HP Helion Public Cloud : Router and Subnet Settings

HP Helion Public Cloud Might Feel Difficult Due To Robust Router and Subnet. Here practical guide on how you can easily SSH from your computer. Rackspace is probably great at current situation. HP Cloud has 3 months free usage, which is more than enough to practice with almost just above the main hardware. We will try to deliver HP Cloud based services, end users will not need much effort, but this guide is for learning purpose. Who want to learn or use HP Helion Public Cloud for serving webpages can follow this guide.

Why HP Helion Public Cloud Need Router and Subnet Settings Tweak?

Although just like Rackspace, HP Helion Public Cloud runs on OpenStack, the infrastructure can be controlled with granular tweak. You can not use a Router free of cost on Rackspace. HP Helion Public Cloud is RAW, intended for enterprise grade usage – not only for serving webpages. You should have an idea about Router, Hub, Switch and Subnet. On real Hardware, we tweak these manually. In other words – an instance is not Public until you add the way to SSH. You can allow only one IP to SSH.

Off topic Words on HP Helion Public Cloud and Router and Subnet Settings

Skip this subhead if you are in hurry. It describes what client software to use and HP’s philosophy.
Most importantly, you can have huge number of images with variations. Rackspace will appear like a Kid if you can use HP Cloud Properly. Cost is less, advantages are huge, no nagging “use our managed level, use our ThisOps”. Rackspace became mainstream and not really like before.

It is very painful to learn these stuffs, but once you can learn, you can provide service. HP provides direct image from Ubuntu as Partner. HP has robust infrastructure level support. The UI is not user friendly. The servers are of HP. Cost reduction is obvious. You can install OpenStack Nova Clients on OS X following this guide.

If you are using OS X, we expect that you’ll use iTerm2+Homebrew+ZSH setup, default Terminal is always there. On other Unix like OS, you can use Terminal. On Microsoft Windows, you can use PuTTY. We see no reason not to use Live version of any Linux instead of Microsoft Windows aka OpenVMS. HP Cloud has not much detailed guide for Linux, OS X as for selling Laptops, Desktops; they have partnership with Microsoft. Although HP actually hugely supports Free Software – you can check the list of donors in Free Software Foundation. HP has HP-UX.

Change your orientation in the way you use typical public cloud servers. IP is separate, Routers are separate, instances are separate. Your orientation was a bit faster easy way, basically they uses script to do the works. It is fully RAW, solid material. Yes, Amazon has some resemblance. But Amazon has no such wider freedom.

HP Helion Public Cloud and Router and Subnet Settings

Settings, setup are as of 03rd December, 2014. We can not update again and again with changing UI. Basic, possibly will remain the same forever.
After login to your HP Helion Public Cloud Account, first (at current contain dated 03rd December, 2014) activate the services. Right now, they are located at :

It is the place, you possibly should bookmark. It helps to easily navigate to each region specific services! It is not possible for HP to write in this way. Activate all except any Beta Service Request. There is no charge for only activating plus you have free $100 / month usage tier (right now).

There are Default Router, Subnet etc. provided, honestly, for the advanced users, it is better to delete them. They are kind of generalized settings. HP has good resources, you can read their guide.

Basically, you have to :

1. Create a Router
2. Create a Subnet
3. Check Security Group’s allowed ports
4. Add IP
5. Generate Keypair
6. Lunch Instance

The word Network HP uses to indicate internal Network – think that you are renting a datacenter. Router will connect towards the outer world. I have drawn an easy diagram :

I am giving you a classic example for only doing SSH to instance. I said to delete all the older settings because, possibly you did lot of wrong efforts and they can keep a way for the hackers. You need no special software for firewall – ports are not open, router will disallow. By default, instance is Private but via GUI, HP’s settings forces for Public instance – it is Public Cloud. Private Cloud has huge resemblance from setup point of view.

Generate a key pair first. On Mac, it will get downloaded as .pem on Safari. Do not delete older keys if there are older instances. It will be very difficult to do SSH. Nova will inject it like password. Keep this key as copy on Private Object Storage as backup. You should chmod 400 to do ssh. Actually, that .pem can be converted to pub :

We are talking about your Mac. Basically if you work a bit like we did for Heroku Cloud, you’ll not need to run ssh -i yourkey.pem ubuntu@IP but simple ssh ubuntu@IP. That is a separate topic. You can follow our Github SSH Key Not Working For Command Line to understand how it works.

If you cd and do ls :

You will see a config file. You can tweak from .zshrc file or some other profile files. If Port 22 is open but you can not SSH, run :

Run man ssh to read the manual if All is Fine But You Can not SSH. Technically this is the last step.

Network Topology is the best visual guide.

Router Overview should look like this :

You can add more interfaces. Admin is actually UP. DOWN is shown for other reason. It will not create problem. I could name the router with domain name – that is practical. We might need different logical sets.

Security Group Rules determines access even within the network. Reason is simple – one instance might get hacked. What Rackspace, DigitalOcean does they add wild card access. Security directly becomes of the OS. So, you should allow from this place Port 22 directly. You can create Groups like no-ssh, do-ssh to allow or disallow communication.

Under Networks you’ll get the Subnet. Create Network means, you’ll be adding Subnet. Under one Network, you can add more Subnet. We use 10.0.0.0/24 as Subnet IP. I use because I forget custom digit. Role of the IP layer is to figure out how to route the packets to their final destination. Every interface on the network needs an IP address. Linux Kernel’s IP layer keeps a table of different routes. You can see a list of routes /sbin/route. On your Mac, there is /sbin too, as well as /sbin/route.

We usually do not write 10.0.0.0 - 10.0.0.255. Instead, we shorten it to 10.0.0.0/24. This /24 notation is net mask. 10.0.0.0/24 is smaller range, containing addresses 10.0.0.0 to 10.0.0.255. This is C-Class. 10.0.0.0/8 is means any address from 10.0.0.0 to 10.255.255.255 (16,777,215 possibilities). It is A-Class and widely open. I wrote “I use because I forget custom digit”, because I am imbecile, I do not allow so many possibilities of running port scanning. NSA works at this level for spyware activities. Knowledge is God’s gift. If you ask Richard Stallman to do config, he’ll do it in such a way, none can penetrate except one. He says Cloud Computing as “stupidity. It’s worse than stupidity: it’s a marketing hype campaign”, because that Router, Subnet are not genuine in true sense. Operating cost is lesser. As on Public Cloud, we’ll not store personal or business critical data, it actually worths the value.

In the Security Groups Rule on a specific region, You must have :

to SSH. As all of us uses a variable floating IP, the CIDR notation is 0.0.0.0/0 with Port 22. It is Ingress. There are lot of official guides written by HP, this article is different than their guides. They are needed as UI might change. This explains the technical aspects of networks. After this, you can easily SSH :

Obviously the directory where the yourkey.pem is located, you need to CD there (it can be Desktop, Downloads etc.) and run the command. No password, direct login. Except Ubuntu, all are root.