Three different ways to connect to the VMs are available, the user should choose depending on the VM type and configuration and on the intended use case.
Connecting from outside CERN
Connections from outside CERN can be performed using SSH tunneling for SSH or FastX connections to Linux machines or through the Remote Desktop Service Gateway for Windows machines.
The description of each of the connection methods contains specific information for a configuration from outside CERN.
The connection method should be chosen based on the following matrix:
| From | To | Type | Method | Documentation |
|---|---|---|---|---|
| Windows | Windows | Graphical | Windows RDC |  |
| Linux / Mac OS | Windows | Graphical | Windows RDC | |
| Windows | Linux | Command line | SSH | |
| Linux / Mac OS | Linux | Command line | SSH | |
| Windows | Linux | Graphical | FastX client | |
| Linux / Mac Os | Linux | Graphical | FastX client | |
| Any browser | Linux | Graphical | FastX web | |
SSH connection from Linux / Mac OS to Linux¶
This is the primary way of connecting to the Linux VMs from any Linux or Mac OS machine (including lxplus). As the mp-linux hostgroup is configured in a lxplus-like fashion, users can connect following the usual procedure applicable to IT-managed machines. In particular, two SSH credential methods are available: password or Kerberos. It should be noted that connecting with a SSH keypair is not possible (mostly because the home directory is on AFS). It is always worth investing some time to make the Kerbero method work.
To properly configuration SSH and Kerberos, users connecting from Mac OS can refer to this guide and this documentation page. Users connecting from Linux can refer to this guide.
For reference, here is a $HOME/.ssh/config file for connections from inside the GPN
Do not forget to replace {{username}} by your CERN account name.Uncomment the commented line if this is a configuration for Mac OS.
Host * UseKeychain yes Protocol 2 IdentityFile ~/.ssh/id_rsa #XAuthLocation /opt/X11/bin/xauthHost *.cern.ch User {{username}}Host *.cern.ch !lxtunnel.cern.ch !lxplus.cern.ch !aiadm.cern.ch !lxplus !aiadm !gitlab.cern.ch ProxyJump lxplus.cern.chHost mp-linux*.cern.ch lxtunnel.cern.ch GSSAPIAuthentication yes GSSAPIDelegateCredentials yes PubkeyAuthentication no PasswordAuthentication noHost lxplus*.cern.ch lxplus GSSAPIAuthentication yes GSSAPIDelegateCredentials yes PubkeyAuthentication no PasswordAuthentication no ForwardX11 yes ForwardX11Trusted yes ForwardAgent yesHost gitlab.cern.ch Preferredauthentications publickey IdentityFile ~/.ssh/id_rsa GSSAPIAuthentication yes GSSAPIDelegateCredentials yes ForwardX11 noSSH is configured so that all connections to a .cern.ch machine will be tunnelled through lxplus. This is very useful when connecting from outside CERN. The connection to lxplus and to mp-linux*.cern.ch (the Linux VMs of this project) are handled through Kerberos authentication. This setup allows password-less connections from inside and outside CERN.
When the SSH client is configured properly, the next step is to acquire a Kerberos token with
kinit USERNAME@CERN.CHkinit -RThese steps will require your password. If you are connecting from lxplus, or from another machine which already obtained a token, this is unnecessary.
The user can then simply connect from a terminal, without typing a password, with the following command:
ssh machine_namemachine_name is the short name of the machine, for example mp-linux-01.Automatic ticket renewal on Mac OS
To manage your Kerberos token and automatically renew them using your password stored in the keychain, the user can install Kerberos Ticket Autorenewal from the app store.
Connecting from outside CERN
Connections from outside CERN can be performed in a variety of ways. The example SSH configuration file below shows how to use SSH tunneling through lxplus using ProxyJump.
For reference, here is a $HOME/.ssh/config file for connections from outside CERNDo not forget to replace {{username}} by your CERN account name.Uncomment the commented line if this is a configuration for Mac OS.
Host * UseKeychain yes Protocol 2 IdentityFile ~/.ssh/id_rsa #XAuthLocation /opt/X11/bin/xauthHost *.cern.ch User {{username}}Host *.cern.ch !lxtunnel.cern.ch !lxplus.cern.ch !aiadm.cern.ch !lxplus !aiadm !gitlab.cern.ch ProxyJump lxplus.cern.chHost mp-linux*.cern.ch lxtunnel.cern.ch GSSAPIAuthentication yes GSSAPIDelegateCredentials yes PubkeyAuthentication no PasswordAuthentication noHost lxplus*.cern.ch lxplus GSSAPIAuthentication yes GSSAPIDelegateCredentials yes PubkeyAuthentication no PasswordAuthentication no ForwardX11 yes ForwardX11Trusted yes ForwardAgent yesHost gitlab.cern.ch Preferredauthentications publickey IdentityFile ~/.ssh/id_rsa GSSAPIAuthentication yes GSSAPIDelegateCredentials yes ForwardX11 noSSH is configured so that all connections to a .cern.ch machine will be tunnelled through lxplus. This is very useful when connecting from outside CERN. The connection to lxplus and to mp-linux*.cern.ch (the Linux VMs of this project) are handled through Kerberos authentication. This setup allows password-less connections from inside and outside CERN.
SSH connection from from Windows to Linux¶
Trough lxplus tunnelling (preferred)¶
- Install PuTTY from CMF (or alternatively from here)
Open PuTTY and insert
lxplus.cern.chinto "Host Name"
Go to "Connection" -> "SSH" -> "Tunnel"
- Insert 3300 for the "Source Port"
- The VM adress followed by
:3300(e.g.mp-linux-ts-01.cern.ch:3300) in "Destination" - Click "Add"
Go back to "Session" (top in the left menu)
- Give this configuration a name (e.g. lxplus_tunnel) in "Saved Session"
- Click "Save"
- Click "Open" to start the proxy. If you reopen PuTTY you can double-click on
lxplus_tunnelto restart the proxy directly - Enter your CERN username and your password in the new window
- Open FastX and add a new connection by clicking on de "+" in the top-left corner
- Select "https" in the top box
Enter
localhostin the "Host" field and your CERN username in "User"You can now connect to the VM outside CERN
(Video) you need to learn Virtual Machines RIGHT NOW!! (Kali Linux VM, Ubuntu, Windows)
ToDo Kerberos auto renew
Users connecting from a Windows machine can find more details on the use of Putty in this documentation:
- Explanation on how to connect to
lxplusare provided and are also valid to connect to the Machine Protection Linux VMs; - Details are given on how to generate a private/public key pair;
- Apparently Windows 10 has a built-in SSH client, see details on that page.
Details for connections as root can be found in the system administrator documentation.
Trough Windows Terminal Server¶
Alternativly you can connect to your CERN desktop via the Remote Desktop Service and from there connect to the VM with FastX. This documentatiom explains how to configure the remote connection via Remote Desktop Service.
Desktop environment using FastX¶
Although X-forwarding over SSH is always an option, FastX is installed on all the mp-linux-ts-* machines to support interactive access to the installed desktop environments (KDE, GNOME and XFCE). FastX is highly optimized for speed, even over slow network connections, and also provides a "Linux in the browser" feature, in addition to a more traditional desktop client (available on Mac, Linux and Windows). FastX is being deployed at CERN in a pilot phase of the CERN Applications Gateway project.
The FastX desktop clients can be downloaded from here.
Connection using the web client
To connect using a web browser, simply follow these steps:
- Go to https://{machine-name}.cern.ch:3300 where
machine-nameis the host (*e.g.mp-linux-ts-01) - Connect using your credentials with username and password
- Start a new session by choosing your favorite desktop environment (XFCE is a good choice)
- Refer to this documentation as needed
Connection using the desktop client on Mac OS
To connect using the Mac OS desktop client, follow these steps:
- Create a new connection using the SSH protocol (recommended, as it allows tunneling and password-less authentication) as show in the screenshot
- Start a new session by choosing your favorite desktop environment (XFCE is a good choice)
- Refer to this documentation as needed
Connection using the desktop client on Windows
To connect using the Windows desktop client, follow these steps:
- Create a new connection using the web protocol
- Connect using your credentials with username and password
- Start a new session by choosing your favorite desktop environment (XFCE is a good choice)
- Refer to this documentation as needed
Connecting from outside CERN
To connect from outside CERN using the FastX desktop clients, refer to the SSH configuration above, especially the part on using lxplus with ProxyJump. With the connection type set to ssh as shown above, the whole process is password-less.
Windows Remote Desktop connection¶
The connection to Windows VMs uses the Windows Remote Desktop clients available on Windows and on Mac OS. No specific configuration is needed. Users can use the CERN Remote Desktop Services to create a .rdp file (use the Generate a .rdp file to connect to a Server link). Slightly more detailed instruction are available for:
- Linux
- Mac OS
- Windows
The general documentation on Windows at CERN can also be consulted.
Connecting from outside CERN
The VMs in the mp-windows hostgroup are accessible through the Windows Remote Desktop Gateway (all users in the machine-protection-studies-users are allowed to login through the gateway). Users should use cerngt.cern.ch has gateway when connecting from outside the CERN network (see screenshot below). Alternatively, a .rdp file can be downloaded directly from this page (use the Generate a .rdp file to connect to a PC from outside CERN link).
FAQs
What is the machine that provides the resources to run virtual machines? ›
A hypervisor, also known as a virtual machine monitor or VMM, is software that creates and runs virtual machines (VMs). A hypervisor allows one host computer to support multiple guest VMs by virtually sharing its resources, such as memory and processing.
Can a virtual machine protect your computer? ›Using a virtual machine helps developers or IT teams isolate infected apps or files, protecting host computers from harm and preventing the spread of malicious software. But if you think your personal computer is already infected, check out our guide and act quickly to remove the virus.
What should you use if you need to configure the virtual machines to connect to the virtual disks? ›To configure your machine for optimal performance, you should ideally use software capable of managing your virtual machines. My recommendation is SolarWinds Virtualization Manager (VMAN). VMAN has complete visibility across your virtualization environment, including Hyper-V and VMware environments.
What are 4 ways to secure a virtual machine? ›- Remove Unnecessary Hardware Devices.
- Disable Unused Display Features.
- Disable Unexposed Features.
- Disable VMware Shared Folders Sharing Host Files to the Virtual Machine.
- Disable Copy and Paste Operations Between Guest Operating System and Remote Console.
- Limiting Exposure of Sensitive Data Copied to the Clipboard.
Virtual resources are portions of the capacity of the physical resources that behave like physical resources, but are provisioned on demand rather than in advance of demand. Types of virtual resource include virtual machines, disks, and snapshots.
What is the process of using virtual machines on the computer called? ›Virtualization uses software to create an abstraction layer over computer hardware that allows the hardware elements of a single computer—processors, memory, storage and more—to be divided into multiple virtual computers, commonly called virtual machines (VMs).
What is the main purpose of virtual machine? ›What are virtual machines used for? Virtual machines (VMs) allow a business to run an operating system that behaves like a completely separate computer in an app window on a desktop.
Why are virtual machines good for security? ›If you install and run a program on your MacOS virtual machine, it can't escape and tamper with your PC. Each virtual machine has its own “virtual” hardware including CPUs, memory, hard drives, and network interfaces, which are mapped to the “real” hardware on the host computer.
Can someone access my virtual machine? ›Is Your VM Safe From Hackers? It's certainly possible for a virtual machine to become compromised, especially if you access it on a mobile device in a place with public Wi-Fi. Just like all devices going on a public Wi-Fi system, hackers could infiltrate your OS if not taking proper security measures.
What provides access to virtual machines through a network connection? ›NAT networking
Network Address Translation (NAT) gives a virtual machine access to your computer's network by combining the host computer's IP address with a port through an internal Hyper-V Virtual Switch.
What does a virtual machine use to connect to a network? ›
VMs connect to the network through the virtual network switch. Based on the configuration of the virtual switch, a VM can use an existing virtual network managed by the hypervisor, or a different network connection method.
What is the one thing required to connect a virtual machine to a virtual switch? ›To communicate the Hyper-V host and the virtual machines connected to the internal switch, it is necessary to configure an IP address on the same network on the different network cards.
What are the 3 virtual security measures? ›Standard measures used to achieve virtual security include firewalls, intrusion detection systems, and encryption.
What are the three 3 techniques or tools that will help in implementing security mechanisms in your organisation? ›Passwords: Appropriate passwords, password management tools, and two-factor authentication are just some examples of how companies can better secure their networks.
What are the three common security concerns in virtual environments? ›- External attacks. ...
- Keeping snapshots on VMs. ...
- Sharing files between VM and host, or copy-pasting between host and remote console. ...
- VM sprawl. ...
- Viruses, ransomware and other malware. ...
- Use named users and least privilege. ...
- Minimize the number of open ESXi firewall ports.
A Virtual Machine (or VM) functions like a physical computer, for instance, a laptop, server, or smartphone and can be used to access another computer. VM is an emulated environment of a physical computer system that runs an operating system and applications.
What is most commonly used for managing the resources for every virtual system? ›Answer. That's called system virtualization. It most commonly uses the hypervisor for managing the resources for every virtual system. The hypervisor is a software that can virtualize the hardware resources.
Do virtual machines use a lot of resources? ›It is a great way to run multiple operating systems on one computer, but it can also be a burden on your CPU. VMs can take up a lot of resources, and if you are not careful, they can cause your computer to slow down or even crash.
How do virtual machines work? ›A virtual machine is a computer file, typically called an image, that behaves like an actual computer. It can run in a window as a separate computing environment, often to run a different operating system—or even to function as the user's entire computer experience—as is common on many people's work computers.
What are examples of process virtual machines? ›Examples: VMWare ESX, ESXi Servers, Xen, OS370, and Denali. Hybrid – the hypervisor shares the hardware with an existing OS, Figure 10.1C. Example: VMWare Workstation. Hosted – the VM runs on top of an existing OS, Figure 10.1D; the main advantage of this approach is that the VM is easier to build and install.
How do virtual networks work? ›
While physical networking connects computers through cabling and other hardware, virtual networking extends these capabilities by using software management to connect computers and servers over the Internet.
Where are virtual machines stored? ›The Machine Folder. By default, each virtual machine has a directory on your host computer where all the files of that machine are stored: the XML settings file, with a . vbox file extension, and its disk images. This is called the machine folder.
What is a software that supports virtual machines called? ›A hypervisor is software that creates and runs virtual machines (VMs). A hypervisor, sometimes called a virtual machine monitor (VMM), isolates the hypervisor operating system and resources from the virtual machines and enables the creation and management of those VMs.
What is the biggest risk of using virtual machines? ›Malware & Ransomware Attacks
Virtual machines are also susceptible to viruses, malware, and ransomware attacks.
With the use of virtual machine solutions, accessibility, sharing, backup, and recovery of data becomes easy, hence offering flexibility and mobility in business operations. This not only adds to the collaboration advantage and increased productivity but also helps in maintaining business continuity.
How would the police track you if you use a virtual machine Tor and a VPN in one virtual machine? ›There is no way to track live, encrypted VPN traffic.
That's why police or government agencies who need information about websites you visited have to contact your internet service provider (ISP for short), and only then your VPN provider.
In terms of VMs, no. Virtual machines are used in this context to isolate the guest from the host, not the other way around. In the realm of just Windows spying on you, you'll be safe by just running in a VM.
Can you have a virtual machine on your phone? ›To run a virtual machine on your smartphone, you'll need to install two applications through Google Play. Andronix is one of the easiest ways to run a virtual machine on your android smartphone. The app provides you with all the tools and instructions.
How do you check if a device is a virtual machine? ›- Check System Tray. ...
- Check Programs and Features in Control Panel. ...
- Check System Information. ...
- Use Powershell or Command Prompt. ...
- Check All Servers in a Domain.
How does virtualized security work? Virtualized security can take the functions of traditional security hardware appliances (such as firewalls and antivirus protection) and deploy them via software. In addition, virtualized security can also perform additional security functions.
What are the three network modes that can be used for a virtual machine? ›
NAT, bridged, and host-only networks are three of the most common networking modes virtual machines use for connectivity.
What is virtual machine access? ›Virtual machine defined
Virtual machines run on a physical machine and access computing resources from software called a hypervisor. The hypervisor abstracts the physical machine's resources into a pool that can be provisioned and distributed as needed, enabling multiple VMs to run on a single physical machine.
Connect to the virtual machine
Select the virtual machine from the list. At the beginning of the virtual machine page, select Connect. On the Connect to virtual machine page, select RDP, and then select the appropriate IP address and Port number. In most cases, the default IP address and port should be used.
- Edit settings.
- Enter a Subnet Prefix.
- If DHCP is available for the Service Engine IP address, deselect Use Static IP Address for VIPs and SE.
- Enter one or more IP addresses or IP address ranges. For example, 10.202. 35.1-10.202. 35.254 . Note: You can enter an IP address that ends with 0 . ...
- Click Save.
Bridged networking connects a VM to the network using the host computer's Ethernet adapter (also known as a network interface card or NIC .
How do I connect my network adapter to my virtual machine? ›- Open the virtual machine settings in VMware Remote Console. On Windows, select VMRC > Manage > Virtual Machine Settings. On Linux, select Virtual Machine > Virtual Machine Settings.
- Open the Hardware tab and click Add.
- Select Network Adapter and click Finish.
Overall, running virtual machines requires a certain amount of hardware and software. You will need a processor with at least two cores, at least 4GB of RAM, and at least 20GB of hard drive space. You will also need a graphics card with at least 256MB of video memory, a network connection, and virtualization software.
What are three 3 security techniques that can be used to protect data? ›Enforcing communication via secure channels. Performing strong identity verification to ensure devices are not compromised. Limiting the use of third-party software and browsing to unsafe websites. Encrypting data on the device to protect against device compromise and theft.
What are the 3 types of security systems used to secure an information system? ›Firewalls. Security Information And Event Management (SIEM) Intrusion Detection Systems (IDS) and Intrusion Prevention Systems (IPS)
What are the four 4 primary methods of security providing computer system protection? ›These include firewalls, data encryption, passwords and biometrics.
What are the 3 main ways to prevent security threats? ›
- Install antivirus software. One of the first lines of defense against malware and other viruses is to install antivirus software on all devices connected to a network (Roach & Watts, 2021). ...
- Create strong passwords. ...
- Enforce security policies. ...
- Use firewalls. ...
- Monitor activity.
SECURING THE WHOLE SYSTEM
Regardless of security policy goals, one cannot completely ignore any of the three major requirements—confidentiality, integrity, and availability—which support one another. For example, confidentiality is needed to protect passwords.
- VM Sprawl. Challenge: Virtualization sprawl happens when it's impossible to effectively control and manage all virtual machines (VMs) connected to a network. ...
- Application Performance. ...
- Bottlenecks. ...
- Licensing Compliance.
The three most general categories are natural threats (such as earthquakes), physical security threats (such as power outages damaging equipment), and human threats (blackhat attackers who can be internal or external.)
Who provides virtual machines? ›Explanation: PaaS provides virtual machines, operating systems, applications, services, development frameworks, transactions, and control structures.
Which provides virtual machines that run on AWS? ›An Amazon Web Services (AWS) Virtual Machine (EC2) is a type of service offered by AWS that allows users to rent virtualized computing resources, such as virtual CPUs and memory, by the hour. These resources can be used to run a wide range of applications, including web servers, databases, and big data processing jobs.
What resources are required for virtual machines Azure? ›There are three main resource providers used when working with Azure Virtual Machines: Network, Storage, and Compute. The Network resource provider (Microsoft. Network) handles all aspects of network connectivity such as IP addresses, load balancers, NICs, and so on.
What provides virtualized computing resources? ›IaaS, also known as cloud infrastructure services, provides its users with virtualized computing resources such as storage, servers, networking, and so on via the internet.
What is the purpose of virtual machines? ›A virtual machine is a computer file, typically called an image, that behaves like an actual computer. It can run in a window as a separate computing environment, often to run a different operating system—or even to function as the user's entire computer experience—as is common on many people's work computers.
What do people use virtual machines for? ›The main purpose of VMs is to operate multiple operating systems at the same time, from the same piece of hardware. Without virtualization, operating multiple systems — like Windows and Linux — would require two separate physical units.
Which type of software is support in virtual machine? ›
There are a variety of software programs that can be used to run virtual machines. Popular virtual machine software includes VMware, VirtualBox, and Parallels. VMware is a popular virtual machine software that is used for a variety of purposes, including testing, development, and production.
How does a virtual server work? ›How do virtual servers work? A virtual server functions just like a physical server, but the virtualization software allows its resources to be abstracted from the physical system. Each virtual server is able to run its own operating system, applications, and workloads without impacting other host system resources.
What are the system requirements for a VM? ›| Hardware | VMM server | VMM library |
|---|---|---|
| Processor (recommended) | 16-core, 2.66 GHz CPU | 4 core 2.8 GHz CPU |
| RAM (minimum) | 4 GB | 2 GB |
| RAM (recommended) | 16 GB | 4 GB |
| Hard drive (minimum) | 4 GB | Based on size/amount of stored files |
By having each physical server divided into multiple virtual servers, server virtualization allows each virtual server to act as a unique physical device. Each virtual server can run its own applications and operating system.
What are the key components of virtual machine infrastructure? ›A virtual machine needs four core resources: CPU, memory, network, and storage (disk). These resources are granted to the virtual machine through the configuration of the virtual hardware.
What is the virtual network resource called in Azure? ›Azure Virtual Network is the fundamental building block for your private network in Azure. A virtual network enables many types of Azure resources, such as Azure Virtual Machines (VM), to securely communicate with each other, the internet, and on-premises networks.
Which tool is used to view details such as IP addresses about the virtual machines in a scale set? ›Querying the public IP addresses of the virtual machines in a scale set. To list the public IP addresses assigned to scale set virtual machines using the CLI, use the az vmss list-instance-public-ips command.
Which cloud computing option provides network connectivity through the cloud? ›IaaS. IaaS means a cloud service provider manages the infrastructure for you—the actual servers, network, virtualization, and data storage—through an internet connection.