cloudstack-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Kevin Kluge <Kevin.Kl...@citrix.com>
Subject RE: dedicated public IP ranges for system vms
Date Wed, 20 Jun 2012 16:33:05 GMT
FWIW I'm not aware of anyone working on this or planning to.

-kevin

> -----Original Message-----
> From: Chiradeep Vittal [mailto:Chiradeep.Vittal@citrix.com]
> Sent: Wednesday, June 20, 2012 7:14 AM
> To: cloudstack-users@incubator.apache.org
> Cc: cloudstack-users@incubator.apache.org; int-cloud
> Subject: Re: dedicated public IP ranges for system vms
> 
> I've heard this request from other users as well with different justifications
> 
> --
> Chiradeep
> 
> On Jun 20, 2012, at 12:36, "Roeland Kuipers" <RKuipers@schubergphilis.com>
> wrote:
> 
> > Hi,
> >
> > We have the same desire, for the following reasons.
> >
> > Given the type of customers we host we would like to be able to put the
> Portal, SSVM, CPVM, API behind a (2-factor) secured SSL VPN solution
> and/or also implement IDS/IPS in front of these services.
> > On the same hand we would like being able to selectively whitelist access
> to the API, for example for customers to allow hosted services like Rightscale
> and others.
> > This is currently hard to implement given the dynamic IP assignments of the
> SSVM and CPVM. A dedicated VLAN for these services would be ideal to add
> additional security.
> >
> > We feel the SSVM and CPVM are currently an Achilles heel since they have
> a foot on the private and public network in order to serve images and VNC
> sessions. If these VMs would get compromised, this means a potential
> hacker has r/w access to our secondary storage but also access to the
> management network (Xapi SSH etc) and is also able to sniff this network,
> not desired. I understand this is a hardened machine, but not sure if this
> argument will convince auditors of our customers.
> >
> > Basicly we want to be able to implement additional controls in front of all
> public services which are part of the cloud infrastructure, SSVM,CPVM,Portal
> and API.
> >
> > Cheers,
> > Roeland
> >
> > -----Original Message-----
> > From: Paul Angus [mailto:paul.angus@shapeblue.com]
> > Sent: 20 June 2012 09:36
> > To: cloudstack-users@incubator.apache.org
> > Subject: RE: dedicated public IP ranges for system vms
> >
> > Thanks Alena,
> >
> > They want to make the allocation global so that system vms come from
> certain public IP pools and all user public IPs come from different pools.
> >
> > -----Original Message-----
> > From: Alena Prokharchyk [mailto:Alena.Prokharchyk@citrix.com]
> > Sent: 19 June 2012 16:21
> > To: cloudstack-users@incubator.apache.org
> > Subject: Re: dedicated public IP ranges for system vms
> >
> > On 6/19/12 4:13 AM, "Paul Angus" <paulangus@betterbydesign.uk.com>
> wrote:
> >
> >> Is it possible to dedicate public IP address ranges to either system
> >> vms or account virtual routers?
> >>
> >> It's a client request.
> >>
> >> thanks
> >>
> >>
> >> Paul Angus
> >>
> >>
> >>
> >
> >
> >
> > You can dedicate pubic ip ranges to user account, but there are some
> limitations for this feature. Here is the article on that:
> >
> > http://wiki.cloudstack.org/display/RelOps/Adding+public+Vlan+per+accou
> > nt
> >
> >
> > -Alena.
> >
> >
> > ShapeBlue provides a range of strategic and technical consulting and
> implementation services to help IT Service Providers and Enterprises to build
> a true IaaS compute cloud. ShapeBlue's expertise, combined with CloudStack
> technology, allows IT Service Providers and Enterprises to deliver true, utility
> based, IaaS to the customer or end-user.
> >
> > ________________________________
> >
> > This email and any attachments to it may be confidential and are intended
> solely for the use of the individual to whom it is addressed. Any views or
> opinions expressed are solely those of the author and do not necessarily
> represent those of Shape Blue Ltd. If you are not the intended recipient of
> this email, you must neither take any action based upon its contents, nor
> copy or show it to anyone. Please contact the sender if you believe you have
> received this email in error. Shape Blue Ltd is a company incorporated in
> England & Wales.

Mime
View raw message