Specify SSH Options
By default, the Workload Manager automatically generates a private SSH key to allow secure communications between the CloudCenter Suite cluster (or Cloud Remote, if deployed) and worker VMs; but this private key is not stored on the worker VMs. It is possible to have this private key stored on the worker VMs (to facilitate secure VM-to-VM communication), or to have Workload Manager use a user-specified public key for Workload Manager-to-VM communication. One of these three options must be specified for each deployment. You can specify this selection in theform.
In the Deployment Environment Defaults form, the SSH options are on the bottom and are preceded by a visibility toggle and and lock icon, as shown in the following image.
The visibility toggle is on by default and the lock icon is unlocked by default, This means that the SSH Options section will be visible on page 2 of the Deploy form and can be modified at deploy time. If the visibility toggle is on but the lock icon is locked, the choices are visible but the pre-selected choice set in the Deployment Environments Default form cannot be changed at deploy time. If the visibility toggle is off, the SSH Options section is not shown in the Deploy form and the selection made in the Deployment Environment Defaults form is automatically applied at deploy time.
If the Assign Public Key option is selected, the form expands, as shown in the following image.
The user now has the option of browsing for a stored public key, or copying and pasting the key value into the form.
The private or public key is not used to create the key pair on the cloud provider. Instead, it is used by the Workload Manager agent to configure the cliqruser and make the VM accessible through the cliqruser–private key combination.
One of the SSH options that the following table describes can be associated with a deployment.
The Workload Manager has no way of knowing the private key that is held by the user – Cisco only supports SSH keys that are implicitly injected by the Workload Manager
|Default - no option is selected|
Workload Manager generates its own private key for Workload Manager-to-VM communications but this key is not stored on the worker VM.
If you use a custom key for deployments, you will not see the SSH or RDP connect buttons in your environment.
The SSH and RDP options are only visible when the deployments are submitted using the default option, in which case the Workload Manager uses the default keys to establish a secure connection with the VM instance.
Persist the Private Key
The Workload Manager generated private key is stored on all worker VMs in this deployment, thus allowing SSH communication between worker VMs.
Assign SSH Public Key
Workload Manager uses a public key specified by the user for Workload Manager-to-VM communications. This key is not stored on the worker VM and therefore cannot be used for secure VM-to-VM communication.
- No labels