cloudstack-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From David Comerford <davest...@gmail.com>
Subject Re: Architecture Question
Date Tue, 06 Aug 2013 23:56:08 GMT
np :)
Looking forward to knowing the answer to this one actually.

Best regards,
David Comerford
------------------------
Tel: +353 87 1238295
Email: davestyle@gmail.com
Website: http://dave.ie
GPG key: http://gpg.dave.ie


On 7 August 2013 00:50, Bradley Hieber <mercsniper@gmail.com> wrote:

> I do appreciate the assistance David
> —
> Sent from Mailbox for iPhone
>
> On Tue, Aug 6, 2013 at 7:48 PM, David Comerford <davestyle@gmail.com>
> wrote:
>
> > Ah I understand. So you need a "DMZ" network tier with some device on it
> > that filters all traffic to and from the other tiers?
> > That's a bit beyond my VPC experience, sorry. Hopefully someone else
> might
> > chime in at this point :)
> > Best regards,
> > David Comerford
> > ------------------------
> > Tel: +353 87 1238295
> > Email: davestyle@gmail.com
> > Website: http://dave.ie
> > GPG key: http://gpg.dave.ie
> > On 7 August 2013 00:39, Bradley Hieber <mercsniper@gmail.com> wrote:
> >> In the design we are building, we need to have a DMZ tier that
> encompasses
> >> all of the VPC's and all traffic needs to pass through it.
> >>
> >>
> >> On Tue, Aug 6, 2013 at 7:15 PM, David Comerford <davestyle@gmail.com>
> >> wrote:
> >>
> >> > You don't need a proxy. The VPC is held together by the virtual
> router.
> >> > That forwards the traffic to and from all the zones/DMZs or the
> >> CloudStack
> >> > term "network tiers".
> >> >
> >> > Ideally you would make a Web network tier where the web servers would
> >> > reside. Anther tier for application servers, anto
> >> >
> >> > Best regards,
> >> > David Comerford
> >> > ------------------------
> >> > Tel: +353 87 1238295
> >> > Email: davestyle@gmail.com
> >> > Website: http://dave.ie
> >> > GPG key: http://gpg.dave.ie
> >> >
> >> >
> >> > On 7 August 2013 00:09, Bradley Hieber <mercsniper@gmail.com> wrote:
> >> >
> >> > > I need to place a proxy and web servers in my DMZ. Am I just not
> >> getting
> >> > > something?
> >> > >
> >> > >
> >> > > On Tue, Aug 6, 2013 at 7:06 PM, David Comerford <
> davestyle@gmail.com>
> >> > > wrote:
> >> > >
> >> > > > The DMZ in your diagram would be the Guest Public network you
have
> >> > > defined.
> >> > > > Each zone you have behind the router can be isolated on it's
own
> VLAN
> >> > and
> >> > > > have it's own firewall rules controlling ingress/egress.
> >> > > >
> >> > > > This diagram might explain it a bit better:
> >> > > >
> >> > > >
> >> > >
> >> >
> >>
> https://cwiki.apache.org/confluence/download/attachments/30747129/image001.png?version=1&modificationDate=1357237708000
> >> > > >
> >> > > > Best regards,
> >> > > > David Comerford
> >> > > > ------------------------
> >> > > > Tel: +353 87 1238295
> >> > > > Email: davestyle@gmail.com
> >> > > > Website: http://dave.ie
> >> > > > GPG key: http://gpg.dave.ie
> >> > > >
> >> > > >
> >> > > > On 6 August 2013 23:59, Bradley Hieber <mercsniper@gmail.com>
> wrote:
> >> > > >
> >> > > > > How would I force the traffic to go through the DMZ? Would
I
> set a
> >> > > small
> >> > > > > LAN in the virtual router to point to a proxy address in
the
> DMZ?
> >> > > > > —
> >> > > > > Sent from Mailbox for iPhone
> >> > > > >
> >> > > > > On Tue, Aug 6, 2013 at 6:58 PM, David Comerford <
> >> davestyle@gmail.com
> >> > >
> >> > > > > wrote:
> >> > > > >
> >> > > > > > VPC's are the way to go. Your diagram is a text book
example.
> >> > > > > >
> >> > > > >
> >> > > >
> >> > >
> >> >
> >>
> http://cloudstack.apache.org/docs/en-US/Apache_CloudStack/4.0.2/html/Installation_Guide/configure-vpc.html
> >> > > > > > Best regards,
> >> > > > > > David Comerford
> >> > > > > > ------------------------
> >> > > > > > Tel: +353 87 1238295
> >> > > > > > Email: davestyle@gmail.com
> >> > > > > > Website: http://dave.ie
> >> > > > > > GPG key: http://gpg.dave.ie
> >> > > > > > On 6 August 2013 14:36, Bradley Hieber <mercsniper@gmail.com>
> >> > wrote:
> >> > > > > >> It could very well be VPC's. The idea is we are
planning on
> >> using
> >> > > 5-6
> >> > > > > hosts
> >> > > > > >> in this environment. So designing the solution
to fit this
> >> > hardware
> >> > > > > >> requirement is critical.
> >> > > > > >>
> >> > > > > >>
> >> > > > > >> On Tue, Aug 6, 2013 at 9:29 AM, Murali Reddy <
> >> > > Murali.Reddy@citrix.com
> >> > > > > >> >wrote:
> >> > > > > >>
> >> > > > > >> >
> >> > > > > >> > Can 'hosting zones' represented in diagram
can be contained
> >> > into a
> >> > > > > >> > CloudStack zone? If so you can dedicated set
of hosts to
> be in
> >> > the
> >> > > > > DMZ.
> >> > > > > >> > Then you can leverage 'host tags' [1] functionality
to
> place
> >> > VM's
> >> > > > > >> > providing edge services (CloudStack system
VM's or user
> VM's)
> >> on
> >> > > the
> >> > > > > >> hosts
> >> > > > > >> > dedicated in DMZ.
> >> > > > > >> >
> >> > > > > >> > [1]
> >> > > > >
> >> https://cwiki.apache.org/CLOUDSTACK/host-tags-and-storage-tags.html
> >> > > > > >> >
> >> > > > > >> > On 05/08/13 11:28 PM, "Bradley Hieber" <
> mercsniper@gmail.com>
> >> > > > wrote:
> >> > > > > >> >
> >> > > > > >> > >The goal is to have a virtualized dmz
area where we can
> place
> >> > > > public
> >> > > > > >> > >facing
> >> > > > > >> > >webservers, and other software based firewalls
to protect
> the
> >> > > > > different
> >> > > > > >> > >virtualization areas. Each of the virtualization
areas
> will
> >> > host
> >> > > > > >> different
> >> > > > > >> > >environments for clients to utilize.
> >> > > > > >> > >
> >> > > > > >> > >
> >> > > > > >> > >On Mon, Aug 5, 2013 at 1:55 PM, Chip Childers
> >> > > > > >> > ><chip.childers@sungard.com>wrote:
> >> > > > > >> > >
> >> > > > > >> > >> Can you explain a bit more about
what your diagram
> implies?
> >> > >  That
> >> > > > > >> might
> >> > > > > >> > >> help us help you.
> >> > > > > >> > >>
> >> > > > > >> > >>
> >> > > > > >> > >> On Mon, Aug 5, 2013 at 10:24 AM,
Bradley Hieber <
> >> > > > > mercsniper@gmail.com
> >> > > > > >> > >> >wrote:
> >> > > > > >> > >>
> >> > > > > >> > >> > Is it possible to create this
type of architecture
> with
> >> > > > > cloudstack?
> >> > > > > >> > >>Any
> >> > > > > >> > >> > design ideas you can provide?
> >> > > > > >> > >> >
> >> > > > > >> > >> > http://img850.imageshack.us/img850/7940/lnzp.jpg
> >> > > > > >> > >> >
> >> > > > > >> > >> > --
> >> > > > > >> > >> > Brad
> >> > > > > >> > >> >
> >> > > > > >> > >>
> >> > > > > >> > >
> >> > > > > >> > >
> >> > > > > >> > >
> >> > > > > >> > >--
> >> > > > > >> > >Brad
> >> > > > > >> > >
> >> > > > > >> >
> >> > > > > >> >
> >> > > > > >> >
> >> > > > > >>
> >> > > > > >>
> >> > > > > >> --
> >> > > > > >> Brad
> >> > > > > >>
> >> > > > >
> >> > > >
> >> > >
> >> > >
> >> > >
> >> > > --
> >> > > Brad
> >> > >
> >> >
> >>
> >>
> >>
> >> --
> >> Brad
> >>
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message