ENA TrustCompute

Log in

  1. Point your browser to my.ena.com.
  2. Enter your my.ena.com credentials.
  3. Select ENA TrustCompute.

Dashboard

The ENA TrustCompute Dashboard provides an overview of resource allocation and use.

You may view global resource allocation data, or view resource allocation data for each zone.

ENA Trust Compute Zones

ENA TrustCompute Virtual Private Clouds (VPCs) are hosted in one of two ENA data center zones. For package sizes of medium or higher, a customer may request to be deployed in a multi-zone configuration, with resources split between the two zones. Zones are:

  • NSVLTN-01: Customer resources allocated in ENA’s data center located in Nashville, TN
  • IPLSIN-01: Customer resources allocated in ENA’s data center located in Indianapolis, IN

Virtual Machines

Overview and Performance

Use the tabs to filter your VM data.

Both tabs contain Status information for each VM.

Status Description
Creating VM is being provisioned.
Starting VM is being powered on.
Powered on VM is available and running.
Stopping VM is being powered off.
Stopped VM has been powered off and is not available.
Updating VM is being modified.
Deleting VM is being deleted.
Destroyed VM has been deleted and is scheduled for permanent removal.
Deleting VM is being deleted.
Recovering VM is being recovered from its Destroyed state and is no longer scheduled for permanent removal.
Expunged VM has been permanently deleted.
Error VM is in an error state and is not usable.

Note: If a VM is stopped, all its counters will be 0.

Refresh Virtual Machine List

To refresh the list of VMs to reflect the most recent changes, click  .

Filter Virtual Machine List

You can use the filtering tools at the top of the Virtual machines Overview and Performance tabs to sort the data by Show by group or Status, or type the name of a specific machine into the Find virtual machine field.

Rename a Virtual Machine

  1. Click on the pencil icon next to a VM name in either the Overview or Performance tab.
  2. Enter the new name and click to confirm the new name or click to cancel.
  3. Note: The machine will be stopped while the new name is being assigned.

Manage Virtual Machines

Click on a VM name in either the Overview or Performance tab to open the management tools.

Stop

  1. Click on the VM name.
  2. Click Stop and confirm.

You can still view the full details of a VM that is in a Stopping state, but all other options are unavailable until it is fully stopped. A fully stopped VM can be modified, deleted, reinstalled, or have its disks customized, but the console is unavailable.

Start

  1. Click on the VM name.
  2. Click Run and confirm.

Modify

Click Modify to open the Modify Virtual Machine page where you can change the VM's System offering, Storage, and vCPU.

You see a table with current use information. When you make a change, the table shows how the change will affect your available resources.

You can also modify the Groups to which the VM is assigned from the Modify virtual machine page.

Delete

Deletes the VM and sets its status to Destroyed, where it will remain for 24 hours before being deleted permanently. A destroyed VM can either be deleted permanently or restored within 24 hours. If a VM is deleted permanently, it is erased and unrecoverable. If a VM is restored, it reverts to its state prior to being deleted.

  1. Click on the VM name.
  2. Click Delete and confirm.

Note: When a VM is permanently deleted, anyone in your organization working in ENA TrustCompute receives a notice to refresh the VM list. Refreshing removes the deleted VM from the list.

Restore

A virtual machine in a destroyed state may be restored for up to 24 hours after it is deleted.

  1. Click on the VM name.
  2. Click Restore and confirm.
  3. VMs are restored to a Stopped state. Click Run if you would like to restart.

Note: If a data volume attached to a virtual machine is deleted, it will not be available to the restored virtual machine.

Disks

Add new disk to a virtual machine

To add a new disk, enter the name of the disk, specify its capacity, and click Add Disk. This creates a new disk and attaches it to this VM.

Detach disk from a virtual machine

Open Disks attached to current VM, and click Detach to the right of the disk you would like to remove from the VM.

Attach disk to a virtual machine

Open Unattachd disks, and click Attach to the right of the disk you would like to attach to the VM.

Interfaces

Add Interface

    1. Click Add interface.
    2. Select interface from available tiers in drop-down.
    3. Specify your Address assignment.
    4. Click Set this interface as default if you would like this tier to be the default for outbound traffic.

Update IP of Existing Interface

  1. Click in network tier panel.
  2. Click Update IP.
  3. Select IP from Assign IP from drop-down.
  4. Click Save.

Set Default

  1. Click in network tier panel.
  2. Click Set default and confirm.

Delete

  1. Click in network tier panel.
  2. Click Delete and confirm.

Reinstall a Virtual Machine

Wipes the current state of the VM and resets it back to the original template chosen during the creation of the VM.

View Full Details for a Virtual Machine

Shows all available VM info and VM history. History may be viewed for the past hour, day, week, or month for:

  • Network (bit/s)
  • Disks (byte/s)
  • IOPS (input/output operations per second )

New VM

You may opt to create a VM with your choice of operating system (Basic) or with your choice of pre-configured application stack (Stack).

Basic

In the Basic tab, you see operating systems available for use on a virtual machine.

Select Operating System

  1. Select an operating system.
  2. Select version.

Configure the options shown in the table below.

Hardware

Option Description
VM name Names are restricted to a maximum length of 63 characters. Allowed characters include letters, numbers, dashes, and spaces. Valid names must start with a letter and finish with either a letter or number. Trailing dashes and/or spaces are not allowed.
Zone If your ENA TrustCompute environment is deployed across multiple geographic zones, you may create your VM in either zone as long as the requested resources are available. If you are deployed in a single geographic zone, your VM will automatically default to that zone.
Operating system Specify the root disk size for your new VM. The default disk size is displayed. The default size can be changed but if a disk size larger than the default is chosen you will need to go back and expand the disk volume via the operating system after VM creation.
System Offering Memory and vCPU sizings for your new VM.
Storage Data disk size for your new VM. ENA TrustCompute supports data disk size up to 6 TB.

Interfaces

The virtual machine will be deployed on network-7700_DMZ . An IP will be automatically assigned.

Select Tiers

To deploy a virtual machine on other tiers:

    Click Advanced.

    Select tiers on which you would like to deploy VM.

Set default

Click Set default if you would like to set a tier to be the default for outgoing traffic.

Create

  1. Click Create.

You see a success message and see the VM in a starting state in the All virtual machines list.

User Data

Cloud-init and Cloudbase-init

Cloud-init is the industry standard multi-distribution method for cross-platform cloud instance initialization. It is supported across all major public cloud service providers. Cloud-init will identify the cloud it is running on during boot, read any provided metadata from the cloud and initialize the system accordingly. It will parse and process any optional user data that was passed to the instance.

Cloudbase-init is the cloud-init equivalent for Windows operating systems.

On ENA TrustCompute, users can insert user data for cloud-init or cloudbase-init via the User data text field when creating a new virtual machine in Basic mode.

Cloud-config

Cloud-config scripts are designed to be run by the cloud-init process and are often the simplest way to accomplish things in a human friendly format. A cloud-config script can be entered as text in the ENA TrustCompute User data field upon VM creation.

Cloud-config can be used to do things like:

  • Add groups and users to the system
  • Write out arbitrary files
  • Add a yum repository
  • Configure an instance's trusted CA certificates
  • Configure an instance's resolv.conf
  • Install and run chef recipes
  • Set up and run puppet
  • Add primary apt repositories
  • Run commands on first boot
  • Alter the completion message
  • Install arbitrary packages
  • Adjust mount points mounted
  • Call a url when finished
  • Reboot/poweroff when finished
  • Configure instances SSH keys
  • Disk setup
  • Register RedHat subscription
  • Configure data sources
  • Create partitions and filesystems
  • Grow partitions

Cloud-config Examples

Click here to see cloud-init cloud-config documentation for commented examples of supported cloud-config syntax.

Click here to see cloudbase-init for similar cloud-config syntax for Windows systems.

Stack

Note: ENA TrustCompute provisions each stack with a basic configuration. Customers are responsible for further configuration, administration, and maintenance of the stack. If you would like additional help, please notify your Account Services Manager for options.

Select Stack

  1. Click on a stack to select it.
  2. Select the Operating system on which the stack will run.

Stack Description

You see the following Stack description information:

Option Description
Stack description Name of the application for which the stack is pre-configured.
Deployment information Deployment notes and instructions (e.g., "After logging in, check Email as the Root user for Wordpress credentials.").
Project site URL to application site where you will find additional information about the application which may include user notes, help documentation, FAQ, forums, etc.
OS type The OS on which the stack is built.

Hardware

Option Description
VM name Names are restricted to a maximum length of 63 characters. Allowed characters include letters, numbers, dashes, and spaces. Valid names must start with a letter and finish with either a letter or number. Trailing dashes and/or spaces are not allowed.
Zone If your ENA TrustCompute environment is deployed across multiple geographic zones, you may create your VM in either zone as long as the requested resources are available. If you are deployed in a single geographic zone, your VM will automatically default to that zone.
Operating system Specify the root disk size for your new VM. The default disk size is displayed. The default size can be changed but if a disk size larger than the default is chosen you will need to go back and expand the disk volume via the operating system after VM creation.
System Offering Memory and vCPU sizings for your new VM.
Storage Data disk size for your new VM. ENA TrustCompute supports data disk size up to 6 TB.

Note: Additional configuration variables may be required/available for a stack.

Configure Stack

All stacks require you to configure the Hostname. The Hostname is the fully qualified domain name to assign to the virtual machine.

Note: Additional configuration variables may be required/available for a stack.

Interfaces

The virtual machine will be deployed on network-7700_DMZ . An IP will be automatically assigned.

Select Tiers

To deploy a virtual machine on other tiers:

    Click Advanced.

    Select tiers on which you would like to deploy VM.

Set default

Click Set default if you would like to set a tier to be the default for outgoing traffic.

Create

  1. Click Create.

You see a success message and see the VM in a starting state in the All virtual machines list.

Disks

Create Disk

  1. Click anywhere in the Create Disk header bar to open it.
  2. Enter the name of the new disk.
  3. Select its Capacity.
  4. Click Create Disk.
  5. Note: You may also create a new disk in Add new disk to a virtual machine under Virtual machine details.

Delete Disk

  1. Find the disk you would like to delete in the Available disks list.
  2. Click Delete.
  3. Click Delete to confirm.

Disk Snapshots

Take Snapshot

Taking a snapshot of a disk creates a point in time to which the disk can be restored. To take a snapshot.

  1. Find the disk for which you would like to take a snapshot in the Available disks list.
  2. Click Snapshot.
  3. Enter Snapshot name.
  4. Click Create snapshot.

Load Snapshot

To revert a disk back to a snapshot:

  1. In the Available disks list, click on the name of the disk you would like to revert back to a snapshot.
  2. In Manage disk snapshots, click Load snapshot.
  3. Click Load to confirm.

Delete Snapshot

To delete a snapshot, click on the disk name you would like to revert.

  1. In the Available disks list, click on the name of the disk for which you would like to delete a snapshot.
  2. In Manage disk snapshots, click Delete snapshot.
  3. Click Delete to confirm.

Schedule Snapshot

Users may opt to schedule an automated disk snapshot. To create a scheduled snapshot:

  1. On the Disks page, select the disk for which you would like to take a snapshot from the Available disks list.
  2. Click the Scheduled snapshots button.
  3. Under Manage snapshot schedules, you will see any existing snapshot schedules for the selected disk. To add a new schedule, click the Add schedule button.
  4. Select desired frequency, time, timezone, and number of snapshots to retain. A maximum of 8 snapshots can be kept on a daily schedule.
  5. Click Add schedule to confirm.
  6. Click Save schedule to update your schedule policy. Your new scheduled snapshot will appear under Scheduled snapshots.

You may also create scheduled snapshots by selecting Schedule snapshots from the Actions menu for the disk name on the Available disks list and following steps 3-6 above.

Resize a Disk

You can increase the size of a data disk that is not attached to a VM. To modify the size of an unattached disk:

  1. In the Available disks list, find the name of the disk you would like to detach.
  2. Click Resize.
  3. In the Select capacity dropdown menu, select a capacity, or select custom to enter a different value.
  4. Click Resize.

Detach Disk from VMs

To detach a disk from all VMs:

  1. In the Available disks list, find the name of the disk you would like to detach.
  2. Click Detach.
  3. Click Detach to confirm.

Networking

About DMZ Networks

Why DMZ Networks Are Important

In the modern world where sensitive data about private citizens and companies are being stored in computer networks and devices for speedy online transactions, coupled with hackers developing more proficient ways to break into private networks to steal that information, the need for effective reliable cybersecurity is imperative. One way to protect that information is through the use of a tiered network design with a DMZ.

The “DMZ” in DMZ network architecture is an acronym derived from the military that stands for “demilitarized zone” because it acts as a perimeter between a customer’s internal network (LAN) and the company’s internet presence (the external facing network).

Also known as a perimeter network, a DMZ network establishes an additional layer of security that makes the more vital information stored in a customer’s internal network (LAN) more difficult to breach.

How DMZ Networks Work

Common DMZ networking uses two or more firewalls to create a buffer between the public internet and the LAN. By establishing a DMZ, the first firewall (the “frontend” firewall) can be configured with rules that secure public-facing servers and services, such as web and mail servers, that are accessible to internet traffic originating from untrusted networks. The second firewall (the “backend” firewall) can be configured with more stringent rules that restrict traffic between the DMZ and the LAN.

Why DMZ Networks Are Safer Than Flat Networks

The DMZ is intended to contain servers and services that are internet-facing and therefore more vulnerable to attack. If a bad actor is able to breach the frontend firewall of the DMZ, the backend firewall places a second, possibly greater obstacle in front of assets located on the LAN.

Because of the extra layers of security, DMZ’s are more effective against hacking techniques such as IP spoofing, network reconnaissance, and ransomware than flat networks which only need to be breached once for hackers to have access to sensitive data.

ENA TrustCompute Network Tiers Overview

You have a total of four available tiers in ENA TrustCompute.

Note: In TrustCompute, the DMZ is the only network tier that can have public IPs bound to it, either via static NAT, load balancer or port forward.

You manage firewall rules and VM interfaces for each tier.

Available IP Range Naming Convention

The third field of the available IPs for a tier correlates to the tier.

  • The available IPs for DMZ = 10.x.0.x
  • The available IPs for Tier 1 = 10.x.1.x
  • The available IPs for Tier 2 = 10.x.2.x
  • The available IPs for Tier 3 = 10.x.3.x

Network-[yourID]_DMZ

The DMZ (demilitarized zone) is your perimeter network. Typically, you will put data and services allowed to be accessed from the internet inside the DMZ, and put data and services you do not want to be accessed from the internet outside the DMZ.

This network may not be renamed.

Note: Much of this information is for advanced network configuration only. Access Control List rules (ACLs) are automatically created when you create a Port Forwarding or Load Balancing rules.

Manage

Public IPs

You see your current allocation of Public IPs here. You can sort the list by the IP’s Label or Address.

You see if an IP is being used as a SN (Static NAT), LB (Load Balancer), PF (Port Forward), or is Available to be assigned.

Note: The Source NAT is the default outbound IP which anyone outside of your network sees when traffic comes from your VMs. A Source NAT IP is created at random when your ENA TrustCompute service is initially provisioned.

To acquire a new IP, click Acquire IP. Once you have named the new IP and clicked Done, it is acquired and added to the list. By default, the next IP in the list of IPs available to you is allocated.

Under Actions, click Delete to remove an IP from the list of allocated IPs and place it back in the list of IPs to be acquired.

Click Firewall in the Actions column to open a description of auto-generated firewall rules for that IP.

Static NAT

A Static Nat allows you to create a 1-1 association between one of the IPs in your list and a VM inside your network. By default, all of your VMs appear to be coming from the Source NAT IP address. A Static NAT allows traffic from a specific machine to look like it is coming from a particular IP address, and routes traffic from the internet to this single machine.

Note: A Static NAT is always between a Public IP and an internal machine.

You see list of current Static NAT Rules and see which Public IPs are tied to which VMs. You can sort the list up or down by Public IP, IP Label, Destination VM, or Destination IP. You can also delete a Static NAT Rule here.

Any Public IPs attached to a VM via a Static NAT rule will have their statuses updated from Available to SN.

Click Create a new Static NAT to open the create tool. Select the Public IP address that you want all traffic from the VM to appear to be coming from and the Destination VM to which you want all traffic to be directed. Click Create.

Load Balancing

You use Load Balancing Rules to route tcp traffic from a Public IP to more than one VM.

The list of Load Balancing Rules can be sorted by LB Label, Public IP, IP Label, Public Port, Private Port, the Destination VMs, or the Algorithm used.

Each rule can be edited, deleted, or you can open the Firewall Rules that apply to this Load Balancing Rule.

Click Edit to change a Load Balancing Rule's Label or Algorithm, or remove or add VMs to the rule.

Click Create Load Balancing Rule to open the create tool. Add information to each field and select the Algorithm for balancing the load.

  • roundrobin directs every incoming connection to the next VM in the list. If there are 3 VMs and 4 incoming connections, the first connection will be directed to the first VM, the second to the second, the third to the third, and the fourth will circle around and be directed to the first VM.
  • leastconn directs traffic to the VM with the least established inbound connections.
  • source directs traffic from similar sources on the internet to the same VM.'

After selecting your preferred algorithm, select all the VMs to which you wish to apply this Load Balancing rule. Click Create and it will be added to the below list of Load Balancing Rules.

Port Forwarding

Port Forward Rules are created to route tcp or udp traffic from a public IP to a single internal VM.

The list of Port Forwarding Rules can be sorted up or down by Public IP, the IP Label, the Destination VM, the Destination IP, the range of Private Ports, the range of Public Ports, or the Protocol. Each rule can be deleted, modified, or you can open the Firewall Rules regarding this Port Forwarding Rule.

Click Create Port Forwarding Rule open the create tool. Select the Public IP, the Destination VM, and the Public and Private Port Ranges. Select tcp or udp from the Protocol drop down menu.

Firewall

When you create a networking rule, the system automatically generates an Access Control List (ACL) rule that allows the traffic through. You may create additional firewall rules.

This table contains all existing Firewall Rules and can be sorted using Show to display all rules the rules surrounding a particular IP address/address range.

Each Firewall Rule shows the information entered when it was created. Each rule can be Edited to revise this information or Deleted. A deleted rule is unrecoverable.

Deleting the system generated access rules does not affect the actual load balancing or port forwarding. The same load balancing or port forwarding rules will remain, but you can change the way the rule is generated if you like.

Note: The order of this list is important. The system applies rules in list order.

Click Create Firewall Rule bar to open the create tool.

The CIDR (Classless Inter-Domain Routing) is always the source of the traffic. Here you input the IP address(es) for which you wish to control traffic to or from.

  • 0.0.0.0.0 is the network notation for all available IP space.
  • 192.167.0.5/32, for example, would only affect this single IP.
  • 11.12.13.0/24, for example, would affect IPs 11.12.13.1 through 11.12.13.255 because of the 24bit subnet mask.

Protocol defines which type of traffic is affected by this Firewall Rule.

  • All: All forms of traffic
  • TCP: Transmission Control Protocol
  • UDP: User Datagram Protocol
  • ICMP: Internet Control Message Protocol

Specify traffic Direction as Inbound or Outbound.

  • Inbound is always public because it is coming from the outside world into your cloud.
  • Outbound is traffic that originates from within your network and then leaves your network.

Once you have specified the direction and destinations of the traffic, you may then choose whether to Allow or Deny this traffic under Action.

Writing a Comment for a Firewall Rule enables you to keep track of where a rules is coming from and what its purpose is. A rule automatically generated by the system begins with “System Generated ACL for…” followed by the type of Network Rule for which it was created. If you leave the comment section blank, it simply reads “n/a”.

When you have entered the CIDR, Protocol, Direction, and Action, click Create to add your new Firewall Rule to the Firewall list below.

Network-[yourID]_TierN

Edit

You may rename the tier or add a comment.

Manage

Click Manage to configure firewall rules for the tier.

When you create a networking rule, the system automatically generates an Access Control List (ACL) rule that allows the traffic through. You may create additional firewall rules.

This table contains all existing Firewall Rules and can be sorted using Show to display all rules the rules surrounding a particular IP address/address range.

Each Firewall Rule shows the information entered when it was created. Each rule can be Edited to revise this information or Deleted. A deleted rule is unrecoverable.

Deleting the system generated access rules does not affect the actual load balancing or port forwarding. The same load balancing or port forwarding rules will remain, but you can change the way the rule is generated if you like.

Note: The order of this list is important. The system applies rules in list order.

Click Create Firewall Rule bar to open the create tool.

The CIDR (Classless Inter-Domain Routing) is always the source of the traffic. Here you input the IP address(es) for which you wish to control traffic to or from.

  • 0.0.0.0.0 is the network notation for all available IP space.
  • 192.167.0.5/32, for example, would only affect this single IP.
  • 11.12.13.0/24, for example, would affect IPs 11.12.13.1 through 11.12.13.255 because of the 24bit subnet mask.

Protocol defines which type of traffic is affected by this Firewall Rule.

  • All: All forms of traffic
  • TCP: Transmission Control Protocol
  • UDP: User Datagram Protocol
  • ICMP: Internet Control Message Protocol

Specify traffic Direction as Inbound or Outbound.

  • Inbound is always public because it is coming from the outside world into your cloud.
  • Outbound is traffic that originates from within your network and then leaves your network.

Once you have specified the direction and destinations of the traffic, you may then choose whether to Allow or Deny this traffic under Action.

Writing a Comment for a Firewall Rule enables you to keep track of where a rules is coming from and what its purpose is. A rule automatically generated by the system begins with “System Generated ACL for…” followed by the type of Network Rule for which it was created. If you leave the comment section blank, it simply reads “n/a”.

When you have entered the CIDR, Protocol, Direction, and Action, click Create to add your new Firewall Rule to the Firewall list below.

Group Assignment

You can sort and classify VMs into groups to help you organize and manage your workflow and resources. Groupings are optional and do not affect functionality.

The Group Assignment page can be accessed from the menu.

It shows list of all VMs and the groups to which they are assigned. To find a particular VM, enter its name in the Find VM box. You can also filter all VMs by status using the Show drop down.

By default, all VMs are placed in an Unassigned group. To place a VM in a group, type the name of an existing group in the Groups bar and it will autocomplete.

If you want to place a VM in a group that does not exist yet, just enter the name of the new group in the Groups bar and press Enter. This creates the new group and assigns the VM to it.

Group Assignments can also be viewed on the, Virtual Machines, and Domain Overview pages.

Note: VMs may be assigned to more than one group.

Migration

Overview

Migration is a service that enables migrating a virtual machine into ENA TrustCompute from either a KVM or VMWare hosting environment.

Note: After you activate it, the VM Migration feature will be available for 90 days. Additional time may be requested as needed.

Steps:

Activate

Set up Migration Director and VMWare

Prepare VM

For Windows machines:

Backup VM

For Windows machines:

Migrate Data

For Windows machines:

Release Notes

What’s new in v2.2.0?

V2.2.0 Provides TrustCompute users with two new VM management features.

  1. The means to create automated disk snapshots on a daily, weekly, or monthly schedule. Learn more about Scheduled snapshots here.

  2. The ability to accept user data at VM provisioning, enabling users to add commands or scripts for execution at initial system boot. Learn more about User data here.

New Features

  • Scheduled snapshots
  • User data
  • Cloud-config documentation with commented examples

What’s new in v2.1.0?

V2.1.0 Provides TrustCompute users with a tiered network architecture, enabling network segmentation for enhanced security.

Reference ENA TrustCompute's multi-tier architecture overview here.

Learn about DMZ networking here.

New Features

  • Each customer VPC is now created with four network tiers. Customers may opt to work with just the default network tier or they may opt to define up to three additional network tiers for more secure networking.
  • The DMZ is the default network tier (the "perimeter network"). In TrustCompute, the DMZ is the only network tier that can have public IPs bound to it, either via static NAT, load balancer or port forward.
  • Customers may assign VMs to one or more network tiers.
  • Customers may specify a static IP address for VMs per tier.