Return-Path: X-Original-To: apmail-incubator-cloudstack-users-archive@minotaur.apache.org Delivered-To: apmail-incubator-cloudstack-users-archive@minotaur.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 9EB52E867 for ; Wed, 6 Feb 2013 02:23:39 +0000 (UTC) Received: (qmail 1488 invoked by uid 500); 6 Feb 2013 02:23:39 -0000 Delivered-To: apmail-incubator-cloudstack-users-archive@incubator.apache.org Received: (qmail 1445 invoked by uid 500); 6 Feb 2013 02:23:39 -0000 Mailing-List: contact cloudstack-users-help@incubator.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: cloudstack-users@incubator.apache.org Delivered-To: mailing list cloudstack-users@incubator.apache.org Received: (qmail 1435 invoked by uid 99); 6 Feb 2013 02:23:39 -0000 Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 06 Feb 2013 02:23:39 +0000 X-ASF-Spam-Status: No, hits=-0.7 required=5.0 tests=RCVD_IN_DNSWL_LOW,SPF_PASS X-Spam-Check-By: apache.org Received-SPF: pass (athena.apache.org: domain of alex.heneveld@cloudsoftcorp.com designates 74.125.83.44 as permitted sender) Received: from [74.125.83.44] (HELO mail-ee0-f44.google.com) (74.125.83.44) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 06 Feb 2013 02:23:32 +0000 Received: by mail-ee0-f44.google.com with SMTP id l10so504121eei.3 for ; Tue, 05 Feb 2013 18:23:11 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cloudsoftcorp.com; s=google; h=x-received:message-id:date:from:user-agent:mime-version:to:subject :content-type:content-transfer-encoding; bh=EWWP2Nm1YJQD7zkg7aJ06u/iHPIK4g+gd7cHzhy2ty8=; b=NApzV/Ni4pq3o4KbIlrz5Mn+iz1VqD1SmJFMkH9+MVFiLU4pnBYmS915D0QenhBmyT b0vhVvv8VRNtbz+XTXvDBeF+vh0qvzXV5JPxVgl+FwdgqPc1Zm0FQ/5Vgfe+rOzu9NXj fH2a3FAOqrgv1y7U31Q/VQ5HGn7aZWPpaKuRI= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=x-received:message-id:date:from:user-agent:mime-version:to:subject :content-type:content-transfer-encoding:x-gm-message-state; bh=EWWP2Nm1YJQD7zkg7aJ06u/iHPIK4g+gd7cHzhy2ty8=; b=QxPjEtl6Qb7o5ryeGM6l3KOGkjoeTbVBf53YdhfmwlxFbI7j/TqUqhvPA7BnNqTRgV QbPpFhRMhImwTI4ASgxnGUV6UCkCgR10zQ6aVWwX+YXCL5UQtype6NJvZdqM7j0sbZlu Kg2zxVh2PKKTVN1GRn8XtyW/JGHtIJkYaYewxOR9fi16XRzFJkY8pu1dV2b4/DcQi/cn M0RCySxPh2uo6xtmJ+41T4JI8NkRUpsOn5uhS3GbtVBCpTHymaT1ofP3D96kYX3ZgaIo Qy7DGH8wQ6tHNMHMIpA4dh71RO5SjY9kS+gdbxeel5FK5EGlEaVqxcLLRjfj+C54eg4M D/0g== X-Received: by 10.14.220.1 with SMTP id n1mr91226395eep.16.1360117390931; Tue, 05 Feb 2013 18:23:10 -0800 (PST) Received: from almacretin.local ([82.152.158.209]) by mx.google.com with ESMTPS id f49sm34494697eep.12.2013.02.05.18.23.09 (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Tue, 05 Feb 2013 18:23:10 -0800 (PST) Message-ID: <5111BE8C.4050004@CloudsoftCorp.com> Date: Wed, 06 Feb 2013 02:23:08 +0000 From: Alex Heneveld User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.8; rv:15.0) Gecko/20120907 Thunderbird/15.0.1 MIME-Version: 1.0 To: cloudstack-users@incubator.apache.org Subject: mgmt VM access to VPC Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-Gm-Message-State: ALoCoQlBLE71IrdkFB2ulnqe9zSRtaSYA9nxpEkMr8RtJrIVDVaqUBwN//j5ndG4h4gYORKpsXsC X-Virus-Checked: Checked by ClamAV on apache.org Hi, We're trying to set up a VPC/nTier-App such that a single VM (call it a management node) outside the VPC has ssh access to the VM's inside the VPC. (And to do this for multiple VPC's, same mgmt node.) What's the best way to implement this? It seems like #754 [1] would be the right way to go about this when available (is that right?) but already there are a few things we could do now: - set up an extra public IP on each tier with careful port forwarding and ACL restricted to the mgmt node - use an s2s vpn where the other "site" is just the mgmt node - use a shared network, seems supported based on #748 [2] (but this would break isolation?) Any thoughts on these or others? TIA, Alex [1] https://issues.apache.org/jira/browse/CLOUDSTACK-754 [2] https://issues.apache.org/jira/browse/CLOUDSTACK-748