To request a VM, please complete the Research Virtual Machine Request Form<\/a>.<\/p>\n See Responsibilities of the VM Owner and VM Administrator<\/a>.<\/p>\n Access to the VM is via<\/em> SSH (Linux) or RDP (MS Windows). Account details will be supplied.<\/p>\n As supplied, the VM image will have a strong firewall implemented. SSH access will be possible only from a small number of agreed IP addresses, which should be those used by the nominated system administrator(s). The system administrator can customise the firewall to allow access on ports required for the intended service, e.g., port 80 for HTTP.<\/p>\n It is very strongly recommended that a strong firewall is maintained.<\/em><\/p>\n If your VM is installed by us with the standard image, it will not be possible to login directly as root<\/tt>; you must login by using your IT Services username and password.<\/p>\n As indicated in the previous section, you will be able to login only from the IP address(es) agreed.<\/p>\n The nominated VM Administrator is required to ensure that your VM is patched in a timely manner and is secured, by means of a firewall and any other appropriate measures. It is strongly recommended that you restrict who<\/em> can login to your VM by using the in If your firewall is not very restrictive (not recommended) then you can restricted where users can log in from via the in Research IT have an account on your VM which we can use to access the VM if required and you should not remove this account. If we are unable to access the VM due to our account being removed, we reserve the right to terminate your VM. We may use this account for essential platform maintenance, for example updating vulnerability scanning tools. Note that your nominated VM administrator remains responsible for security and maintenance.<\/p>\n","protected":false},"excerpt":{"rendered":" Requesting Your Virtual Machine (VM) To request a VM, please complete the Research Virtual Machine Request Form. Assessment\/Limited Resources Contributing research groups will be allocated VMs equivalent to contributed funds. Free-at-the-point-of-use resources for this service are very limited: for those groups which have not contributed, there may be sufficient capacity to offer a low-specification VM at no charge. The amount of resource available is dependent on the allocations made to contributing groups and the resources.. Read more »<\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"parent":0,"menu_order":0,"comment_status":"closed","ping_status":"closed","template":"","meta":{"footnotes":""},"class_list":["post-11","page","type-page","status-publish","hentry"],"_links":{"self":[{"href":"https:\/\/ri.itservices.manchester.ac.uk\/rvms\/wp-json\/wp\/v2\/pages\/11","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/ri.itservices.manchester.ac.uk\/rvms\/wp-json\/wp\/v2\/pages"}],"about":[{"href":"https:\/\/ri.itservices.manchester.ac.uk\/rvms\/wp-json\/wp\/v2\/types\/page"}],"author":[{"embeddable":true,"href":"https:\/\/ri.itservices.manchester.ac.uk\/rvms\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/ri.itservices.manchester.ac.uk\/rvms\/wp-json\/wp\/v2\/comments?post=11"}],"version-history":[{"count":21,"href":"https:\/\/ri.itservices.manchester.ac.uk\/rvms\/wp-json\/wp\/v2\/pages\/11\/revisions"}],"predecessor-version":[{"id":2366,"href":"https:\/\/ri.itservices.manchester.ac.uk\/rvms\/wp-json\/wp\/v2\/pages\/11\/revisions\/2366"}],"wp:attachment":[{"href":"https:\/\/ri.itservices.manchester.ac.uk\/rvms\/wp-json\/wp\/v2\/media?parent=11"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}Assessment\/Limited Resources<\/h2>\n
\n
Available Operating Systems. Installing your VM.<\/h2>\n
\n
Who administers the VM? Can I have root\/admin access?<\/h2>\n
How do I access my VM once it is installed?<\/h2>\n
VM Firewall<\/h2>\n
Logging in for the First Time<\/h2>\n
Securing your VM<\/h2>\n
AllowUsers<\/code> field in your SSH daemon configuration. For example, setting<\/p>\nAllowUsers mabcpqr2 mxyzmno2 \r\n<\/pre>\n
\/etc\/ssh\/sshd_config<\/code> and restarting the SSH daemon<\/em> will restrict access to the two usernames. There may be additional usernames already in the list so that members of Research IT can access the VM. The above example relies on the VM’s firewall controlling where<\/em> access is permitted from – the AllocUsers<\/code> controls who<\/em> can log in.<\/p>\nAllowUsers<\/code> line. For example:<\/p>\nAllowUsers mabcpqr2@130.88.0.0\/16 mabcpqr2@10.99.0.0\/16 mxyzmno2@130.88.0.0\/16 mxyzmno2@10.99.0.0\/16\r\n<\/pre>\n
\/etc\/ssh\/sshd_config<\/code> and restarting the SSH daemon<\/em> will allow only those two users to login via SSH, and only from on campus. But it is better to restrict where<\/em> logins are permitted from using the firewall and use only usernames in the AllowUsers<\/code> line.<\/p>\nResearch IT VM access<\/h2>\n