Connect to vCloud Director (Carrenza only)
vCloud Director is the interface we use to manage our infrastructure in Carrenza. This includes virtual machines, gateways, firewalls and VPNs between providers.
To access vCloud Director, you will need to connect to a Carrenza-provided VPN. You can use either Cisco AnyConnect or openconnect to do this.
- Get the VPN client certificate from the 2nd line password store.
- Save the certificate to a file on your machine (eg.
- Get the VPN credentials, also from the 2nd line password store. You’ll need to use an app (such as Google Authenticator) to turn the TOTP secret into a 2FA code.
Connecting with Cisco AnyConnect
- Convert the VPN client certificate from PEM format to PFX format by running
openssl pkcs12 -export -in vcloud.pem -out vcloud.pfx. You’ll be asked for two passwords. For the first one, enter the VPN password, and for the second one, enter the certificate passphrase.
- Import the PFX format certificate into your Keychain by running
security import vcloud.pfx -k ~/Library/Keychains/login.keychain-db. You’ll be asked for a password. Enter the certificate passphrase.
- Create a new file on your machine at
/opt/cisco/anyconnect/profile/carrenza-secure.xml. and copy the following XML into that file:
<?xml version="1.0" encoding="UTF-8"?> <AnyConnectProfile xmlns="http://schemas.xmlsoap.org/encoding/"> <ServerList> <HostEntry> <HostName>Carrenza - Secure</HostName> <HostAddress>https://secure.carrenza.com</HostAddress> <PrimaryProtocol>SSL</PrimaryProtocol> </HostEntry> </ServerList> </AnyConnectProfile>
- Restart Cisco AnyConnect if it’s already running.
- Choose “Carrenza - Secure” from the drop down list and click “Connect”.
- The first password is the 2FA code.
- The second password is the VPN password.
Connecting with openconnect
sudo openconnect https://secure.carrenza.com -c vcloud.pem. Make sure you provide the correct path to where you’ve saved the VPN client certificate.
- The first password is your machine password (requested by sudo).
- The second password (the PEM pass phrase) is the VPN password (note, this is not the certificate passphrase).
- The third password is the 2FA code.
- The fourth password is the same password as in step 3.
Accessing vCloud Director
Once you’ve connected to the VPN, visit https://vcloud.carrenza.com/cloud/org/