SerCon™ Quickstart Guide

Boot Your SerCon Server

  1. Plug in the USB key
  2. Turn it on
  3. Wait ~10 seconds

 

SerCon servers come pre-configured with DHCP networking. For most networks, you simply plug your server in, and it’s ready to go. (If you don’t have DHCP, you’ll need to connect a keyboard, mouse, and monitor to set the IP address on the network bridge br0.)

By default, the server will have a unique DNS hostname ending with the last 4 digits of your serial number, like one of these:

sercon-f7c3
sercon-3484
sercon-74aa
sercon-[LAST FOUR CHARACTERS OF YOUR SERIAL NUMBER]

 

 

How to Connect Using a Web Browser

Simply browse to: https://sercon-xxxx:6080/

Note: This requires a modern HTML5-compliant browser, such as Firefox, Safari, Chrome, Opera, or Internet Explorer 9.

The default username is ubuntu. The default password is on the included QuickStart print-out that came with your server.

Change Your Password

CST recommends immediately changing your password. Click System > Preferences > About Me > Change Password.

Note: If you close your browser tab (or window), you will be immediately logged out of the server. All running desktop applications on the server will be forced to close. (However, any virtual machines will continue running in the background.)

The browser-based administration tool on port 6080 (named noVNC) is basically a remote keyboard and monitor. This service should not be exposed to the Internet, as it only requires a password to gain access. It is assumed your server is behind a firewall that blocks 6080 from the Internet. For stronger security, disable noVNC and use VNC over SSH instead.

Pro Tip: Disable noVNC by editing /etc/rc.local. (Put a # in front of the noVNC line and reboot.)

How to Connect Using VNC over SSH

It is also possible to connect with VNC over an SSH tunnel. This provides optimum performance and enhanced security, and gives you the option of shutting down noVNC and only allowing SSH key connections to your SerCon server.

The USB flash drive included with your server has an SSH key (for both OpenSSH and Putty) that you can use to run VNC over SSH. The included Windows VNC viewer, called sshvnc, can be run directly from the flash drive (no installation is necessary).

  • For Ubuntu:

Applications > Internet > Remote Desktop Viewer > Host: localhost:7900 > Use host ubuntu@sercon-xxxx as an SSH tunnel

# Or, at a shell terminal:
vncviewer -via ubuntu@sercon-xxxx localhost:7900

Note: To use the included SSH key, first load the key with Applications > Accessories > Passwords and Encryption Keys.

# Or, at a shell terminal:
ssh-add /path/to/USB/SSH_keys/id_rsa.

  • For Windows:

There is a program called sshvnc on the USB drive, in the …/VNC/Windows directory. Run sshvnc.bat > Options > Advanced > Launch Pageant, then right-click on the Pageant systray icon and load the trusted SSH key.

Visit http://linux-sxs.org/networking/openssh.putty.html if you need more information about using Pageant and Putty under Windows.

Once the key is loaded, enter the sshvnc username in the form of: ubuntu@sercon-xxxx:7900. (Replace sercon-xxxx with the hostname of your server.)

  • For Android:

Install the applications AndroidVNC and ConnectBot from the Android market. Configure ConnectBot to use your SSH key and tunnel port 7900 to localhost:7900. Then connect AndroidVNC to localhost:7900.

Note: Since portable devices have a higher probability of getting lost, it is recommended that you create a separate SSH key for each Android device. This way, if the device is lost, it is easy to remove access to your lost key without affecting anything else.

Change Your SSH keys

CST recommends immediately changing your SSH keys. (This is like changing the default password.) Click on Applications > Accessories > Passwords and Encryption Keys > My Personal Keys to delete and then create and trust new SSH keys. Any SSH keys created with this tool can be imported into Putty by running puttygen.exe on Windows, or, on the SerCon server:

puttygen /path/to/new_id_rsa -o putty_id_rsa.ppk

 

How to Connect using an SSH Terminal

You can use Putty or OpenSSH to connect as ubuntu@sercon-xxxx, which will give you a text-mode command shell. SerCon servers have password SSH logins disabled by default, because brute-force dictionary attacks against SSH are a common attack vector. (Using SSH keys is infinitely more secure.) So, by default, you need to load your SSH key first.

With Putty, you must first run Pagaent (the Putty key manager) and then load your SSH key by right-clicking on the systray icon. If you use OpenSSH, ssh-agent is the key manager (and it’s probably running for you already), so you can load the key by running ssh-add key_file_name. This will give you a shell connection where you can enter text commands, similar to the Command Prompt under Windows.

There are a host of useful terminal commands that can be used to monitor and administer the server with a simple text-mode shell connection. This is useful on low-bandwidth or high latency connections, such as those found on mobile devices. SerCon servers include several modern utilities for system administration:

  • htop gives you a listing of processes, resources, and a realtime bar graph of resource consumption. It requires only an SSH connection. Type man htop for full documentation.
  • virsh is a command-line version of Virtual Machine Manager. It can be used to start, stop, and create new Virtual Machines. Type man virsh for full documentation
  • lxc-start, lxc-stop, lxc-ps, and other lxc- commands manage LXC containers. Type man lxc for details.
  • iftop will give you a list of who is using your bandwidth.
  • nethogs br0 will show you what processes are hogging the network I/O.
  • Other shell commands can manage users, network services, and hardware. See the Ubuntu Server Guide for full details.

 

 

How to Create a New Virtual Machine

SerCon servers were designed for virtualization. They include two leading technologies: KVM virtualization, and LXC containers. If you want to create Debian or Ubuntu Linux VMs, then LXC is recommended due to its incredible speed and efficiency. For other Operating Systems, KVM is recommended.

When you set up a new virtual machine, you will need to specify the new virtual machine’s hostname. Each new virtual machine (or LXC container) will be named something like “webserver”, or “intranet”, or “web-dev1″, or “fileserver”, depending on the role of the new server and how it should appear on your network. (You may also need to configure a fixed IP addresses for your network servers, depending on your local network policy.)

Thanks to bridged networking, any virtual machines or containers you create will appear on your network just like a physical computer. No special routing or NAT rules are required. The virtual machines will continue running even after you log out.

Create a Virtual Machine

Applications > System Tools > Virtual Machine Manager

Then click on the New button (on the top left). Simply follow the wizard. You’ll be asked to specify a boot CD-ROM image (a .iso file). There are some installer CD-ROM ISO images included.

New > Name: [new server name] > Use ISO Image: Browse

OS Type: [Choose the best match]
Version: [Choose the best match]

Memory (RAM): Choose an appropriate amount. Linux can run on 256 MB. Windows 7 needs at least 1 GB.
CPUs: 2 or more is usually a good idea

Create a disk image on the computer’s hard drive [Choose your desired size. Linux can run on 5 GB. Windows 7 needs at least 20 GB.]

Pro Tip: If you also want to run this VM under VirtualBox or VMware, select vmdk for the disk image format. VMDK disk images can be used with KVM, VirtualBox, or VMware. You can also convert the image format later. (The disk images are saved in /var/lib/libvirt/images/.)

Forward > Advanced Options > Specify shared device name > Bridge name: br0
Customize configuration before install: CHECK / YES. [This allows us to specify the high-performance virtio bus before starting the install.]
Finish

You are now able to customize the configuration before install. Select the high-performance virtio bus for disk and network:

Disk 1 > Advanced Options > Disk Bus: Virtio > Apply
NIC :xx:xx:xx > Device model: virtio > Apply

Finally, if creating a Microsoft Windows virtual machine, you need to attach the virtio driver disks, so Windows can find the device drivers for virtio. There are two special “disks” that you must add to your Windows virtual machine:

  1. The floppy disk image virtio-win-1.1.16.vfd. This has the hard disk virtio drivers needed before install.
  2. The CD-ROM disk image virtio-win-0.1-15.iso. This has the network virtio drivers needed after install.

Pro Tip: The latest versions of these drivers are available from: http://alt.fedoraproject.org/pub/alt/virtio-win/latest/images/bin/

Add them by specifying:

Add Hardware > Device Type: Floppy disk > Select managed or other existing storage > Browse > virtio-win-1.1.16.vfd > Finish

Add Hardware > Device Type: IDE cdrom > Select managed or other existing storage > Browse > virtio-win-0.1-15.iso > Finish

Done! You are now ready to begin the Operating System installation. Click Begin Installation on the top left. You can click on the Fullscreen button to see the entire VM screen during install.

Note: During the install, Windows may warn you that the virtio driver “has not passed Windows Logo testing”. Just click the Yes – Continue anyway button to ignore this harmless warning.

Note: If installing Windows, it won’t be able to find your virtio hard drive image until you click Load driver > Browse > Floppy Disk Drive (A:) > [Windows Version] > OK. After the install, you’ll also need to specify the network virtio drivers by going to Device Manager > Other devices > Ethernet Controller > Update Driver Software… > Browse my computer for driver software > Browse > Computer > CD Drive (E:) CDROM > [Windows Version] > OK.

Pro Tip: Microsoft offers Windows 7 ISO images for free download. See:

http://techpp.com/2009/11/11/download-windows-7-iso-official-direct-download-links/

As always, you need a valid Microsoft Product Key to use Microsoft Windows. (You get this when you purchase Windows from Microsoft or an authorized reseller.)

Pro Tip: The default network settings in Microsoft Windows not optimized, and quite slow (regardless of whether or not you are using virtualization). After creating a Windows VM, visit http://www.linux-kvm.org/page/WindowsGuestDrivers/kvmnet/registry and apply the suggested registry settings. CST has seen a ~300% speed gain from these changes.

How to Create an LXC container

LXC containers are very similar to virtual machines. Each LXC container gets its own ethernet MAC address, I.P. address, and root filesystem.

In contrast to virtual machines, however, LXC uses a shared kernel, RAM, and file system, which means you can run hundreds of LXC containers on a single piece of hardware. Virtual machines (like KVM, VirtualBox, XEN, or VMware) are limited to just a handful per server, because the different operating systems all compete for the same hardware (especially disk I/O). Since LXC has no virtualization layer, it runs at 100% speed of the native hardware, and since each LXC container is just a process, you can run literally hundreds of them per server (depending on workload). Whereas virtual machines require a dedicated disk image (or partition) and a fresh O.S. install, a new LXC container can be deployed in just a few seconds. The primary drawback of LXC containers is that they only run Linux.

Fortunately, virtual machines and LXC can run side-by-side, so you can use LXC for Linux servers, and KVM for everything else.

At this writing, LXC has not yet been integrated into Virtual Machine Manager. You must use shell commands to create and manage LXC containers. SerCon servers include the tool lxc-ubuntu-x to create new Ubuntu (or Debian) LXC containers.

To create a new LXC container, launch a shell with Applications > Accessories > Terminal (or just connect to the server using an SSH client like Putty), and then run:

sudo bash   # To become root.  You must be root to manage LXC.

cd ./lxc-ubuntu-x
./lxc-ubuntu-x [new_container_name]

To start the new LXC container, use lxc-start -d:

lxc-start -d -n [new_container_name]

Pro Tip: If you want the LXC container to start automatically when the SerCon server boots up, you must add the name of the container to the CONTAINERS option of /etc/default/lxc.

Here are some useful commands for managing LXC. These must all be run as root:

# View the list of LXC containers (and which ones are running):
lxc-ls

# Start a container
lxc-start -d -n [container_name]

# Stop a running container
lxc-stop -n [container_name]

# Destroy ("unregister") a container; does not affect the LXC's root filesystem.
lxc-destroy -n [container_name]

# If you want to permanently delete an LXC container, including root filesystem and config files:
lxc-stop -n [container_name]
lxc-destroy -n [container_name]
cd /lxc/
rm ./[container_name].conf
rm ./[container_name].fstab
rm -rf ./[container_name].rootfs

# To log in to a local LXC console terminal (not using the network).
lxc-console -t 1 -n [container_name]

# View the processes running in a container.  Any ps options (like "aux") can be added at the end.
lxc-ps -n [container_name] aux

Additional commands, such as lxc-freeze and lxc-unfreeze, are also available. By default, LXC root filesystems and config files are created in /lxc/. Type man lxc for full documentation, and see lxc-ubuntu.conf to change defaults.