Knowledge Base

Topic: Cloudspaces
Register Existing Networks

Use this article to register networks and subnets created outside of CONS3RT. Once networks are registered, then can be attached to virtual machines deployed by CONS3RT. Permissions Required: You must be a Team Manager with access to the Cloudspaces menu For AWS networks, you also require AWS access to tag subnets Steps to register networks in CONS3RT: (AWS-only) In AWS, add a tag cons3rtenabled: true for any subnets that you would like to register to CONS3RT Click on Cloudspaces on the main menu Select the cloudspace that you would like to edit Click Manage at the top-right Click Networking After a moment, networks/subnets appear under Unregistered Subnets Click Register for the networks/subnets to register them
Register existing Azure Resources

Use this article to register existing Azure resources to CONS3RT Azure Info to Collect Collect the following information from yoru Azure subscription to configure the CONS3RT connection. Subscription Info Azure Environment (AzureCloud or AzureUSGovernment) Tenant ID Subscription ID Service Principal The service prinicipal is the account credential that CONS3RT uses to connect to the Azure API. Collect: Service Principal / App Registration Object ID (e.g. 22222222-2222-2222-2222-222222222222) Secret Key Virtual Network Info CONS3RT uses a virtual network, and two or more subnets to deploy virtual machines in to.
Allocate a Cloudspace

As a Team Manager you can allocate a new cloudspace in one of the clouds your team owns. A cloudspace includes the resources and security features mentioned in this article on cloudspace security. You can allocate multiple cloudspaces for your team (up to the team limit) You can assign projects to cloudspaces as described in this article To allocate a new cloudspace: On the main menu, click Clouds Select the cloud that you would like to allocate a cloudspace under Click the …Actions button at the top-right Select Allocate new Cloudspace New Cloudspace Settings Optionally set a Managing Team, this would allow the other team to manage your cloudspace Add a Cloudspace Name Set the Maximum Virtual Machines (default is unlimited) Set CIDR to 172.
Network Time Protocol (NTP) in a Cloudspace

The Network Time Protocol (NTP) is a networking protocol for clock synchronization between computer systems. The perimeter network device for each network in a cloudspace provides NTP. It is at x.x.x.254 on a given network. Upstream there may be some capture and redirect. Getting to an external time server directly may not be possible, however that should be transparent to your systems. In the library of software applications there are also asset(s) to add to a system design which will configure a host to function as a NTP server within a cloudspace.
Delete my AWS Cloudspace

The best way to clean up your AWS cloudspace is to perform a de-allocation from CONS3RT. To do this you must be a Team Manager, and the steps are as follows: Navigate to your AWS Cloudspace page under the Main Menu –> Cloudspaces Click on the Runs tab If there are any “Available: runs listed, click the “3-dots” icon, and click Release for each one Click Manage Click Remote Access If remote access is enabled, uncheck the checkbox, and click Save Click Administrators Click the X button to remove each cloudspace administrator Click Project Click the X button to remove each project from the cloudspace Click the “3-dots” icon at the top right (next to the Manage button) Click Deactivate Click the “3-dots” icon again Click Unregister In the pop-up, check the De-Allocate checkbox, this will clean up resources from your AWS account Click Unregister.
Cloudspace Security

CONS3RT allocated cloudspaces have many security features included out of the box including: Credentials that are scoped to your cloudspace and easy to rotate Networks available to only your cloudspace A cloudspace boundary which includes firewalls, network/port address translation (NAT/PAT), and edge gateways Secure remote access (RDP, VNC, or SSH) using your CONS3RT account credentials All this combines to create a secure cloudspace out-of-the-box for your team whether you choose AWS, Azure, Openstack, or vCloud
Create a user-net in AWS

The CONS3RT team recommends adding at least one additional network, called the user-net into your cloudspace. To add a user-net: Start here if you are editing an existing Cloud From the main menu, select Clouds and click on the cloud you would like to manage Click the Manage button at the top-right Keep clicking Next until you are at the Networks screen Start here if you are creating a new Cloud You are already on the Networks screen Continue here in both cases Click Add
Cloudspace Networking

Each CONS3RT cloudspace has two networks by default, each with a class C (/24) address space. One network is called cons3rt-net for use by CONS3RT for provisioning, asset installations, remote access, and services like the yum repository. The other default network is called the user-net, for use by you for systems-to-system communication, and for Internet access. This default network configuration works for most use cases. However, team managers can customize networks by adding and removing networks as described below.
Manage OS Templates

Register a New OS Template This article assumes that an OS template has been created already, and needs to be registered to your CONS3RT Cloudspace. Log in to cloud infrastructure backend (AWS, vCloud, Openstack, Azure, etc.) On the OS template that you’d like to register, add the meta data tag: cons3rtenabled=true Log in to CONS3RT From the main navigation menu, select Cloudspaces Select the Cloudspace that you’d like to register the new OS template Click on the OS Templates tab On the drop-down menu, select Unregistered Click the Refresh button, this will load any new template with the cons3rtenabled=true meta data tag applied You should now see your newly created OS template on the Unregistered list Click the Register button next to the OS template you’d like to register Fill in the details.