Getting Started with Google Cloud Platform
Cloud instances offer a plethora of benefits compared to traditional physical servers, including scalability, cost-efficiency, dependability, security, and accessibility. With cloud instances, organizations can quickly scale up or down their infrastructure as needed, eliminating the need for large initial investments and minimizing IT costs. Plus, these instances are generally hosted in highly reliable and redundant data centers, providing a high level of uptime and protection. Moreover, cloud instances are accessible from anywhere with an internet connection, enabling remote teams and organizations with multiple locations to maximize collaboration and productivity.
This blog will focus on the following
Register and create a VM instance
Configure SSH keys for secure access to the VM
Access the VM using SSH
Add custom firewall rules in the subnet’s security list
Install RDP on the VM and access it using RDP from your PC
Host files using a simple HTTP server and access them using the public ID
For this Particular Task, I will be using the Google Cloud Platform. However, steps are often similar across different platforms such as AWS or Microsoft Azure
Step 1: Creating an Account
For creating an account you must have a Gmail Account first.
Let's go right into it — —
First, go to this website. Create your account by following the simple steps. However, you need to add a debit or credit card for the confirmation
Note: Do not worry... Google gives you 300$ credit for free. This credit is valid for 92 days. It won't deduct any hidden charges.
After creating an account the initial dashboard would appear and it will look like this
Step 2: Creating a New Project
To create a new project in this platform, you can locate the dropdown menu in the top left corner of the interface and select the “create project” option. Upon initial creation, you will be provided with a default, sample project. It is important to understand that a project functions similarly to a repository, in that it allows you to manage and organize your work.
Creating a project grants you access to a range of services offered by the platform. It is worth noting that there is no upfront cost associated with creating a project. However, should you choose to avail of certain services, such as a virtual machine (VM), costs may be incurred.
As a professional, it is important to emphasize the significance of careful consideration when utilizing services that may incur expenses. Prioritizing cost-effective solutions and strategic resource allocation can ultimately lead to more efficient and successful project outcomes.
Lets create a new project. Click the section I “highlighted”
To create a new project, click on the “Create New Project” button and provide a name for the project. If you are not associated with any organization, you can leave this field blank. In my case, I have developed a project called “VM Demo”. It is worth noting that a default project is automatically created by the system, but it can be safely ignored or deleted if desired.
Step 3: Create a VM instance along with ssh
After creating the project click the project. Select the bars located at top left corner and go to compute add Select VM instances
After that, a simple screen will pop and you can click on create a new instance and the configuration box/form will open
You can select Name of your VM add Label (Optional) Make sure to select N1 series it will reduce the cost as this tutorial is for demonstration purpose. Select g1-small as Machine type as we do not require any high specification machine for this project we will use simple and less resource consuming machine instance to cut the cost
Make sure to enable the “Display Device option”. It will enable the RDP configuration that allows us to remotely access the Instance.
Scroll the form down and select your Operating system for my tutorial I be using Linux- as it is a lightweight OS and gives root access to bypass many security issues that any other operating system might have. Moreover, it also has a wide range of server-side configuration support that help us deploy the final part of our Task. “Select” to choose the above configuration. You can use the
To establish a connection between our local desktop and the instance on the cloud, it is necessary to create an SSH key. This key will enable secure communication between the two systems. Whether you are using Linux or Windows, the process for creating the key is similar. In fact, I have created both Linux and Windows keys for added flexibility.
To access the instance remotely using RDP, I will be utilizing Windows as it offers a straightforward method for connecting to the local desktop.
ssh-keygen
# Press Enter if you don not want to change directory else
/path/to/directory/id_rsa
# If they key is already present enter y
# You can provide a phrase (Password) to secure keys press Enter twice
phrase-to-protect-key
phrase-to-protect-key
gedit /path/to/directory/id_rsa.pub
# For windows you can use notepade instead of gedit
After executing the command press “Enter” until the key is generated. Open the created file in notepad and copy your ssh key and paste into the section listen below
At the bottom you will see an option “Create” click that. After that, you will see a dashboard like this
Step 4: Changing Public IP to Static IP and ssh testing
You will be assigned a random External ID. There is an issue with that each time you you turn your instance on it will assign a new external id. Each time you need a new external IP to ssh or RDP into the instance thus we will change the IP to a static IP (Static IP is reserved and also increase the charges to change the external IP)
Click the instance hit edit
Scroll down and go into Networks and change the External IP to static and give any name to it
You will see the external IP will become static even if you turn your instant off and turn it on later the external IP will be the same
You can copy the external ID and ssh from your desktop to the instance in a cloud
As you can see here, access the instance on the cloud from our home desktop
Step 5: Custom firewall rules
There are two kinds of traffic
- > Ingress Traffic: all network traffic and data that come from outside a local network and are expected to land on a specific location within it.
- > Egress Traffic: in the world of networking implies traffic that exits an entity or a network boundary
Ssh is Ingress traffic in fact using RDP is also ingress. By default, the access IP is 0.0.0.0/0 which means any computer which has the IP of the VM can connect to it. However, this should not be the case. It is highly against the security parameter of a server thus we will hard fork our IPs so that only we can access without IP only
Note: Remember As local computers do not have the static IP each time you turn your computer on IP may changes I am just showing you how to do it so that when you work in cooperate sector or may even for your University project where you can have the static IP this will help you a lot securing the VM
After clicking firewall do tick the default two boxes and apply the step as mentioned below
After this, You have to create a new rule and select the name of the rule. Provide a description of it so that you can remember its purpose. Apply TCP connection and specify the port and IP of your computer
To get the IP of your computer simply write “What is my IP” and it will return your IP that will be used in creating the rule
Now you have your IP let's create a new rule (I am showing only for ssh here. The same procedure will be followed for RDP as well however you must have to check the display option at the time of instance creation as I mentioned in that section.
You can select your priority by default its 1000
Note: the lower the integer number the higher is the priority
Provide the label add your IP and provide the specific port number to communicate. I am using TCP because it is a secure protocol
At the bottom click create. It will add a custom firewall that will allow only your IP to get in. Initially, it was open to everyone by default. Now let's test this by changing our IP and trying to enter into ssh mode. It should deny our access
Step 6: Development of Remote Access development
First, ssh your windows pub key same as we did in the previous step.
ssh directly or from your computer into the VM you created and simply typed the command one by one as Followed in the snapshot attached below
Then install ubuntu-desktop on your VM. As I already installed it using linux ssh that is why it showed me it's already done. However, it will take a few minutes to download all the dependencies
sudo apt-get install ubunto-desktop
After that install xrdp. Xrdp is a free and open-source implementation of Microsoft RDP server that enables operating systems other than Microsoft Windows to provide a fully functional RDP-compatible remote desktop
sudo apt install xrdp-y
After installing xrdp protocol let's add xrdp user to our VM by executing the following command
1-> adduser will create a user and its certificate along with it. Which will fetched by the Remote Desktop App in Windows.
2-> ufw will allow to set listening of the remote access on a particular port
3_ passwd set the passwd against the username provided. Make sure the user must have the ssh configuration already done with the VM instance as we done in the previous step
sudo adduser xrdp ssl-cert
sudo ufw allow port
sudo passwd username
Open the window Start and search for Remort Desktop App. This comes as a built-in application along with a window package. After opening it add the external IP which we set as static in the previous steps. The same IP that use to ssh with the VM instance. It will try to get the certificate against the IP that you made during the last commands in the Cloud instance
Enter your IP and Allow to the certificate generated
A screen will be open (That is You are connected with the VM but you need a user login to access the instance) This is the same user we add in the previous command give your username and password to have remote access to the instance
“Hurrrahhh!!!” We are in as you can see the name of the device is the same one we set at creating the instance. As you can see at the top left corner it is the Static IP address we assigned by the cloud.
Step 7: Creating HTTP server and Hosting
HTTP client TCP port and we have configured the TCP port in our firewall. For this, we will be adding an Apache server to our VM instance
sudo apt install apache2
In order to check the server status and IP on which it is running type the following command
sudo systemctl status apache2.service
As you can see the IP is the same throughout everywhere because I set it to static. Now we can edit the HTML file to our users we can access the HTML render file by the following command
sudo cd /var/www/html
sudo nano index.html
Edit the index.html file and then save it by Ctrl+x and hit y. You can access the following web page by going to that IP
<!DOCTYPE html>
<html>
<body>
<h1>Finally able to host</h1>
<p>Dragon ball z hehe</p>
</body>
</html>
Access it using the IP
Note : It might be possible that VM name or static ID may be changed during the demonstration the reason is I was testing while writing this blog that is why it may be possible that you see different IP on different places however if you follow the guidelines your IP will be same through out as it is static IP