Back to Top

Getting started with Virtual Data Center

Follow these steps to get started quickly:


  1. Log in to SafeSwissCloud VDC

  2. Find your existing Virtual Router (VPC)

  3. Create a new VM in the pre-created Network segment / Tier

  4. Make the VM accessible from the Internet

Introduction

When you sign up to Safe Swiss Cloud, an empty Virtual Data Center with a Virtual Router is created for you. You can see the details when you login to your Safe Swiss Cloud account at https://www.safeswisscloud.ch/user :

Definitions

Virtual Data Center (VDC) A virtual data center is a single customer account with Safe Swiss Cloud. It can contain one or more VPCs.
Network Tier This is the term used for an isolated network segment in the VDC. Each tier acts as an isolated network within its own VLANs and CIDR list, where you can place groups of resources, such as Virtual Machines (VMs). The tiers are segmented by means of VLANs. The NIC of each tier acts as its gateway.
Virtual Private Cloud (VPC) Virtual Private Cloud (VPC) is a private, isolated part of SafeSwissCloud. A VPC acts as a container for multiple isolated networks that can communicate with each other via its virtual router.
Virtual Router (VR) A virtual router is automatically created and started when you create a VPC. The virtual router connects the tiers and direct traffic among the public gateway, the VPN gateways, and the NAT instances. For each tier, a corresponding NIC and IP exist in the virtual router. The virtual router provides DNS and DHCP services through its IP.
Virtual Machine (VM) VM, instance, VPS etc. refer to the same thing in SafeSwissCloud - an instance of a virtual machine.

 

​1. Log in to SafeSwissCloud VDC

You need to log in to the SafeSwissCloud website https://www.safeswisscloud.ch/user with your username and password.

On the Account overview page ('Account overview' tab of your account) you can find all information (Account name, Domain name) and tools (button 'Login') necessary to log in to your SafeSwissCloud VDC.

If you click on the 'Login' button you will get to the SafeSwissCloud VDC login page, where you need to fill in the following information:

  • The account name;
  • The password (by default the same as set during the registration). The password might be changed anytime, if you click on the 'Change' link ('Account overview'  tab, see picture above). Note, that the password will be changed for both your SafeSwissCloud https://www.safeswisscloud.ch account and for your SafeSwissCloud VDC account;
  • The domain name.

 

2. Find your existing Virtual Router/VPC

As soon as you have registered on SafeSwissCloud website, one default Virtual router/VPC is created for you on SafeSwissCloud VDC.

If you are logged in at the SafeSwissCloud VDC, choose 'Network' in the left navigation:

 

In the 'Select view' select 'VPC':

 

 

The automatically created Virtual router/VPC will be displayed. You have to press the 'Configure' button near the VPC ('Actions' column):

 

 

One default created network inside of the your Virtual router/VPC was automatically created and is visible here:

 

 

3. Create a new VM in an existing Network / Tier

Now you can add a new VM to the existing Network/Tier.

3.1 Click the 'Virtual Machines' tab of the Network/Tier to which you want to add a VM:

 

3.2 The Add Instance page is displayed. Press '+Add Instance' button:

 

3.3 'Setup' step. Select an ISO or Template and press the 'Next' button:

 

3.4 'Select a template' step. Select a template for your new virtual instance (VM) and press the 'Next' button. Scroll down in order to view all possible templates. 

If you need another kind of template, please contact our support team.

 

3.5 'Compute offering' step. Select the desired Compute offering size (Number of vCPU and RAM) and press the 'Next' button. Scroll down in order to view all possible Compute offerings. 

If you need some other kinds of Compute offerings, please contact our support team.

 

3.6 'Disk Offering' step. In this step you can select additional Disk storage and specify the Disk size. Then press the 'Next' button.

Note! The Disk storage deliverable with the pre-selected template is limited (usually it is 10 Gb of ROOT type volumes).

You have two options for increasing your VM Disk Storage:

  1. You can select the 'HA - Clustered Persistent Storage' option and customize the storage size using the slider below. This is the cloud equivalent of a hard disk. With clustered storage, every block of data is stored on 3 independent machines.
  2. You can select the 'Backup Storage' option and customize the storage size using the slider below.

The additional Storage can be added later (More information on "How to add additional storage volumes to an existing VM instance?" can be found here).

 

3.7 'Affinity' step. Press the 'Next' button.

If desired, you might assign instances to affinity groups to ensure that individual instances associated to an affinity group are not deployed on the same hypervisor. This feature enhances fault tolerance, particularly in combination with the loadbalancer functionality. If one host fails, another instance offering the same service is still up and running on another functional host. Affinity groups can be attached to instances while creating the instance. You can change an affinity group of an existing instance in the 'Instance Details' tab (More information on "Adding an Affinity Group" can be found here).

 

3.8 'Network' step. Press the 'Next' button.

 

3.9 'Review' step. Specify the name of the VM and press 'Launch VM'.

A new VM will be created. Do not forget to remember the automatically created password for new VM. You can change or reset the password of you VM later on.

 

4. Make the VM accessible from the Internet

The steps involved here are:

  • Acquire a public IP address
  • Configure the Firewall to allow Internet traffic through to the VM by setting up an ACL
  • Setup one of the three mechanisms of static NAT, port forwarding or a load balancer to actually make the Firewall route the traffic from the Internet to the VM

We explain these steps below.

4.1 Acquiring a public IP address on the Virtual Router

4.1.1 Go back to your VPC (Network (left navigation –> Select 'VPC' in Select view –> press 'Configure' near your VPC) and press 'PUBLIC IP ADDRESSES':

4.1.2. Press the '+Acquire NewIP' button:

The new IP address will be added and appear in the list of IPs:

 

4.2 Configure the Firewall to allow Internet traffic through to the VM by setting up an ACL

In order to allow the Internet traffic through to the VM, the Network Access Control List (ACL) on the VPC virtual router should be configured. ACL will control incoming (ingress) and outgoing (egress) traffic between the VPC tiers, and the tiers and Internet. By default, all incoming and outgoing traffic to the guest networks is blocked. To open the ports, you must create a new network ACL. The network ACLs can be created for the tiers only if the NetworkACL service is supported.
4.2.1 Go back to your VPC (Network (left navigation –> Select 'VPC' in Select view –> press 'Configure' near your VPC) and press 'NETWORK ACL LISTS': 
4.2.2 The Network ACLs page is displayed:
 
4.2.3  You migtht create a new network ACL list or edit the existing default network ACL list. To add a new network ACL list you need to click 'Add ACL list' button:
 
4.2.4 Fefine the ACL list name and press 'OK':
 
4.2.5  To add an ACL rule to the ACL list name , click on the network ACL list name:
 
4.2.6 Go to 'ACL List rule' tab:
4.2.7 To add an ACL rule, fill in the following fields to specify what kind of network traffic is allowed in this tier:
  • CIDR: The CIDR acts as the Source CIDR for the Ingress rules, and Destination CIDR for the Egress rules. To accept traffic only from or to the IP addresses within a particular address block, enter a CIDR or a comma-separated list of CIDRs. The CIDR is the base IP address of the incoming traffic. For example, 192.168.0.0/22. To allow all CIDRs, set to 0.0.0.0/0.
  • Protocol: The networking protocol that sources use to send traffic to the tier. The TCP and UDP protocols are typically used for data exchange and end-user communications. The ICMP protocol is typically used to send error messages or network monitoring data.
  • Start Port, End Port (TCP, UDP only): A range of listening ports that are the destination for the incoming traffic. If you are opening a single port, use the same number in both fields.
  • Select Tier: Select the tier for which you want to add this ACL rule.
  • ICMP Type, ICMP Code (ICMP only): The type of message and error code that will be sent.
  • Traffic Type: Select the traffic type you want to apply.
    • Egress: To add an egress rule, select Egress from the Traffic type drop-down box and click Add. This specifies what type of traffic is allowed to be sent out of VM instances in this tier. If no egress rules are specified, all traffic from the tier is allowed out at the VPC virtual router. Once egress rules are specified, only the traffic specified in egress rules and the responses to any traffic that has been allowed in through an ingress rule are allowed out. No egress rule is required for the VMs in a tier to communicate with each other.
    • Ingress: To add an ingress rule, select Ingress from the Traffic type drop-down box and click Add. This specifies what network traffic is allowed into the VM instances in this tier. If no ingress rules are specified, then no traffic will be allowed in, except for responses to any traffic that has been allowed out through an egress rule.
4.2.8 Click Add. The ACL rule is added.
 
You can edit the tags assigned to the ACL rules and delete the ACL rules you have created. Click the appropriate button in the Actions column.    
 
 

4.3 Setup one of the three mechanisms of static NAT, port forwarding or a load balancer to actually make the Firewall route the traffic from the Internet to the VM

4.3.1 Static NAT: Forwarding ALL traffic from a public IP address on the Router to a Virtual Machine 

4.3.1.1 If IP is acquired (as mentioned in chapter 4.1), go back to your  VPC (Network (left navigation) –> Select 'VPC' in Select view –> press 'Configure' near your VPC) and press 'PUBLIC IP ADDRESSES' node. The IPs page will appear with the list of all available IPs.

4.3.1.2 Press on the IP name link in the IPs page. The 'Details' IP page will appear. You need to press on the 'Enable Static Nat' tool:

4.3.1.3 Select 'Sample network' from the 'Select tier' list:

The list of VMs will appear.

4.3.1.4 Select your VM and press 'Apply':

The new IP address will be attached to the VM. The VM will be accessible via Internet.

 

4.3.2 Port forwarding: forwarding traffic on certain ports from a public IP address on the Router to a Virtual Machine

In computer networking, port forwarding or port mapping is an application of network address translation (NAT) that redirects a communication request from one address and port number combination to another while the packets are traversing a network gateway, such as a router or firewall. (According to http://en.wikipedia.org/wiki/Port_forwarding)
 

4.3.2.1 If the IP is acquired (as mentioned in chapter 4.1), go back to your VPC (Network (left navigation) –> Select 'VPC' in Select view –> press 'Configure' near your VPC) and press 'PUBLIC IP ADDRESSES' node.  The IPs page will appear with the list of all available IPs.

4.3.2.2 Press on the IP name link in the IPs page. The 'Details' IP page will appear.

4.3.2.3 In the 'Details' IP page you need to go to the 'Configuration' tab:

 

4.3.2.4 Click on the 'View all' button in the 'Port Forwarding' node of the diagram:

 

4.3.2.5 Select a tier, fill in the Private port and Public port values, press 'Add' button: 

 

4.3.2.6 Select the VM from the list of all available VMs and press 'Apply':

 

4.3.2.7 Create a web access to this server and press 'Add'

 

 

4.3.2.8 Select the VM from the list of all available VMs and press 'Apply':

 

4.3.2.9 The Port Forwarding configuration is done:

You can find more information in the following screen-cast.

 

 

4.3.3 Load balancer: Forwarding traffic from a public IP address on the Router to one or more Virtual Machines

4.3.3.1 If the IP is acquired (as mentioned in chapter 4.1), go back to your VPC (Network (left navigation) –> Select 'VPC' in Select view –> press 'Configure' near your VPC) and press 'PUBLIC IP ADDRESSES' node. The IPs page will appear with the list of all available IPs.

4.3.3.2 Press on the IP name link in the IPs page. The 'Details' IP page will appear.

4.3.3.3 In the 'Details' IP page you need to go to 'Configuration' tab:

 

4.3.3.4 Click on the 'View all' button in the 'Load Balancing' node of the diagram:

4.3.3.5 In the 'Load Balancing' form Select a tier from the list (Tier list):

4.3.3.6  Fill in the following information:

  • Name: A name for the load balancer rule.
  • Public Port: The port receiving incoming traffic to be balanced.
  • Private Port: The port that the VMs will use to receive the traffic.
  • Algorithm: Choose the load balancing algorithm you want SafeSwissCloud to use. SafeSwissCloud supports a variety of well-known algorithms.
  • Stickiness: (Optional) Click Configure and choose the algorithm for the stickiness policy.
4.3.3.7 Click 'Add VMs', then select two or more VMs that will divide the load of incoming traffic, and click 'Apply'.
 
The new load balancer rule appears in the list. You can repeat these steps to add more load balancer rules for this IP address.
You can find more information in the following screen-cast.