User Tools

Site Tools


guide:cloud:practices

CHPC Cloud Resources

Best Practices

  • Spin up a VM instance corresponding to your needs and ensure that we properly manage cloud compute resources.
  • Always start using virtual machine/instance by applying latest security updates
  • When the instance is terminated or unavailable, any data stored inside it is unavailable or lost.
  • Pull data you need immediate access to into your VM’s local storage. If your workflow needs a large reference dataset.
  • Terminate your VM and, subsequently, the local storage.
  • When editing the security group associated with your virtual machines/instances, only allow access from trusted IP addresses.
  • If you DO have to allow SSH access to your publicly accessible instances from 0.0.0.0/0 (entire Internet), make sure that only SSH key-based authentication is allowed by editing SSH's config file and restarting the ssh service afterwards:

Edit the file /etc/ssh/sshd_config , using text editors such as vim or nano

      PasswordAuthentication no
      ChallengeResponseAuthentication no

And then, restart the sshd service: systemctl restart sshd.service

  • Do not share SSH keys or other credentials.
  • Terminate/delete unused resources (instances, volumes, snapshots).
  • Do not snapshot instances containing credentials and then share them with other users.
  • Do not copy or create large data sets on a virtual machine that you plan to snapshot later, because it will increase the snapshot size and take longer to start instances from it later, as well as taking more storage space.
  • Clean up confidential data (e.g. ssh keys, any saved credentials, bash history) before taking a snapshot of an instance, in case you will want to share that instance with other users later.
  • If planning to later snapshot an instance, use the SMALLEST possible flavor type that will allow you to install your applications because you can not start an instance of a smaller size than the original size used when the snapshot was taken.
  • The snapshot only captures and stores the contents of the root disk (/dev/sda), so do not store data or install applications on attached volumes if you need them to be part of the snapshot.
  • Do not use or upload Openstack images from untrusted sources.
  • Do not install software from untrusted sources.
  • Associate a floating IP only with a single instance and SSH into it before using SSH to connect to your other instances. In this way, you limit your security exposure.
  • Make use of cloud utilities for automating provisioning steps. Cloud-init is a package pre-installed in most modern Linux distributions that allows (among other things) execution of a script upon the initial boot of the instance. More information about using cloud-init and useful examples are available at https://cloudinit.readthedocs.io/en/latest/

Acceptable User Policy (AUP)

-An initial vm user account will be setup with sudo privileges.

-User accounts/ usernames are set up using the standard CHPC user account creation policy, a user’s name consists of the first letter of your name and your surname/last name.

-Each project will have a maximum of below resources. unless motivated for more resources:

  • Storage = 400G
  • cpu = 16
  • Memory = 32G

- The allocation of more resources is subjected to availability thus not guaranteed.

- VM snapshots are provided on request.

- For security reasons as passwords are subjected to compromise, please add/use ssh keys for adding ssh keys to your vm, follow the getting started (insert the link)

- For paying customers/users the invoices for the previous calendar month are sent on the 5th of every month. If no invoice received on the 5th please email CHPC on helpdesk@chpc.ac.za .

-CHPC does not provide windows licences, users requesting windows images must provide their own windows licence first.

-Unplanned downtime is 15 minutes at most unless communicated, if the vm went down (not by your doing) and is not up within 15 minutes, please contact helpdesk at helpdesk@chpc.ac.za.

/var/www/wiki/data/pages/guide/cloud/practices.txt · Last modified: 2020/09/11 16:42 by zmtshali