To remotely access a machine that Cloud Assembly has deployed, you add properties, before deployment, to the cloud template for that machine.

For remote access, you can configure one of the following authentication options.

Note: In cases where keys need to be copied, you might also create a cloudConfig section in the cloud template, to automatically copy the keys upon provisioning. The specifics aren't documented here, but Machine initialization in Cloud Assembly provides general information about cloudConfig.

Generate a key pair at provisioning time

If you don't have your own public-private key pair for remote access authentication, you can have Cloud Assembly generate a key pair.

Use the following code as a guideline.

  1. In Cloud Assembly, before provisioning, add remoteAccess properties to the cloud template as shown in the example.

    The username is optional. If you omit it, the system generates a random ID as the username.

    Example:

    type: Cloud.Machine
    properties:
      name: our-vm2
      image: Linux18
      flavor: small
      remoteAccess:
        authentication: generatedPublicPrivatekey
        username: testuser
    
  2. In Cloud Assembly, provision the machine from its cloud template, and bring it to a started-up state.

    The provisioning process generates the keys.

  3. Locate the key name in the Resources > Deployments > Topology properties.
  4. Use the cloud provider interface, such as the vSphere client, to access the provisioned machine command line.
  5. Grant read permission to the private key.

    chmod 600 key-name

  6. Go to the Cloud Assembly deployment, select the machine, and click Actions > Get Private Key.
  7. Copy the private key file to your local machine.

    A typical local file path is /home/username/.ssh/key-name.

  8. Open a remote SSH session, and connect to the provisioned machine.

    ssh -i key-name user-name@machine-ip

Supply your own public-private key pair

Many enterprises create and distribute their own public-private key pairs for authentication.

Use the following code as a guideline.

  1. In your local environment, obtain or generate your public-private key pair.

    For now, just generate and save the keys locally.

  2. In Cloud Assembly, before provisioning, add remoteAccess properties to the cloud template as shown in the example.

    The sshKey includes the long alphanumeric found within the public key file key-name.pub.

    The username is optional and gets created for you to log in with. If you omit it, the system generates a random ID as the username.

    Example:

    type: Cloud.Machine
    properties:
      name: our-vm1
      image: Linux18
      flavor: small
      remoteAccess:
        authentication: publicPrivateKey
        sshKey: ssh-rsa Iq+5aQgBP3ZNT4o1baP5Ii+dstIcowRRkyobbfpA1mj9tslf qGxvU66PX9IeZax5hZvNWFgjw6ag+ZlzndOLhVdVoW49f274/mIRild7UUW... 
        username: testuser
    
  3. In Cloud Assembly, provision the machine from its cloud template, and bring it to a started-up state.
  4. Using the cloud vendor client, access the provisioned machine.
  5. Add the public key file to the home folder on the machine. Use the key that you specified in remoteAccess.sshKey.
  6. Verify that the private key file counterpart is present on your local machine.

    The key is typically /home/username/.ssh/key-name with no .pub extension.

  7. Open a remote SSH session, and connect to the provisioned machine.

    ssh -i key-name user-name@machine-ip

Supply an AWS key pair

By adding an AWS key pair name to the cloud template, you can remotely access a machine that Cloud Assembly deploys to AWS.

Be aware that AWS key pairs are region specific. If you provision workloads into us-east-1, the key pair must exist in us-east-1.

Use the following code as a guideline. This option works for AWS cloud zones only.

type: Cloud.Machine
properties:
  image: Ubuntu
  flavor: small
  remoteAccess:
    authentication: keyPairName
    keyPair: cas-test
constraints:
  - tag: 'cloud:aws'

Supply a username and password

By adding a username and password to the cloud template, you can have simple remote access to a machine that Cloud Assembly deploys.

Although it is less secure, logging in remotely with a username and password might be all that your situation requires. Be aware that some cloud vendors or configurations might not support this less secure option.

  1. In Cloud Assembly, before provisioning, add remoteAccess properties to the cloud template as shown in the example.

    Set the username and password to the account that you expect to log in with.

    Example:

    type: Cloud.Machine
    properties:
      name: our-vm3
      image: Linux18
      flavor: small
      remoteAccess:
        authentication: usernamePassword
        username: testuser
        password: admin123
    
  2. In Cloud Assembly, provision the machine from its cloud template, and bring it to a started-up state.
  3. Go to your cloud vendor's interface, and access the provisioned machine.
  4. On the provisioned machine, create or enable the account.
  5. From your local machine, open a remote session to the provisioned machine IP address or FQDN, and log in with the username and password as usual.