Accessing Provisioned Environments

To access PIA of provisioned environment, click on the PIA URL link on the environment card. This will launch PIA of the newly created environment. To view more details about the environment, refer to Accessing Environment Details.

Note: If environments are provisioned on private subnets, then use a Bastion server or a Windows instance as a jump host. The bastion or the Windows instance must be set up on a public subnet accessible from internet.

The PIA URL must be modified appropriately to access the environment if you have entered a custom authentication token domain value in web server domain.

Linux instances can be accessed using SSH. SSH private keys are required to connect to the provisioned instances.  There are two private keys that can be used:

  1. Cloud Manager SSH Keys for Administration — This is the SSH key pair that is created by Cloud Manager and the public key is automatically injected into the newly provisioned instances. The SSH private key file cm_adm_pvt_key is available under /home/psadm2/psft/data/cloud/ocihome/keys/.

  2. User SSH key — A Cloud Manager user can create a set of SSH key pair and configure the public key in My Settings page.  Using the private key, user can connect to the provisioned instances. For more details refer Configuring My Settings.

Windows instances can be accessed using Remote Desktop (RDP). Ensure to enable RDP ports in OCI security lists, as well as in the client-side firewalls.

The IP addresses for Linux and Windows instances can be determined from the Environment Details Page. See Accessing Environment Details.

Important! It is user's responsibility to back up SSH keys for Administration and User SSH Keys to avoid losing access to provisioned instances due to loss of Cloud Manager instance or any fatal failures.

In Oracle Cloud Infrastructure, SSH keys are used to provide secure access to all Linux instances. It is user's responsibility to manage and secure the SSH keys that are used in OCI. Cloud Manager also uses SSH keys for managing environment nodes. Cloud Manager injects two SSH public keys into any node that it provisions. The SSH keys are:

  1. SSH keys for Administration

    This key pair is generated by Cloud Manager at the time of installation (bootstrap). This key pair is used to connect and manage Linux instances provisioned as PeopleSoft environments. The key pair is available under the path /home/psadm2/psft/data/cloud/ocihome/keys. The two files for this key pair are:

    • Private key: cm_adm_pvt_key

    • Public key: cm_adm_pvt_key.pub

  2. User SSH keys

    Users can create their own personal SSH key pair and configure an additional SSH key under My SSH Public Key. This gets automatically configured in a newly provisioned node, enabling users to use their own keys to access PeopleSoft instances. This key is optional and will be injected into provisioned instances only if it is configured.

Note: SSH keys for Administration will be injected into all provisioned instances, irrespective of User SSH key configuration.

Updating SSH Keys for Administration

Cloud Manager uses SSH keys to connect to Linux instances deployed and managed by Cloud Manager. The public and private SSH key pair used by Cloud Manager to manage instances are located under the path /home/psadm2/psft/data/cloud/ocihome/keys. The public key file is cm_adm_pvt_key.pub and the private key file is cm_adm_pvt_key. From time to time, an organization will want to update or rotate SSH keys. For example:

  1. A employee who was a Cloud Administrator or Cloud Manager Administrator has left the organization.

  2. As a company policy, it is mandated to update keys periodically.

In such situations, an administrator must ensure to update SSH keys on both Cloud Manager instance as well as on all the managed instances that were created by Cloud Manager. The administrator must create a new pair of Administration keys and update in two locations:

  • On Cloud Manager

    Back up the existing keys and replace the keys cm_adm_pvt_key.pub and cm_adm_pvt_key under /home/psadm2/psft/data/cloud/ocihome/keys. The file names should be retained as they are.

  • Managed instances

    Using the old private key, SSH into each of the instances provisioned by Cloud Manager as 'opc' user. On the managed instance, update the /home/opc/.ssh/authorized_keys. Remove the previous Administration public key entry and add the new public key.

Updating User SSH Keys

To update any user SSH keys that were injected by Cloud Manager:

  1. Generate a new pair of user SSH keys.

  2. Log in to the managed instance using either the existing User SSH key or the Cloud Manager's SSH key for Administration.

  3. Update the file /home/opc/.ssh/authorized_keys with new key and remove the existing key. Ensure to remove the correct entry.

Generating New SSH Keys

Guidelines for generating new SSH keys:

  1. New SSH key pair must be generated using the openssh ssh-keygen utility. If the key pair is generated using any other utility, then it must be converted to openssh format before using them in Cloud Manager.

  2. Cloud Manager does not support encrypted ssh key. That is, ssh keys should not be protected by a passphrase.

  3. When new SSH keys for Administration are generated, ensure to retain the same names for the private and public key files. The permissions of these files should be as shown below.

    -r-x------. 1 psadm2 oinstall 1675 Jan 21 08:08 cm_adm_pvt_key

-r-x------. 1 psadm2 oinstall  382 Jan 21 08:08 cm_adm_pvt_key.pub

  4. When new User SSH Keys are generated, the file names can be user defined but the permissions must be same as above.