Advanced Configuration

Configure additional options for your virtual machine to enhance security, access, and initial setup capabilities.

Public IP Configuration

Control whether your VM has internet connectivity and public accessibility.

Enable Public IP

Internet Connectivity

VM receives a publicly accessible IP address
Full internet access for downloads and updates
Accessible from anywhere on the internet
Required for remote access and most applications

Disable Public IP

Internal Network Only

VM accessible only within internal network
Enhanced security through network isolation
No direct internet access
Requires VPN or bastion host for access

Public IP Security Considerations

Security Warning:

Enabling public IP makes your VM accessible from the internet. Ensure proper security measures:

Configure firewall rules appropriately
Use strong SSH keys
Keep system updated with security patches
Monitor access logs regularly

Public IP Use Cases

Recommended: Enable Public IP

Easy remote access for development
Internet access for package installations
Simple collaboration with team members
Direct access to web services and APIs

Security Rules Configuration

Configure firewall rules through the integrated interface to protect your virtual machine.

Firewall Integration

Access Security Rules

Security rules are configured during VM deployment or through the security management interface

Define Rule Types

Add rules for specific protocols:

TCP: Web services, databases, custom applications
UDP: DNS, video streaming, custom protocols
ICMP: Ping, network diagnostics

Configure Access

Define allowed sources and destinations:

IP Ranges: Specific networks or addresses in CIDR notation
Port Restrictions: Specific ports or port ranges
Direction: Ingress (incoming) or Egress (outgoing) traffic

Apply Rules

Rules are applied automatically after VM becomes active:

Real-time rule validation
Automatic conflict detection
Progressive rule application

Common Security Rule Examples

SSH Access

Web Services

Custom Applications

Database Access

Security Rule Best Practices

Principle of Least Privilege

Minimize Access

Only open ports that are actively needed
Restrict source IP ranges to minimum required
Regularly audit and remove unnecessary rules
Use specific ports instead of ranges when possible

Defense in Depth

Multiple Security Layers

Combine firewall rules with application security
Use both network and host-based firewalls
Implement monitoring and intrusion detection
Regular security assessments and updates

Security rules may take up to 10 minutes to be fully applied after VM deployment. During this time, your VM may appear to have limited connectivity.

Jupyter Notebook Configuration

Optionally enable Jupyter Notebook server for interactive computing and data science workflows.

Jupyter Setup Process

Enable Jupyter

Toggle the Jupyter Notebook option during VM configuration

Set Password

Configure a secure password for Jupyter access:

Minimum 8 characters required
Password strength validation (weak/medium/strong)
Strong passwords recommended for security

Access Jupyter

After VM deployment, access via browser:

http://<vm-ip>:8888

Use the configured password to access the Jupyter interface

Password Requirements

Basic Security

At least 8 characters
No common dictionary words
Not easily guessable

Jupyter Security Considerations

Jupyter Security:

Jupyter will be accessible from any IP that can reach your VM
Use strong passwords to prevent unauthorized access
Consider restricting access through firewall rules
Keep Jupyter updated for security patches
Monitor access logs for suspicious activity

Jupyter Use Cases

Data Science Development

Educational Environments

Prototyping and Experimentation

Cloud-Init Script Configuration

Add custom initialization scripts to configure your VM environment at first boot.

Cloud-Init Overview

Automatic Configuration

System Initialization

Runs during first boot process
Configures system before user access
Automates software installation
Sets up custom environments

Script Flexibility

Custom Scripting

Bash shell scripts supported
Package installation commands
Configuration file modifications
Service setup and management

Cloud-Init Script Limitations

Script Constraints:

Maximum script size: 16KB
Input validation and sanitization applied
Scripts run with root privileges
Execution time limits apply
Network access may be limited during early boot

Common Cloud-Init Examples

Install Additional Software

#!/bin/bash

# Update package lists
apt update

# Install additional packages
apt install -y htop vim git curl wget

# Install Python packages
pip3 install numpy pandas matplotlib

# Install Docker
curl -fsSL https://get.docker.com | sh
usermod -aG docker ubuntu

Install Additional Software

#!/bin/bash

# Update package lists
apt update

# Install additional packages
apt install -y htop vim git curl wget

# Install Python packages
pip3 install numpy pandas matplotlib

# Install Docker
curl -fsSL https://get.docker.com | sh
usermod -aG docker ubuntu

Configure System Settings

#!/bin/bash

# Set timezone
timedatectl set-timezone America/New_York

# Configure swap
fallocate -l 4G /swapfile
chmod 600 /swapfile
mkswap /swapfile
swapon /swapfile
echo '/swapfile none swap sw 0 0' >> /etc/fstab

# Set hostname
hostnamectl set-hostname my-ml-server

Create Users and Configure Access

#!/bin/bash

# Create additional user
useradd -m -s /bin/bash developer
usermod -aG sudo developer

# Set up SSH directory for new user
mkdir -p /home/developer/.ssh
chown developer:developer /home/developer/.ssh
chmod 700 /home/developer/.ssh

# Copy SSH keys
cp /home/ubuntu/.ssh/authorized_keys /home/developer/.ssh/
chown developer:developer /home/developer/.ssh/authorized_keys

Install and Configure Applications

#!/bin/bash

# Install Anaconda
wget https://repo.anaconda.com/archive/Anaconda3-2023.09-0-Linux-x86_64.sh
bash Anaconda3-2023.09-0-Linux-x86_64.sh -b -p /opt/anaconda3

# Add to all users' PATH
echo 'export PATH="/opt/anaconda3/bin:$PATH"' >> /etc/environment

# Install specific conda environment
/opt/anaconda3/bin/conda create -n ml-env python=3.9 -y
/opt/anaconda3/bin/conda activate ml-env
/opt/anaconda3/bin/conda install pytorch torchvision -c pytorch -y

Cloud-Init Best Practices

Script Reliability

Error Handling and Logging

#!/bin/bash
set -e  # Exit on any error

# Log all output
exec > >(tee /var/log/cloud-init-custom.log)
exec 2>&1

echo "Starting custom initialization..."

# Your commands here
apt update && apt install -y package-name

echo "Custom initialization completed successfully"

Resource Management

Security Considerations

Testing and Validation

Cloud-Init Troubleshooting

Check Execution Logs

View cloud-init logs on the VM:

sudo cat /var/log/cloud-init.log
sudo cat /var/log/cloud-init-output.log

Verify Script Status

Check cloud-init status:

sudo cloud-init status
sudo cloud-init status --long

Manual Script Testing

Test script components manually:

# Run individual commands from your script
# Check for errors or missing dependencies

Debug and Iterate

Fix identified issues
Test updated script on new VM
Document working configurations
Share successful scripts with team