Deployment
Prerequisites
- A functioning VPC in either
us-east-1,us-east-2,us-west-2with valid security groups, NAT gateways, and ACLs. - A functioning S3 bucket advertising the contents of your installer bundle
Quick Start
To quickly get up and running, use one of the recommended invocations of the create_private_cloud.sh script that was generated after you successfully provisioned your VPC.
For Availability Zone us-east-2a:
./create_private_cloud_instance.sh --region us-east-2 --subnet-id subnet-**************** --security-group sg-***************** --bucket-name my-bucket-name
For Availability Zone us-east-2b:
./create_private_cloud_instance.sh --region us-east-2 --subnet-id subnet-**************** --security-group sg-***************** --bucket-name my-bucket-name
For Availability Zone us-east-2c:
./create_private_cloud_instance.sh --region us-east-2 --subnet-id subnet-**************** --security-group sg-***************** --bucket-name my-bucket-name
If your permissions are correctly configured and the dependencies are hosted in your S3 bucket, the script should execute like so:
./create_private_cloud_instance.sh --region us-east-2 --subnet-id subnet-**************** --security-group sg-***************** --bucket-name "my-bucket-name"
Prerequisites check passed. Starting the script...
Configuration check passed. Starting the configuration...
AMI ID Not Provided. Searching for latest Ubuntu 20.04 Arm64 AMI ID...
Found AMI ID ami-***************** for ubuntu-bionic-20.04-arm64-server in us-east-2
Key pair private-cloud-key already exists.
Instance i-***************** is starting...
Instance i-***************** is pending. Waiting for it to become running...
Instance i-***************** is running.
Creating device volume for i-***************** and zone us-east-2a
Waiting for volume to become available...
Volume vol-***************** now available
{
"AttachTime": "2023-06-01T16:38:19.152000+00:00",
"Device": "/dev/sdf",
"InstanceId": "i-*****************",
"State": "attaching",
"VolumeId": "vol-*****************"
}
Setting up device routing
Corellium Private Cloud instance created successfully!
Remote Access
ACLs and security groups prevent remotely administering the CPC VPS from outside the VPC. In order to interact with the server and virtual devices, you will need to provision a workstation from within the same VPC. We have included a script to quickly provision a jumpbox in order to navigate to the CPC VPS. Prior to running this script, ensure you are passing in the DMZ/Public subnet interface instead of the App/Private interface.
./create_ssh_jumpbox_instance.sh --subnet-id subnet-***************** --key-name *****************
Due to WebRTC forwarding, you'll only be able to interact with the displays of the virtual devices from another device within the VPC. To quickly spin up a windows VM, you can use the following helper script:
./create_rdp_windows_instance.sh --key-name ***************** --subnet-id subnet-*****************
Once your CPC instance fully boots up, it will be available on the Private IPv4 interface that was provisioned during creation. Simply navigate to the web server from another device inside the VPN and you should be greeted with a login page. The credentials to the portal will be provided to you by Corellium.
You should now be able to create projects, assign cores, create virtual devices, and fully interact with your new environment. For more assistance, please contact us.