OTN Virtual Developer Day

Please remember to shut down your instances and delete any EBS volumes that you created when you are finished.

1. Make sure you are at a fast network connection, DSL or better. Find out if that network’s firewall at your access point blocks SSH (port 22) or VNC (5901). There are some tunneling workarounds with PuTTY if 5901 is blocked - this is documented later.
   
   
2. Create a directory on your computer where you will store the various files needed for connecting to the Amazon environment. If you’re a Windows user, c:\ec2 is a convenient location—and the rest of this document will assume that you created a directory in that location.
   
   
3. Sign up for AWS, and specifically the EC2 service and the S3 simple storage service, at http://aws.amazon.com. A tutorial is available here. While this action will require a credit card to create your account, you will be receiving a credit for your usage so the event will be free for you. Amazon Web Services will send you a unique promotional code for the event to the email address you used to register. It will be good for M.1 large and 50GB EBS storage usage for the duration of the event, from after the keynote on May 27th until 5:00pm PT on May 29th. You will receive an email from ovdd@amazon.com with your unique promotional code for $35 of AWS usage. This code can be redeemed here.
   
   
4. Login to AWS console at http://console.aws.amazon.com and choose the Amazon EC2 tab. You can watch the Amazon EC2 video on the main page of this console to learn more, or simply click on the EC2 tab.
   
   
   
5. In the AWS console, choose your region setting (EMEA / US) in order to give yourself the best possible network performance. (You don’t want to launch servers on the wrong side of the Atlantic.) This setting is in the upper left corner of the screen.
   
   
   
   
6. For security reasons, Amazon Web Services requires that you use an electronic key to log in, rather than a password. In the AWS console, click on Key Pairs in the left column navigation to create a key, then click create Key Pair. It doesn’t matter what you name the key; however a best practice is to use a name that helps you remember which key is for what purpose (assuming that eventually you will have a collection of these keys). Save it to the special EC2 directory that you created above, or note the filename / path if you saved it to some other location.
   
   
   
7. Download and install PuTTY, and the Tight VNC client. Attendees are encouraged to use the TightVNC client for optimal network performance. (you don’t need to install the server, just the client).
   www.tightvnc.com/download.html
   www.chiark.greenend.org.uk/~sgtatham/putty/download.html
   
   
8. Mac users only, follow the following steps to set up a VNC client
   a. An easy path : use JollysFastVNC (http://www.jinx.de/JollysFastVNC.html), create a new connection using the external DNS name of your AMI and change port # to 5901, connect and : voilà ! Don't forget to run vncserver via ssh on the VM.
   b. While more possibly effort, we recommend trying to use tight VNC as we've experienced better VNC performance when using both the TightVNC client and the TightVNC server (which is embedded into the event AMI).
   At www.tightvnc.com/download.html, download tightvnc-1.3.10_javabin.zip to your Mac
   Install the classes into the Apache httpd document root:
   
   > root@domU-12-31-38-01-B1-01:[/root]
   $ mv /mnt/tightvnc-1.3.10_javabin.zip /var/www/html/
   
   $ cd /var/www/html/
   
   $ ls
   tightvnc-1.3.10_javabin.zip
   
   $ unzip tightvnc-1.3.10_javabin.zip
   
   Configure the Apache httpd server for the TightVNC Applet:
   $ /etc/init.d/httpd start
   
   Launch the VNC viewer from the command line:
   
   disco-stu:Desktop jamie$ cd tightvnc-1.3.10_javabin
   
   Replace the DNS address in the next line with your instance's DNS address
   disco-stu:classes jamie$ java VncViewer HOSTec2-75-101-254-116.compute-1.amazonaws.comPORT 5901
   
   You should see:
   Initializing...
   Connecting toec2-75-101-254-116.compute-1.amazonaws.com, port 5901...
   Connected to server
   RFB server supports protocol version 3.8
   Using RFB protocol version 3.8
   Performing standard VNC authentication
   VNC authentication: success
   Desktop name is X
   Desktop size is 1024 x 768
   Disconnecting
   Updates received: 70 (470 rectangles + 7 pseudo), 2.58 updates/sec
   Rectangles: Tight=0(JPEG=0) ZRLE=365 Hextile=0 Raw=0 CopyRect=105 other=0
   Pixel data: 20935244 bytes, 130252 compressed, ratio 160.729
   RFB socket closed
   
   
9. Putty does not understand the keypair that you downloaded in step 6. That’s not a major issue though, because PuttyGen is a program that converts the native file format into one that PuTTY will understand.
   
   Launch PuTTYGen, click on Conversions -> Import Key. Browse to c:\ec2 and locate the key you downloaded. It will have a .pem extension.
   
   If you wish, enter a passphrase in the fields provided by PuTTYGen; although we recommend skipping this step for the lab exercise.
   
   Finally, click on File -> Save Private Key to save the converted key in c:\ec2. Use the same base filename, so that MyKey.pem has a corresponding PuTTY file named MyKey.ppk. This best practice makes it easier to keep things organized later.
   
   This movie will step you through how to use PuTTY Gen on windows to generate and import your key. Note the movie is about general AWS connectivity, not conference – specific information. It covers PuTTY Gen and PuTTY from about 4:12 – 4:50 in the movie. Just do the PuTTY Gen step.
   
   
10. Determine your IP address and netmask (ElasticFox users can skip this step)
    
    Each AWS account comes with a firewall, known as a “security group” in AWS lingo. You can (and should) restrict inbound SSH and VNC traffic thru the firewall by limiting access to specific IP addresses. (Some protocols, such as HTTP to a public website, are typically left wide open by specifying 0.0.0.0/0 as the source address and mask.)
    
    There are two things that frequently arise as issues when you restrictions up.
    
    First, the notation used is unfamiliar to many people. It’s known as Classless Inter-Domain Routing, or “CIDR”. There is a base IP address followed by a “/” and netmask.
    
    Second, determining your IP address as perceived by others on the Internet can be tricky, especially from home. That’s because large ISPs such as Verizon frequently translate the address even though you already have a firewall in place. For a single (usually home) IP address you’ll need to enter the address in the format 1.2.3.4/32. If an IP address range (usually a large coroporation), then the address will be in the format 1.2.3.0/28 (where 28 is replaced by some other number).
    
    Rather than spend pages documenting all of the steps, we instead recommend that you watch this video in its entirety to learn more about both topics.
    
    
11. Download ElasticFox, setup access identifiers (ElasticFox is Optional)
    
    ElasticFox can automatically determine your network range which is very convenient.
    
    You can do this same step with the AWS console, which is described next, but it won’t automatically determine your network range. You must input the CIDR notationshort video that demonstrates how to collect that info:
    
    CIDR:
    http://en.wikipedia.org/wiki/CIDR
    
    Download link:
    http://developer.amazonwebservices.com/connect/entry.jspa?externalID=609
    
    Refer to page 4-5 under the heading “Setting up the Credentials” of this ElasticFox user guide.
    http://www.slideshare.net/rawwell/elasticfox-owners-manual-presentation
    It will show you how to setup the access identifiers, a one time security configuration. Do steps 1-6.
    
    To locate the Access Identifier / ElasticFox setup information:
    http://aws-portal.amazon.com/gp/aws/developer/account/index.html?action=access-key
    
    Once you can connect ElasticFox to your AWS account, proceed to the next step.
    
    
12. Create a security group as shown below, creating rules for SSH, VNC at a minimum as shown below: (Data in the screenshots are strictly examples).
    
    
    
    
    
13. In the AWS console, click on the AMIs link in the left hand side navigation pane.
    In the “viewing” prompt, type in the AMI ID to locate the AMI. When you select it, you can see information about the AMI in the pane below. US and Latin America attendees are encouraged to use AMI ID ami-cdd234a4 in the US availability zone. EMEA and some APAC attendees are encouraged to consider using the AMI ID ami-81aa82f5 in the EU-WEST availability zone. EU images will probably ask you if you want to check for updates using yum -- the answer is "no" :).
    
    
14. Right click on it, and choose Launch Instance. Do this next part carefully as it is critical to proper operation.
    Launch it with the following arguments:
    1 instance
    M1.large
    <your security group name from step #12>
    <your key pair name from step #6>
    
    
    
15. It should take about 10 minutes to boot, so be patient. Navigate to the instances section / tab to monitor the startup process.
16. Once it is up, it will have a green ball that indicates its running. Then navigate to your instances tab.
17. Select the instance you launched (if you don’t have others running it should be the only one). In the details pane below for the selected instance:
    1. Double check that the availability zone that your instance came up in reflects the master setting you made in step 5.
    2. Write down both the instance ID and availabilty zone for your instance. You'll need both in later steps.
       
       
18. Then navigate to your “Volumes” link on the left hand side navigation
19. Create a new 50GB volume from a snapshot. If your instance is in the US region, use the ID snap-91906af8 as shown below. If you are in APAC or EMEA, use the ID snap-74c82c1d in a similar fashion. Important! The volume must be created in the same availability zone that the server is running in.
20. 
21. Also, make sure you create the volume in the same availability zone as your instance has booted in (refer to step 17).
    
22. Once it's created it should have a status of "available". Then right click on the new 50GB volume. Then choose “Attach. (Ignore the instance / volume data in the screenshot)
23. 
    
24. Then select the ID of your running instance (refer to step 14) and keep the default linux device name, which should be /dev/sdf
    
25. You’ll know it attached successfully when the screen reflects (attached) as shown below.
    
    
    
26. You are ready to connect via SSH. Launch PuTTY.
    
    If you are using OS X, (I imagine this will also work with Linux / Unix), Open the terminal application, and type
    ssh -i /path/to/MyKey.pem root@publicDNSofInstance
    where /path/to/MyKey.pem is the key pair you generated and downloaded in step 6,
    and publicDNSofInstance is the public DNS name described in step 27.
    Note also that MyKey.pem must have restricted access permissions otherwise you will get an error that it was ignored.
    If you get this error type
    chmod 600 /path/to/MyKey.pem
    (replacing /path/to/MyKey.pem with the path to your key file) in the terminal before running the ssh command again.
    Also make sure you don't leave off root@ in front of the public DNS name, because otherwise ssh will substitute your local
    username and the server will ask you for a password that doesn't exist.
    
    
    
27. Go back to the instances section of the AWS console.
    
    Select the running instance and look in the details pane, and copy and paste the public DNS name into PuTTY. (Data in the screenshots are strictly examples).
    
    
    
28. Then save it to a named profile. (Data in the screenshots are strictly examples)
    
    
    
29. Then specify your MyKey.ppk PPK file from step 9, as shown below. Save your changes to the same connection profile.
    
    
30. If applicable, specify a proxy server in the Connections > Proxy in the PuTTY settings. Save your changes to the same connection profile.
    
    
    

Then try to connect by double clicking on the profile name. The first time you successfully connect, you will get a message about adding the keyfile to a cache. Say yes when prompted. It will prompt you for the login ID after accepting the key, and the username is always root. There is no password as you are using an encrypted key instead of a password.

Connection troubleshooting:

• Make sure you specified the path to your key (*.ppk) file in the SSH/Auth section

• Most often the issue is a hang / timeout. This usually means a network problem, or the instance didn’t boot properly.

• If you have a proxy that you normally use for your browser, you must specify it in the connection/proxy section, and remember to save the change to your profile so you don’t have to re-enter it every time.

• Double check your security groups and make sure they allow port 22. Consider where you are connecting from, and whether or not you are actively using VPN or not. Some companies have proxies, so if you’re on VPN you may need to specify your proxy.
• Try stripping out the DNS name and just use the IP. If the public DNS name is ec2-75-101-146-205.compute-1.amazonaws.com then the IP would be 75.101.146.205. You may want to do this anyway to eliminate DNS as a potential source of issues.
• Remember that ping will not work with amazon, so don’t bother

• Last resort, use elasticfox to check the STOUT console output and ensure that the instance booted properly.

1. Congrats! You’re logged in as root. Now let’s mount your drive.(sorry, autonumbering is broken)
   

Type the following in order:

mkdir /oracle
chmod 777 /oracle -R
mount /dev/sdf /oracle

Let’s start the VNC Server. Make sure you are the root user, and at the command line, type
vncserver

Then start the database by typing:
su - oracle
sqlplus / as SYSDBA

Once connected to sqlplus type:
startup

Type exit to leave sqlplus and return to the command line

Then make sure the network database listener is started by typing
lsnrctl status
( if necessary to control listener use commands lsnrctl start, lsnrctl stop )

Successful output looks like this:


Then quit sqlplus and go logout of the oracle account by typing:
exit
logout

1. Almost the last step! Connect via vnc. (See step 8 if a MAC user)
   Paste the DNS name or IP of your instance into your TightVNC client and click connect! The default mode is 1024x768.
   VNC password:oracle01
   
   Connection troubleshooting:
   Make sure you are using the TightVNC client
   Make sure the previous step where you launched the vnc server succeeded
   If the connection is slow, consider your network access point. Also, you can reduce the number of colors in the display to 8-bit to increase speed. This may cause some color palette shifts on your screen as a result.
   
   
   Some firewalls may block vnc on port 5901. If you can connect on SSH, you can use the port forwarding feature of PuTTY to get around this. Realize that if you are tunneling, VNC will depend on the SSH session being open / logged in to work. Setup the tunnel in PuTTY, then connect your vnc client to 127.0.0.1:1 as shown below. If you were already connected on SSH before making this change, make the change, save it, and disconnect / reconnect.
   
   
   
   
   
2. Get started with the lab of your choice by double clicking the corresponding folder!
3. 
4. You many simply leave the instance up and running for the duration of the event -- the DNS / IP only changes if you restart the instance, so you can quit out of PuTTY and / or VNC Client, and pickup exactly where you left off. We hope that this will enable you to attend your regular responsibilities and yet have the time you need to finish the labs. Good Luck!
   
5. After completing a lab, we recommend shutting down servers processes, tools, etc used for that lab before proceeding to the next lab. While the m1.large server type has 8GB of RAM, it's better to eliminate any potential for conflicting resources.