• Skytap overview
  • Skytap features by region
  • Skytap service limits
• Access requirements
• Creating environments
  • Creating an environment from a template
    • Skytap public templates
      • Ansible dynamic inventory
      • Configuring an Ubuntu Server VM created from a Skytap public template
  • Copying environments
  • Copying environments with running VMs (live clone)
    • Quiescing VM activity
  • Building a VM from an ISO
• Importing VMs into Skytap
  • Preparing Power LPARs for import into Skytap
  • Preparing x86 VMs and vApps for import
    • Creating MD5 hash values for VM imports
  • Importing VMs using the VM Imports page
    • Retrying a failed import
  • Importing Power LPARs into Skytap
    • Importing IBM i workloads into Skytap using NIS
    • Importing IBM i workloads into Skytap using IBM Cloud Storage Solutions for i (ICC)
    • Importing IBM i workloads into Skytap using direct transfer
    • Creating a Skytap AIX VM from a mksysb image
    • Creating a mksysb from an AIX VM in Skytap
    • Downloading IBM-hosted AIX VMs and importing them into Skytap
    • Additional ways to import Power LPARs into Skytap
  • Testing imported VMs
  • Resolving import errors
• Running and stopping VMs
• Accessing VMs
  • Accessing VM desktops from a browser
    • Testing access requirements with Connectivity Checker
    • Using audio with a VM
      • Troubleshooting VM audio
    • Using an SSH connection in a browser client session
    • Copy and paste text between the local machine and a VM
    • Insert text into a Power VM
    • Keyboard shortcuts for browser client views
    • Improving browser client performance
    • Optional URL parameters for sharing an SRA browser client view
  • Accessing VMs with RDP
• Transferring files to a VM
  • Adding and sharing files with the Assets page
  • Using ISO files
  • Using ISO files with an AIX LPAR
  • Using Skytap public assets
• Editing environments and networks
  • Adding VMs to an environment
  • Multi-attach storage for Power VM environments
  • Locking environments
  • Editing VMs
    • VM hardware and guest OS settings
      • Editing vCPUs and RAM for x86 VMs
      • Editing VM vCPUs and RAM for Power VMs
      • Enabling nested virtualization
      • Upgrading VM hardware versions
      • Using an international keyboard layout with a VM
      • Editing VM BIOS clock sync settings
      • Adding or extending a virtual disk
      • Deleting a virtual disk
      • Enabling audio for a VM
      • Enabling SSH on a VM for use in SRA browser client sessions
      • IBM i default license program packages (LPPs)
      • IBM i optional license program packages (LPPs)
      • Overview of Precisely Assure MIMIX™ Software on Skytap VMs
      • Precisely Assure MIMIX™ Software pre-installation test
      • Installing Precisely Assure MIMIX™ Software on Skytap VMs
      • Upgrading Assure MIMIX™ Software version 10.0.20.00 and newer on Skytap VMs
      • Upgrading Assure MIMIX™ Software version 10.0.19.00 and older on Skytap VMs
    • VM network settings
      • Attaching VMs to networks
      • Adding secondary IP addresses
      • Editing VM MAC address
      • Editing VM hostname or primary IP address
      • Enabling promiscuous mode
      • Using static IP addresses
      • Ensuring unique hostnames for Windows VMs
    • Storing VM credentials
    • Licensing the guest OS
    • Installing and upgrading VMware Tools - Linux
    • Installing and upgrading VMware Tools - Windows
    • Improving operating system or application performance within the VM
  • Adding containers and container hosts
    • Getting started with containers
    • About the container host
    • Creating a container host
      • Enable IP address forwarding for a container host
    • Adding containers to a container host
    • Managing individual containers
    • Containers: Known issues
    • Troubleshooting the VM Agent
  • Managing networks
    • Network overview
      • Default host-naming behavior
      • What is the difference between automatic and manual networks?
    • Viewing the network topology for an environment
    • Using multiple networks in an environment
      • Creating an automatic network
      • Creating a manual network
      • Routing between networks in the same environment
      • Avoiding restricted subnets and IP addresses
    • Networking between environments
      • Using NAT to avoid IP address conflicts
    • Editing an automatic network
      • Editing the network NAT subnet
    • Connecting an environment network to a VPN or Private Network Connection
    • Manually configuring domain name servers
    • Exposing and blocking public Internet access to VMs
      • Accessing VMs with published services
        • Adding published services
        • Connecting to a published service
        • Troubleshooting my connection to a published service
        • Removing a published service
        • Example - Accessing VMs with RDP
        • Example - Accessing VMs with SSH
      • Using public IP addresses
        • Attaching a static public IP address to a VM
        • Adding a managed DNS name and public IP address to a VM
        • Editing a managed VM DNS name
        • How does Skytap generate the VM DNS name?
        • Detaching a static public IP address or DNS name from a VM
        • What is the difference between static public IPs and dynamic public IPs with DNS?
        • Troubleshooting issues connecting to a public IP address or Skytap-managed DNS name
      • Issue - I can’t access the public Internet from my VM.
    • Deleting a network
  • Moving a VM to a different environment
  • Deleting VMs
• Sharing VMs and environments with sharing portals
  • Creating a sharing portal
    • Overview of sharing portal options
    • How to create custom HTML content for a sharing portal
    • Custom content tab – starter templates
    • Custom content tab - allowed HTML
  • Using a VM or environment from a sharing portal URL
  • Finding and sharing the URL for a sharing portal
  • Exporting sharing portal information and URLs
  • Disabling or deleting a sharing portal
• Sharing resources with projects
  • Creating and deleting projects
  • Adding and removing environments
  • Adding and removing templates
  • Adding and removing assets
  • Adding and removing users
  • Adding and removing groups
  • Understanding project roles
  • Finding project resources
• Adding a shared template to your account
• Saving an environment as a template
  • Copying a template
  • Deleting templates
• Understanding regions
  • Changing your default region
  • Copying an environment to another region
  • Copying a template to another region
  • What to expect when you copy an environment or template
• Managing your account settings
  • Changing your marketing email preferences
  • Changing your password
  • Changing your user account time zone
  • Finding your primary administrator
  • Finding your Skytap user role
  • Finding your user name and API token
  • Resetting your API token
• Viewing your current usage and usage limits
  • Viewing recent activity for an environment
• Best practices
  • Automating VMs and environments
    • Automatically suspend or shut down inactive environments
      • Sending keep-alive messages from a VM
      • Troubleshooting automatic shutdown
    • Automating actions with schedules
      • Adding a new schedule to an environment or template
      • Editing an existing schedule
      • Deleting a schedule
    • Controlling the order of VM startup with VM sequencing
    • Accessing the VM metadata service
  • CI/CD reference architectures
    • Jenkins build farm
    • Functional test environments
    • Systems integration test environments
  • IBM i Data Protection and Resiliency Solutions
    • IBM i backup and restore
    • IBM i disaster recovery and high availability
  • Creating recovery copies of VMs and environments
  • Disaster recovery reference architectures
    • On-premises data center to Skytap – cold recovery
    • On-premises data center to Skytap – warm recovery
    • Skytap region-to-region – cold recovery
    • Skytap region-to-region – warm recovery
  • Monitoring your usage with email notifications
  • Organizing resources with labels and tags
    • Adding and removing labels for environments
    • Adding and removing labels for templates
    • Adding and removing labels for VMs and other resources
    • Adding and removing tags for environments
    • Adding and removing tags for templates
    • Error messages for tags and labels
  • Security best practices
  • Using Skytap for demos
  • Using Skytap for training classes
    • Choosing an environment architecture and remote connection method
    • Creating class lab environments
    • Best practices for preparing student VMs
    • Preparing for and delivering a training class
• Knowledge base
  • Skytap security improvements: Deprecation and end of life (EOL) notices
  • How to add notes to VMs, environments, templates, and assets
  • How to change the name of a VM
  • How to change the name or description of an environment
  • How to check VM hardware version
  • How to connect to a VM from an iPad or iPhone
  • How to connect to Skytap using a private WAN connection
  • How to delete environments
  • How to export a list of environments, templates, or assets
  • How to export VMs
  • How to find the ID for a VM, VPN, environment, or template
  • How to find the Instance URL for a Skytap on Azure account
  • How to find the IP addresses for a VM
  • How to find the network gateway IP address
  • How to find your user name and API security token
  • How to generate an API security token for your account
  • Guide to the Dashboard
  • Protecting a VM that is exposed to the internet or compromised
  • Time zones and UTC offsets
  • Understanding storage in Skytap
  • Using search
  • Using Windows in Skytap
    • Fixing duplicate SID errors for Windows networking
    • Managing Windows hostnames with Skytap Helper
    • Resolving prompts to reactivate a Windows license
    • Running a Windows domain
  • Using Power VMs in Skytap
    • Differences between Power and x86 VMs
    • IBM i FAQ
    • Viewing system reference codes for an IBM i VM in Skytap
    • Applying PTFs to an IBM i VM in Skytap
    • Manually refreshing IBM i licenses
    • Refreshing IBM i licenses with LICKEY
    • Booting an AIX VM into maintenance mode
    • Configuring TCP/IP network settings for an AIX VM
    • Connecting to an AIX VM with X Windows
    • Importing Power VMs into Skytap
    • Known issues for Power VMs in Skytap
    • Preserving AIX disk numbering with ghostdev
    • Overview of Assure MIMIX™ Software
  • Editing VMs outside of Skytap
    • Compressing VMX files to OVA for import
    • Converting a physical machine to a VM
    • Converting non-VMware-based VMs for import
    • Converting OVF files to VMX for use with VMware Converter
  • Troubleshooting connections to a Skytap VM from a Windows 10 computer?
• Troubleshooting

Controlling public Internet access to VMs

Overview of default settings

By default, Skytap virtual networks have the following settings:

Access type	Status
Outbound access to the public Internet (egress)	Enabled for Skytap customer accounts. This means that virtual machine can access the public Internet. To disable this, see Controlling outbound Internet access.
Inbound access from the public Internet (ingress)	Disabled for VMs in all accounts. This means that you can't access the virtual machine from the public Internet. To enable inbound access, see Controlling inbound Internet access.

Controlling inbound Internet access

• Enabling inbound access to a VM or environment from the public Internet
• Disabling inbound access to a VM or environment from the public Internet

Enabling inbound access to a VM or environment from the public Internet

There are several options for enabling ingress access to a VM or environment from the public Internet.

Some or all of these options may have been disabled for your account.

Access method	Description
Sharing portal	Gives browser-based, remote access to the VM (or multiple VMs in the same environment) via HTTPS port 443 on cloud.skytap.com. The sharing portal can be password-protected and customized to restrict access based on permissions or time limits. The VM ports aren’t directly exposed to the public Internet. For more information, see Sharing VMs and environments with sharing portals.
Published service	Opens a single port on the VM, allowing direct inbound and outbound access for a specific protocol (for example, RDP or SSH) over the public Internet. For more information, see Accessing VMs with published services.
Public IP address	Exposes all network ports on the VM, allowing direct inbound and outbound access from the public Internet. There are two public IP address options: A static IPv4 public IP address (example: 199.199.199.199) A dynamic IPv4 public IP address paired with a Skytap-managed DNS name (example: app1.sampleorg.skytapdns.com). For more information, see: Adding a Skytap-managed DNS name and public IP address to a VM Attaching a static public IP address to a VM What is the difference between static public IP addresses and dynamic public IP addresses with DNS?

Published services and public IP addresses require an automatic network to work. If an environment you want to expose is controlled by a manual network, you’ll need to add an automatic network to the environment and additional network adapters connected to the new network. For more information, see Using multiple networks in an environment.

Inbound UDP traffic is blocked over TCP ports 389.

Exposing your environment to the public Internet makes your VMs less secure. Please see Protecting a VM that is exposed to the internet or compromised article for information on best practices.

Disabling inbound access to a VM or environment from the public Internet

To disable inbound access to a VM or environment from the public Internet, remove any:

• Sharing portals
• Published services
• Public IP addresses

Controlling outbound Internet access

• Blocking outbound access to the public Internet from VMs in an environment
• Enabling outbound access to the public Internet from VMs in an environment

Blocking outbound access to the public Internet from VMs in an environment

1. Navigate to the Environment page.

   Where is that?

   1. From the navigation bar, click Environments. Click the Environments tab.

   2. (Optional) Narrow or sort the list of environments using the filter, search, or sort options.

   3. Click the name of the environment.

      The Environment Details page displays.

   

2. Make sure that VMs are suspended or powered off.
3. Click Networking: Settings. The Network Settings page displays.

4. Select Disable outbound Internet traffic for virtual machines in this environment.

   Notes

   • A VM with a public IP address or published service can still establish an inbound connection from a remote client via the internet (Enabling inbound access to a VM or environment from the public Internet).
   • If the network is connected to a VPN or Private Network Connection, outbound connections are permitted over that network. Check with your network administrator if you need to adjust your VPN or Private Network Connection settings.

To enable outbound Internet access for the VMs in an environment

1. Navigate to the Environment page.

   Where is that?

   1. From the navigation bar, click Environments. Click the Environments tab.

   2. (Optional) Narrow or sort the list of environments using the filter, search, or sort options.

   3. Click the name of the environment.

      The Environment Details page displays.

   

2. Make sure that VMs are suspended or powered off.
3. Click Networking: Settings. The Network Settings page displays.

4. Clear the Disable outbound Internet traffic for virtual machines in this environment checkbox.

   Notes

   • Outbound SMB traffic is blocked over TCP ports 137, 139, and 445.
   • If you can't access the public Internet from a VM after changing this setting, see Issue: I can't access the Internet from my VM.