To request a VM, please send an e-mail to irbt[at]uni-paderborn.de

As the IRB must have a permanent contact person, VMs can only be requested from us by permanent employees of the Department of Computer Science and must have such a contact for the entire duration of their employment. In order to be able to use a VM as a student, e.g. for a Bachelor's thesis, we ask you to have the request forwarded to the IRB by your supervisor.

Form with recommended default values for completion

The fields in bold are required.

• Hostname:
• Purpose:
• CPUs: 2
• RAM: 4 GB
• Additional memory (plus basic memory): 0 GB
• Operating system: IRB Debian
• AdminC UPB Username:
• TechC UPB Username:
• TechC Phone number: none
• Duration: 15 months
• Firewall whitelist: none
• Firewall justification: none
• Backups: no
• Docker: no
• Further requirements: none

Explanations and details

• Intended use of the machine
  • What is the VM used for?
  • Must be a specific reason
• Hostname
  • Please choose a suitable name for the VM.
  • The VM will be accessible at .cs.uni-paderborn.de.
• Required resources
  • Standard resources are:
    • 2 CPU
    • 4 GB RAM
    • 64 GB disc (basic memory)
  • In many cases, the basic disc space is sufficient. If you need more storage space, we can provide you with an additional hard drive, which we mount under /data as standard.
  • Additional resources only if the intended use requires them.
• Operating system
  • By default, the VMs use a current version of Debian, which we update and administer automatically.
  • For VMs with our Debian version, we remind you of required restarts after updates and perform these automatically if the server is not in use. If the server may not be restarted together with other servers or may not be restarted automatically at all, this must be communicated. Tip: To temporarily prevent a server from restarting, we recommend systemd-inhibit, which is already pre-installed.
  • Our Debian version comes with TLS certificates.
  • We can initiate the installation for other operating systems, but cannot administer them. In particular, we do not offer any services such as backups or certificates and cannot provide any support.
• Contact
  • Administrator (AdminC) - is responsible for the VM; must be a permanent employee.
    • UPB account (required)
    • Desired UPB e-mail (optional)
    • Specialist group (optional)
  • Technical (TechC) - technical contact of the VM (operating system, services, etc.), if different from AdminC; can be a student.
    • UPB account (required)
    • Desired UPB e-mail (optional)
    • Telephone number (only for emergencies; e.g. hacked VM; recommended but not necessary)
  • Technical Abuse (AbuseC) - contact who will respond to emails regarding potential abuse of a VM if it deviates from the TechC; can be a student.
    • UPB account (required)
    • Desired UPB email (optional)
    • Phone number (only for emergencies; e.g. hacked VM; recommended but not necessary)
• Term
  • Standard term: 15 months
  • The AdminC is informed three months before expiry and has the option to extend the VM for up to one year at a time.
• Optional: Firewall releases
  • Protocol(s) (TCP/UDP) and port(s)
  • By default, no access to VMs from outside the university is permitted. Every global port opening must be justified to the IRB.
  • Local firewalls on the machine itself are in planning. Until then access within the VM network is open.
  • If users decide to deploy a local firewall themselves, ports 5665 and 5664 must remain open on IRB-administered machines, since they are used for monitoring.
• Optional: Backups
  • Please specify whether backups are to be created of the VM. If yes, please note that files that change continuously cannot be backed up consistently. Please back them up via dump/snapshot within the VM and specify the directories in which the changing data is located; we will then exclude these directories from the backup.
  • Backups are stored daily in encrypted form at the RWTH.
• Optional: Docker
  • If you want to use Docker, we can offer an optimised configuration for your VM, which avoids some common problems.
• Optional: Other requirements

We will be happy to advise you individually to find the optimum VM configuration for your needs.

If you are planning to use the VM to carry out network scans of the Internet, it is essential that you follow the instructions from ZIM and mention this when applying. Please also name an AbuseC (see above).

We set up access for the TechC (and other users, if requested) in our vSphere Centre, which enables direct access to a graphical console of the VM as well as functions such as reboot, switching on/off, etc..

The Virtual Centre server can be accessed at https://vmc.cs.uni-paderborn.de. You can log in with your IMT login.

Backup

The virtual machine itself is stored in a SAN. All SAN components are redundant, so that data loss due to a hardware error is unlikely. However, we cannot completely rule out this or other sources of error that could lead to data loss.

Attention: There is no centralised backup of the virtual machines!

If a VM is to be used productively and not just for test purposes, you should always ensure automated backups of your VM data. The IBM Spectrum Protect Service (Tivoli), which RWTH Aachen University operates centrally for Paderborn University, is a good option here. Information on this can be found at the IMT, which manages this backup service.

Archiving

All data of your VMs will be completely deleted at the latest 1 year after the expiry of your VM or upon request.

Please note that our virtual machines are not a suitable means of archiving your data. RWTH Aachen University offers suitable archive servers.

Securing the virtual machine

Please note that your VM is equipped with a public IP address and is located on the Internet.

Although all ports are blocked to the outside by default, it is still absolutely essential that you keep the operating system of the virtual machine itself continuously up to date and secure it. Automated updates, firewalls, conservative allocation of access rights, no password access (but only with a public key) and similar measures are recommended. We will be happy to advise you on this.

You bear full administrative responsibility for your virtual machine!

Install VMware Tools

To ensure the stability of the VMware cluster, it is necessary to install and keep up to date a system service within the VM via which vSphere can interact with the VM's operating system, the VMware Tools.

This can be done either via VMware Tools, which are provided by VMware itself, or via corresponding tools that are offered directly by the operating system provider. An example of this would be the Open VM Tools, which are included in various Linux distributions.

Instructions for installing the tools can be found directly from VMware at

http://www.vmware.com/files/de/pdf/support/vmware-tools-installation-configuration_DE.pdf

If VMware tools are missing or if there are problems due to outdated virtual hardware, VMs may have to be switched off during maintenance work.

Virtual ISOs/CDs/DVDs/etc. & snapshots

Virtually inserted ISOs cause internal complications when the VMs are automatically moved between the servers in the cluster, which can significantly impair the performance of your VMs.

Also, when creating snapshots that have inserted the ISOs, a hard dependency is created on these ISOs that cannot be removed without deleting the snapshot. This severely restricts the operations you can perform on snapshots and the management of the ISOs concerned.

ISOs should be inserted as quickly as possible, and no snapshots should be taken of VMs with these.

If such ISOs or snapshots hinder necessary administrative actions, we reserve the right to unmount them hard or remove affected snapshots.