oracle and amazon web · pdf filethis guide will walk you through the processing of setting up...

This guide will walk you through the processing of setting up

and using Oracle products on Amazon Web Services (AWS).

Oracle and Amazon Web Services

Getting Started Guide

Important: Oracle and Amazon have

provided you with a promotional code

for a free 72 hours (3 days) of

continuous usage of Amazon AWS. At

the end of this period, you must

remember to shutdown any Oracle

instances and EBS volumes that you

have created. Failure to do so will

result in usage charges. Introduction

This guide will cover how to:

• Signup for Amazon services

• Create Digital Keys for Authentication

• Download required freeware for connecting to Linux from Windows

• Configure the Amazon firewall for your instance

• Launch instances

• Create / Attach storage

• Configure freeware / Connect to your Amazon Instance

• Mount volumes, start VNC and Oracle DB

• Explore Fusion Middleware Lab exercises

You’ll need two things to get started:

• A good understanding of your network location. A DSL or faster connection is recommended, and

knowing whether the firewall at your current location allows SSH (TCP 22) and VNC (5901) is also

important. If necessary, bypass your corporate firewall altogether if it does not allow SSH (TCP Port

22) traffic. We’ll use a mix of different available tools to get you setup -- the Amazon console &

ElasticFox (a plug-in to Firefox), so that you’ll feel comfortable in either environment, and get to

know which performs better for a given task. Also, since running Linux instances are cheaper than

Windows instances, we’ll use Oracle Enterprise Linux based instances.

• A credit card and a telephone for Amazon account verification.

Oracle and Amazon Web Services – Getting Started Guide

Copyright © 2010, Oracle and/or its affiliates. All rights reserved. Oracle is a registered trademark of Oracle Corporation and/or its affiliates. Other names may be trademarks of their respective owners. 0109

Signing Up for Amazon Web Services

1. Make sure you are at a fast network connection, DSL or better. Find out if that network’s firewall at

your access point blocks SSH (port 22) or VNC (5901). There are some tunneling workarounds

with PuTTY if 5901 is blocked - this is documented later.

2. Create a directory on your computer where you will store the various files needed for connecting to

the Amazon environment. If you’re a Windows user, c:\ec2 is a convenient location—and the rest

of this document will assume that you created a directory in that location.

3. Sign up for AWS, and specifically the EC2 service and the S3 simple storage service, at

http://aws.amazon.com. A tutorial is available here. While this action will require a credit card to

create your account, you will be receiving a credit for your usage so the usage will be free for you.

Amazon Web Services will email you a promotional code for $35.00 USD, which is sufficient value

to cover your costs for 72 hours, or 3 days, of continuous usage of the required resources. The

email will be delivered to the address you used to register for your amazon account. Visit the

Promotional Code Redemption Page and enter your promotional code . (You must be signed in to

view this page). Then you may verify that the credit has been applied to your account by viewing

your Account Activity page if you wish.

Important: Oracle and Amazon have provided you with a promotional code for a free 72 hours (3

days) of continuous usage of Amazon AWS. At the end of this period, you must remember to

shutdown any Oracle instances and EBS volumes that you have created. Failure to do so will result

in usage charges.

Create Digital Keys for Authentication

4. Login to AWS console at http://aws.amazon.com/console/ and choose the Amazon EC2 tab if it

is not already selected.

5. For security reasons, Amazon Web Services requires that you use an electronic key to log in, rather

than a password. In the AWS console, click on Key Pairs in the left column navigation to create a

key, then click create Key Pair. It doesn’t matter what you name the key; however a best practice is

to use a name that helps you remember which key is for what purpose (assuming that eventually

you will have a collection of these keys). Save it to the special EC2 directory that you created above,

or note the filename / path if you saved it to some other location.

Figure 1 Amazon EC2 Console - Key Pairs



Download required freeware for connecting to Linux from Windows

6. Download and install PuTTY, and the Tight VNC client. We encourage you to use the TightVNC

client for optimal network performance. (you don’t need to install the server, just the client). Other

AMI’s, like any other machine, may have a different VNC server altogether, or no VNC server at

all. We’ve configured this particular image to use Tight VNC since it’s performs well.

• www.tightvnc.com/download.html

• www.chiark.greenend.org.uk/~sgtatham/putty/download.html

If you are running on Mac OSX, please refer to the appendix on Mac VNC and SSH setup.

7. Putty is not able to use Amazon’s keypair format that you downloaded in step 6, therefore PuTTY

users must convert keys into a format PuTTY understands. not understand the keypair that you

downloaded in step 6. That’s not a major issue though, because PuttyGen is a program that

converts the native file format into one that PuTTY will understand.

Launch PuTTYGen, click on Conversions -> Import Key. Browse to c:\ec2 and locate the key you

downloaded. It will have a .pem extension.

If you wish, enter a passphrase in the fields provided by PuTTYGen; although we recommend

skipping this step.

Finally, click on File -> Save Private Key to save the converted key in c:\ec2. Use the same base

filename, so that MyKey.pem has a corresponding PuTTY file named MyKey.ppk. This best

practice makes it easier to keep things organized later.

Configure the Amazon firewall

8. Determine your IP address and netmask with ElasticFox. If you are brave and want to do this

manually, please refer to the appendix.

Download ElasticFox, setup access identifiers (ElasticFox is Optional). ElasticFox can

automatically determine your network range which is very convenient. You can do this same step

with the AWS console, which is described next, but it won’t automatically determine your network

range. You must input the CIDR notation yourself.

ElasticFox Download link:

http://developer.amazonwebservices.com/connect/entry.jspa?externalID=609

To configure ElasticFox, refer to page 4-5 under the heading “Setting up the Credentials” of this

ElasticFox user guide.

http://www.slideshare.net/rawwell/elasticfox-owners-manual-presentation

It will show you how to setup the access identifiers, a one time security configuration. Do steps 1-6.

To locate your account specific Access Identifier / ElasticFox setup information, click here:

http://aws-portal.amazon.com/gp/aws/developer/account/index.html?action=access-key

Once you can connect ElasticFox to your AWS account, proceed to the next step.



9. Create a security group as shown below, creating rules for SSH, VNC at a minimum as shown

below: (Data in the screenshots are strictly examples).

Figure 2 ElasticFox - Group Permissions

Figure 3 ElasticFox - Grant Permissions



Launching Instances

10. Locate an AMI - In the AWS console, click on the AMIs link in the left hand side navigation pane.

In the “viewing” prompt, type in the AMI ID to locate the AMI. When you select it, you can see

information about the AMI in the pane below. Use the AMI ID ami-7708e51e in the US availability

zone. Right click on it, and choose Launch Instance. Do this next part carefully as it is critical to

proper operation.

Launch it with the following arguments:

1 instance

M1.large

<your security group name from step #9>

<your key pair name from step #5>

11. It should take only a few minutes to boot.. Navigate to the instances section / tab in the Amazon

console, or use ElasticFox, to monitor the startup process.

12. Once it is up, the Amazon console will display a green ball that indicates it is running. Then

navigate to your instances tab.

13. Select the instance you launched (if you don’t have others running it should be the only one). In the

details pane below for the selected instance, write down the instance ID and notice the availability

zone for your instance. You'll need the instance ID in later steps.

Figure 4 EC2 Wizard



14. You are ready to connect via SSH. Launch PuTTY.

Go back to the instances section of the AWS console.

Select the running instance and look in the details pane, and copy and paste the public DNS name

into PuTTY. (Data in the screenshots are strictly examples).

In PuTTY, and paste the value of the server hostname into the host name field. Save your

changes to a named profile so you don’t have to do this every time. (Data in the screenshots

are examples and do not match what you will see.)

Figure 5 EC2 Console

Figure 6 EC2 Console – Host Name



15. Then specify your MyKey.ppk PPK file from step 8, as shown below. Save your changes to the

same connection profile.

Figure 7 PuTTY - Host Name



16. If applicable, specify a proxy server in the Connections > Proxy in the PuTTY settings. Save your

changes to the same connection profile.

Figure 8 PuTTY - Auth Key



Then try to connect by double clicking on the profile name. The first time you successfully connect,

you will get a message about adding the keyfile to a cache. Say yes when prompted. It will prompt you

for the login ID after accepting the key, and the username is always root. There is no password as you

are using an encrypted key instead of a password.

Connection troubleshooting

• Make sure you specified the path to your key (*.ppk) file in the SSH/Auth section

• Most often the issue is a hang / timeout. This usually means a network problem, or the

instance didn’t boot properly.

• If you have a proxy that you normally use for your browser, you must specify it in the

connection/proxy section, and remember to save the change to your profile so you don’t

have to re-enter it every time.

• Double check your security groups and make sure they allow port 22. Consider where you are

connecting from, and whether or not you are actively using VPN or not. Some companies

have proxies, so if you’re on VPN you may need to specify your proxy. Try stripping out the

DNS name and just use the IP.

Figure 9 PuTTY - Proxy Setting



If the public DNS name is ec2-75-101-146-205.compute-1.amazonaws.com then the IP

would be 75.101.146.205. You may want to do this anyway to eliminate DNS as a potential

source of issues.

Note that ping will not work with Amazon

• As a last resort, use ElasticFox to check the STOUT console output and ensure that the

instance booted properly.

• If your firewall blocks SSH, consider using a SSH/HTTP tunnel like corkscrew.

17. Congratulations, you are logged in as root.

18. Let’s start the VNC Server. Make sure you are the root user, and at the command line, type

vncserver

Then start the database by typing:

su - oracle

sqlplus / as SYSDBA

Once connected to sqlplus type:

startup

Type exit to leave sqlplus and return to the command line

Then make sure the network database listener is started by typing

lsnrctl status

( if necessary to control listener use commands lsnrctl start, lsnrctl stop )

Figure 10 shows a successful output

Then quit sqlplus and go logout of the oracle account by typing:

exit

logout

Figure 10 Output from a Successful startup



19. Almost the last step! Connect via VNC. (See appendix if a MAC user). Paste the DNS name or IP

of your instance into your TightVNC client and click connect! The default geometry mode is

1024x768. See below if your firewall blocks VNC port 5901, and you need to port forward 5901

over the SSH (port 22) connection.

VNC password:oracle01

Connection troubleshooting:

• Make sure you are using the TightVNC client

• Make sure the previous step where you launched the vnc server succeeded

• If the connection is slow, consider your network access point. Also, you can reduce the

number of colors in the display to 8-bit to increase speed. This may cause some color palette

shifts on your screen as a result.

Some firewalls may block vnc on port 5901. If you can connect on SSH, you can use the port

forwarding feature of PuTTY to get around this. Realize that if you are tunneling, VNC will

depend on the SSH session being open / logged in to work. Setup the tunnel in PuTTY, then

connect your vnc client to 127.0.0.1:1 as shown below. If you were already connected on SSH

before making this change, make the change, save it, and disconnect / reconnect.

Figure 11 Tight VNC - Color Setting



Figure 12 PuTTY Port Forwarding

Figure 13 VNC Connection



20. Explore fusion middleware products embedded in this AMI – to get started with the lab of your

choice, simply double clicking the corresponding folder and look for the PDF lab guide.

21. You may want to simply leave the instance up and running for the duration of your evaluation --

the DNS / IP changes if you restart the instance, and you’d need to re-do many of these steps. If

you leave the instance running, you can simply quit out of PuTTY and / or VNC Client, and

pickup exactly where you left off, but usage charges will accrue. The promo code/coupon you

receive from Amazon will be redeemable for approximately 72 hours of continuous usage of a

m1.large instance, and a 50GB EBS volume.

22. After completing a particular lab exercise, we recommend shutting down server processes, IDE

tools, etc. used for that lab before proceeding to the next lab. While the m1.large server type has

8GB of RAM, it's better to eliminate any potential for conflicting resources.



APPENDIX: MAC OSX CONFIGURATION FOR VNC

Mac users only, follow the following steps to set up a VNC client: A. An easy path : use JollysFastVNC (http://www.jinx.de/JollysFastVNC.html), create a new connection using the external DNS name of your AMI and change port # to 5901, connect and : voilà ! Don't forget to run vncserver via ssh on the VM. B. While more possibly effort, we recommend trying to use tight VNC as we've experienced better VNC performance when using both the TightVNC client and the TightVNC server (which is embedded into the event AMI). At www.tightvnc.com/download.html, download tightvnc-1.3.10_javabin.zip to your Mac Install the classes into the Apache httpd document root: > root@domU-12-31-38-01-B1-01:[/root] $ mv /mnt/tightvnc-1.3.10_javabin.zip /var/www/html/ $ cd /var/www/html/ $ ls

tightvnc-1.3.10_javabin.zip $ unzip tightvnc-1.3.10_javabin.zip

Configure the Apache httpd server for the TightVNC Applet: $ /etc/init.d/httpd start

Launch the VNC viewer from the command line: disco-stu:Desktop jamie$ cd tightvnc-1.3.10_javabin

Replace the DNS address in the next line with your instance's DNS address: disco-stu:classes jamie$ java VncViewer HOSTec2-75-101-254-116.compute-1.amazonaws.comPORT 5901

You should see: Initializing... Connecting toec2-75-101-254-116.compute-1.amazonaws.com, port 5901... Connected to server RFB server supports protocol version 3.8 Using RFB protocol version 3.8 Performing standard VNC authentication VNC authentication: success Desktop name is X Desktop size is 1024 x 768 Disconnecting Updates received: 70 (470 rectangles + 7 pseudo), 2.58 updates/sec Rectangles: Tight=0(JPEG=0) ZRLE=365 Hextile=0 Raw=0 CopyRect=105 other=0 Pixel data: 20935244 bytes, 130252 compressed, ratio 160.729 RFB socket closed



To execute the SSH connection: If you are using OS X, (I imagine this will also work with Linux / Unix), open the terminal application, and type:

ssh -i /path/to/MyKey.pem root@publicDNSofInstance

where /path/to/MyKey.pem is the key pair you generated and downloaded in step

6, and publicDNSofInstance is the public DNS name described in step 27.

Note also that MyKey.pem must have restricted access permissions otherwise you

will get an error that it was ignored. If you get this error type: chmod 600 /path/to/MyKey.pem

(replacing /path/to/MyKey.pem with the path to your key file) in the terminal before running the ssh command again.

Also make sure you don't leave off root@ in front of the public DNS name, because

otherwise ssh will substitute your local username and the server will ask you for a password that doesn't exist. Determining your CIDR address: Determine your IP address and netmask. IMPORTANT: (we recommend that you use the ElasticFox plug-in for Firefox so you can skip this step.) Each AWS account comes with a firewall, known as a “security group” in AWS lingo. You can (and should) restrict inbound SSH and VNC traffic thru the firewall by limiting access to specific IP addresses. (Some protocols, such as HTTP to a public website, are typically left wide open to the entire internet by specifying 0.0.0.0/0 as the source address and mask.) There are two things that frequently arise as issues when you restrictions up. First, the notation used is unfamiliar to many people. It’s known as Classless Inter-Domain Routing, or “CIDR”. There is a base IP address followed by a “/” and netmask. Second, determining your IP address as perceived by others on the Internet can be tricky, especially from home. That’s because large ISPs such as Verizon frequently translate the address even though you already have a firewall in place. For a single (usually home) IP address you’ll need to enter the address in the format 1.2.3.4/32. If an IP address range (usually a large corporation), then the address will be in the format 1.2.3.0/28 (where 28 is replaced by some other number). Rather than spend pages documenting all of the steps, we instead recommend that you watch this video in its entirety to learn more about both topics. Otherwise, just use ElasticFox, which will do this for you automatically.

oracle and amazon web · pdf filethis guide will walk you through the processing of setting up...

Documents