Hosting/en: Unterschied zwischen den Versionen

Aus TERRA CLOUD WIKI

(Die Seite wurde neu angelegt: „Hosting“)
 
(Die Seite wurde neu angelegt: „=Connection to server=“)
Zeile 1: Zeile 1:
<div lang="de" dir="ltr" class="mw-content-ltr">
<span id="Einleitung"></span>
=Einleitung=
=Introduction=
</div>


<div lang="de" dir="ltr" class="mw-content-ltr">
This getting started guide serves as the basis for establishing the first connection to your hosting system and BMC access.
Dieses Einstiegshandbuch dient als Grundlage zum Aufbau der ersten Verbindung zu Ihrem Hosting System, sowie dem BMC Zugriff.
If you have already established the connection to the firewall, you can continue [[Hosting#Connection_to_Server|here]].
Sofern Sie die Verbindung zur Firewall bereits aufgebaut haben können Sie [[Hosting#Verbindung_zum_Server|hier]] fortfahren.
<span id="Verbindung_zur_Firewall"></span>
</div>
=Connection to firewall=
<div lang="de" dir="ltr" class="mw-content-ltr">
=Verbindung zur Firewall=
</div>


<div lang="de" dir="ltr" class="mw-content-ltr">
{{#lstx:Firewall|excludeiaas}}
{{#lstx:Firewall|excludeiaas}}
</div>
<span id="UMA_Mailarchivierung"></span>
<div lang="de" dir="ltr" class="mw-content-ltr">
= UMA mail archiving =
= UMA Mailarchivierung =
</div>


<div lang="de" dir="ltr" class="mw-content-ltr">
{{#lstx:UMA|excludeuma}}
{{#lstx:UMA|excludeuma}}
<br>
<br>
Weiterführende Informationen zur Konfiguration und Inbetriebnahme der Securepoint UMA finden Sie unter folgenden Link: <br>
Further information on configuring and commissioning the Securepoint UMA can be found at the following link: <br>
https://wiki.terracloud.de/index.php/UMA <br>
https://wiki.terracloud.de/index.php/UMA <br>
</div>
<span id="Verbindung_zum_Server"></span>
<div lang="de" dir="ltr" class="mw-content-ltr">
=Connection to server=
=Verbindung zum Server=
</div>


<div lang="de" dir="ltr" class="mw-content-ltr">
==Windows Server==
==Windows Server==
</div>


<div lang="de" dir="ltr" class="mw-content-ltr">
<div lang="de" dir="ltr" class="mw-content-ltr">

Version vom 18. Januar 2024, 12:36 Uhr

Introduction

This getting started guide serves as the basis for establishing the first connection to your hosting system and BMC access. If you have already established the connection to the firewall, you can continue here.

Connection to firewall

Sprachen:

Private Cloud Strategy

Basically, every private cloud package from the TERRA CLOUD is delivered with a virtual Securepoint UTM appliance.
This starter guide serves as the basis for setting up a VPN tunnel and accessing the firewall's web interface.

Requirements for access

OpenVPN Client:

VPN configuration file:
The VPN data for administrator access can be found in the Cloud Center below the respective order within the service information, see also Service-Information.

The point "to the download area" takes you to a central share in Terra Drive, where all your VPN data for the booked virtual environments in the Terra Cloud is located. The prerequisite for this is the access data for your Drive NFR account.
Please note that the central share only contains the VPN data of the environments that you have booked in the Terra Cloud Center.

VLAN Requirements

Every virtual Securepoint UTM has 2x virtual network interfaces by default.
One of these communicates with the Internet, the other communicates with the systems in the package.
Since a Hyper-V VM can have a maximum of 8x network cards attached, we can provide a maximum of 6x additional VLANs.

Connect to the firewall

An existing VPN tunnel is required for the connection to the firewall.
Before establishing the connection, please check whether the standard port 1194 is enabled for VPN connections on your local firewall.
If port 1194 is blocked, establishing the VPN tunnel will fail.

Initial setup of the VPN connection in the Securepoint VPN Client

  • Install the respective VPN client, in this example we are assuming the Securepoint VPN client.
  • Open the VPN client and click the gear at the bottom right to open the settings menu..

Open VPN client settings

  • In the context menu under Source file, click on the three dots to select the source file that was previously downloaded from the Cloud Portal.

Importing the configuration

  • Select the opvn file from the previously extracted zip file and click “Import”.
  • Optionally, the configuration can be assigned a name under “Import as:” under which the configuration will later be visible in the VPN client.
  • Use the arrow button to start establishing the VPN connection

Connect
The required initial access data is:
User: ssluser-admin
Password: ChanTroFar93!


Connection to the firewall web interface

After the VPN connection has been successfully established, access the following address in any browser:
https://<firewall IP address>:11115

The IP address of the firewall was assigned by you when ordering the environment and can be accessed subsequently in the Cloud Center
can be viewed below the respective order within the service information, see also Service Information.

FW_Login

The required initial access data is:
User: fwadmin
Password: Terra001

Initial access to the firewall web interface

Note:
The WebGUI has changed visually since firmware version 12.6.2.
However, with a few exceptions, all points are still called the same, so you can continue to follow all the steps using the following instructions.

The first time you open the firewall web interface, a few things need to be done:

Assign firewall name

Firewallname_given
Please enter a firewall name, which must correspond to an FQDN, e.g. myfirewall.local.
The firewall name must not contain any umlauts, special characters or capital letters.

Then click on the Complete button.

Firmware Update

Depending on the preinstalled firmware version, you will receive a message that a newer firmware is available.
In this example we assume that version 11.8.9 is preinstalled.

Firmwareupdate_available

This query should be answered with Yes when the environment is commissioned for the first time.
You will then receive a view of the available new firmware, which will be imported using the “Start test run” button.

Available_Firmwares

In order to use the new firmware, several license agreements must be checked and accepted.
Firewall License Agreement

Finally, a restart must be carried out. This can take up to 5 minutes.
You can follow the restart via the console connection via the Technical Center (https://manage.terracloud.de).

Firmware_Reboot

After the firewall has successfully restarted and you have logged in again, the new firmware must be confirmed as the new standard firmware.

Firewall-Firmware-ReleaseNotes

Confirm virus scanner message

If you have booked the firewall with only one vCore, you will receive a message that the number of virus scanners on the firewall has been reduced for stability and performance reasons.
This message is normal and needs to be confirmed.
Virus scanner message

Set cloud backup password

Please enter a password to back up your firewall configuration in the Securepoint cloud.
This gives you the opportunity to import the firewall configuration from the Securepoint Cloud after reinstalling the firewall.
Cloudbackup-Password

Your firewall will then be completely set up.

Firewall-WebGUI

Change of initial passwords

We recommend changing the initial passwords after the handover.

  • In the firewall interface, open the menu item Authentication --> Users
  • Click on the configuration symbol (wrench) behind the respective user and enter the new password in the Password and Confirm password fields.
  • Finally, click on the save symbol at the top right.



You cannot change the user "admin".
This is an administrative account that is only used in the background for the firewall services.
Instructions and information on configuring the firewall can be found at:
http://wiki.securepoint.de/index.php/Howtos-V11

Email protection: spam filter with anti-virus package (optional)

Protection is implemented directly on the firewall included in the cloud environment.
The following options can be set:


Internet protection: Content filter with anti-virus package (optional)

Internet protection is implemented on the cloud firewall in your cloud environment. The following options can be set:

UMA mail archiving

Sprachen:

Log in to Securepoint UMA

If mail archiving has been booked, a Securepoint UMA is available to you in your package.
The web interface for configuration can be accessed via the following address:

The prerequisite for this is a VPN tunnel that has been set up or access via a VM within the network.
The access data for this is “admin” and the password you have assigned.


Further information on configuring and commissioning the Securepoint UMA can be found at the following link:
https://wiki.terracloud.de/index.php/UMA

Connection to server

Windows Server

RDP-Sitzung aufbauen

Öffnen Sie einen Remotedesktop-Client und geben Sie die von Ihnen vergebene IP-Adresse ein und verbinden sich mit dem Server.
Die Standard IP-Adresse des ersten Servers, sofern Sie diese im Bestellprozess nicht anders angegeben, lautet:
192.168.143.1
Die benötigten Zugangsdaten lauten:

  • Benutzer: Administrator
  • Passwort: Terra001!


Eine eventuell auftretende Meldung bezüglich fehlender Zertifikate bestätigen Sie bitte. Die Zertifizierung steht aus.

BMC - Zugriff

Rufen Sie im Browser folgende Adresse auf:
https://XXX.XXX.XXX.201 ( Bitte ersetzen Sie die ersten drei Oktetts durch das in der Bestellung angegebene Netzwerk )
Die Standard IP-Adresse, sofern nicht anders angegeben, lautet:
https://192.168.143.201
Die benötigten Zugangsdaten lauten:

  • Benutzer: Administrator
  • Passwort: Terra001!


Wir empfehlen, dass Passwort nach dem ersten Zugriff zu ändern, bitte rufen Sie dazu den Menüpunkt Configuration/Users auf.
Markieren Sie den Benutzer „Administrator“ und klicken Sie am Ende der Liste auf „Modify User“.
Geben Sie ein neues Passwort und die Bestätigung ein, speichern Sie das neue Passwort mit „Modify“.

VMware ESX Server

Öffnen Sie, nachdem Sie einen VPN Tunnel zu Ihrer Umgebung aufgebaut haben, einen Browser und rufen Sie die IP-Adresse Ihres Servers auf.
Die Standard IP-Adresse des ersten Servers, sofern Sie diese im Bestellprozess nicht anders angegeben, lautet:
http://192.168.143.1
Sie werden dann mit der VMware ESXi - Seite verbunden, von hier können Sie direkt den Link auswählen und den Client herunterladen
Download vSphere Client
Die benötigten Zugangsdaten für den Serverzugang im vSphere Client lauten:
Benutzer: root
Passwort: Terra001!

Troubleshooting

BMC nicht erreichbar

Lösung:
Folgendes Tool herunterladen:
https://sourceforge.net/projects/ipmitool/
Bitte geben Sie anschließend in der Konsole folgenden Befehl ein:
„ipmitool reset bmc cold -I lan -H 10.0.0.1 -U admin -P password“.
Erklärung zum Befehl:
ipmitool [ <options> ] <command> [ <sub-commands and sub-options> ]
reset bmc cold => sofortiges hartes resetten des BMC-Moduls
-I lan => Nutzung des LAN-Interfaces
-H Adresse-U admin -P password => H <hostname> [-U <username>] [-P <password>]

Hardware Logfiles auslesen

Bitte lassen Sie uns die folgenden Informationen zukommen:

  1. Windows Event Logs des betroffenen Systems:
    1. System-Log
    2. Anwendungs-Log
  2. SEL-Log aus dem Remote Management Moduls:

Speichern des EventLogs