Advanced Configuration
Configure additional options for your VM to enhance security, access, and initial setup
Configure additional options for your virtual machine to enhance security, access, and initial setup capabilities.
Public IP Configuration
Control whether your VM has internet connectivity and public accessibility.
Enable Public IP
Internet Connectivity
- VM receives a publicly accessible IP address
- Full internet access for downloads and updates
- Accessible from anywhere on the internet
- Required for remote access and most applications
Disable Public IP
Internal Network Only
- VM accessible only within internal network
- Enhanced security through network isolation
- No direct internet access
- Requires VPN or bastion host for access
Public IP Security Considerations
Security Warning:
Enabling public IP makes your VM accessible from the internet. Ensure proper security measures:
- Configure firewall rules appropriately
- Use strong SSH keys
- Keep system updated with security patches
- Monitor access logs regularly
Public IP Use Cases
Recommended: Enable Public IP
- Easy remote access for development
- Internet access for package installations
- Simple collaboration with team members
- Direct access to web services and APIs
Recommended: Enable Public IP
- Easy remote access for development
- Internet access for package installations
- Simple collaboration with team members
- Direct access to web services and APIs
Consider Security Requirements
- Enable with proper firewall configuration
- Use load balancers for web applications
- Implement monitoring and logging
- Regular security audits
Consider Private Networking
- Disable public IP for maximum security
- Use VPN or bastion hosts for access
- Implement network segmentation
- Enhanced compliance for sensitive data
Security Rules Configuration
Configure firewall rules through the integrated interface to protect your virtual machine.
Firewall Integration
Access Security Rules
Security rules are configured during VM deployment or through the security management interface
Define Rule Types
Add rules for specific protocols:
- TCP: Web services, databases, custom applications
- UDP: DNS, video streaming, custom protocols
- ICMP: Ping, network diagnostics
Configure Access
Define allowed sources and destinations:
- IP Ranges: Specific networks or addresses in CIDR notation
- Port Restrictions: Specific ports or port ranges
- Direction: Ingress (incoming) or Egress (outgoing) traffic
Apply Rules
Rules are applied automatically after VM becomes active:
- Real-time rule validation
- Automatic conflict detection
- Progressive rule application
Common Security Rule Examples
SSH Access
SSH Access
Secure Remote Access
- Protocol: TCP
- Port: 22
- Source: Your IP address or trusted network
- Direction: Ingress
Web Services
Web Services
HTTP/HTTPS Traffic
- Protocol: TCP
- Ports: 80 (HTTP), 443 (HTTPS)
- Source: 0.0.0.0/0 (public access)
- Direction: Ingress
Custom Applications
Custom Applications
Application-Specific Ports
- Protocol: TCP/UDP (as required)
- Port: Application-specific port
- Source: Trusted networks only
- Direction: Ingress/Egress as needed
Database Access
Database Access
Database Connectivity
- Protocol: TCP
- Ports: 3306 (MySQL), 5432 (PostgreSQL), etc.
- Source: Application servers only
- Direction: Ingress
Security Rule Best Practices
Principle of Least Privilege
Minimize Access
- Only open ports that are actively needed
- Restrict source IP ranges to minimum required
- Regularly audit and remove unnecessary rules
- Use specific ports instead of ranges when possible
Defense in Depth
Multiple Security Layers
- Combine firewall rules with application security
- Use both network and host-based firewalls
- Implement monitoring and intrusion detection
- Regular security assessments and updates
Security rules may take up to 10 minutes to be fully applied after VM deployment. During this time, your VM may appear to have limited connectivity.
Jupyter Notebook Configuration
Optionally enable Jupyter Notebook server for interactive computing and data science workflows.
Jupyter Setup Process
Enable Jupyter
Toggle the Jupyter Notebook option during VM configuration
Set Password
Configure a secure password for Jupyter access:
- Minimum 8 characters required
- Password strength validation (weak/medium/strong)
- Strong passwords recommended for security
Access Jupyter
After VM deployment, access via browser:
Login
Use the configured password to access the Jupyter interface
Password Requirements
Basic Security
- At least 8 characters
- No common dictionary words
- Not easily guessable
Basic Security
- At least 8 characters
- No common dictionary words
- Not easily guessable
Recommended Security
- 12+ characters
- Mix of uppercase and lowercase letters
- Include numbers and special characters
- Avoid personal information
Real-time Validation
- Weak: Basic requirements met but not secure
- Medium: Good combination of character types
- Strong: Excellent security with complex pattern
Jupyter Security Considerations
Jupyter Security:
- Jupyter will be accessible from any IP that can reach your VM
- Use strong passwords to prevent unauthorized access
- Consider restricting access through firewall rules
- Keep Jupyter updated for security patches
- Monitor access logs for suspicious activity
Jupyter Use Cases
Data Science Development
Data Science Development
Interactive Data Analysis
- Exploratory data analysis
- Machine learning model development
- Data visualization and reporting
- Collaborative research environments
Educational Environments
Educational Environments
Learning and Teaching
- Interactive programming tutorials
- Data science course materials
- Student assignment environments
- Demonstration and presentation tools
Prototyping and Experimentation
Prototyping and Experimentation
Rapid Development
- Quick algorithm prototyping
- Model experimentation and testing
- Documentation and reporting
- Sharing reproducible results
Cloud-Init Script Configuration
Add custom initialization scripts to configure your VM environment at first boot.
Cloud-Init Overview
Automatic Configuration
System Initialization
- Runs during first boot process
- Configures system before user access
- Automates software installation
- Sets up custom environments
Script Flexibility
Custom Scripting
- Bash shell scripts supported
- Package installation commands
- Configuration file modifications
- Service setup and management
Cloud-Init Script Limitations
Script Constraints:
- Maximum script size: 16KB
- Input validation and sanitization applied
- Scripts run with root privileges
- Execution time limits apply
- Network access may be limited during early boot
Common Cloud-Init Examples
Install Additional Software
Install Additional Software
Configure System Settings
Create Users and Configure Access
Install and Configure Applications
Cloud-Init Best Practices
Script Reliability
Script Reliability
Error Handling and Logging
Resource Management
Resource Management
Efficient Resource Usage
- Keep scripts under 16KB limit
- Minimize network downloads during init
- Use package managers when possible
- Consider script execution time
- Test scripts on similar systems first
Security Considerations
Security Considerations
Secure Script Practices
- Validate input sources
- Use official package repositories
- Avoid hardcoded credentials
- Implement proper error handling
- Log activities for troubleshooting
Testing and Validation
Testing and Validation
Script Testing
- Test scripts on development VMs first
- Validate script syntax before deployment
- Test with different OS images
- Monitor script execution logs
- Have rollback procedures ready
Cloud-Init Troubleshooting
Check Execution Logs
View cloud-init logs on the VM:
Verify Script Status
Check cloud-init status:
Manual Script Testing
Test script components manually:
Debug and Iterate
- Fix identified issues
- Test updated script on new VM
- Document working configurations
- Share successful scripts with team
Advanced Configuration Integration
Configuration Workflow
Plan Configuration
- Determine public IP requirements
- Design security rule strategy
- Plan application requirements (Jupyter, etc.)
- Prepare cloud-init scripts
Configure During Deployment
- Set public IP preferences
- Configure initial security rules
- Enable and configure Jupyter if needed
- Add cloud-init script
Validate Configuration
- Test connectivity and access
- Verify security rules are working
- Check application functionality
- Monitor cloud-init script execution
Refine and Optimize
- Adjust security rules as needed
- Optimize cloud-init scripts
- Document working configurations
- Plan for configuration updates
Configuration Templates
Create reusable configuration templates for common deployment scenarios:
Development VM Configuration
- Public IP: Enabled
- Security Rules: SSH (22), Jupyter (8888), Custom app ports
- Jupyter: Enabled with strong password
- Cloud-Init: Development tools installation
Development VM Configuration
- Public IP: Enabled
- Security Rules: SSH (22), Jupyter (8888), Custom app ports
- Jupyter: Enabled with strong password
- Cloud-Init: Development tools installation
Production Web Configuration
- Public IP: Enabled
- Security Rules: SSH (22), HTTP (80), HTTPS (443)
- Jupyter: Disabled
- Cloud-Init: Web server setup and hardening
High-Security Configuration
- Public IP: Disabled
- Security Rules: Minimal, VPN access only
- Jupyter: Disabled
- Cloud-Init: Security hardening and monitoring
Start with basic configurations and gradually add complexity. Test each configuration component separately before combining them in production deployments.