Skip to content
This repository was archived by the owner on Mar 1, 2026. It is now read-only.

Testing the Data Capsule

Jump to bottom
Suraj Gupta Gudla edited this page Mar 21, 2022 · 4 revisions

1. Copy the DC VM guest image to a specific path on target machine,

$ sudo scp -i ./DCguestkey.pem path/to/image dc-host@<public DNS address of the instance>:/home/dc-host/ubuntuImage

2. Login into the target machine using “dc-host” as the username.

$ ssh -i ./keyfile.pem dc-host@<target instance IP address>

3. Create the Data Capsule VM inside the target machine

sh /home/dc-host-bin/createvm.sh --wdir <VM_working_dir> --image <path_to_image> --ncpu <no_of_cpus> --mem <memory_in_GB> --vnc <vnc_port> --ssh <ssh_port> --volsize <size_of_mounted_volume> --loginid <vnc_login_id> --loginpwd <vnc_login_pwd>

Example:

sh /home/dc-host-bin/createvm.sh --wdir /home/dc-host/data --image /home/dc-host/images/ubuntuImage --ncpu 2 --mem 2G --vnc 16022 --ssh 16024 --volsize 10G --loginid test --loginpwd test

4. Start the Data capsule VM inside the target machine

  • Maintenance Mode
sh /home/dc-host-bin/startvm.sh --wdir /home/dc-host/data --mode m --policy /home/dc-host-bin/maintenance_mode.fw

To connect to the DC in the maintenance mode, you can either use SSH or VNC. The connection details for these are provided in the DC creation step. ex:

ssh dcuser@<host_ip> -p <ssh_port>
  • Secure mode
sh /home/dc-host-bin/startvm.sh --wdir /home/dc-host/data --mode s --policy /home/dc-host-bin/secure_mode.fw

5. Stop the DC VM

sh /home/dc-host-bin/stopvm.sh --wdir /home/dc-host/data

6. Test the Data Capsule

Google DNS server can serve as a secure service to test restricted access to. Hence, in the maintenance mode, all calls to and from the IP ‘8.8.8.8’ are blocked. In the secure mode, connection to it is enabled, but the rest of the internet is blocked. To test this,

  • Start the DC in maintenance mode.
  • Then open a terminal and ping 8.8.8.8. You should not have access to that.
  • You can also use telnet to access port 53. telnet 8.8.8.8 53

So the commands involving 8.8.8.8 server would fail in the maintenance mode. But you should be able to ping other services such as google.com and others. Hence ping google.com would work.

  • Stop the DC and start it in secure mode.
  • telnet 8.8.8.8 53 In this mode, the command would be a success because we have only allowed 8.8.8.8 port 53 to be connected in this mode. But you should not be able to connect to (ping/tcp/ssh ..etc) to other resources such as google.com. Hence ping google.com would fail.

Clone this wiki locally