<languages />
<translate>

<!--T:135-->
<i>Parent page: [[Cloud]]</i>

==Before you start== <!--T:48-->
#<b>Have a cloud project</b> <br> <b>You cannot access a cloud without first having a cloud project.</b> If you don't already have a [[Managing_your_cloud_resources_with_OpenStack#Projects|cloud project]], see [[Cloud#Getting_a_cloud_project|Getting a cloud project]]. Once a cloud project is associated with your account, you will receive a confirmation email which will have important details you will need to access your project and get started with the cloud. Make sure you have this confirmation email ready. 
#<b>Have a compatible browser</b> <br> The web interface for accessing your cloud project works well with both the [https://www.mozilla.org/en-US/firefox/new/ Firefox] and [https://www.google.com/chrome/ Chrome] web browsers. Other browsers may also work, however some have shown the error message <code>Danger: There was an error submitting the form. Please try again.</code> which suggests that your browser is not supported by our system. This error message was noticed with certain versions of the Safari web browser on Macs; upgrading Safari may help, but we recommend that you use [https://www.mozilla.org/en-US/firefox/new/ Firefox] or [https://www.google.com/chrome/ Chrome]. If you are still having issues, email [[technical support]].

==Creating your first virtual machine== <!--T:26-->
Your project will allow you to create virtual machines (also referred to as <i>instances</i> or <i>VMs</i>) stored on the cloud, which you can access from your personal computer using our web interface.

<!--T:49-->
# <b>Log in to the cloud interface to access your project</b> <br> The confirmation email you received includes a link to the cloud interface your project is associated with. Click on this link to open your project in your default web browser. If your default web browser is not compatible, open a compatible web browser and copy and paste the link address into the browser. If you know the name of your associated cloud, but don't have the login URL see [[Cloud#Cloud_systems|using the cloud]] for the list of cloud interface URLs at which you can log in. Use your username (not your email address) and password to log in.
#<b>Check your OpenStack dashboard</b> <br> After logging on to the cloud interface (the platform is called <i>OpenStack</i>) you will see a dashboard that shows an overview of all the resources available in your project. If you want to know more about navigating and understanding your OpenStack dashboard read the official [https://docs.openstack.org/horizon/latest/user/index.html OpenStack documentation].

<!--T:31-->
Below there are instructions on starting a Windows VM or a Linux VM, depending on which tab you select. <b>Remember this is the operating system for the virtual machine or <i>instance</i> you are creating, not the operating system of the physical computer you are using to connect</b>. It should be clear from your project pre-planning whether you will be using Linux or Windows for your VM operating system, but if you are unsure please email [[technical support]].

<!--T:36-->
<!--TODO: need to sort out how to move over the translations for Linux (I left the translation units intact) and Windows (had to remove because they had duplicate numbers).
The below links are left in as comments so that those pages can easily be referenced, but once the moving over of translations is complete they could be removed/redirected here.-->
<!--To create a VM see instructions for creating a [[Creating a Linux VM|Linux]] or [[Creating a Windows VM| Windows]] VM.-->

<!--T:136-->
<tabs>
<tab name="Linux">

<!--T:137-->
__TOC__

===SSH key pair=== <!--T:3-->

<!--T:4-->
When you create a virtual machine, password authentication is disabled for security reasons.

<!--T:133-->
Instead, OpenStack creates your VM with one SSH (Secure Shell) public key installed, and you can only log in using this SSH key pair. If you have used SSH keys before, the SSH public key can come from a key pair which you have already created on some other machine. In this case follow the instructions below for <b>Importing an existing key pair</b>. If you have not used SSH key pairs before or don't currently have a pair you want to use, you will need to create a key pair. If you are using a windows machine see the [[Generating SSH keys in Windows/en|Generating SSH keys in Windows]] page, otherwise follow the [[Using SSH keys in Linux|Linux/Mac instructions]].  For more information on creating and managing your key pairs see the [[SSH Keys/en|SSH Keys]] page in our wiki.
[[File:Import key pair 3.png|500px|thumb|Importing an existing key pair (Click for larger image)]]

====Importing an existing key pair==== <!--T:6-->

<!--T:134-->
#On the OpenStack left menu, select <i>Compute->Key Pairs</i>.
#Click on the <i>Import Public Key</i> button; the <i>Import Public Key</i> window is displayed.
#Name your key pair.
#Paste your public key (only RSA type SSH keys are currently supported). <br/>Ensure your pasted public key contains no newline or space characters.
#Click on the <i>Import Public Key</i> button.
<b>It is not advised to create key pairs in OpenStack because they are not created with a passphrase which creates security issues</b>
<br /><br /><br /><br /><br /><br />

===Launching a VM=== <!--T:9-->
To create a virtual machine, select <i>Compute->Instances</i> on the left menu, then click on the <i>Launch Instance</i> button.

<!--T:10-->
A form is displayed where you define your virtual machine. If you have a plan for the exact specifications your VM needs through your pre-planning, feel free to use those specifications. Otherwise, you can follow along with this example for a fairly generic easy way to use Linux VM.
The <i>Launch Instance</i> window has the following options:

<!--T:132-->
#<i>Details</i>
#*<i>Instance Name:</i> Enter a name for your virtual machine. Do not include spaces or special characters in your instance name. For more details on naming rules see [https://en.wikipedia.org/wiki/Hostname restrictions on valid host names].
#*<i>Description:</i> This field is optional.
#*<i>Availability Zone:</i> The default is <i>Any Availability Zone</i>; do not change this.   
#*<i>Count:</i> This indicates the number of virtual machines to create. Unless you have specifically planned for multiple machines leave this set at 1.[[File:Source tab.png|500px|thumb]]<br /><br /><br /><br /><br /><br /><br /><br /><br /><br /><br />
#<i>Source</i>
#*<i>Select Boot Source:</i> Because it's your first VM, select <i>Image</i> as the boot source. For information about other options see [[Working_with_volumes#Booting_from_a_volume|Booting from a volume]].
#*<i>Create New Volume:</i> Click <i>Yes</i>; your VM's data will be stored in the cloud volume (or persistent storage). For more information on volume usage and management see [[Working_with_volumes|Working with volumes]].
#*:<i>Volume Size (GB):</i> If you have a pre-planned volume size use that, otherwise 30 GB is reasonable for the operating system and some modest data needs. For more information on volume usage and management see [[Working_with_volumes|Working with volumes]].
#*:<i>Delete Volume on Instance Delete:</i> Click on <i>No</i> to help prevent your volume from being deleted accidentally; however, if you are confident you always want your volume deleted when your instance is deleted, click on <i>Yes</i>.
#*<i>Allocated</i> and <i>Available</i> lists: The list at the bottom of the window shows the available images your VM can boot. For a beginner on Linux, we recommend the most recent <b>Ubuntu</b> image, but if you prefer you can choose any one of the other Linux operating systems. To select an image click on the upwards pointing arrow on the far right of the row containing your desired image. That row should now show up in the <i>Allocated</i> list above. <b>It is important for later to remember which image you chose</b> (ex. Ubuntu, Fedora, etc.).[[File:Flavor tab.png|500px|thumb]] <br /><br /><br /><br /><br /><br /><br /><br /><br /><br />
#<i>Flavor</i> 
#*<i>Allocated</i> and <i>Available</i> lists: The flavor determines what type of hardware is used for your VM, which determines how much memory and processing capabilities it has. The <i>Available</i> list shows all the flavors available for your chosen boot image. Click on the > icon at the far left of a row to see how that particular flavor matches up with what you have been allocated for your project. If there is an alert icon on one of the specifications, that means that your project doesn't have enough of that resource to support that flavor. Choose a flavor that your project can support (i.e. doesn't issue an alert)  and click on the upwards arrow on the far right of that row. That flavor should now show up in the <i>Allocated</i> list. For more details, see [[Virtual machine flavors]]. <br /><br /><br /><br /><br /><br /><br /><br />
#<i>Networks:</i> Do not change this unless required. On Arbutus, select your project network by default (usually starting with <i>def-project-name</i>).[[File:Security groups.png|500px|thumb]]
#<i>Network Ports:</i>  Do not change this now. <br /><br /><br /><br /><br />
#<i>Security Groups:</i>  The default security group should be in the <i>Allocated</i> list. If it is not, move it from <i>Available</i> to <i>Allocated</i> using the upwards arrow located on the far right of the group's row. For more information see [[Managing_your_cloud_resources_with_OpenStack#Security_Groups|Security Groups]].[[File:Key pair tab.png|500px|thumb]]<br /><br /><br /><br /><br /><br /><br /><br /><br /><br /><br /><br /><br /><br /><br /><br />
#<i>Key Pair:</i> From the <i>Available</i> list, select the SSH key pair you created earlier  by clicking the upwards arrow on the far right of its row. If you do not have a key pair, you can create or import one from this window using the buttons at the top of the window (please [[#SSH key pair | see above]]). For more detailed information on managing and using key pairs see [[SSH_Keys|SSH Keys]].<br /><br />
#<i>Configuration:</i>  Do not change this now. For more information on customization scripts see [[Automating VM creation#Using_CloudInit|Using CloudInit]].
#<i>Server Groups:</i>  Do not change this now. 
#<i>Scheduler Hints:</i>  Do not change this now.
#<i>Metadata:</i> Do not change this now.<br /><br />
Once you have reviewed all the options and defined your virtual machine, click on the <i>Launch Instance</i> button and your virtual machine will be created. The list of instances will be displayed and the <i>Task</i>' field will show the current task for the VM; it will likely be <i>Spawning</i> initially. Once the VM has spawned, it will have the power state of <i>Running</i>; this may take a few minutes.

===Network settings=== <!--T:13-->
[[File:Manage-Floating-IP-Associations-Form.png|400px|thumb| Manage Floating IP (Click for larger image)]]
[[File:Add-Rule-Form.png|400px|thumb| Add Rule (Click for larger image)]]
On the <i>Instances</i> page is a list of VMs with their IP address(es) displayed in the <i>IP Address</i> column. Each VM will have at least one private IP address, but some may also have a second public IP assigned to it. When your OpenStack project is created, a local network is also created for you. This local network is used to connect VMs to each other and to an internet gateway within that project, allowing them to communicate with each other and the outside world. The private IP address provides inter VM networking but does not allow for connection to the outside world. Any VM created in your project will have a private IP address assigned to it from this network of the form <code>192.168.X.Y</code>. Public IPs allow outside services and tools to initiate contact with your VM, such as allowing you to connect to your VM via your personal computer to perform administrative tasks or serve up web content. Public IPs can also be pointed to by domain names.

<!--T:16-->
#Assign a public IP address
#*Ensure you are still viewing the instances list where you were redirected as your VM launched. If you need to use the navigation panel, select options <i>Compute->Instances</i> on the OpenStack menu.
#*Click on the drop-down arrow menu (indicated by &#x25BC;) on the far right of the row for your VM and select <i>Associate Floating IP</i>, then in the <i>Allocate Floating IP</i> window, click on the <i>Allocate IP</i> button. If this is your first time associating a floating IP, you need to click on the “+” sign in the <i>Manage Floating IP Associations</i> dialog box. If you need to allocate a public IP address for this VM again in the future, you can select one from the list by clicking the &#x25BC; in the <i>IP Address</i> field.
#*Click on the <i>Associate</i> button.
#*You should now have two IP addresses in your IP address column. One will be of the form <code>192.168.X.Y</code>, the other is your public IP. You can also find a list of your public IP addresses and their associated projects by going to <i>Network->Floating IPs</i>. You will need your public IP when you are trying to connect to your VM.
#Configure the firewall
#*On the OpenStack left menu, select <i>Network->Security Groups</i>.
#*On the group row named <i>default</i>, click on the </i>Manage Rules</i> button on the far right.
#*On the next screen, click on the <i>+Add Rule</i> button near the top right corner.
#*In the <i>Rule</i> drop-down menu, select <i>SSH</i>.
#* The <i>Remote</i> text box should automatically have <i>CIDR</i> in it; do not change this.
#*In the <i>CIDR</i> text box, replace <code>0.0.0.0/0</code> with <code>your-ip/32</code>. Note that this is the IP address of the physical computer you are wanting to use to connect to your VM. If you don't know your current IP address, you can see it by going to [http://ipv4.icanhazip.com ipv4.icanhazip.com] in your browser. If you want to access your VM from other IPs, you can add more rules with different IP addresses. If you want to specify a range of IP addresses use [https://www.ipaddressguide.com/cidr this tool] to calculate your CIDR rule for a range of IP addresses.
#*Finally, click on the <i>Add</i> button. Now the rule you just created should show up on the list in security groups.
#Important notes
#*<b>Do not remove the default security rules</b> as this will affect the ability of your VM to function properly (see [[Managing_your_cloud_resources_with_OpenStack#Security_Groups|Security Groups]]).
#*<b>Security rules cannot be edited</b>, they can only be deleted and re-added. If you make a mistake when creating a security group rule, you need to delete it using the <i>Delete Rule</i> button on the far left of the row for that rule in the security groups screen, and then re-add it correctly from scratch using the <i>+Add Rule</i> button.
#*If you change your network location (and therefore your IP address) then you need to add the security rule described in this section for that new IP address. Remember that when you change your physical location (example working on campus vs working from home) you are changing your network location.
#*If you do not have a static IP address for the network you are using, remember that it can sometimes change, so if you can no longer connect to your VM after a period of time sometimes it's worth checking to see if your IP address has changed. You can do this by putting [http://ipv4.icanhazip.com ipv4.icanhazip.com] in your browser and seeing if it matches what you have in your security rule. If your IP address changes frequently, but the left most numbers always stay the same, it could make more sense to add a range of IP addresses rather than frequently modifying your security rules. Use [https://www.ipaddressguide.com/cidr this tool] for determining a CIDR IP range from an IP range or learn more about CIDR notation [https://en.wikipedia.org/wiki/Classless_Inter-Domain_Routing#CIDR_notation here].
#*It can be helpful to add a description about what a security rule is for (e.g. home or office). That way you will know which rule is no longer needed if you want to add a new rule while connecting, for example, from home.

===Connecting to your VM with SSH=== <!--T:19-->
In the first step of this quick guide you saved a private key to your computer. Make sure you remember where you saved it because you will need it to connect to your VM. You will also need to remember which type of image you used (Ubuntu, Fedora, etc.) and which public IP address is associated with your VM.

===Connecting from a Linux or Mac machine=== <!--T:20-->
If the computer you are using to connect to your VM has a Linux or Mac operating system, use the following instructions to connect to your VM. Otherwise skip down to the next section to connect with a Windows computer.</br></br>
Open a terminal and input the following command:
{{Command| ssh -i /path/where/your/private/key/is/my_key.key <user name>@<public IP of your server>}}
where <code><user name></code> is the name of the user connecting and <code><public IP of your VM></code> is the public IP you associated with your VM in the previous step. The default user name depends on the image.
{| class="wikitable"
!Image distribution name
!<code><user name></code>
|-
|Debian
|debian
|-
|Ubuntu
|ubuntu
|-
|CentOS
|centos
|-
|Fedora
|fedora
|-
|AlmaLinux
|almalinux
|-
|Rocky
|rocky
|}
These default users have full sudo privileges. Connecting directly to the root account via SSH is disabled.

===Connecting from a Windows machine=== <!--T:22-->
[[File:MobaXterm basic.png|400px|thumb| Creating an SSH session (Click for larger image)]]
If you want to use a Windows computer to connect to your VM, you will need to have an interface application to handle the SSH connection. We recommend <b>MobaXTerm</b>, and will show the instructions for connecting with MobaXTerm below. If you want to connect using PuTTY instead, see [[Connecting with PuTTY]].

<!--T:1-->
[[File:MobaXterm ssh key.png|400px|thumb| Specifying a private key (Click for larger image)]]
To download MobaXterm [http://mobaxterm.mobatek.net/ click here].
To connect to your VM using MobaXterm follow these instructions:
#Open the MobaXterm application.
#Click on <i>Sessions</i> then press <i>New session</i>. </br></br></br></br>
#Select an SSH session.
#Enter the public IP address for your VM in the <i>Remote host</i> address field.
#Ensure that the <i>Specify username</i> checkbox is checked, then enter the image type for your VM (ubuntu for example) into the username field, all lowercase.
#Click on the <i>Advanced SSH settings</i> tab, and check the <i>Use private key</i> checkbox.
#Click on the page icon in the far right of the <i>Use private key</i> field. In the pop-up dialogue box select the key pair (.pem file) that you saved to your computer at the beginning of this quick guide.  
#Then click on OK. MobaXterm will then save that session information you just entered for future connections, and also open an SSH connection to your VM. It also opens an SFTP connection which allows you to transfer files to and from your VM using drag-and-drop via the left-hand panel.
[[File:MobaXterm connected.png|400px|thumb| Connected to a remote host (Click for larger image)]] <br /><br /><br /><br /><br /><br /><br /><br /><br /><br /><br /><br /><br /><br />

==Where to go from here== <!--T:23-->
* Learn about using the [[Linux_introduction|Linux command line]] in your VM
* Learn about [[security considerations when running a VM]]
* See [[configuring a data or web server]]
* Learn more about working with [[Managing_your_cloud_resources_with_OpenStack|OpenStack]]
* [[Cloud_Technical_Glossary|Cloud Technical Glossary]]
* [[Automating VM creation]]
* [[Backing up your VM]]
* For questions about our cloud service, email [[technical support]].
</tab>
<tab name="Windows">

<!--T:138-->
__TOC__

==Request access to a Windows image== <!--T:139-->
To create a Windows VM on one of our clouds you must first request access to a Windows image by emailing [[technical support]].

<!--T:51-->
You will be provided access to a Windows Server 2012 Evaluation image and a username to use when connecting. The evaluation period is 180 days. It may be possible to apply a Windows license to a running VM created from this evaluation image, however we do not provide these licenses.

==SSH key pair== <!--T:52-->
[[File:Create-Key-Pair-Form.png|400px|thumb| Create key pair (Click for larger image)]]
Windows VMs encrypt the administrative account password with a public key. The matching private key decrypts the password. 

<!--T:53-->
We recommend creating a new key pair within the OpenStack dashboard rather than importing an existing key pair. To create a new key pairː 
#Click on ''Access & Security'' from the left menu.
#Select the ''Key Pairs'' tab.
#Click on [[File:Create-Key-Pair-Button.png]]; the ''Create Key Pair'' window is displayed.
#Give your key pair a name.
#Click ''Create Key Pair'' button. 
#Save the <key name>.pem file on your local drive.

<!--T:54-->
If you would like to use an existing key pair with your Windows VM see the [[Creating a Windows VM#Comments on key pairs|comments on key pairs]] below.

==Launching a VM== <!--T:55-->
[[File:Windows-launch-instance.png|400px|thumb| Launch Instance (Click for larger image)]]
To create a virtual machine, click on the ''Instances'' menu item on the left, then click on [[File:Launch-Instance-Button.png]]

<!--T:56-->
A form is displayed where you define your virtual machine.

<!--T:57-->
* ''Details'' tab
** ''Availability Zone'': There is only one zone; do not change its name.
** ''Instance Name'': Enter a name for your virtual machine. For details on naming rules see [https://en.wikipedia.org/wiki/Hostname restrictions on valid host names].
** ''Flavor'': The flavor defines virtual machine hardware specifications; choose the 'p2-3gb' flavor.<p>The Windows image is quite large and requires a large bootable drive. C-flavors, as described [[Virtual_machine_flavors|here]], only have root drives of 20 GB, choosing a "p" flavor allows for larger root volumes. The smallest "p" flavor has 1.5 GB of RAM and from experience this is too little to run Windows well. Choosing a slightly larger flavor, such as "p2-3gb", improves the performance of the VM.</p>
** ''Instance Count'': Number of virtual machines to create.
** ''Instance Boot Source'': What source should be used to boot the VM; choose ''Boot from Image (creates new volume)''.
** ''Image Name'': select the Windows image name you were provided.
** ''Device Size'': The size of the root drive; enter 30GB or more. <p>The final operating system occupies approximately 20 GB of space, though more is needed during setup.</p>
** ''Delete on Terminate'': If this box is checked the volume that is created with the VM will be deleted when the VM is terminated. <p>It is generally recommended not to check this box as the volume can be deleted manually if desired and allows the VM to be terminated without deleting the volume.</p>
** ''Project Limits'': The green bars reflect the fraction of your available resources that will be consumed by the VM you are about to launch. If the bars become red, the flavor chosen will consume more resources than your project has available. Blue bars indicate any existing resources your project may be using.
* ''Access & Security'' tab
** ''Key pair'': Select your SSH key pair.<p>If you have only one, it is selected by default. If you do not have a key pair, please see [[Creating_a_Windows_VM#SSH key pair|above]].
** ''Security Groups'': Ensure the ''default'' security group is checked.
* ''Networking'' tab: Do not change this now. Networking will be discussed later, after you have launched a virtual machine.</p>
* ''Post-Creation'' tab: Do not change this now.
* ''Advanced Options'' tab: Leave ''Disk Partition'' on ''Automatic'' for now.

<!--T:58-->
Once you have reviewed all the tabs and defined your virtual machine, click on the Launch button and your virtual machine will be created. The Instances list will be displayed and the Task field will show the current task for the VM; it will likely be "Block Device Mapping" initially. Once the VM has spawned and beginning to boot, it will have the Power State of "Running". It will likely take 10+ minutes to finish creating the volume and coping the image to it before beginning to boot.

==Locality settings and license agreement== <!--T:59-->
[[File:Windows-VM-Settings.png|400px|thumb| Locality Settings (Click for larger image)]]

<!--T:60-->
When the VM first boots it will not finish booting until location, language, and keyboard settings are selected and you agree to the license using the console built into the OpenStack dashboard.

<!--T:61-->
To get to the console:
# Go to ''Instances'' on the left hand menu.
# Click on the ''Instance Name'' of your Windows VM.
# Click on the ''Console'' tab to display the ''Instance Console'' and wait until you see a ''Settings'' screen as shown in the figure to the right.<br/>If you waited a significant amount of time the console screen may have gone into a screensaver mode (blank/black screen). If this is case, click on the blank/black screen so that it gains focus and if necessary press a key on your keyboard to wake it up.

<!--T:62-->
The console mouse pointer often lags behind the actual mouse pointer location. You can either try to account for the lag or use keyboard shortcuts when the console screen has focus.
* The ''tab'' key will select different fields.
* The ''up'' and ''down'' arrows will select different options. 
* Under the ''Country or region'' drop down menu, letter keys move to the top of the countries beginning with that letter.
* Finally press the ''tab'' key until the ''next'' box is selected then press the ''enter'' key.

<!--T:63-->
You will then be presented with a request to accept the terms and conditions of the license agreement. 
* Press the ''tab'' key until the ''I accept'' box is highlighted. 
* Press the ''enter'' key. 

<!--T:64-->
At this point your VM will restart. Once it finishes restarting the ''Console'' will display a sign in screen with the current (UTC) time and date.

==Network== <!--T:65-->
[[File:Manage-Floating-IP-Associations-Form.png|400px|thumb| Manage Floating IP (Click for larger image)]]
[[File:Add-Rule-Form-RDP.png|400px|thumb| Add RDP Rule (Click for larger image)]]
On the ''Instances'' page is a list VMs with their IP address(es) displayed in the ''IP Address'' column. Each VM will have at least one private IP address, but some may also have a second public IP assigned to it.

===Private IP=== <!--T:66-->
When your OpenStack project is created a local network is also created for you. This local network is used to connect VMs within that project allowing them to communicate with each other and the outside world. Their private IP address does not allow the outside world to reference that VM. Any VM created in your project will have a private IP address assigned to it from this network of the form <code>192.168.X.Y</code>.

===Public IP=== <!--T:67-->
Public IPs allow outside services and tools to initiate contact with your VM, such as allowing you to connecting to it to perform administrative tasks or serve up web content. Public IPs can also be pointed to by domain names.

<!--T:68-->
To assign a public IP to a VM, you need to select ''Associate Floating IP'' from the drop-down menu button (indicated by &#x25BC;) of the ''Actions'' column in the ''Instances'' list. If this is your first time associating a floating IP, your project hasn't been assigned an external IP address yet. You need to click on the “+” sign to bring up the ''Allocate Floating IP'' dialog box. There is only one pool of public addresses, so the correct pool will already be selected; click on the ''Allocate IP'' button.
The ''Manage Floating IP Associations'' screen is displayed again, indicating the IP address and the port (or VM) to which it will be associated (or more specifically [https://en.wikipedia.org/wiki/Network_address_translation NATted]); click on the ''Associate'' button.

===Firewall, add rules to allow RDP=== <!--T:69-->
To connect to your virtual machine using a remote desktop connection client, you will need to allow access for remote desktop protocol (RDP) to your VM.

<!--T:70-->
#On the ''Security Groups'' tab, select ''Access & Security''; on the default row, click [[File:Manage-Rules-Button.png]]
#On the next screen, click [[File:Add-Rule-Button.png]]
#RDP has a predefined rule. Select it in the '' Rules'' dropdown menu and leave ''CIDR'' under ''Remote''.
#Replace the <code>0.0.0.0/0</code> in the CIDR text box with <code><your-ip>/32</code>. <p>If you don't know your current IP address you can see it by going to [http://ipv4.icanhazip.com ipv4.icanhazip.com] in your browser. Leaving <code>0.0.0.0/0</code> will allow anyone to attempt a connection with your VM. You should never allow completely open access with RDP as your VM will be susceptible to [https://en.wikipedia.org/wiki/Brute-force_attack brute force attacks]. This replacement will restrict RDP access to your VM only from this IP. If you want to allow access from other IPs you can add additional RDP rules with different IP address or you can specify a range of IP addresses by using [https://www.ipaddressguide.com/cidr this tool] to calculate your CIDR rule from a range of IP addresses.</p><p>'''If you leave RDP open to the world by leaving the <code>0.0.0.0/0</code> in the CIDR text box, a cloud administrator may revoke access to your VM until the security rule is fixed.'''</p>
#Finally, click the ''Add'' button.

==Remote desktop connection== <!--T:71-->
[[File:Retrieve-instance-password.png|400px|thumb| Retrieving Windows instance password (Click for larger image)]]
[[File:Remote-Desktop-Connection-windows.png|400px|thumb| Remote desktop client in Windows (Click for larger image)]]
[[File:Remmina-Ubuntu.png|400px|thumb| Remmina remote desktop client in Ubuntu (Click for larger image)]]

<!--T:72-->
To connect to a Windows VM we will use a Remote Desktop Connection client. To connect to your Windows VM you need to supply a floating IP, user name, and password.

===Retrieving the password=== <!--T:73-->
Open the ''Retrieve Instance Password'' form: 
# Go to ''Instances'' on the left menu.
# In the drop down menu next the instance select ''Retrieve Password''.

<!--T:74-->
The password has been encrypted using the public key you selected when creating the VM. To decrypt the password:
# Click the ''Choose File'' button and browse to your private key file. <p>If you followed the steps above in the ssh key section, you should have a private key saved on your local computer with a ".pem" extension which matches the public key.</p>
# Select the key and click ''Open''.
# Click the ''Decrypt Password'' button at the bottom left.

<!--T:75-->
Keep this form open as we will use the password in the next step. This process can be repeated later to retrieve the password again.

===From a Windows client=== <!--T:76-->
Many Windows systems come with the remote desktop connection tool pre-installed. Try searching for "remote desktop connection" in your Windows system search. If you can not find it, you can go to [https://www.microsoft.com/en-ca/store/p/microsoft-remote-desktop/9wzdncrfj3ps the Microsoft store] and install it. It should be a free installation. 

<!--T:77-->
Once you have run the remote desktop connection tool you should see a window similar to the one displayed on the right. To connect to your Windows VM:
# Enter the public IP address next to ''Computer''. 
# Add the user name you were provided with in the ''User name'' text box. 
# Click the ''Connect'' button at the bottom. 
# Enter the password retrieved in the previous step when prompted.
# Click the ''OK'' button. 

<!--T:78-->
You will likely be presented with an alert ''The identity of the remote computer cannot be verified. Do you want to connect anyway?''. This is normal click ''Yes'' to continue. Once you connect you should see the desktop of your Windows VM displayed within the RDC window.

<!--T:79-->
'''TODO:''' The specific certificate error is "The certificate is not from a trusted certifying authority". Is seeing this alert really normal? Do we want to register the Windows image certificate with a signing authority? Could we use letsencrypt or should we just ignore this issue?

===From a Linux client=== <!--T:41-->
To connect via RDP from Linux you will need a remote desktop client. There are number of different clients out there but the [https://github.com/FreeRDP/Remmina/wiki Remmina client] appears to work well when tested with Ubuntu. The previous link provides instructions for installing it in Ubuntu, Debian, Fedora and a few other Linux operating systems. 

<!--T:80-->
Once you have installed and launched Remmina to connect to your Windows VM:
# Click on ''Create a new remote desktop file'' (file with a green '+' sign). <p>You should see a window similar to that shown on the right.</p>
# Enter the public IP of your Windows VM next to ''Server''.
# Enter the user name you were provided next to ''User name''.
# Enter the password you retrieved in the above step next to ''Password''.
# Click ''Connect''.

===From a Mac client=== <!--T:43-->

<!--T:81-->
'''TODO:''' Anyone with a Mac want to write up this section?

==License information== <!--T:45-->

<!--T:82-->
'''TODO''': need to provide information which would be helpful for users to know what path to take to get a license. Should cover things like:
* Where to go to get a license
* What kind of license do I need/what licenses will work on the cloud
* How to apply my license to my existing cloud VM
* How to apply it to a new VM (if that is different than above bullet item)

==Comments on key pairs== <!--T:47-->
There are a couple different formats for key files and you can also choose to protect your private keys with passphrases or not. In order to be able to decrypt the Windows VM password your private key must be in OpenSSH format and not have a passphrase. If you created your key pair with OpenStack and downloaded the <code>.pem</code> key file it will already be in the correct format. If you used the [[Using_SSH_keys_in_Linux|<code>ssh-keygen</code> command]] to create your key pair and didn't specify a passphrase it will also likely be in the correct format. For more general information about key pairs see the [[SSH Keys]] page.
 
An example of an acceptable private key in the OpenSSH format without a passphrase:

<!--T:83-->
-----BEGIN RSA PRIVATE KEY-----
 MIIEowIBAAKCAQEAvMP5ziiOw9b5XMZUphATDZdnbFPCT0TKZwOI9qRNBJmfeLfe
 ...
 DrzXjRpzmTb4D1+wTG1u7ucpY04Q3KHmX11YJxXcykq4l5jRZTKj
 -----END RSA PRIVATE KEY-----

<!--T:84-->
The <code>...</code> in the middle indicates multiple lines of characters similar to those above and below it.
Below are two examples of private keys which will not work with OpenStack with Windows VMs

<!--T:85-->
OpenSSH format with a passphrase:

<!--T:86-->
-----BEGIN RSA PRIVATE KEY-----
 Proc-Type: 4,ENCRYPTED
 DEK-Info: DES-EDE3-CBC,CA51DBE454ACC89A
 
 0oXD+6j5aiWIwrNMiGYDqoD0OqlURfKeQhy//FwHuyuithOSI8uwjSUqV9BM9vi1
 ...
 8XaBb/ALqh8zLQOXEUuTstlMWXnhzBWLvu7tob0QN7pI16g3CXuOag==
 -----END RSA PRIVATE KEY-----

<!--T:87-->
ssh.com format without a passphrase

<!--T:88-->
---- BEGIN SSH2 ENCRYPTED PRIVATE KEY ----
 Comment: "rsa-key-20171130"
 P2/56wAAA+wAAAA3aWYtbW9kbntzaWdue3JzYS1wa2NzMS1zaGExfSxlbmNyeXB0e3JzYS
 ...
 QJX/qgGp0=
 ---- END SSH2 ENCRYPTED PRIVATE KEY ----

==Where to go from here== <!--T:89-->
* learn about [[security considerations when running a VM]]
* learn about [[Creating a Linux VM|creating a Linux VM]]
* learn more about working with [[Managing_your_cloud_resources_with_OpenStack|OpenStack]]
* [[Cloud_Technical_Glossary|Cloud Technical Glossary]]
* [[automating VM creation]]
* [[backing up your VM]]
* For questions about our cloud service, email [[technical support]].
</tab>
</tabs>

<!--T:35-->
[[Category:Cloud]]
</translate>