Design and create cloud service offerings with IBM Cloud Orchestrator

IBM Cloud Orchestrator (ICO) gets a mention in practically every cloud conversation I have with clients these days. As a key enabler of hybrid-cloud solutions, ICO provides ready-to-use patterns and content packs helping to speed configuration, provisioning and deployment. You can learn more about IBM Cloud Orchestrator here.

ICO is now available as a SaaS solution via IBM Service Engage. I set some time aside this past weekend to work with ICO, leveraging the free trial available, to design and create cloud service offerings then provision these offerings via the Self Service Catalog. After initially provisioning a virtual machine using the OOTB patterns, I found I couldn’t access the machines created via SSH :/ To get over this, I created my own pattern and thought I’d share the steps I used to access the machines.

1. Register for an IBM Cloud Orchestrator trial 

Cloud Orchestrator HomeFirst things first, you can access the IBM Cloud Orchestrator SaaS offering via IBM Service Engage.
You can register for your Cloud Orchestration trial using your IBM ID here. You should receive a mail confirming your trial in just minutes. You’ll also receive a mail that provides an access URL.

That’s all there is to it, you’re now ready to access the IBM Cloud Orchestrator web interface. Feel free to go ahead and have a look around but before you provision a cloud service, follow the instructions in the section that follows.

2. Generate an SSH key to access your ICO virtual machines

Before writing this blog, I used the ICO Self Service catalog to provision a virtual machine. After creating a new VM, I found I couldn’t access the machine :/ I didn’t have the machine credentials or a private SSH key to access. To avoid this happening to you, I suggest you generate your own SSH public/private kepypair, then design your own cloud service in ICO that you’ll later use when creating a new virtual machine.

To generate a new SSH key that you’ll use to access virtual machines provisioned using ICO you can use ssh-keygen. The example below is the output of using ssh-keygen on Ubuntu;

ssh-keygen -t rsa -C ""
# Creates a new ssh key, using the provided email as a label
# Generating public/private rsa key pair.
Enter file in which to save the key (/Users/you/.ssh/id_rsa): [Press enter]
Enter passphrase (empty for no passphrase): [Type a passphrase]
# Enter same passphrase again: [Type passphrase again]
Your identification has been saved in /Users/you/.ssh/id_rsa.
# Your public key has been saved in /Users/you/.ssh/
# The key fingerprint is:
# 01:0f:f4:3b:ca:85:d6:17:a1:7d:f0:68:9d:f0:a2:dc

3. Design and create a new cloud service offering in ICO

Now that we’ve generated a keypair that we can use to access a virtual machine we’ll provision via ICO, we can go ahead and login to IBM Cloud Orchestrator.

Click through the following options;

  1. Self Service Catalog
  2. Design and create cloud service offerings
  3. Create an offering to deploy a cloud service

Next we’ll specify the Service Offering Details;

  1. Provide a value in the Name field
  2. Change the Category to Virtual Machine Actions
  3. Click Next

You’re then required to Select a Cloud Service Template. Out of the box, you’ve a choice of trial-lamp or trial-mysql. Select either, then click on Next. Leave the Environment Profile as is, then click on Next.

On the  Configure Virtual System Instance screen, we copy the content of the file created earlier and paste its content into the ConfigSSH Parameter Class then click on Next.

On the Specify How to Connect to the Deployed Virtual Machines screen, ensure Connect through SSH key is selected and enter an Administrative username. Then click on Next. Finally click on the Create button. Your new Cloud service offering is created.

4. Create a new virtual machine 

You can provision a new virtual machine using the cloud service created earlier from the IBM Cloud Orchestrator web interface. Select Self-Service Catalog, then Virtual Machine Actions. You should see your new Virtual Machine Action created earlier available for selection. Click on this action, provide an Instance Name, then click on Next.

Leave the Environment Profile as is, then click on Next.

Note the public key entered earlier is present as the ConfigSSH value in the Virtual System Pattern Part. Click on Next, then click Deploy.

5. Access your virtual machine via SSH 

ICO Assigned ResourceYour newly provisioned virtual machine will deploy in just a few minutes. To verify your machine is available select the Assigned Resources tab, then click on Virtual Machines. When you see a Status of Active, you’re good to go ! Click on the machine name and make a note of the public IP address.

From the machine you used to generate the SSH key in section 2, open a terminal window and connect via ssh. You should be asked accept the RSA key fingerprint, then enter the passphrase used when creating the SSH key in Section 2. Once you do that, you’re in !


So there it is, in this blog post we discussed signing up for the IBM Cloud Orchestrator trial on IBM Service Engage. Once we secured access to the trial, we created a new cloud service offering, then provisioned a virtual machine using this offering. Finally, we verified access to this virtual machine over SSH.