Getting Started
Requesting Your Virtual Machine (VM)
To request a VM, please complete the Research Virtual Machine Request Form.
Assessment/Limited Resources
- Contributing research groups will be allocated VMs equivalent to contributed funds.
- Free-at-the-point-of-use resources for this service are very limited: for those groups which have not contributed, there may be sufficient capacity to offer a low-specification VM at no charge. The amount of resource available is dependent on the allocations made to contributing groups and the resources requested (including length of time for which you wish to run the VM).
- An assessment will be made of each request for a VM to ensure that there is not an existing service (e.g, Web farm) which can fulfil the requirements.
Available Operating Systems. Installing your VM.
- Our preferred standard image as of November 2022, is Ubuntu 20.04.
- Otherwise, a member of IT Staff may be able to install another Linux distribution/image for you – please ask for details.
- A MS Windows installation may be available – please ask for details.
- For licensing reasons, OS-X is not available.
Who administers the VM? Can I have root/admin access?
See Responsibilities of the VM Owner and VM Administrator.
How do I access my VM once it is installed?
Access to the VM is via SSH (Linux) or RDP (MS Windows). Account details will be supplied.
VM Firewall
As supplied, the VM image will have a strong firewall implemented. SSH access will be possible only from a small number of agreed IP addresses, which should be those used by the nominated system administrator(s). The system administrator can customise the firewall to allow access on ports required for the intended service, e.g., port 80 for HTTP.
It is very strongly recommended that a strong firewall is maintained.
Logging in for the First Time
If your VM is installed by us with the standard image, it will not be possible to login directly as root; you must login by using your IT Services username and password.
As indicated in the previous section, you will be able to login only from the IP address(es) agreed.
Securing your VM
The nominated VM Administrator is required to ensure that your VM is patched in a timely manner and is secured, by means of a firewall and any other appropriate measures. It is strongly recommended that you restrict who can login to your VM by using the AllowUsers field in your SSH daemon configuration. For example, setting
AllowUsers mabcpqr2 mxyzmno2
in /etc/ssh/sshd_config and restarting the SSH daemon will restrict access to the two usernames. There may be additional usernames already in the list so that members of Research IT can access the VM. The above example relies on the VM’s firewall controlling where access is permitted from – the AllocUsers controls who can log in.
If your firewall is not very restrictive (not recommended) then you can restricted where users can log in from via the AllowUsers line. For example:
AllowUsers mabcpqr2@130.88.0.0/16 mabcpqr2@10.99.0.0/16 mxyzmno2@130.88.0.0/16 mxyzmno2@10.99.0.0/16
in /etc/ssh/sshd_config and restarting the SSH daemon will allow only those two users to login via SSH, and only from on campus. But it is better to restrict where logins are permitted from using the firewall and use only usernames in the AllowUsers line.
Research IT VM access
Research IT have an account on your VM which we can use to access the VM if required and you should not remove this account. If we are unable to access the VM due to our account being removed, we reserve the right to terminate your VM. We may use this account for essential platform maintenance, for example updating vulnerability scanning tools. Note that your nominated VM administrator remains responsible for security and maintenance.
Getting a DNS entry for your VM
To obtain an appropriate DNS alias for your VM (e.g., myservice.domain.manchester.ac.uk), please contact the IT Support Centre