The default stack enables you to manage user authentication and secure access to the machines inside an EWC tenancy. It is composed of three Items, described in the sections below.
SSH Proxy (or SSH Bastion)
The SSH proxy is the barrier between your internal machines and the public internet. With the SSH proxy, you'll have an extra layer of security on top of your VMs. It's equipped with fail2ban, automatic security updates and more.
To connect to a VM hidden behind the proxy, specify the jump flag -J when connecting via SSH:
ssh -J <user>@<ssh-proxy> <user>@<internal-vm>
Where <user> is your user name, <ssh-proxy> is the public IP of your SSH proxy, and <internal-vm> is the private IP of the VM you want to connect to.
Remote Desktop
The remote desktop is a regular Ubuntu VM equipped with X2GO; enables you to access a graphical desktop of a computer over a low bandwidth (or high bandwidth) connection.
This means that you can connect to it via the x2goclient to enjoy a regular desktop experience. To connect, launch x2go and create a new session and specify that you want to connect through your SSH proxy as shown below.
Be sure to select "MATE" as your Session Type at the bottom of the session configuration window.
IPA (or LDAP)
The LDAP serves both as a user management system and as your internal DNS nameserver. The best way to get familiar with it is to connect to it.
- Start by launching connecting to your Remote Desktop with the username assigned to your LDAP tenancy. The admin name and password are located in Morpheus under Tools > Cypher. → ipaadmin_username and ipaadmin_password
- Once you're in, launch Firefox and visit the IP of your LDAP server. You'll find the LDAP IP in Morpheus under Provisioning > Instances.
If you're not automatically logged in, log in with the tenancy specific admin user (under ipaadmin_username in Tools > Cypher, with the password as before (ipaadmin_password again in Tools > Cypher) - Once you're in the LDAP, you can browse around and check out the features.
- Try creating a new user by clicking + Add. You can then click on the user and insert SSH keys, reset its password and more.
If you decide to use the integrated version with Morpheus of the default stack, you can conveniently add users to the LDAP by navigating to the LDAP VM within Morpheus and running the workflow Create a new LDAP user which allows you to fill in values without having to log in via the X2GO. If you use LDAP without Morpheus integration, you can follow the How to Configure the IPA Server (LDAP and DNS) page for commands you can use to create users and more.
How to provision the Default Stack
Tenants onoboarded to the EUMETSAT site prior to October 2025 come with a pre-deployed Defaut Stack, no additional action needed for deployment. For tenancies onboarded afterwards, you may deploy on any of the available sites via the corresponding Community Hub Items.
Self-Service Deployment
If you wish to automatically enroll machines into LDAP/DNS upon their provisioning via the Morpheus UI , you require this Item
- Morpheus Integration: IPA Client Enroll Automation Configuration | The European Weather Cloud
If you simply need to enroll/dis-enroll machines, you can use the corresponding Items:
- Enroll VMs: IPA Client Enroll Flavour | The European Weather Cloud
- Dis-enroll VMs: IPA Client Disenroll Flavour | The European Weather Cloud
Checkout the corresponding Community Hub Items:
- SSH Bastion Flavour | The European Weather Cloud
- Remote Desktop Flavour | The European Weather Cloud
- IPA Server Flavour | The European Weather Cloud
Note that it is also possible to provision the three Items in a single deployment via:
You can find out more about the EWC Community Hub by browsing through its Knowledge Base, and learn how to deploy Items by checking out the Community Hub Tooling page. In particular we suggest the use of the EWCCLI (see Deploying via ewccli).