Professional Documents
Culture Documents
Infrastructure Security Network
Infrastructure Security Network
Infrastructure Security -
Network
Practice: Create a VCN
Tasks
1. Log in to OCI with the credentials provided. Click Cloud Menu in the top-left corner
and click Networking Virtual Cloud Networks.
2. On the Virtual Cloud Networks page, click Start VCN Wizard Button.
4. On the Configuration page, enter the following and click Next Button:
Name - CloudNet
5. Verify the details on the Review and Create page; click Create button.
Tasks
1. Log in to OCI with the credentials provided. Click Cloud Menu in the top-left corner
and click Networking Virtual Cloud Networks.
6. On Security Lists screen, click the SL-WebServer link to view Security List details.
11. Click the Public Subnet-CloudNet link, which will display the subnet details.
Tasks
1. Log in to OCI with the credentials provided. Click Cloud Menu in the top-left corner
and click Compute Instances.
3. After the compute instance is created, note down the public IP of the instance and connect
to the instance using SSH.
Note: Allow few minutes and retry if SSH connection is rejected.
4. After connecting to the compute instance, run the following commands to install and
configure Apache Web server.
5. After executing all the commands successfully, open a browser in your local system and
open the URL http://<Public IP of Web Server01>.
7. Following the same steps as given above, create another compute instance WebServer02.
Install and configure Apache Web Server in WebServer02. Change the echo command to
reflect Web Server 2.
8. After executing all the commands successfully, open a browser in your local system and
open the URL http://<Public IP of Web Server02>.
9. Verify that Web Server 2 is accessible, and the browser will display the message given
below:
Tasks
1. Log in to OCI with the credentials provided. Click Cloud Menu in the top-left corner
and click Networking Virtual Cloud Networks.
6. On the Security Rules Page, enter the following and click Create Button.
Tasks
1. Log in to OCI with the credentials provided. Click the Cloud Shell button at the right corner
of the page to open Cloud Shell.
2. Once the Cloud Shell is opened, enter the below command to generate a CSR (Certificate
Signing Request).
3. Enter the details prompted as shown below. Note down the password entered.
openssl x509 -signkey ocilb.key -in ocilb.csr -req -days 365 -out
ocilb.crt
Overview
In this practice, you will create a load balancer with SSL Termination configuration as shown
below.
Assumptions
You have completed the previous practice of creating a Self-Signed Certificate.
Tasks
1. Log in to OCI with the credentials provided. Click Cloud Menu in the top-left corner
and click Networking Load Balancers.
4. On the Add Details page, enter the following and click Next button.
Load Balancer Name – Lb01
Virtual Cloud Network – CloudNet
Subnet – Public Subnet-CloudNet (regional)
7. Go to Cloud Shell and run the below command to display the certificate details:
cat ocilb.crt
9. Go to Configure Listener page, and in SSL Certificate section, select Load Balancer
Managed Certificate from Certificate Resource.
10. Go to Cloud Shell and run the below command to display the private key details:
cat ocilb.key
11. Copy the text from -----BEGIN PRIVATE KEY----- to -----END PRIVATE KEY-----.
13. Enter the password used while creating the Self-Signed Certificate in the field Enter
Private Key Passphrase.
14. Verify that the page looks like the one shown below and click Submit button.
15. Wait for the load balancer to be provisioned and the status to become Active.
17. On the Edit Network Security Groups page, select NSG-SSL and click Save Changes
button.
19. Open a browser in your local system and open the URL https://<Public IP of Lb01>
If warning on self-signed certificate is shown, then accept and continue.
20. Verify that Web Server 1 or 2 is accessible, and the browser will display any one of the
messages given below.
21. This demonstrates securing Load Balancer in OCI and using NSG to allow port 443.