First Steps in the CloudEnterprise · FOSS · Linux · Security Updated
Ive been a cloud *client* for quite some time, firstly with Gmail and Google docs, later with Dropbox and Amazons S3 storage (via Jungledisk). I’m also a fan of virtualisation and, while listening to a recent FLOSS Weekly netcast with Ian Pratt, I found out that Amazons EC2 (Elastic Compute Cloud) is indeed based on Xen. Now I had an interesting chat with one of the guys from Citrix recently also, I decided it was time I took a look at Amazons offering.
EC2 offers you the ability to “stand up” multiple servers almost instantly, configure and run them and only ever pay for the number of hours they are up. A server instance starts at $0.10 an hour – this is for their “small Linux instance”, which is 1.7gb ram and 350gb disk space. They also offer Windows instances which are slightly more, but still amazingly low priced. This makes it extremely cost effective to use for large proof of concept work or for full time production. Anyway, let me walk you through my first steps in/on Amazons cloud.
First of all you have to have an Amazon account, as I already had one all I needed to do was to “sign up” for the EC2 service (remember you pay for what you use in server/hours). Two clicks later and Im ready to go.
In my eagerness to get started I overlooked the “Getting Started” video on the front page and decided to see how for I could get without reading the documentation. If you want the short answer – I had my first box up and running in less than 5 minutes. For the more detailed version read on,
There are a couple of steps to complete before you get you box up and running and the interface holds your hand nicely through these. Im impressed with the level of security that is setup right out of the box. The two steps you need to do (apart from choosing your instance) are both security related. Firstly you need to select or create the security group – in other words the firewall settings. There are suggested entries there already and customising it is very simple.
Secondly you will need to generate a keypair that you will need to administer the boxes. Again the wizard walks you through this step also, Once those two steps are done and you have chosen your instance type, you click on create and after a minute or so you can see your first instance change its status to starting.
Cool, lets see the console then.
The first instance I chose to create was a Fedora box, so when I hit the “Console” button I was provided with details on how to connect to the instance. For now, you connect to the DNS name that Amazon give you, which maps to a local IP address within Amazons cloud. You can also rent “Elastic IP” addresses for $0.01 per hour, I decided the funky DNS name and private IP was fine for my testing. So I SSH to the DNS name, referencing the file that contains your keypair. The provide the exact syntax that you need to use but its pretty straightforward. You are not prompted for a password as you are using, the more secure, keypairs. And thats it – you have a bash console your box.
As my first hour approached its end I shut down the instance and went out. Upon my return I wanted to try a Windows host. Interestingly the previous instance had disappeared. It seems that if you shutdown an instance, for a certain period of time, the diskspace is reclaimed. If you want to keep instances around when they are shutdown you can do this by using Amazons EBS (Elastic Block Store) which is $0.10 per gb per month.
Anyway, as I mentioned above, I decided to try a Windows box next. I selected the Server 2003 and SQL Server 2005 instance. This time the firewall settings suggested were as follows
- Remote Desktop (3389)
- HTTP (80)
- SQL Monitor (1434)
I accepted the defaults but if I was going to use it “in production” I would close the SQL port. I clicked the button to fire up the instance and a minute or two later it changed its status to “running”. Hitting the console button this time brings up a box explaining how to connect to the server, namely via RDP. Again security is there right out of the box because the local Administrator password is randomly set and then encrypted in the instances log file. To get to this password you have to right click on the instance in Amazons control panel and select decrypt password. You are prompted to paste in your key to a dialog box and a few seconds later your password is displayed.
Pointing your RDP client to the DNS name of the instance and using these credentials gets you logged onto your server – its as easy as that. This would make testing things like large scale Exchange setups, that involve many servers talking to each other, really easy and you wouldn’t have to stump up for the hardware required to do this in your own lab.
This (EC2) is just one of the services that Amazon offer. I’ve been very impressed with my first steps in the cloud, things couldn’t have been any easier to get up and running and I’m pleased to see that security has been part of the core design. When you consider that the underlying technology is Open source then I think its something we (the Open Source community) can be proud of.
There is talk on the net about Amazon open sourcing its cloud tools – this would great news and very beneficial for The Cloud as a whole. So nice to see people aren’t trying to lock down or lock you into their offerings – lets hope it turns out to be true
Sorry about the lost screenshots, this was due to a major incident at my previous hosting provider. At least I had the databases backed up :-/comments powered by Disqus