cloudstack-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Bradley Hieber" <mercsni...@gmail.com>
Subject Re: Architecture Question
Date Tue, 06 Aug 2013 23:50:19 GMT
I do appreciate the assistance David 
—
Sent from Mailbox for iPhone

On Tue, Aug 6, 2013 at 7:48 PM, David Comerford <davestyle@gmail.com>
wrote:

> Ah I understand. So you need a "DMZ" network tier with some device on it
> that filters all traffic to and from the other tiers?
> That's a bit beyond my VPC experience, sorry. Hopefully someone else might
> chime in at this point :)
> Best regards,
> David Comerford
> ------------------------
> Tel: +353 87 1238295
> Email: davestyle@gmail.com
> Website: http://dave.ie
> GPG key: http://gpg.dave.ie
> On 7 August 2013 00:39, Bradley Hieber <mercsniper@gmail.com> wrote:
>> In the design we are building, we need to have a DMZ tier that encompasses
>> all of the VPC's and all traffic needs to pass through it.
>>
>>
>> On Tue, Aug 6, 2013 at 7:15 PM, David Comerford <davestyle@gmail.com>
>> wrote:
>>
>> > You don't need a proxy. The VPC is held together by the virtual router.
>> > That forwards the traffic to and from all the zones/DMZs or the
>> CloudStack
>> > term "network tiers".
>> >
>> > Ideally you would make a Web network tier where the web servers would
>> > reside. Anther tier for application servers, anto
>> >
>> > Best regards,
>> > David Comerford
>> > ------------------------
>> > Tel: +353 87 1238295
>> > Email: davestyle@gmail.com
>> > Website: http://dave.ie
>> > GPG key: http://gpg.dave.ie
>> >
>> >
>> > On 7 August 2013 00:09, Bradley Hieber <mercsniper@gmail.com> wrote:
>> >
>> > > I need to place a proxy and web servers in my DMZ. Am I just not
>> getting
>> > > something?
>> > >
>> > >
>> > > On Tue, Aug 6, 2013 at 7:06 PM, David Comerford <davestyle@gmail.com>
>> > > wrote:
>> > >
>> > > > The DMZ in your diagram would be the Guest Public network you have
>> > > defined.
>> > > > Each zone you have behind the router can be isolated on it's own VLAN
>> > and
>> > > > have it's own firewall rules controlling ingress/egress.
>> > > >
>> > > > This diagram might explain it a bit better:
>> > > >
>> > > >
>> > >
>> >
>> https://cwiki.apache.org/confluence/download/attachments/30747129/image001.png?version=1&modificationDate=1357237708000
>> > > >
>> > > > Best regards,
>> > > > David Comerford
>> > > > ------------------------
>> > > > Tel: +353 87 1238295
>> > > > Email: davestyle@gmail.com
>> > > > Website: http://dave.ie
>> > > > GPG key: http://gpg.dave.ie
>> > > >
>> > > >
>> > > > On 6 August 2013 23:59, Bradley Hieber <mercsniper@gmail.com>
wrote:
>> > > >
>> > > > > How would I force the traffic to go through the DMZ? Would I
set a
>> > > small
>> > > > > LAN in the virtual router to point to a proxy address in the
DMZ?
>> > > > > —
>> > > > > Sent from Mailbox for iPhone
>> > > > >
>> > > > > On Tue, Aug 6, 2013 at 6:58 PM, David Comerford <
>> davestyle@gmail.com
>> > >
>> > > > > wrote:
>> > > > >
>> > > > > > VPC's are the way to go. Your diagram is a text book example.
>> > > > > >
>> > > > >
>> > > >
>> > >
>> >
>> http://cloudstack.apache.org/docs/en-US/Apache_CloudStack/4.0.2/html/Installation_Guide/configure-vpc.html
>> > > > > > Best regards,
>> > > > > > David Comerford
>> > > > > > ------------------------
>> > > > > > Tel: +353 87 1238295
>> > > > > > Email: davestyle@gmail.com
>> > > > > > Website: http://dave.ie
>> > > > > > GPG key: http://gpg.dave.ie
>> > > > > > On 6 August 2013 14:36, Bradley Hieber <mercsniper@gmail.com>
>> > wrote:
>> > > > > >> It could very well be VPC's. The idea is we are planning
on
>> using
>> > > 5-6
>> > > > > hosts
>> > > > > >> in this environment. So designing the solution to fit
this
>> > hardware
>> > > > > >> requirement is critical.
>> > > > > >>
>> > > > > >>
>> > > > > >> On Tue, Aug 6, 2013 at 9:29 AM, Murali Reddy <
>> > > Murali.Reddy@citrix.com
>> > > > > >> >wrote:
>> > > > > >>
>> > > > > >> >
>> > > > > >> > Can 'hosting zones' represented in diagram can
be contained
>> > into a
>> > > > > >> > CloudStack zone? If so you can dedicated set of
hosts to be in
>> > the
>> > > > > DMZ.
>> > > > > >> > Then you can leverage 'host tags' [1] functionality
to place
>> > VM's
>> > > > > >> > providing edge services (CloudStack system VM's
or user VM's)
>> on
>> > > the
>> > > > > >> hosts
>> > > > > >> > dedicated in DMZ.
>> > > > > >> >
>> > > > > >> > [1]
>> > > > >
>> https://cwiki.apache.org/CLOUDSTACK/host-tags-and-storage-tags.html
>> > > > > >> >
>> > > > > >> > On 05/08/13 11:28 PM, "Bradley Hieber" <mercsniper@gmail.com>
>> > > > wrote:
>> > > > > >> >
>> > > > > >> > >The goal is to have a virtualized dmz area
where we can place
>> > > > public
>> > > > > >> > >facing
>> > > > > >> > >webservers, and other software based firewalls
to protect the
>> > > > > different
>> > > > > >> > >virtualization areas. Each of the virtualization
areas will
>> > host
>> > > > > >> different
>> > > > > >> > >environments for clients to utilize.
>> > > > > >> > >
>> > > > > >> > >
>> > > > > >> > >On Mon, Aug 5, 2013 at 1:55 PM, Chip Childers
>> > > > > >> > ><chip.childers@sungard.com>wrote:
>> > > > > >> > >
>> > > > > >> > >> Can you explain a bit more about what
your diagram implies?
>> > >  That
>> > > > > >> might
>> > > > > >> > >> help us help you.
>> > > > > >> > >>
>> > > > > >> > >>
>> > > > > >> > >> On Mon, Aug 5, 2013 at 10:24 AM, Bradley
Hieber <
>> > > > > mercsniper@gmail.com
>> > > > > >> > >> >wrote:
>> > > > > >> > >>
>> > > > > >> > >> > Is it possible to create this type
of architecture with
>> > > > > cloudstack?
>> > > > > >> > >>Any
>> > > > > >> > >> > design ideas you can provide?
>> > > > > >> > >> >
>> > > > > >> > >> > http://img850.imageshack.us/img850/7940/lnzp.jpg
>> > > > > >> > >> >
>> > > > > >> > >> > --
>> > > > > >> > >> > Brad
>> > > > > >> > >> >
>> > > > > >> > >>
>> > > > > >> > >
>> > > > > >> > >
>> > > > > >> > >
>> > > > > >> > >--
>> > > > > >> > >Brad
>> > > > > >> > >
>> > > > > >> >
>> > > > > >> >
>> > > > > >> >
>> > > > > >>
>> > > > > >>
>> > > > > >> --
>> > > > > >> Brad
>> > > > > >>
>> > > > >
>> > > >
>> > >
>> > >
>> > >
>> > > --
>> > > Brad
>> > >
>> >
>>
>>
>>
>> --
>> Brad
>>
Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message