does not have the problem.

Ja. Wir bedienen Reseller gerne.

Wenn Sie ein Reseller sind, dürfen Sie gerne White-Label- oder Mehrwertdienste anbieten.

Gar nicht.

Bei Safe Swiss Cloud bestellen Sie keine Server. Stattdessen bestellen Sie Cloud-Ressourcen wie CPUs, RAM, Festplattenspeicher und Netzwerkkapazitäten.

Sobald diese Ressourcen aufgesetzt sind, können Sie damit beginnen, Ihre virtuellen Maschinen einzurichten.

All services will be billed monthly. You can cancel anytime*.

(*Applies only for clients with no long-term contract)

The pricelist for our current services can be found on our pricing page.

Die Kunden von Safe Swiss Cloud können zwischen zwei Zahlungsmethoden wählen:

  • Bezahlung per Überweisung;
  • Bezahlung per Kreditkarte.

Unsere Kunden können ihre aktuelle Zahlungsmethode in der Sektion "Stored Cards" auf dem Safe Swiss Cloud Portal überprüfen (wenn angemeldet unter https://www.safeswisscloud.ch). Beachten Sie, dass die "Stored Cards" Seite nicht für Technische Sub-User verfügbar ist. Eingeloggede Users gehen auf das Untermenü Nutzung und Verrechnung>Credit cards.

Wenn die aktuell festgelegte Zahlungsmethode Überweisung ist, wird am Ende der Seite folgender Hinweis angezeigt: "Ihre aktuelle Zahlungsmethode ist Überweisung. Klicken Sie hier um eine Änderung der Zahlungsmethode auf "Kreditkarte" zu beantragen."

Wenn die aktuell festgelegte Zahlungsmethode Kreditkarte ist, wird am Ende der Seite folgender Hinweis angezeigt: "Ihre aktuelle Zahlungsmethode ist Kreditkarte. Klicken Sie hier um eine Änderung der Zahlungsmethode auf "Überweisung" zu beantragen."

User können über die oben genannten Links eine Änderung ihrer Zahlungsmethode beantragen. Sobald unserer Administrator eine Anfrage empfängt, werden wir die Zahlungsmethode für den entsprechenden Kunden ändern.

User können eine oder mehrere Kreditkarten hinzufügen indem sie in der "Stored Cards" Seite (Untermenü Nutzung und Verrechnung>Credit cards) auf den Button "Add a card" button klicken. Users können die Default Kreditkarte definieren und Karteninformationen löschen. Ausserdem können sie das Gültigkeitsdatum von bereits gespeicherten Karten ändern. Nur die Default Kreditkarte wird hergenommen um die monatlichen Rechnungen zu begleichen (insofern die aktuell festgelegte Zahlungsmethode per Kreditkarte ist).

Beachten Sie! Wir speichern keine Kreditkarteninformationen auf unseren Servern. Jegliche Kreditkarteninformationen werden über eine sichere Verbindung an Saferpay übermittelt, wo sie sicher prozessiert und für den monatlichen Rechnungsprozess gespeichert werden. Saferpay ist ein Service der Six Group, welche den Swiss Stock Exchange und andere Finanzinfrastruktur-Services in der Schweiz betreibt.

Wir benutzen das Interxion Rechenzentrum in Glattbrugg, bei Zürich. Dieses erfüllt die FINMA (Schweizer Finanzmarkt Aufsicht) Anforderungen für Banken - die Details finden Sie in dem folgenden KPMG Dokument:

FINMA-RS 08/7 - Outsourcing - Banken

All data and computing resources are stored in Switzerland. This means that Safe Swiss Cloud is a great choice for EU companies and individuals who want to ensure compliance with EU data protection directives.

We use the Interxion data center in Glattbrugg, near Zürich. This facility meets the requirements of the Swiss financial regulator FINMA - see the following KPMG document for the details: FINMA-RS 08/7: Outsourcing - banks

Respect for the privacy of individual and company data is required by Swiss law: SR 235.1 Federal Act on Data Protection. Safe Swiss Cloud computing resources and data are accordingly only accessible to our client or parties authorized by them.

In the European Commission Decision 2000/518/EC (Official Journal L 215/1 of 25.8.2000) the Commission states that Swiss law provides adequate protection of personal data and data transfers from Member States to Switzerland are therefore, permitted under Art. 25(1) of the EU Directive.

This means that Safe Swiss Cloud is a great choice for EU companies and individuals who want to ensure compliance with EU data protection directives.

VirtIO drivers are paravirtualization drivers, that enables VMs running on KVM hypervisor, to perform much better than with regular hardware emulation (intel nic and ide drivers), and these drivers are required for normal Windows OS functioning on KVM hypervisor.

SSC/HIAG uses latest version of VirtIO drivers inside all Windows templates, at the time the templates are built for our customers. Before templates are published to our customers, we do our best to test drivers stability by running series of rigorous tests, including heavy load tests, that stress CPU/RAM/NETWORK/STORAGE subsystems.

Still in very rare cases of customers having issues with system stability (i.e. certain combination of some new software and existing drivers), it is sometimes advised to update VirtiO drivers inside VM to the latest versions available, as per official recommendation from http://libvirt.org

Please find below the general instructions on how to update VirtIO drivers.

Note: VirtIO drivers are distributed as part of ISO file, containing all necessary drivers. You can either attach the already provided VirtIO drivers ISO file in our cloud platform, or you can download your own ISO with drivers. If you choose the second option, please follow the instructions for ISO upload to Cloud platform.

Download ISO file with VirtIO drivers

  1. Please download ISO file containing the latest version of VirtIO drivers for Windows, to your PC. Main page from which the drivers should be downloaded is https://fedoraproject.org/wiki/Windows_Virtio_Drivers, while the direct ISO download link of the latest driver version (at the moment of writing) is https://fedorapeople.org/groups/virt/virtio-win/direct-downloads/latest-virtio/virtio-win.iso
  2. Please upload the  ISO file to plain HTTP web server (we currently don't support uploading ISO from HTTPS server into the cloud platform)
  3. In the Cloud platform, choose the Templates section, then from drop-down menu, choose ISO.
  4. Click on Register ISO button, and fill in the all required fields (name, description, URL of the ISO file on HTTP server and finally uncheck the Bootable flag.
  5. After the ISO file has been successfully uploaded it will be in State of "Ready" (please check the image below), and you will be able to attach it to your running VM.

Driver update procedure and explanation

There are total of 5 devices currently using VirtIO drivers inside your VMs - and all 4 devices need to have updated driver version (when you choose to update the drivers).

On the image below is shown the folder structure of the ISO file, where in the root of ISO file, there are folders for every VirtIO devices available, including the 4 already mentioned devices. Please check how the folder with drivers names, correspond the the exact device inside your VM, and then choose the correct folder and later subfolder (with Operating System version - Windows 2008 R2, or Windows 2012 R2, etc).

Please make sure to not make mistake during choosing the correct folder with specific version of the driver, or you might cause issues within VM, and even total system crash. We suggest following  the procedure first time on the test VM, and only continue with production VMs once you feel comfortable with the procedure.

NOTE: Please note that the VirtIO Baloon Driver and VirtIO Serial Drivers can not be started by Windows - yellow  exclamation sign (since we are not providing these features on VM) -  which is fine and expected behaviour, and should not be considered a problem. Although these 2 devices are not really available, it is still advised to update these drivers together with the other 2 VirtIO devices/drivers (Network Adapter and SCSI Controller)

Actual  driver upgrade procedure is the same as for any other driver update - please right click on the device and choose "Upgrade Driver Software..."  and on the new screen, select the "Browse my computer for drivers" button and then browse for the correct drivers (main folder with driver and subfolder with correct OS version). 

Please check the images below

NOTE: During the driver upgrade procedure for VirtIO Baloon and Virtio Serial drivers, at the end of the procedure, you will get confirmation that the driver has been successfully installed, but the device can not be started. We already explained this is fine and expected result.

After all drivers are updated, please reboot the Windows, so the new drivers are active.