Skip to content

A Cloudspace is an isolated Virtual Network (Layer 2) where you can deploy cloud resources. This tutorial will explain Cloudspace features and basic functionalities.

Objectives

  • Create a Cloudspace
  • Edit a Cloudspace
  • Manage Port Forwards in a Cloudspace
  • Create anti-affinity groups

Before you begin

Before dealing with Cloudspaces, the user should know the three different types of Cloudspaces. These Cloudspaces differ in the types of networks they can connect to.

  • Public Cloudspace: The Cloudspace is connected to an external network such as the Internet or your company network.
  • Nested Cloudspace: The Cloudspace is connected to another cloudspace in the same location.
  • Private Cloudspace: The Cloudspace is isolated with no connections.

For more information on Cloudspaces, see the Cloudspace section in Concepts.

Creating Cloudspaces

To create a Cloudspace

  1. On the left side of the page in the navigation drawer, click Cloudspaces. The previously created Cloudspaces will be listed.

  2. At the top of the page, click Create Cloudspace.

  3. Choose the location where you want to deploy your Cloudspace from the available locations. Then click Next.

  4. Three connection options are available for your Cloudspace, select the appropriate one.


    • Select To an external network (internet, your company network,..). Select the external network you want to connect to from the drop-down list.
      • This option provides you with the default virtual firewall which supports port forwards, reverse proxy, load balancing and connecting to remote Cloudspaces.
    • Select a virtual firewall.
      • This option is a custom virtual firewall, where you can customize the routing rules and the virtual machine resources later on.


    1. Select To another cloudspace in this location.
    2. Select the parent Cloudspace from the drop-down list.


    Select Not connected.


  5. Click Next. Enter the basic configurations for your Cloudspace, such as the Cloudspace name, subnet, subdomain (optional) and top level domain.

    If you specified the subdomain when creating your public cloudspace, this subdomain will point to an external IP address of this cloudspace using an A-record.

    A-record is a DNS record type. To learn more about DNS in whitesky.cloud BV portal, check the DNS documentation.

    When using a custom virtual firewall, you will also need to configure your virtual firewall.

    Configuring virtual firewall

    1. Select an image from the list of images for your virtual firewall. These images can be from a virtual machine or a CDROM.
    2. To control the type of images listed, you can use the check boxes next to Virtual machine and CDROM.
    3. Determine the Disk size, Memory and Virtual CPUs by adjusting the slider to your preferred values.
  6. Click Create Cloudspace.

  7. A message saying Cloudspace created successfully! should appear and you will be redirected to a page with your new cloudspace information.

Editing Cloudspaces

Each cloudspace has a details page, where you can access and edit all the cloudspace information.

Accessing Details Page

To access the details page for a specific cloudspace

  1. On the left side of the page in the navigation drawer, click Cloudspaces. The previously created Cloudspaces will be listed.
  2. Select the cloudspace you want to access.

A details page will appear with all the cloudspace information.

Renaming a Cloudspace

To rename a cloudspace, navigate to the details page. Under Name, click to edit the Cloudspace name.

Disabling a Cloudspace

To disable a cloudspace

  1. Navigate to the details page. At the top of the page, click DISABLE.
  2. A Box will appear prompting you to enter the reason for disabling the cloudspace. Enter your reason and click Confirm.

Note that disabling a cloudspace stops all virtual machines inside it and stops its virtual firewall.

Result: The cloudspace and all its virtual machines and virtual firewall will be disabled.

Deleting a Cloudspace

To delete a cloudspace

  1. Navigate to the details page. At the top of the page, click DELETE.
  2. A Box will appear prompting you to enter the reason for deleting the cloudspace. Enter your reason and click Confirm.

Note that in order to delete a cloudspace, it must not contain machines. The deleted cloudspaces will be moved to the recycle bin for 7 days, then they will automatically be permanently deleted.

Managing Port Forwards

Creating a Port Forward

You can create port forwards for a cloudspace from the cloudspace details page.

To create a port forward

  1. Select PORT FORWARDS from the given tabs to manage port forwarding, where a list of the existing port forwards will appear.
  2. At the top of the page, click CREATE PORT FORWARD.
  3. Fill in the form with the port forward information and click Create.

While creating a new port forward, you can configure forwarding for a range of ports by specifying start and end ports for your new port forward.

Result: Your new port forward will be added to the list of port forwards for the specific cloudspace.

Updating a Port Forward

You can update a specific port forward from the cloudspace details page. Similarly to creating a port forward, to update a port forward

  1. Select PORT FORWARDS from the tabs, where a list of the existing port forwards in this cloudspace will appear.
  2. Click the port forward you want to update. A form will appear where you can update the port forward fields.
  3. Click UPDATE.

Result: A message indicating that the port forward was successfully updated will appear.

Deleting a Port Forward

Deleting a port forward is similar to updating a port forward, just click DELETE at the top of the page.

Result: The selected port forward will be deleted.

Connecting to another Cloudspace

You can connect your cloudspace to other cloudspaces in the details page.

To connect to other cloudspaces

  1. Select CONNECTED CLOUDSPACES from the given tabs.
  2. At the top of the page, click CONNECT TO REMOTE CLOUDSPACE. A list of possible target cloudspaces will appear.
  3. Select the cloudspace you want to connect to and click CONNECT.

Note that connected cloudspaces are not supported for private and nested cloudspaces. Also, to connect two cloudspaces, they must not have overlapping private networks.

External Networks

Adding an external network provides an interface to the virtual firewall of your cloudspace inside the target external network. This can be a cloudspace or an external network attached to the location. (For example "The internet". Available external networks depend on the location)

Each external network has a type, metric (optional), target network and IP address (optional).

Adding an External Network

You can create a new External Network in your cloudspace from the cloudspace details page.

  1. Select EXTERNAL NETWORKS from the given tabs in the middle of the page.
  2. Click ADD EXTERNAL NETWORK at the top of the page.
  3. Configure the external network by entering the values of the external network's type (whether external or cloudspace), metric, target network and IP address.
  4. Click ADD EXTERNAL NETWORK.

Deleting an External Network

To delete an external network:

  1. Navigate to the cloudspace details page and select EXTERNAL NETWORKS from the given tabs.
  2. Select the specific external network you want to delete.
  3. At the top of the page, click REMOVE EXTERNAL NETWORK.

Network Routes

Network routing is the process of selecting a path across one or more networks. The routing process usually directs forwarding based on routing tables. Routing tables maintain a record of the routes to various network destinations.

For example, if we have Host X and Host Y with R1 Router

  • Host X with IP 11.11.11.5 wants to communicate with Host Y with IP 22.22.22.3, but Host Y is on another remote network.
  • Host X is configured to send all packets destined for remote networks to the Router R1.
  • The Router R1 receives the packets, checks the routing table to see if it has an entry for the destination address 22.22.22.3 .
  • If it does, the Router R1 forwards the packet to the appropriate interface port.
  • If the Router R1 doesn’t find the entry, it discards the packet.

Routing Illustration Diagram

Routes that are DC (Directly Connected) don't need to be configured. However, static routes are manually configured by an administrator.

Configuring routing rules requires knowledge about IP routing. For more information check this routing tables wiki page.

Adding a Network Route

You can create a new Network Route in your cloudspace from the cloudspace details page.

  1. Select Network routes from the More dropdown menu.
  2. Click ADD NETWORK ROUTE at the top of the page.
  3. Configure the network route by entering the values of the network route's destination network to route, gateway to route the destination over, network route metric (optional) and routing table to store the route in (leave it empty to store it in the default table).
  4. Click ADD NETWORK ROUTE.

Deleting a Network Route

To delete a network route:

  1. Navigate to the cloudspace details page and select Network routes from the given tabs.
  2. Select the specific network route you want to delete.
  3. At the top of the page, click REMOVE NETWORK ROUTES.

Managing Anti-Affinity Groups

Anti-affinity group places a group of VMs across different hosts, which prevents all VMs from failing at once if a single host fails.

Creating an Anti-Affinity Group

You can create anti-affinity groups for the VMs in a cloudspace from the cloudspace details page.

To create an anti-affinity group

  1. Select ANTI-AFFINITY GROUPS from the given tabs. A list of the existing groups in this cloudspace will appear.
  2. At the top of the page, click CREATE ANTI-AFFINITY GROUP.
  3. Enter a label for the group and specify the spreading value (you can choose infinite spreading), then click Create.

Result: Your new group will be added to the list of anti-affinity groups for the specific cloudspace.

Adding/Removing Machines

To add/remove virtual machines in an anti-affinity group:

  1. Navigate to the cloudspace details page and select ANTI-AFFINITY GROUPS from the given tabs.

  2. Select the specific anti-affinity group you want to edit.

    To add virtual machines to the group

    1. click ADD VIRTUAL MACHINE at the top of the page.
    2. Choose the virtual machine you want to add and click Add. The virtual machine will be added to the group.

    To remove a virtual machine from the group

    1. In the list of virtual machines inside the group, click under Actions.
    2. A message will appear making sure that you want to remove the virtual machine from the group, click Confirm. The virtual machine will be removed from the group.

Deleting an Anti-Affinity Group

To delete an anti-affinity group

  1. Navigate to the cloudspace details page and select ANTI-AFFINITY GROUPS from the given tabs.
  2. Select the specific anti-affinity group you want to delete.
  3. At the top of the page, click DELETE.

Result: The anti-affinity group will be deleted and removed from the list of groups.

WireGuard VPN

You can establish a secure connection between the cloudspace and other remote network using WireGuard VPNs, which creates a secure tunnel between your Cloudspace and an external host, encrypting all traffic between these points in a simple and fast configuration.

Each WireGuard interface has: - Name: unique for each interface within the cloudspace. - Address: IP address for the network connection, used to route traffic to and from the interface. - Port(optional): port number on which the interface listens for incoming connections. - MTU (optional): The Maximum Transmission Unit (MTU) defines the largest packet size that can be transmitted over the network interface. - Peers: Peers are the devices or endpoints that the WireGuard interface communicates with. Each peer has:

- Public Key:  used to authenticate its identity.
- Allowed IPs: list of IP addresses that the peer is allowed to communicate with.
- Endpoint (optional): The IP address and port of the peer's to which the interface will send traffic destined for this peer.
- Keep alive (optional): interval (in seconds) for sending to maintain the connection with the peer.
  • Public Key (optional): used to identify the interface to other peers. It is shared with peers to establish a secure connection.
  • Private Key (optional): This key remains confidential and is used to authenticate the interface and decrypt incoming traffic.

Note: both public and private keys of the WireGuard interface are optional; if not provided, they will be generated automatically.

Adding a WireGuard VPN interface

You can create a new WireGuard interface in your cloudspace from the cloudspace details page.

  1. Select WIREGUARD VPNs from the given tabs in the middle of the page.
  2. Click ADD WIREGUARD INTERFACES at the top of the page.
  3. Configure the WireGuard interface by entering the values of the required fields.
  4. Click ADD.

Deleting a WireGuard VPN interface

To delete a WireGuard VPN interface:

  1. Navigate to the cloudspace details page and select WIREGUARD VPNs from the given tabs.
  2. Select the specific external network you want to delete.
  3. At the top of the page, click DELETE SELECTED WIREGUARD INTERFACES.
  4. Alternately, click on : icon for the interface you want to delete in the interfaces list.

Adding Peer(s) to the WireGuard interface

You can add peer(s) in your interface from the WireGuard interface details page.

  1. Click ADD PEER at the top of the page.
  2. Configure the peer by entering the values of the required fields.
  3. Click ADD.

Deleting Peer from the interface

To delete a peer from the interface:

  1. Navigate to the Wireguard interface details page and select the specific peers you want to delete.
  2. At the top of the page, click DELETE SELECTED PEERS.
  3. Alternately, click on : icon for the peer you want to delete in the peers list.

Adding allowed IP to the WireGuard interface peer

You can add allowed IP for your peer from peer details page.

  1. Click ADD ALLOWED IP at the top of the page.
  2. Enter the network value an check the NAT checkbox if needed.
  3. Click on ADD button.

Deleting allowed IP from the peer

To delete an allowed IP from the peer:

  1. Navigate to the peer details page and select the specific IP(s) you want to delete.
  2. At the top of the page, click DELETE SELECTED IPS.
  3. Alternately, click on : icon for the IP you want to delete in the allowed IPs list.

Audits

Audits provide a list of all the requests made related to the cloudspace. You can check the date and time of the request, the method used, the path of the request, the user who made the request, the status and response time.

To see your request list, select Audit from the More dropdown menu. You can filter the request list by Path, User and Status. Also, you can include the GET requests in the results by clicking include GET request above the results.

If you clicked on the request date and time, you will be redirected to the details page of this specific request. The request details page covers all the request information and the JSON format of both request and response.