Frequently Asked Questions

Dear Users!

Here you’ll find the questions most frequently asked since our cloud service was launched, and the answers to them.

How do I use the MTA Cloud service?

The MTA Cloud is available to every MTA researcher. Before using it, you must fill in a form found here: https://cloud.mta.hu/node/add/project. For access you must log in using your EduID. Find further information regarding login here: https://cloud.mta.hu/csatlakozas-az-mta-cloudhoz. If you have any questions contact the developers by e-mail: info@cloud.mta.hu.

How long will my project request be ‘pending’?

We will contact you within a week after your project request has been filed to discuss the details (e.g. project quota size). After your project is successfully created, we’ll notify you via e-mail, and provide all necessary information about logging in.

Is it possible to use the MTA Cloud without an EduID?

We use an EduID based identification in our cloud. If you do not have an EduID, or you are unsure whether your institute has joined the EduID federation or not, check the following link and look for your institute on the list: http://www.eduid.hu/hu/resztvevok If your institute has not yet joined the EduID federation, you may initiate the process with the head of the IT department of your institute.

Some users do not have an EduID. In this case we recommend using the ‘Akadémiai Adattárs’ (Academy database - AAT) identifier which is compatible with EduID. You may sign in on their webpage: https://aat.mta.hu/aat. On their homepage, hover the mouse over the ‘request for admittance’ button, and click on the ‘into MTA’s public body’ line. The username and password you create here will be used to log into AAT in the future.

In case there are any other problems regarding logging in, or if you would like temporary access, please contact us at info@cloud.mta.hu.

Where can I access http://wigner.cloud.mta.hu?

Access to the http://wigner.cloud.mta.hu access point and the virtual machines is currently limited for an indefinite time. Please send us the address, netmask, and local DNS server address of the network(s) from which you wish to access the MTA Cloud to our e-mail address: info@cloud.mta.hu

How to interpret the MTA Cloud project quota?

We’ll provide you the quota you assigned to your project in an e-mail. The instances come in six different sizes. The ‘m1.x2large’ flavor is not publicly available unless there is a reasoned request for it. The six sizes are the following: m1.small(1 VCPU, 2 GB RAM, 20 GB DISK), m1.medium(2 VCPU, 4 GB RAM, 40 GB DISK), m1.large(4 VCPU, 8 GB RAM, 80 GB DISK), m1.xlarge(8 VCPU, 16 GB RAM, 160 GB DISK).

Is it possible to modify the quota of a running project?

Yes, it is possible (e.g. number floating IPs, number of virtual machines, maximal size of virtual machines, etc.) within reason of course. We must however draw attention to the fact that this option may be revoked if our cloud nears saturation. For more information please contact the developers at: info@cloud.mta.hu

Is it possible to add new users to a running project?

Yes. To add a new user to an existing MTA Cloud project, you must log into Hexaa on hexaa.eduid.hu. There you’ll find the organization with your project’s name in the blue ‘oranizations’ box. Click on the ‘invitation management’ menu on the left side. There is a green ‘invite’ button with a drop-down list. Select ‘invite member’ from this list. Next to the ‘Use email address’ button you may list the e-mail addresses of those you’d like to send an invitation to.

How to reach the virtual machine running in the MTA Cloud using SSH connection?

In order to reach the virtual machine using SSH connection, you must first enable the necessary firewall rule. This is done by clicking on the ‘+’ symbol next to the ‘ssh’ (port 22) in the ‘Security Groups’ tab when launching a new instance (Compute/Instance/Launch instance). Furthermore, to log in without the use of a password (using a Key Pair) the ssh key must also be selected (Key Pair menu).

Firewall rules can also be enabled on a virtual machine that is already running. In the ‘Instance’ tab there is a drop-down list (of the particular instance) in which you find the ‘Edit Security Groups’ menu. Don’t forget to click on the ‘Save’ button, once you have clicked on the ‘+’ sign next to the ‘ssh’ (port 22).

Connecting via SSH:

  1. ‘Compute’ → ‘Instances’, then ‘Edit Instance’→ ‘Security Groups’ in the menu in the row of the virtual machine. In this tab you can assign rules to the virtual machine. Assign the SSH rule here, which opens port 22 that is necessary for SSH access.
     
  2. Clicking on the arrow pointing down in the ‘Actions’ column (‘Compute’ → ‘Instances’ row ) of the virtual machine opens up a drop-down menu. Click on ‘Associate Floating IP’ here. In the modular window popping up, click on ‘IP Address’ to select the already allocated floating IP address from the drop-down menu. Clicking the ‘Associate’ button assigns the public IP to the virtual machine.
     
  3. The public IP can be checked in the ‘IP Address’ row, under the ‘Floating IPs’ line of a chart found on the ‘Compute’ → ‘Instances’ page. The floating IP is mapped to an outside address: 10.1.20.X → 193.224.176.X. From now on, the virtual machine is accessed by the 193.224.176.X address. (e.g. 10.1.20.80 → 193.224.176.80.) For using the Sztaki branch (a subsidiary of the MTA institute), it is not needed to rewrite the last digits of the floating IP.
     
  4. The private key must be saved to the appropriate safety folder (~/.ssh/id_rsa file) with the appropriate privilege: chmod 600 [private_key_file].

    (if you do not yet have a key pair, you can generate one in the ‘Compute’ → ‘Access & Security’ → ‘Key Pairs’ menu)
     
  5. To build an SSH connection, the following command is to be given in the terminal:
    ssh –i [private_key_path]
    [username]@[virtual_machine_public_ip]

    Sample: ssh –i ~/.ssh/id_rsa johndoe@148.6.200.80

What username/password do I use to access the virtual machine(s)?

The ‘Image description’ field of the image file selected in the ‘Image’ menu contains the default username and password. If you use Ubuntu, these are ‘ubuntu’/’ubuntu’, if you use Windows, they are ‘windows’/’windows’ respectively. These must be reset after first login.

How to access the network?

MTA Cloud provides one public IP address for every project, so monitoring multiple instances from the outside is not possible directly. This one IP address can be assigned to any of the virtual machines (‘Associate Floating IP’ in virtual machines list, in the drop-down menu next to the computer). In order to log in, the ssh key pair must be supplied and selected before launch (‘Key Pair’ menu), and the firewall must be configured (‘Security Group’).

We recommend that you amend the ‘default’ firewall rule set.  Add a rule in the ‘Security Groups’ menu (‘Compute’ → ‘Access & Security’) by clicking on ‘default’, then ‘Manage Rules’, then ‘Add Rule’. Here you can add the ssh rule on the firewall (port 22). The other virtual computers you can access through their private addresses using ssh agent forward, or by a VPN server set up on the public computer.

How does floating IP work?

MTA Cloud provides one public IP address for every project. This one IP address can be assigned to any of the virtual machines (‘Associate Floating IP’ in virtual machines list, in the drop-down menu next to the computer). Reaching the virtual machines is not possible via their private addresses without either a Floating IP or a VPN. The virtual machine is not aware of its floating IP. If you’d like to communicate with multiple virtual machines from the outside, the floating IP must be bound to them. The floating IP is only a DNAT and SNAT rule, which translates between 192.168.1.x and 193.224.59.x addresses. So if you address the 192.168.1.x IP, by the time the package reaches the destination, the IP will have changed to 193.224.59.x, so you’ll get an answer through the socket. This is very useful in case the floating IP changes, because this way the current configuration keeps working, and binds to another address automatically. The same can be achieved for windows based virtual machines if you bind them to 0.0.0.0.

How do I create an OpenVPN?

The OpenVPN chapter of the user manual (https://cloud.mta.hu/dokumentumok - MTA Cloud User Guide) only applies to the SZTAKI branch of MTA Cloud.

Open VPN setup using a heat template:

On the Cloud’s homepage open the Orchetration /Stacks menu.
Launch Stack. Choose the URL: https://raw.githubusercontent.com/burgosz/heat-templates/master/openvpn.heat

Fill in the appearing modal window:

  • Stack Name: ’name of your choice’.
  • Password: The password you created for first login.
  • Public IP: This will be your OpenVPN server’s public IP address. You must assign a floating IP to your project (Compute->Access & Security->Security->Floating IPs).
  • Image: Ubuntu 16.04 LTS for Heat.
  • Flavor: the small flavor is sufficient but you may choose a bigger flavor if you have a reason to do so.
  • Keypair name: the key of your own SSH.
  • Private Network: the name of the network allocated to the project.
  • vpn_cidr: you should assign a subnet, which doesn’t conflict with the project’s internal network and your client-side’s networks. Usually the default value is suitable.


Click on the ’Launch’ button to create a virtual machine, which runs an OpenVPN server. Click on the stack’s name in the Overview menu to find the OpenVPN client config and a CA certificate. You can connect with the OpenVPN configuration.  Then transfer the contents of the CA certificate to the openvpn’s config folder with the name of “ca.crt”. Every virtual machine you wish to access via VPN must be added to the ‘internal security group’ of ‘vpn secgroup’. Furthermore, if your client is Windows based, you must run it as administrator.

 

With this method the cloud users can connect to the VPN server using their standard MTA Cloud username and password (provided they are members).


You can aslo watch a tutorial about it on the following link: : https://www.digitalocean.com/community/tutorials/how-to-set-up-an-openvpn-server-on-ubuntu-16-04
This method also works for the MTA Cloud.

Is there a storage space accessible using SSH or SCP?

The main purpose of the MTA Cloud service is to aid research projects by providing computing power, not storage space. We can however satisfy such demands by providing a certain quota, from which you may launch a Linux based virtual machine to store your data, accessed through SSH.

How do I use SCP on a Windows based virtual machine?

The guide only applies to Linux based virtual machines, which already have ssh installed. Windows on the other hand doesn’t have any servers that would use port 22, so it won’t work by default. The SFTP server is easy to install: http://www.sftp.net/servers . After installing it, the SCP is ready to go on the Windows based virtual machine.

How do I copy data to the virtual machine?

To transfer data you need to install the same software programs you would otherwise use on real computers (and enable networking in the Openstack, using the appropriate port). If you would like to transfer data from a Linux server, it might be easier to copy the data by using WinSCP running on the instance. Generally it is more practical to store data on a separate volume, created specifically for this purpose.

How do I use the pieces of software I need?

There are 3 types of services in a Cloud system: infrastructural cloud (IaaS), platform cloud (PaaS), and software cloud (SaaS). For the time being MTA Cloud provides an infrastructural service (IaaS) for its users, but this may serve as a basis for an eventual extension to PaaS or SaaS services. Using the MTA Cloud service enables academics to use an infrastructural cloud service that is dynamically adjustable, so that its size and type fits perfectly with their projects ongoing at the time, without having to go through complicated procurement procedures.

Installing the necessary pieces of software is the user’s responsibility. On the other hand, we do provide some applications that make using our services significantly easier. Although, these are only available on the SZTAKI branch at the moment. Please visit the following website: https://cloud.mta.hu/felhasznalast-segito-szolgaltatasok

 

Is it possible to move a virtual machine from one MTA Cloud project to another?

Yes, it is possible, once a snapshot has been made of the virtual machine. In the ‘Action’ column of the chosen virtual machine, click on ‘Compute’ → ‘Instance’, and in the drop-down list, click ‘Create Snapshot’. Following this, the resulting image can be shared with another project, and launched as a new instance.

Is there a standard text or tender identifier which is to be included in any future publications as an acknowledgement for successfully using the MTA Cloud?

If you have successfully joined and used the MTA Cloud service and as a result finished an article, please include the following acknowledgement either in English or Hungarian:

Köszönetnyilvánítás

A .............. projekt nevében köszönetet mondunk az MTA Cloud (https://cloud.mta.hu/) használatáért, ami nagyban hozzájárult a publikált eredmények eléréséhez. 

Acknowledgement

On behalf of Project ............... we thank for the usage of MTA Cloud (https://cloud.mta.hu/) that significantly helped us achieving the results published in this paper.

Please send us your article and a link to it if it gets published, so we can include it on our website. This would both increase the impact and visibility of your work, while it also serves as a reference to MTA Cloud, showing the practical use of our services.

Is it possible to extend an MTA Cloud project?

Yes, extending a contract is possible. We must however draw attention to the fact that this option may be revoked if our cloud nears saturation. For more information please contact the developers at: info@cloud.mta.hu.

What are the specifics of the requestable GPU instance, and how many could you provide for GPU-oriented projects?

  • Type
  • Memory
  • Quantity
  • For how long
  • etc.

Is the project user and the user of the virtual machine one and the same?

The users of the project have access to the requested resources. For Ubuntu users: the default username and password for their virtual machines are both ubuntu. (For Windows users it’s windows/windows respectively). Of course it is possible to add as many new users as needed, therefore the users of a project may not be identical to the users of the actual virtual machine.

Authorization for creating virtual machines within a given project

Within one project, every user has the same authorization, so everyone can create a new virtual machine. The administrator is the person who requested and is liable for the given project. Furthermore he is the one to decide who is allowed to use the resources allocated to the project.

Is it possible to continuously run a virtual machine within a project?

Yes, a virtual machine may run indefinitely, but the MTA Cloud doesn’t take responsibility for shutdown if there is a malfunction.

Is openVPN absolutely necessary?

It is possible to use a project without openVPN, as there is an IP address assigned to each project. This IP can be associated with the virtual machine, which, as a result, becomes accessible from the outside world. Once you have accessed the internal network with a public IP, you may easily access the other virtual machines using internal IP addresses. The number of public IPs however is limited, that is why we recommend using openVPN to our users.

How to close a project?

Before launching a project, the closing date must also be specified. When the time comes, our colleagues at MTA Cloud will contact the project administrator, to find out if they should proceed with shutdown. If the project ends before the planned closing date, please delete the virtual machines and volumes, and send us an e-mail to info@cloud.mta.hu with your project's name to initiate shutdown.