Amazon AWS Tutorial II:

Windows and Linux on EC2

Shuang Luan
Department of Computer Science
Department of Radiology
University of New Mexico
Amazon EC2 Getting Started
Official Website: http://aws.amazon.com/ec2
Sign up (credit card information required).
Launch Instance
http://aws.amazon.com/console/
Username: [email protected]
Password:
Overview
Understanding AMI (Amazon Machine Image)
Launching, using and shutting down a
Windows instance.
Launching, using and shutting down a Linux
instance.
What is an AMI
A computer cannot run without first loading
software but must be running before any
software can be loaded, which seems as
impossible as to "pull yourself up by your own
bootstraps.
IBM PC Bootstrapping
Upon starting, an x86 CPU runs the instruction
located at the memory location CS:IP
F000:FFF0 of the BIOS, which is located at
the 0xFFFF0 linear address.
This memory location typically contains a
jump instruction that transfers execution to the
location of the BIOS start-up program.
IBM PC Bootstrapping (cont.)
The BIOS program runs a power-on self test
(POST) to check and initialize required
devices and then goes through a list of non-
volatile storage devices until it finds one that is
bootable.
A bootable device is defined as one that can be
read from, and the last two bytes of the first
sector contain the word 0xAA55 (also known
as the boot signature).
IBM PC Bootstrapping (cont.)
Once the BIOS has found a bootable device it
loads the boot sector to hexadecimal Segment:
Offset address 0000:7C00 or 07C0:0000 (maps
to the same ultimate address) and transfers
execution to the boot code.
System Image
A system image is a copy of the entire state of
a computer system.
A system is said to be capable of using system
images if it can be shut down and later restored
to exactly the same state.
E.g., hibernation
Virtualization
Hardware virtualization or platform
virtualization is the creation of a virtual
machine that acts like a real computer with an
operating system.
Software executed on these virtual machines is
separated from the underlying hardware
resources.
For example: Virtual PC, Vmware, VirtualBox.
Amazon Machine Image
A special type of virtual machine.
The main component of an AMI is a read-only
file system image which includes an operating
system (e.g., Linux, UNIX, or Windows) and
any additional software required to deliver a
service or a portion of it.
Thus
In order to use Amazon EC2, one needs to:
Select the virtual hardware.
Pick an AMI to run on the virtual hardware.
Associate security credentials in order to log in to
the virtual machine.
Overview
Understanding AMI (Amazon Machine Image)
Launching, using, and shutting down a
Windows instance.
Launching, using, and shutting down a Linux
instance.
Region Selection
Amazon has four regions. Each region should
be viewed as total separated from each other,
i.e., with different images, key pairs, and so
on.
Launch a Windows Instance
Choose an AMI
Launch Instance
Advanced Instance Options
Tags
EC2 Tag
Each EC2 tag consists of a key and a value,
both of which user defines.
Tag keys and values are case sensitive.
Prefix AWS is reserved.
AWS doesn't apply any semantic meaning to
your tags; they're interpreted strictly as strings
of characters. AWS doesn't automatically set
any tags on resources.
Key Pair for Accessing the Instance
Key Pair File
Public Key System
Key Idea
RSA Public Key System
Developed by Ron Rivest, Adi Shamir, Len
Adleman in 1977, who later shared the 2002
Turing Award.
The idea of RSA system is based on number
theory in particular the factorization of large
numbers.
Number Theory behind RSA
Let p and q be distinct primes and k is any integer.
Then :
(a) For any integer a with GCD a, pq
( )
=1,
a
k p1 ( ) q1 ( )
mod pq =1
(b) For any integer a, a
k p1 ( ) q1 ( )+1
mod pq = a.
Example
p = 5, q = 7, a =19
GCD a, pq
( )
=1
k = 3, a
k p1 ( ) q1 ( )
=19
346
=19
72
=1.1755991641121183246595167229728 10
92
a
k p1 ( ) q1 ( )
mod pq =1
a
k p1 ( ) q1 ( )+1
=19
346+1
=19
73
= 2.2336384118130248168530817736483 10
93
a
k p1 ( ) q1 ( )+1
mod pq =19.
How to use the theorem?
Suppose we have two primes p and q.
m = pq
n =(p 1)(q 1)
s: GCD(s, n) = 1
Announce m and s.
Encoding
Someone wants to send me a message a.
Encryption rule: send me b = a
s
mod m
Decoding:
GCD(s, n)=1, then ts + kn = 1
b
t
mod m = (a
s
)
t
mod m = a
-kn+1
mod m = a
Security Rules
Summary
Launched
AWS Console
Retrieve Windows Password
Retrieving Password (cont.)
Retrieving Password (cont.)
After 15 Minutes
Connecting to Windows
Connecting to Windows (cont.)
Connecting to Windows (cont.)
Connecting to Windows (cont.)
Using Windows
Using Windows (cont.)
Terminate Windows Instance
Instance Terminated
Overview
Understanding AMI (Amazon Machine Image)
Launching, using and shutting down a
Windows instance.
Launching, using and shutting down a Linux
instance.
EC2 Tab in the Management Console
Request Instance
Request Instance (cont.)
Request Instance (cont.)
Request Instance (cont.)
Request Instance (cont.)
Request Instance (cont.)
Request Instance (cont.)
Key Pair
A key pair is a security credential similar to a
password, which you use to securely connect
to your instance once it's running.
Request Instance (cont.)
Secure Shell (SSH)
Designed to replace Telnet, which send
information, notably passwords, in plaintext.
Intended to provide confidentiality and
integrity of data over an unsecured network
such as the Internet.
Uses public-key cryptography to authenticate
the remote computer and the user.
SSH Preparation: Client
As a user, you generate an identity on the client
system by running the ssh-keygen.
This program creates a subdirectory $HOME/.ssh
and inserts in it two files named identity and
identity.pub which contain your private and public
keys for your account on the client system.
This latter file can then be appended to a file
$HOME/.ssh/authorized_keys that should reside
on any/all servers where you will make ssh
connections.
SSH Preparation: Server
As a system administrator, you generate a
public and private key pair for the system
itself.
If someone wants to fake the server, they will
have to break into the system and steal its
private key.
The biggest task is collecting and distributing
the keys that identify all the hosts which run
ssh.
SSH Authentication
A user attempts to SSH into the server.
The server sends its PUBLIC KEY to the user.
The user checks to see if the PUBLIC KEY
exists already in its system. If not, the user is
warned. Once the user accepts the key, it is
added to the trusted list.
The user uses the server's PUBLIC KEY to
encrypt all communications to the server.
At the initial stage, this would include user
name, password.
SSH Authentication (cont.)
The user also sends it's PUBLIC KEY to the
server. (NOT the same as the Server's PUBLIC
KEY).
The server uses it's own PRIVATE KEY to
decrypt all communications from the user
(encrypted using the server's PUBLIC KEY). The
server then uses the user's PUBLIC KEY to
encrypt all communications to the user.
The user uses it's PRIVATE KEY to decrypt all
communications sent by the server (encrypted
using the user's PUBLIC KEY).
No Password Authentication
Client attempts to connect to the server.
Server checks to see if .rhosts or /etc/hosts.equiv
exist (or .shosts and /etc/shosts.equiv)
Server checks to see if client's host public key is
known (i.e. if it exists in /etc/ssh_known_hosts or
~/.ssh/ssh_known_hosts)
If found server uses the client's public key and
generates an encrypted challenge to the client.
Client decrypts challenge using its host private
key and responds.
Session is authenticated without use of a
password.
Key Pairs from EC2
I think the key pair we downloaded from EC2
contains the public and private key used by the
client.
This is why Amazon does not store the
private key for security reasons. This is most
easily retrieved from one of the other
Compmed staff. If the private key is lost or
stolen, then a new public and private certificate
should be generated as soon as possible.
Request Instance (cont.)
Request Instance (cont.)
Request Instance (cont.)
Instances
Login to Instance
Installing gcc
sudo yum lnsLall gcc
Installing g++
sudo yum lnsLall gcc
Thank You.