Virtual Machines Overview

This page describes the process for setting up and accessing your virtual machines.

Setting up a VM

RCC Staff will deploy and configure your virtual machine(s). Once your VM is deployed, a staff member will provide the IP address or DNS name of your server.

All VMs we setup run CentOS v7.1.

Connecting to your VM

Use SSH to connect to your VM. For example:

ssh [YOUR-RCC-ACCOUNT]@sky-yourgroup-vm1.rcc.fsu.edu

Keep in mind that you must be either on-campus or connected to the FSU VPN to access your VM via SSH. This is a security measure. Once you are connected, you can run administrative commands using sudo. If you wish to become root, so that you can run administrative commands, you can run:

sudo su

Adding Custom DNS Names

When we setup your VM, we give it a DNS "A" record name using the pattern "sky-[YOUR-GROUP]-vm#", where [YOUR-GROUP] is the name of your research group, and # is an auto-incrementing integer.

If you are running a website or exposing another service and would like a vanity domain name, you are free to purchase one from a domain vendor or submit a ticket with ITS to get an .fsu.edu domain name. Simply use the IP address of the VM for your "A" record.

Firewall and Opening TCP/UDP Ports

VMs are protected by two security layers. We lock down all TCP/UDP ports on the network except those listed below. In addition, all VMs run the firewalld service by default.

By default, the following ports are open:

TCP Port Network Server (firewalld)
22 (SSH) Open to campus & VPN Open
80 (HTTP) Open to everywhere Closed
443 (HTTPS) Open to everywhere Closed

If you are running a web server, you will need to open ports 80 and 443 in firewalld. You can do so by running the following commands:

sudo firewall-cmd --zone=public --add-port=80/tcp --permanent
sudo firewall-cmd --zone=public --add-port=443/tcp --permanent
sudo firewall-cmd --reload

If you wish to open any other ports, you will need to do the following:

  1. Submit a support request to RCC Staff requesting the port be opened on our switches. Include which networks you wish to enable access for (or enable access from everywhere).
  2. Run the above firewall-cmd to open the ports in firewalld.

Keep in mind that every port opened to your server represents a potential security vulnerability, and that you should aim to keep as few ports as possible open on your server.

RCC Automated Management of VMs

We do three things to every VM that we deploy. If you change or disable any of these services, it may affect our ability to login to your system and provide assistance:

  1. We install a tool called Puppet and run the puppet daemon on the server by default. This allows us to login to your server if we ever need to. If you disable the Puppet daemon, we may not be able to gain access.
  2. We install a tool called sssd and run the sssd daemon on the server by default. This allows you to login to your VM using your RCC account. It also allows you to delegate access to other RCC accounts. If you turn this service off, only local accounts will work.
  3. We install a public RSA key in /root/.ssh/authorized_keys. This allows us to login to the system administratively if we ever need to.

Since you have administrative access to your VM, you can disable or uninstall any of these items. Please be aware that doing so will affect our ability to provide support.

For more information about your VM, please refer to our Managing your VM documentation.