Provisioning a virtual server
You can use the Hyper Protect Virtual Servers service to create a virtual server from the IBM Cloud UI or from the CLI.
You can use an IBM-provided image or your own image to provision a server.
Use the CLI to provision a server if you want to:
- Use your own image. You need to create an image file and registration definition file as described here.
- Create servers without a public inbound address.
Do not use personal information, for example, your name, as the instance name or as part of the instance name. The data that you provide when you provision an instance or interact with the hpvs cli is not considered to be personal data or credentials. Learn more about IBM Cloud Hyper Protect Virtual Servers' Data usage and Certifications here.
The Ubuntu servers are preconfigured in such a way that the passwords expire after 90 days. After the user password expires, you have 30 days to change your password. If you don't change your password within the 30 days, your account becomes inactive and it is no longer possible to log in thru SSH even if you are using SSH-keys. For information, see Protecting a virtual server.
As soon as you create a virtual server instance, a virtual LAN (VLAN) is transparently created or assigned. One VLAN is used within one region for one account. Each VLAN can contain up to five virtual servers per data center. A VLAN is deleted as soon as you delete the last virtual server instance that is assigned to this VLAN.
To store any data that is important and is required at all times, use the /data
folder. If you have files of a large size in other folders, it is recommended that you move them to the /data
folder and create a symlink
as required.
Creating a virtual server in the UI
- Log in to your IBM Cloud account.
- Click Catalog from the menu bar, then browse for the Compute category.
- In the displayed selection of services, look for the Hyper Protect Virtual Servers tile. If you don't see the tile, enter
virtual server
in the search field. Then, click the tile. The Hyper Protect Virtual Servers page opens. - In section Select a region, you can select the data center in which to create the virtual server instance, or you can accept the preselected default data center.
- The Service name field offers a name proposal for your virtual server. You can change this name according to your conventions.
- In the Tags field, you can optionally add tags to organize your resources.
- Enter your SSH public key into the SSH public key field. For information about SSH keys, see Generating SSH keys. You can enter the public key with or without the comment. The comment is either automatically generated by the SSH key generation command, or you can optionally overwrite it. The auto-generated comment contains person-related information. That's why any comment is removed as the first step during virtual server provisioning.
- Select one of the available pricing plans. For initial tests, select the Free plan. With this plan, you can have a maximum of two virtual servers at the same time (excluding expired servers). Selecting a different plan leads
to fees charged by IBM.
- Click Create to provision a virtual server instance.
The virtual server instance appears in the Resource list. Use your browser's refresh function to check whether the instance's status switched from Inactive (the server is being provisioned) to Active (the server is provisioned). Because of the configuration process, provisioning can take 5 - 30 minutes. When your instance has a status of Active (provisioned), click the instance in the Name field to open the dashboard. If the configuration fails, the instance status stays as Inactive, and if you click the instance in the Name field, an error message is displayed.
{: caption="Figure 3. Resource list with a virtual server that shows one server that is being provisioned (Inactive) and one server that is already provisioned (Active)" caption-side="bottom"}
Creating a virtual server from the CLI
To create a virtual server from the CLI, you must first install the CLI, then run the following command:
ibmcloud hpvs instance-create NAME PLAN LOCATION [--hostname HOST-NAME] [(--ssh SSH-KEY | --ssh-path SSH-KEY-PATH)] [(--rd REGISTRATION-DEFINITION | --rd-path REGISTRATION-DEFINITION-PATH)] [-i IMAGE-TAG] [-e ENV-CONFIG1 -e ENV-CONFIG2 ...] [-g RESOURCE-GROUP-ID] [-t TAG1 -t TAG2 ...] [--outbound-only]
Where:
NAME
- Is the name of your new instance.
PLAN
- Is the name or ID of your service plan, for example, the plan name for a free plan is
lite-s
. The possible values for plan name are:lite-s
,entry
,small
, andmedium
. LOCATION
- Is the target location to create the service instance. The possible values are:
dal10
,dal12
,dal13
,fra02
,fra04
,fra05
,wdc04
,wdc06
,wdc07
.
Command options
--hostname HOST-NAME
- The hostname that will be set within the Hyper Protect Virtual Servers container by using this parameter value.
--ssh SSH-KEY
- Public half of the SSH key to access the virtual server later.
--ssh
or--ssh-path
is required when you use an IBM-provided image. --ssh-path SSH-KEY-PATH
- File path to the file that contains the public half of the SSH key to access the virtual server later.
--ssh
or--ssh-path
is required when you use an IBM-provided image. --rd REGISTRATION-DEFINITION
- The encrypted and signed registration definition that is used for Bring your own server image (BYOI).
--rd
or--rd-path
is required when you use a self-provided image. --rd-path REGISTRATION-DEFINITION-PATH
- File path to the file that contains the encrypted and signed registration definition that is used for BYOI.
--rd
or--rd-path
is required when you use a self-provided image. -i IMAGE-TAG
- The image tag for the BYOI server image. Required if you use your own image.
-g RESOURCE-GROUP-ID | RESOURCE-GROUP-NAME
- The resource group to which your Hyper Protect Virtual Servers instance belongs for access control and billing purposes, for example,
Default
. To list all of your resource groups, runibmcloud resource groups
. Optional. -t TAG
- Use tags to organize your resources. Tags are visible account-wide. Optional. Multiple tags are permitted, for example,
-t tag1 -t tag2
. -e ENV-CONFIG
- Specify environment variables if you are using a self-provided image. You must specify the variables in your registration definition first. You can set one or more environment variables as key value pairs by using the
-e
flag, for example,-ibmcloud hpvs instance-update CRN -i latest -e k1=v1 -e k2='v2 v3'
. Environment variablenames
can have a maximum length of 64 characters and can be numbers, chars, and underscore. Environment variablevalues
can have a maximum length of 12288. --outbound-only
- If this parameter is set, only outbound connections are allowed from your Hyper Protect Virtual Server instance. Use the internal IP address to connect to this Virtual Server from other Virtual Servers created by the same IBM Cloud account in the same region.
For example:
ibmcloud hpvs instance-create MyHPVS lite-s dal13 -g Default --ssh "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCgguQtzV39LpP/iHAtjwo+4Z5QdASG73dwBlFIsTn5kPOaVYFHhzhvA/xMbLqDpxfYP/YzwU4rXNXMhCr4hlsruPXt5Ak4y83GmnNL8e+oq8lxU/afymje4PcYLnkm8WQvkreIEBaB73VOUKiLSSbdVljUk6a1LB347bCf72Oob8JpY4Pb3N4idrigSoCc+V4JVkz4pXD2Hoyar4J5I2527Ho+vUqdf5FoK9mFRUqtI8NTLKynL2/qVsCgTeUxnOknDjPE0+nqwyNI4toYozcISYb63K9Je6UBT4JaIQXMbdMhDH00wVH7R26SamKqS2iazcUBnZgN4//Vnic+US90ybsqvTuP/OQpHXwfdjshOEsz5PULZKbWgidsfA7aW3pjv1uijCPIrTFOsaAPktMCzhfJzaeFC0VIXweN7/2PT/Zl7U9Ys36CmmLaXfLotXxPWmbGUyRfavPN1Znhqph7v9w94E7JcngQ7sn+l+nkpYg5qdcBFZZ3kNhT4PVRbXE=" --hostname "test.ibm.com"
You can find more information about the create command here.
The newly created instance is marked as provisioning
until provisioning completes. Use the ibmcloud hpvs instance <CRN>
command to list your
new instance and check its current state. After provisioning completes, the instance is marked as active.
Billing information
When you create virtual servers by selecting a priced plan, IBM bills you monthly for each instance. IBM does not consider how long an instance exists within one month. If you delete a virtual server before the end of a month, IBM charges the fee for the complete month and then automatically stops the billing.
For example, if you create three instances with the Medium plan on 1 February 2020, and delete all instances on 15 May 2020, you're charged with 4 x 3 x 720,00 USD = 8.640,00 USD.
Free plan
Virtual servers that are created with the Free plan are automatically deleted after 30 days without warning. That's why you must back up important data regularly. Deleted Free instances aren't removed from the Resource list. You must delete them manually.