YoloColo:Jumpbox

From ZeroOne Tech Public Wiki


Jumpbox Remote Access Setup

This guide is to setup a bastion remote desktop server in order to access yolocolo services delivered by ZeroOne Technologies

Setup Networking

First we must enable networking and request a public IP address to enable an internet routable VM on openstack

Setup “Jumpbox” LAN

  1. Open Networks - OpenStack Dashboard (zeroone.tech), You will have at least two networks listed. 1) Being Public and 2) being vlan1XXX. Public is the Public internet hosted by ZeroOne and vlan1XXX is your network local network for your yolo services
  2. We need to create a network for your “Jumpbox” using the “Create Network” option
  3. Name your network (in this case I am using “jumpbox_net”, leaving all other values as default, then click “Next”
  4. Define the IP Scope of this network, by giving it a name and address in CIDR Format. Leave IP Version Defaulted to IPv4 and Gateway Empty (This will be filled out by OpenStack), Then Click on next
  5. On the subnet Details Page, Click create leaving all other details default

Setup Internet Gateway for “Jumpbox” LAN 6. Navigate to Routers - OpenStack Dashboard (zeroone.tech) and “Create Router”

  7. Name your router and set the External Network to “Public”, then click create.

8. Open your router detail

9. View Interfaces for your router and add an interface

10. Select the subnet the Gateway is for, in this case the “jumpbox_subnet”, An IP address will assigned by openstack then click submit

Setup a Security Group for remote access 11. Now navigate to Security Groups - OpenStack Dashboard (zeroone.tech) and create a security group

12. Give it a useful name, in this case it is to allow you to remotely access your “Jumphost” then create.

13. With the Security Group created we can now add rules, add a rule.

  14. Set the rule type to RDP and enter the source IP of where you will be receiving RDP Requests. If you are unsure of what your IP Address in CIDR Format is you can use services such as WTF is my IP?!?!?? found at https://myip.wtf. You can also use 0.0.0.0/0 but this would allow anyone to attempt to connect to your “Jumpbox” on RDP which can be a BadIdeaTM , then “add”. Note if you intend to use a Linux Jumpbox, select SSH for the Rule instead

Note on Security Group Rules: Can had multiple and apply multiple to Compute Instances. As a result I will remove default rules from my Security Groups to allow for layering of rulesets. You will see this later, as a result my reset for allow-RDP looks like:

Request a Floating IP 15. Navigate to Floating IPs - OpenStack Dashboard (zeroone.tech) and “Allocate IP to Project”

16. Give the IP A description, then complete the allocation by then clicking “Allocate IP”

This completes the Networking Required for Setting up to have a Jumpbox on ZeroOne Cloud to access Yolocolo Services you can see the network layout at Network Topology - OpenStack Dashboard (zeroone.tech)   Compute Instance Setup Launching a New Windows Instance 1. Navigate to Instances - OpenStack Dashboard (zeroone.tech) and Launch an Instance

2. Name you Instance then click next

  3. For Source, Change to Image, you can then search for Windows to show available Windows Server 2022 Standard Image which you can then select (DO NOT SELECT “vGPU edition” unless approved by Management for vGPU resource access), Volume Size will now be the minimum size to accept image. You can increase volume size, but not make smaller that Image. Then next

  4. Set the “Flavor” or Size of the VM. In this case I am using a “z1.gs.small” as the Windows Image needs a Minimum RAM allocation of 4096MB, then next

5. Allocate the Network we create for this in the instructions above to this instance. Then next.

6. Skip Network Ports. No Changes required here

7. Allocate the Security Group created for Allowing RDP Connections to this device. You will see as per my note when creating the security group I have the “default” allow we traffic group then the second security group to “allow” RDP connections. Then Next.

  8. We can now create the private key for this machine, if you already have a private key, you can import it or otherwise we will create one now, click on “Create Key Pair”, give it a name and type of SSH (YOU MUST SAVE THIS KEY AS WE CANNNOT RECOVER IT AND WITHOUT IT YOU CANNNOT ACCESS THIS VM AND IT WILL NEED TO BE RECREATED)


9. With the Key Pair defined we can now “Launch”

10. We can then Allocate the Previously requested Floating IP


11. Retrieve the Password, you will be then prompted for the previously generated SSH key. As previously noted if you have an issue with the private key, we will be unable to recover your password to access this Instance


12. After Approx 5 minutes Instance should then be available to remote access using the windows remote desktop client with the username Administrator and the password decrypted above

13. Lastly we can attach the Instance to the YoloColo Network by using “Attach Interface”, when using the option you will have the option to set an IP Address for this instance, if you do not one will be assigned for you, but do not use an IP Address below .10 as these are reserved for Openstack Services.


You will now have two Networks available in your remote desktop