fujitsu cloud service s5 introduction guide cloud service s5 introduction guide ver. 1.3 date of...

1

All Rights Reserved, Copyright FUJITSU AMERICA, INC. 2011

FUJITSU Cloud Service S5

Introduction Guide

Ver. 1.3

FUJITSU AMERICA, INC.

2



Introduction Guide Ver. 1.3

Date of publish: September, 2011

All Rights Reserved, Copyright © FUJITSU AMERICA, INC.

No reproduction or republication without written permission.

Modification history

Version Date of issue Description

1.0 May 17, 2011 Original version

1.1 September 2, 2011 Updated version with newer screen shots and streamlined sections

1.2 September 7, 2011 Additional updates to sections 1.7 and beyond

1.3 June 30, 2016 Updates for name change to FUJITSU Cloud Service S5

3


Introduction

This document is a how-to guide on developing a new system by using Global Cloud Platform.

Please also refer to following documentation about the details of Global Cloud Platform, which can be

found at https://globalcloud.us.fujitsu.com/portala/ctrl/aboutSopManual

General Documentation

Functional Specification: describes key features of the Global Cloud Platform

Service Portal User’s Guide: provides in-depth information about usage of the Service Portal

Global Cloud Platform Service Catalog: defines technical workings of the platform

Task Specific Documentation

KMS User’s Guide: describes how to activate OS’s license using KMS services

SSL Server Certificate Registration: defines how to register certificates in the Load Balancer (SLB)

W2K3 and W2k8 Sysprep Manuals: offer assistance when create customer specific image templates

API Documentation

API User’s Guide: defines the general usage of the API

API Reference Manual: provides an XML-RPC type API reference manual

Related Documents

KMS Activation Program: a batch file to register a virtual machine with the KMS

API Library: a ZIP file of the API SDK

Other Portal Links

Restriction / Consideration http://globalcloud.us.fujitsu.com/portal/ctrl/aboutSopNote:

FAQ http://globalcloud.us.fujitsu.com/portal/ctrl/aboutSopFaq

Notes

Contents in this guide are subject to change/update without notice.

https://globalcloud.us.fujitsu.com/portala/ctrl/aboutSopManual

http://globalcloud.us.fujitsu.com/portal/ctrl/aboutSopNote

http://globalcloud.us.fujitsu.com/portal/ctrl/aboutSopFaq

4


Table of contents

Chapter.1 Start-up ................................................................................................................................................................... 5

1.1 General Outline .............................................................................................................................................................................. 6

1.2 Sign-Up for Service (Obtain Administrator ID) ............................................................................................................................... 7

1.2.1 Log-in to Top (Home) page ....................................................................................................................................................... 7

1.2.2 New Registration of Customer (Administrator ID) .................................................................................................................... 8

1.2.3 Login with ID/password ........................................................................................................................................................... 13

1.3 Getting Activated (completing the documentation) ...................................................................................................................... 15

1.3.1 Complete and Return the Application Form (Usage Agreement) .......................................................................................... 16

1.3.2 Complete and Return the Credit Application (for new customers) ......................................................................................... 16

1.3.3 Receive a Notice that your Adminstrator ID is Activated ........................................................................................................ 17

1.4 Administrator Login and Certificate .............................................................................................................................................. 18

1.4.1 Download the Client certificate ............................................................................................................................................... 18

1.4.2 Import the Client certificate ...................................................................................................................................................... 20

1.4.3 Log-in to Service Portal with Administrator’s ID. (Client certificate) ........................................................................................ 25

1.5 Add Resource Controller ID ......................................................................................................................................................... 27

1.5.1 Apply to add new Resource Controller (Registrant’s part) ..................................................................................................... 27

1.5.2 Registration Process (Registered person’s part) .................................................................................................................... 29

1.5.3 Log-in with ID and Password .................................................................................................................................................. 31

1.5.4 Create Certificate and Log-in as Resource Controller............................................................................................................ 31

1.6 Create New System ..................................................................................................................................................................... 35

1.6.1 Login to Service Portal (Client certificate) ............................................................................................................................... 35

1.6.2 Create New Virtual System ..................................................................................................................................................... 35

1.6.3 Confirm the Estimate............................................................................................................................................................... 39

1.6.4 Agree to the terms / deploy virtual system .............................................................................................................................. 39

1.7 Install Middleware and Applications ............................................................................................................................................. 40

1.7.1 SSL-VPN Console Connection .............................................................................................................................................. 40

1.7.2 Install Middleware and Application .......................................................................................................................................... 43

1.7.3 Enable Access to the Internet (Modify Network Settings) ...................................................................................................... 43

1.8 Operate and Monitor Virtual Systems .......................................................................................................................................... 44

Chapter.2 Cancelation ....................................................................................................................................................... 45

2.1 Flow to cancel the contract .......................................................................................................................................................... 46

2.1.1 Save data outside Global Cloud Platform (If necessary) ....................................................................................................... 46

2.1.2 Log-in to Service Portal with Administrator’s ID (Client Authentication) ................................................................................. 46

2.1.3 Return All Virtual Systems ....................................................................................................................................................... 46

2.1.4 Submit a Service Cancellation Request. ................................................................................................................................ 46

2.1.5 Receive a Service Cancellation Request. .............................................................................................................................. 46

Chapter.3 Global Service Desk and Optional Services .......................................................................... 47

3.1 Global Service Desk Support ....................................................................................................................................................... 48

3.1.1 Registering for service (Sign-Up) ............................................................................................................................................ 48

3.1.2 Global Service Desk Support.................................................................................................................................................. 48

3.2 Additional Services ....................................................................................................................................................................... 48

3.2.1 Operating System and Middleware Support (optional / future) .............................................................................................. 48

3.2.2 Intranet Connection Service (optional / future) ....................................................................................................................... 48

5


Chapter.1

Start-up This chapter explains the initial activities associated with using this

service.

6


1.1 General Outline The following diagram explains the flow to start using this service.

Receive Registration Guide mail.

Receive Registration Completion mail

Receive Service Available notice mail

Receive Registration Guide mail

Receive Registration Completion mail

Operations after activation

1.2 Sign-Up for Service (get Administrator ID

1.3 Apply to the Service (get activated)

1.4 Certificate login with Administrator ID

1.6 Create New System

Workflow Actions at

Service Portal

Application

Activity

Remarks

1.5 Add Resource Controller IDs

1.7 Install Middleware and Application

1.8 Operate / Monitor Virtual Systems

OPTION

7


1.2 Sign-Up for Service (Obtain Administrator ID)

This section explains how to “Sign-Up” as a new customer and obtain an Administrator ID.

This service has 2 types of ID: Administrator ID and Resource Controller ID.

ID type Description

Administrator ID This is the ID which manages a contract of FUJITSU Cloud Service

S5. Each contract can obtain only one ID. This ID is also allowed to

create and manage multiple additional Resource Controller ID.

Resource Controller ID This is an ID,created by anAdministrator ID, and can access and

control the FUJITSU Cloud Service S5 system. Multiple Resource

Controllers can be created within each contract. The number of

Resource Controller ID is unlimited.

[ATTENTION] if your organization already has one registered administrator (and Contract number), it is easier to add

additional resource controllers to that account to streamline the number of contracts a customer has. Resource Controllers

can be given any number of rights (including full administrative access).

1.2.1 Log-in to Top (Home) page

Users can access the Service Portal from the client PC’s web browser via Internet using the following URL.

http://globalcloud.us.fujitsu.com

* If displayed language is not in English, please click the pull-down menu at upper-right and select

[English].

System requirements of Service Portal are as follows

.

Screen Resolution 1280 x 1024 or higher (Recommend)

1024 x 768 (Minimum)

Figure 1-1 Home Page of Service Portal

http://globalcloud.us.fujitsu.com/

8


CPU / Memory / HDD No particular restrictions as long as following OS, Web browser,

Flash Player, and Java are running

OS Microsoft Windows XP SP3 (32bit)

Microsoft Windows Vista SP2 (32bit)

Web browser Microsoft Internet Explorer 7 / 8

Flash Player Adobe Flash Player 10

Java Runtime Environment JRE 6.0 or higher (Required when downloading the Certificate file)

[ATTENTION] there are issues with certain versions of the Java runtime environment. Please review the

FAQ area of the service portal for details.

1.2.2 New Registration of Customer (Administrator ID)

(1) Click “Sign up” button on the top page.

* Click “Subscribe” button.

Figure 1-2 New Registration – Sign-Up / Subscribe

9


(2) Enter the e-mail address and agree to the terms.

* [ATTENTION] Registration guide and important information to continue the registration process are

sent to the defined e-mail, so please be sure it is a valid e-mail address.

After checking the agreement check box for the service terms and the catch-all control, please click “Apply”

button.

Figure 1-3 New Registration – Accept Terms / Apply

10


(3) Confirm the acceptance of application (1st email to continue the registration)

An e-mail (as shown below) will be sent to the provided e-mail address.

(4) Enter the temporary password.

Enter the temporary password provided in the guidance mail, and click “Go to Registration Procedure”

button.

(5) Enter User Information

Access the URL provided in the guidance e-mail and use the Temporary Password to continue.

NOTE: If users do not proceed with the registration within 24 hours, this application becomes invalid.

Figure 1-4 New Registration – Guidance Email is sent

Figure 1-3 New Registration – Temporary Password

Figure 1-5 New Registration - Email Confirmation

11


Figure 1-4 New Registration – Customer Information

Enter the user information and click “Next” button.

* Items with (*) mark are required, so please enter them.

* “Furigana”: For users living outside eastern language area, please enter the name again.

12


(6) Confirm the information

Figure 1-5 New Registration - Register

Confirm the information and click “Register” button..

If corrections are necessary, please click the “Back” button and fix the information.

(7) Completion

Figure 1-6 New Registration – Sign In

An e-mail containing additional registration information is sent to the registered e-mail address.

This e-mail contains some information regarding your contract and the key links necessary to complete

the Usage Agreement and the Credit Application (for new customers), so that please keep it in safe.

13


1.2.3 Login with ID/password

(1) Click “Sign in” button on the top page.

(2) Input the registered information (User ID and password), and then click “Sign in” button.

(3) Complete login

After login is completed, users can estimate the monthly service charge by designing sample systems.

After Administration ID is fully activated [see section Error! Reference source not found. for details], users

will be asked to create a certificate, after which they can create and deploy virtual systems, add

additional Resource Controllers and have full access to the platform.

At the first estimate operation, users need to specify the private IP address space settings. Please

carefully read the notes below, and then specify the setting.

Figure 1-7 Login with ID/password – Sign in

Figure 1-8 Login with ID/password – Enter Credentials

Figure 1-9 Login with ID/password - Estimate

14


[Excerpts from Global Cloud Platform Functional Specification (ver. 2.0) – on Private IP Address Space]

Private IP address space

In the private IP address allocation, network addresses with 24 bit netmask are utilized from the range of specified IP addresses, and

allocated to each segment in the system. Private IP addresses are allocated automatically to each resource (VMs and SLB built-in

servers).

* Private IP addresses are set when each resource is deployed, and they are released when resources are deleted. Therefore

private IP address will not change by the start/stop operation of each resource.

The ranges of private IP addresses that can be specified are as follows.

- Class A: 10.0.0.0 - 10.255.255.255

- Class B: 172.16.0.0 - 172.31.255.255

- Class C: 192.168.0.0 - 192.168.255.255

[Attention] * In the above range of private IP address, [10.128.0.0/16] is not available.

[Example of private IP address allocation]

If you are using the full Class C range and configure your first virtual system with 3 segments (DMZ, SECURE1, SECURE2),

private IP addresses will be allocated to each resource as follows.

DMZ segment - - - Any IP address within 192.168.1.0/24.

SECURE1 segment - - - Any IP address within 192.168.2.0/24

SECURE2 segment - - -Any IP address within 192.168.3.0/24

Private IP address is allocated to the each resource at the time of 1st boot, and the IP address is released when the target

resource is deleted. Therefore, the IP address is not changed by the start/stop operation of the resource.

[Attention] About the address overlap when using Private Network Connection (Intranet Connection Service)

If planning to use the Private Network Connection (aka: Intranet Connection Service), the Private network (customer) address

space MUST NOT overlap with the range defined for the Global Cloud Platform. Please specify (on FUJITSU Cloud

Service S5 side) a range of network addresses that is different from the existing customer (private) network address, if Intranet

Connection service is anticipated.

[Attention] About private IP address setting for each resource

Users cannot specify the private IP address for each resource. They can only specify the range of IP address. Please do not

change the private (assigned) IP address of a VM or allocate the virtual IP address to VM manually, or you may not be able to

communicate with those VMs.

[Attention] About the address overlap when using SSL-VPN Console Connection

When users connect via SSL-VPN, the VPN connection will fail if the IP address of client PC overlaps with the range of network

address of the created FUJITSU Cloud Service S5 system. Please specify the range of network address that is different

from the network address of client PC in the private IP address space setting.

15


1.3 Getting Activated (completing the documentation)

This section explains about how to “activate” your account by completing the necessary documentation.

* The Administrator’s ID obtained in the previous section is allowed only to estimate virtual systems. In

order to use the complete set of Service Portal functions, the Administrator ID must be activated by the

Service Delivery manager (using the process depicted above)

* [ATTENTION] If theAdministrator ID is not activated within 90 days from the registration date, this

Administrator ID will be deleted.

The e-mail below was provided when the first stage of registration was completed. This e-mail has all the

necessary links and information to complete the activation process.

Download the Application Form (Usage Agreement)

Return the completed Application (Usage)

Receive the completed Application (Usage)

and Credit Application (new customer)

(Usage Agreement)

Activate the Administrator’s ID (*)

Customers

Complete the Application (Usage Agreement)


Send an ID Activation Completion notice. Receive an ID Activation Completion notice.

Download the Credit Application Form

If a new Customer to Fujitsu America

Complete the Credit Application

Return the completed Application (Credit)

Figure 1-13 Activating the Adminstrator ID

16


1.3.1 Complete and Return the Application Form (Usage Agreement)

Step 1 in the above Email provides the link to the contracts area of the service portal, where you can find

the Application (Usage Agreement) form. That URL is:

http://globalcloud.us.fujitsu.com/portal/ctrl/aboutSopTermsE

Please download the Usage Agreement from that link, sign it and return it to the email address provided:

([email protected])

Fujitsu Sales will send a Service Application form.

1.3.2 Complete and Return the Credit Application (for new customers)

If you are a new customer to Fujitsu America, you must also complete and return the credit application

from the link provided. http://globalcloud.us.fujitsu.com/portal/ctrl/aboutSopTermsE

Please download and complete the Credit Application, sign it and return it to the email address provided:

([email protected])

Figure 1-14 Email Information for Activation


mailto:[email protected]



17


1.3.3 Receive a Notice that your Adminstrator ID is Activated

When the above documentation has been received by the Service Delivery Manger, s/he will activate your

Administrator ID and your account will be ready for full access. You will receive an email notice that

your account has been activated.

Upon next login, after the Administrator’s ID is activated, users will be guided through the process of

creating a Client certificate, which is required for 2-factor authenticated access to the full range of Service

Portal features.

[ATTENTION] if you have an existing relationship with a Fujitsu America Client Executive, you may

also be interested in the Proof of Concept or Pilot Programs, which can expedite your access to the system

while the documentation activities progress in parallel.

18


1.4 Administrator Login and Certificate

1.4.1 Download the Client certificate

When users log-in to the Service Portal with an ID and password (after Administrator’s ID is activated),

they are asked to create a certificate. The certificate will automatically be installed to the browser used

during its creation, however you will want to “re-install it” if you desire the additional security of 2-factor

authentication. You can also import the certificate to other client PC’s you plan to use.

Please follow the steps outlined below to create and download the certificate

(1) Log-in to Service Portal with ID/password after Administrator’s ID is activated.

[ATTENTION]: if you see the Create Certificate button (as in the screen shot below), your account is

activated and ready for full use. IF you still see the “Estimate” button, your account is NOT yet in an

activated status. If you have completed the documentation steps in the previous section and believe your

account should be activated, please contact the Global Service Desk for support.

(2) Click “Create Certificate” button.

Figure 1 – 15 Client Certificate - Create

(3) Click “Issue/Update Certificate”.

Figure 1-16 Client Certificate - Issue/Update

19


(4) Enter the password for the private key.

Figure 1- 17 Client certificate – Private Key

The password for the private key is required when importing a certificate to the client PC.

Enter the password for the private key, and then click “Issue” button.

* [ATTENTION] Between 16 and 31 letters of one-byte alphanumeric characters and symbols for the

password of the private key. The letters are case-sensitive.

* Password of the private key is required information, so please confirm it in the second text box

* If the following security warning message is displayed after clicking the “Issue” button, please click

“No”.

(5) Specify the folder location where certificate files are saved.

Figure 1 – 18 Client certificate - Download

Click “Browse” button, and then specify the folder location where certificate files are saved. After folder

location is specified, please click “Store” button.

* In order to download the certificate, Java Runtime Environment (JRE) 6.0 or higher is required. If JRE

20


6.0 or higher is not installed, please install JRE 6.0 or higher first, and then start over this procedure.

* Specifying the folder location where the certificate file is save is required field, so please make sure to

specify it.

[ATTENTION]: there are known issues with certain JRE releases (java 6 Update 24 or higher is

recommended) for updated details on this topic, please see the FAQ area of the Service Portal:


(6) Complete the download

Figure 1-109 Client certificate - Complete

1.4.2 Import the Client certificate

If you wish to add 2-factor authentication to the current PC, or import the certificate to other PCs, this

section describes those steps.

Import the certificate which is downloaded from Service Portal.

(1) Execute the downloaded certificate file (UserCert.p12).

When double-clicking the certificate file, the Certificate Import Wizard is displayed.

(2) Start the Certificate Import Wizard

Figure 1-20 Import the Client certificate

The following operations are implemented not on the web browser but on the Windows.


21


Click “Next” button and move to the next step.

(3) Specify the Certificate file

Figure 1-21 Import the Client certificate (2)

Specify the Certificate file (UserCert.p12) to import, and then click “Next” button.

If the file is not specified automatically by default, please click “Browse” button and specify the

Certificate file manually.

(4) Enter the password for the private key


Enter the password for the private key which was specified when creating and downloading the

Certificate file from the Service Portal.

In addition, in order to provide for higher security level (2-factor authentication), please check the box of

[Enable strong private key protection.] and remove the checkmark of [Mark this key as exportable.].

The option of [Include all extended properties.] may not be displayed depending on the OS. If it is

displayed, please keep the default setting.

22


After entering the password and checking the boxes, please click “Next” button.

(5) Specify the Certificate Store

Figure 1 - 23 Import the Client certificate (4)

Select the [Automatically select the certificate store based on the type of certificate] and click “Next”

button.

(6) Complete the Certificate Import Wizard


Confirm the specified settings and click “Finish” button.

23


(7) Specify the Security Level


Change the Security Level from [Medium] to [High]. Click “Set Security Level” button.

(8) Select the Security Level


Choose [High], and click “Next” button.

(9) Specify the Key Protection Password


Create the Key Protection Password which will be required to log-in to Service Portal with Client

Certificate. (user will be prompted for this password when the certificate is selected during service

portal login). Password” and “Confirm” fields are required items, please enter the password carefully

and confirm it in the second text box.

After entering the passwords, click “Finish” button.

24


(10) Confirm the Security Level


Please confirm that the Security Level is “High”.

After the confirmation, please click “OK” button.

(11) Confirm the import of root certificate


Please confirm that the value of displayed Thumbprint (sha1) is same as the value of Fingerprint

printed on the following URL.

URL: https://globalcloud.us.fujitsu.com/portals/ctrl/aboutCertificate

After the confirmation, please click “Yes”.

Please confirm that the message “The import was successful” is displayed.

In case any other message is displayed, please contact Support Desk.

[ATTENTION] When the installation is completed, please close all web browsers.

https://globalcloud.us.fujitsu.com/portals/ctrl/aboutCertificate

25


1.4.3 Log-in to Service Portal with Administrator’s ID. (Client certificate)

(1) After importing the Certificate, click “Sign in” button on the top page.

Figure 1-30 Log-in to Service Portal with Administrator’s ID. (Client certificate) (1)

(2) Select the Certificate


The dialog box of Identification is displayed. Select the Certificate which is used for login by looking at

the Name column as a key, and then click “OK” button.

26


(3) Select “Grant permission ” and enter the “Key protection password”


The “Key protection password” is a password which is specified when importing the Certificate.

After enter the password, please click “OK” button.

When login is completed, the following menu window is displayed.

Figure 1-153 Log-in to Service Portal with Administrator’s ID (Client certificate) (4)

27


1.5 Add Resource Controller ID This section explains how to add a Resource Controller ID. This step is not mandatory, but is strongly

recommended for secure and controlled operation.

[ATTENTION]: as mentioned earlier, the recommended model for FUJITSU Cloud Service S5 usage is to

have one Contract per customer (or business unit), from which several resource controllers can be created.

This will streamline the account management and billing interaction.

The procedure of obtaining Resource Controller ID consists of 2 parts; Registrant part and Registered

person’s part.

1.5.1 Apply to add new Resource Controller (Registrant’s part)

(1) Log-in to Service Portal with Administrator’s ID (Certificate Login).

(2) Select “User Management” from the Portal Menu.

Figure 1-164 Add Resource Controller ID (1)

1.5.1 Apply to add new Resource Controller 1.5.2 Registration Process

1.5.3 Log-in with ID/password

Registrant (Administrator) Registered Person (Resource Controller)

1.5.4 Log-in with Resource Controller’s

Certificate

1.5.5 Allocate privileges to the Created

Resource Controller ID.

28


(3) Select “Administrator List” from the User Management menu.

Figure 1 - 35 Add Resource Controller ID (2)

(4) Click “Adding Resource Administrator” button.


(5) Enter the registered person’s e-mail address.


In order to send a guidance mail to the registered person, please enter the valid e-mail address of that

29


person, and then click “Apply” button. The mail which explains the next step is sent to the entered e-mail

address.

* E-mail address is required information, so please makes sure to enter the same e-mail address at both

fields.

(6) Confirm the Registration Application Acceptance


The guidance mail is sent to the entered e-mail address.

Please ask the registered person to implement the registration procedure from [1.5.2].

If the person does not implement the registration procedure within 24 hours, the application becomes

invalid.

1.5.2 Registration Process (Registered person’s part)

(1) Enter the temporary password and agree to the Terms.

The following procedure is performed by the registered person.

Receive the guidance mail, and access to the URL provided in the mail.

If the registration procedure does not complete within 24 hours, the application

becomes invalid, and the administrator will have to re-invite them.

30



Check the guidance mail, and enter the temporary password written in the e-mail.

Check and agree to the Terms of service as well as the Agreement items on the Catch-All Control, and

then click “Apply” or “Go to Registration Procedure” button.

(2) Enter the User information


Enter the customer’s information and click “Next” button.

* Items with (*) mark are required, so please enter them.

(3) Confirm the registration information

31



Check the entered information, and click “Register” button If corrections are required, click “Back”

button to move the previous window, and then fix the information.

(4) Registration completion


1.5.3 Log-in with ID and Password

Follow the same steps provided in section [1.2.3 Login with ID/password].

1.5.4 Create Certificate and Log-in as Resource Controller

Upon first login, the Resource Controller will be asked to create a certificate using the same technique

as the Administrator. Please refer to the section [1.4 Log-in to Service Portal with Administrator’s ID.

(Client certificate)], for the full set of steps necessary to get the Resource Controller’s system configured.

1.5.5 Allocate Privileges to the Created Resource Controller ID

The following procedure is done by the Registrant (Administrator).

By allocating the operation privileges, it is possible for Resource Controller ID to

operate the system (such as deploy new virtual system).

32


[ATTENTION] the steps below show how to make the newly added Resource Controller a “Central

Administrator” for the overall contract. If you are interested in more granular Role Based Access Control,

please refer to the Functional Specification and the Service Portal Users guide which are mentioned in the

beginning of this document.

(1) Log-in to Service Portal with Administrator’s ID (Certificate Login).

(2) Select “Access Control” from the Portal Menu.


(3) Click “Authorization Setting: Authorization List”.


(4) From the “Access Control: Authorization List”, click the target Resource Controller ID.


33


(5) At the “Access Control: Authorization Setting > Set User Authorization” window, select [Central

Administrator], and then click “Next” button.


(6) At the “Access Control: Authorization Setting > Set User Authorization” window, confirm that

[Central Administrator] is specified at “Central Management Authorization”, and then click “Fix”

button

34



(7) Confirm the displayed message (ex. “The authorization for the user (kikijiji) was set”), and then click

“Back to Authorization List” button.


35


1.6 Create New System

1.6.1 Login to Service Portal (Client certificate) Log-in to Service Portal as Resource Controller or Administrator by the Client Certificate login.

1.6.2 Create New Virtual System

Please refer to FUJITSU Cloud Service S5 Portal User’s Guide Chapter 2. Create/modify a Virtual

System] for complete details on creating new virtual systems.

Standard procedure is explained below.

(1) Select “My Portal” from the Portal menu.

Figure 1-219 Create New System (1)

Resource Controller ID or Administrator’s ID

1.6.2 Create New Virtual System

1.6.3 Confirm Estimate

1.6.1 Log-in to the Service Portal (Certificate login)

1.6.4 Agree to the Terms of service /

Deploy a virtual system

36


(2) Select “Design Studio” from My Portal.

Figure 1 - 50 Create New System (2)

(3) Specify the Private IP address space setting

When creating (or estimating) the first new virtual system (only onece), the Network Configuration

must be specified. Users need to specify the range of private IP address which will be allocated to the

virtual systems (VMs and load balancers).

Figure 1-221 Create New System (3)

[ATTENTION] Users can configure this setting only when they create a first new virtual system.

Therefore, please refer to the [FUJITSU Cloud Service S5 Functional Specification] as well as the Global

Cloud Platform Portal User’s Guide 2.2 Private IP Address Space Setting] about the details in advance.

If users plan to deploy a virtual system which has 3 segments, they need to specify at least the range of 4

consecutive 24-bits netmask’s network addresses (3 network addresses (used for each 3 segments) + 1

network address (used for private IP address communication))

37


Example:

If users plan to deploy 2 separate 3-segment virtual systems, they need to specify 7 consecutive

24-bits netmask network addresses (3 + 3 + 1 = 7).

In such case, please specify as follows.

172.10.0.0 – 172.10.6.255

(4) Create New Virtual System

Figure 1-232 Create New System - Start

Click “Create a new system” link to start creating the system.

(5) Select a Template

Figure 1-243 Create New System - Template

Select a Template (in this case the 3-tier skeleton), then click Next>

38


(6) Set Basic Info

Figure 1-254 Create New System – Basic Info

Give the System a Name, select Network connection types and click Next>

(7) Configure the System

Figure 1-265 Create New System - Reconfigure

Configure the system by dragging items from the right Pane (server / other) to the left side window,

configure each item in the lower left window pane, then Click Next> when ready to continue

39


1.6.3 Confirm the Estimate

Figure 1-276 Create New System – Confirm Estimate

After users design the virtual system configuration, the approximate estimate of service charge is

displayed. The approximate estimate is based on an assumption that the system will be on for 24 hrs a

day for a full 31 day month (resulting in the 744 hrs in amount of Usage column). Your actual usage

will determine the cost, as this is a true pay per use system.

After confirming the amount, please click “Next” button.

[About the functions in the screen]

PDF Output: Users can download the approximate estimate in PDF format.

CSV Output: Users can download the approximate estimate in CSV format.

Save Estimate: Users can save the Virtual System Configuration

1.6.4 Agree to the terms / deploy virtual system

Figure 1-57 Create New System – Agree to Terms

After users understand and agree the Terms of Service, please check “I agree to the Terms of Service”,

and then click “Final Confirmation” button. When the button is clicked, the virtual system will deploy.

40


1.7 Install Middleware and Applications This section describes the following items:

- How to establish a secure connection to your virtual infrastructure

- How to install middleware and application software onto your virtual infrastructure

- How to make avirtual system accessible to the Internet.

1.7.1 SSL-VPN Console Connection By using the SSL-VPN Connection service from the Service Portal (as seen in the diagram below), users

can gain secure access to the VMs via SSL-VPN.

Figure 1-58 Establishing an SSL-VPN Connection

After Clicking the “VPN Connection” button, the user will be asked which segment of the VSYS they wish

to connect to:

Figure 1-59 Select the VSYS segment to connect (tunnel) to

41


Select a segment and click Connect.

Figure 1-60 Select the certificate identifying the user and enter the PIN (if set)

Select the proper certificate, click OK, enter the PIN then click OK

Encountering the following screen is normal due to a known Java data issue, click “Continue to this

website”

Figure 1-61 Continue to this Website

If prompted for the Certificate again, please repeat the step listed above in Figure 1 – 60.

When presented with the SSL-VPN login screen, use the FUJITSU Cloud Service S5 credentials you

were provided when your account was activated

42


Figure 1-62 Authenticate with FUJITSU Cloud Services S5 Credentials

You should see a connecting message in the browser window, folloed by a lock icon in your taskbar when

the VPN Tunnel has successfully been established.

Figure 1-63 Observe the VPN tunnel being Established

After SSL-VPN connection is established, users can gain access to the VM via RDP (Remote Desktop) for

Windows Servers and via SSH for CentOS.

Please refer to [3.2 VPN Connection (Log-in to VMs)] in the [Service Portal User’s Guide] for the details.

Target OS Remote Connection method Data Transfer method

Windows Server Remote Desktop Protocol (RDP)

connection

Shared resource of the Remote

Desktop connection

CentOS

Red Hat (In planning)

SSH SCP

In addition to the “Data Transfer Methods” provided by the remote connection software, another common

practice is to setup an FTP service on one of the DMZ VMs to accept data transfers that other VMs within

the VSYS can gain access to..

To get the private IP address of each of your Virtual machines, use the list view button of the System

Details window (as shown below).

43


Figure 1-64 Identify th private IP addresses of VMs

1.7.2 Install Middleware and Application Once you’ve established a secure connection to the VSYS and the VMs within it, you are able to install

middleware and applications as necessary, to meet your requirements.

If your setup requires access to the internet, some additional configuration is required on your VSYS (to

allow access to internet) and on your VMs to enable DNS. The following section provides some

additional insight on these steps. Connections via an Intranet (private link) are also possible, but

requires additional integration, which is outside the scope of this document.

1.7.3 Enable Access to the Internet (Modify Network Settings) Before connecting virtual systems to the Internet, please review your organization’s security policies and

guidelines to ensure you are adhering to them in an appropriate manner. Users are responsible for the

security when they make the virtual system accessible to the Internet.

For Cloud VMs to communicate with the internet, the following steps must be taken:

DNS Settings: set DNS to “Standard DNS” from VSYS System Details area

Configuration of VM: Set [156.79.66.10] for Primary DNS server for each VM requiring access

Enable global IP address: Enable obtained global IP address at Firewall built-in server.

FW NAT Setting: Set enabled global IP address for SNAPT address at Firewall built-in server.

Firewall Rule Setting (1) (http communication)

o From: Segment including VM which will access to the Internet

o To: Internet

o Source: VM which will accesses to the Internet, or [any]

o Source port: any

o Service: (not select)

o Destination/Service: Select [IP address] and input [any] in the blank

o Destination port: http (80)

o Protocol: TCP

Firewall Rule Setting (2) (https communication)


44


o To: Internet

o Source: VM which will access to the Internet, or [any]

o Source port: any

o Service: (not select)

o Destination/Service: Select [IP address] and input [any] in the blank

o Destination port: https (443)

o Protocol: TCP

Firewall Rule Setting (3) (DNS communication)


o To: Internet

o Source: VM which will access to the Internet, or [any]

o Source port: any

o Service: DNS

* In order to access to the Internet, “Internet” must be selected in network access point and firewall is

configured properly.

For complete details on each of the above settings, please consult the Functional Specification or the Portal

Users guide, both which are available from the Libray page of the Service Portal Home screen.

1.8 Operate and Monitor Virtual Systems

As the number of features available to Operate and Monitor the the virtual systems of the FUJITSU

Cloud Service S5 environment are beyond the scope of an introduction Guide, please consult the following

sections of the Portal Users guide for details.

Section 3 of the Portal users guide includes in-depth details for the following “OPERATE” functions:

Starting and stopping VMs, Server Load Balancers and Firewalls

Confirming the initial password assigned to a VM

Establishing a VPN connection to the VSYS segments

Backing up and restoring disks

Configuring the Firewall, NAT and DNS functions

Configuring the Server Load Balancer

Reviewing logs and status errors

And more….

Section 4 of the Portal users guide includes in-depth details for the following “MONITOR” functions:

Using the Portal Home (Top) Page and accessing the System Manager

Listing Virtual Systems in configuration style or list style

Displaying all VMs and their current state

Virtual System details

45


Chapter.2

Cancelation This chapter explains how to cancel the contract.

46


2.1 Flow to cancel the contract The flow diagram below explains how to cancel this service.

2.1.1 Save data outside FUJITSU Cloud Service S5 (If necessary) When all virtual systems are returned, all data on the virtual system are all deleted.

Please copy the data on the virtual system to the customer’s local environment in advance, if necessary.

2.1.2 Log-in to Service Portal with Administrator’s ID (Client Authentication)

Log-in to the Service Portal with Administrator’s ID (Client Certificate and PIN).

2.1.3 Return All Virtual Systems

Return all virtual systems at System Manager in the Service Portal.

Repeat the following procedure until all systems are returned.

1) Stop all VMs (include Firewall and SLB) in the virtual system.

2) Return the virtual system.

At this moment, it will be entirely free of charge for this service. If users want to cancel the contract itself,

please implement the following procedure.

2.1.4 Submit a Service Cancellation Request.

Submit a Service Cancellation Request on the Service Portal.

2.1.5 Receive a Service Cancellation Request.

FUJITSU Cloud Service S5 will send a cancellation completion notice. Please confirm the contents.

Customer FUJITSU Cloud Service S5

Log-in to Service Portal with Administrator’s

ID (Client Authentication)

Return all virtual systems.

Submit a service cancellation request. Receive a service cancellation request.

Send a cancel completion notice. Receive a cancel completion notice.

Save data outside FUJITSU Cloud

Service S5 (If necessary).

47


Chapter.3

Global Service Desk and

Optional Services

This chapter explains how the contact the Global Service Desk and

describes additional (optional) services which are available.

48


3.1 Global Service Desk Support

3.1.1 Registering for service (Sign-Up)

Please visit the URL listed below, or send an e-mail to the following address regarding questions from

customers planning to use the FUJITSU Cloud Service S5 as well as those interested in additional

consulting or pricing information

E-mail: [email protected]

URL: http://globalcloud.us.fujitsu.com/portal/ctrl/aboutSopQuestion/ (general contact information)

URL: http://globalcloud.us.fujitsu.com/portal/ctrl/UsePrice (service charges overview)

3.1.2 Global Service Desk Support

For questions related to use of the FUJITSU Cloud Service S5 and support for problem resolution, please

contact the Global Service Desk for assistance, using the contact information provided below.

The Global Service Desk can answer questions regarding details of FUJITSU Cloud Service S5

specification, how to provision the VMs and virtual systems, and how to use the FUJITSU Cloud Service

S5

[FUJITSU Cloud Service S5 – Global Service Desk information]

http://globalcloud.us.fujitsu.com/portal/ctrl/aboutSopQuestion

3.2 Additional Services

3.2.1 Operating System and Middleware Support (optional / future)

Currently, the FUJITSU Cloud Service S5 does not provide support for operating systems or middleware,

and relies on the customers to provide. Additional support options are under consideration and

planning.

3.2.2 Intranet Connection Service (optional / future)

The Intranet Connection service is an optional service to connect the FUJITSU Cloud Service S5 with

systems outside of the FUJITSU Cloud Service S5 (such as customer’s in-house system, Fujitsu hosting

service, colo service etc.), through a private connection. This service is available at the Sunnyvale, CA

Data Center.

In order to use this service, users need to initiate an agreement for service with the Sunnyvale Data

Center. Please contact Fujitsu’s Sales Department at


http://globalcloud.us.fujitsu.com/portal/ctrl/aboutSopQuestion/

http://globalcloud.us.fujitsu.com/portal/ctrl/UsePrice


49


