cloudstack-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Bradley Hieber <mercsni...@gmail.com>
Subject Re: Architecture Question
Date Tue, 06 Aug 2013 23:39:05 GMT
In the design we are building, we need to have a DMZ tier that encompasses
all of the VPC's and all traffic needs to pass through it.


On Tue, Aug 6, 2013 at 7:15 PM, David Comerford <davestyle@gmail.com> wrote:

> You don't need a proxy. The VPC is held together by the virtual router.
> That forwards the traffic to and from all the zones/DMZs or the CloudStack
> term "network tiers".
>
> Ideally you would make a Web network tier where the web servers would
> reside. Anther tier for application servers, anto
>
> Best regards,
> David Comerford
> ------------------------
> Tel: +353 87 1238295
> Email: davestyle@gmail.com
> Website: http://dave.ie
> GPG key: http://gpg.dave.ie
>
>
> On 7 August 2013 00:09, Bradley Hieber <mercsniper@gmail.com> wrote:
>
> > I need to place a proxy and web servers in my DMZ. Am I just not getting
> > something?
> >
> >
> > On Tue, Aug 6, 2013 at 7:06 PM, David Comerford <davestyle@gmail.com>
> > wrote:
> >
> > > The DMZ in your diagram would be the Guest Public network you have
> > defined.
> > > Each zone you have behind the router can be isolated on it's own VLAN
> and
> > > have it's own firewall rules controlling ingress/egress.
> > >
> > > This diagram might explain it a bit better:
> > >
> > >
> >
> https://cwiki.apache.org/confluence/download/attachments/30747129/image001.png?version=1&modificationDate=1357237708000
> > >
> > > Best regards,
> > > David Comerford
> > > ------------------------
> > > Tel: +353 87 1238295
> > > Email: davestyle@gmail.com
> > > Website: http://dave.ie
> > > GPG key: http://gpg.dave.ie
> > >
> > >
> > > On 6 August 2013 23:59, Bradley Hieber <mercsniper@gmail.com> wrote:
> > >
> > > > How would I force the traffic to go through the DMZ? Would I set a
> > small
> > > > LAN in the virtual router to point to a proxy address in the DMZ?
> > > > —
> > > > Sent from Mailbox for iPhone
> > > >
> > > > On Tue, Aug 6, 2013 at 6:58 PM, David Comerford <davestyle@gmail.com
> >
> > > > wrote:
> > > >
> > > > > VPC's are the way to go. Your diagram is a text book example.
> > > > >
> > > >
> > >
> >
> http://cloudstack.apache.org/docs/en-US/Apache_CloudStack/4.0.2/html/Installation_Guide/configure-vpc.html
> > > > > Best regards,
> > > > > David Comerford
> > > > > ------------------------
> > > > > Tel: +353 87 1238295
> > > > > Email: davestyle@gmail.com
> > > > > Website: http://dave.ie
> > > > > GPG key: http://gpg.dave.ie
> > > > > On 6 August 2013 14:36, Bradley Hieber <mercsniper@gmail.com>
> wrote:
> > > > >> It could very well be VPC's. The idea is we are planning on using
> > 5-6
> > > > hosts
> > > > >> in this environment. So designing the solution to fit this
> hardware
> > > > >> requirement is critical.
> > > > >>
> > > > >>
> > > > >> On Tue, Aug 6, 2013 at 9:29 AM, Murali Reddy <
> > Murali.Reddy@citrix.com
> > > > >> >wrote:
> > > > >>
> > > > >> >
> > > > >> > Can 'hosting zones' represented in diagram can be contained
> into a
> > > > >> > CloudStack zone? If so you can dedicated set of hosts to
be in
> the
> > > > DMZ.
> > > > >> > Then you can leverage 'host tags' [1] functionality to place
> VM's
> > > > >> > providing edge services (CloudStack system VM's or user
VM's) on
> > the
> > > > >> hosts
> > > > >> > dedicated in DMZ.
> > > > >> >
> > > > >> > [1]
> > > > https://cwiki.apache.org/CLOUDSTACK/host-tags-and-storage-tags.html
> > > > >> >
> > > > >> > On 05/08/13 11:28 PM, "Bradley Hieber" <mercsniper@gmail.com>
> > > wrote:
> > > > >> >
> > > > >> > >The goal is to have a virtualized dmz area where we
can place
> > > public
> > > > >> > >facing
> > > > >> > >webservers, and other software based firewalls to protect
the
> > > > different
> > > > >> > >virtualization areas. Each of the virtualization areas
will
> host
> > > > >> different
> > > > >> > >environments for clients to utilize.
> > > > >> > >
> > > > >> > >
> > > > >> > >On Mon, Aug 5, 2013 at 1:55 PM, Chip Childers
> > > > >> > ><chip.childers@sungard.com>wrote:
> > > > >> > >
> > > > >> > >> Can you explain a bit more about what your diagram
implies?
> >  That
> > > > >> might
> > > > >> > >> help us help you.
> > > > >> > >>
> > > > >> > >>
> > > > >> > >> On Mon, Aug 5, 2013 at 10:24 AM, Bradley Hieber
<
> > > > mercsniper@gmail.com
> > > > >> > >> >wrote:
> > > > >> > >>
> > > > >> > >> > Is it possible to create this type of architecture
with
> > > > cloudstack?
> > > > >> > >>Any
> > > > >> > >> > design ideas you can provide?
> > > > >> > >> >
> > > > >> > >> > http://img850.imageshack.us/img850/7940/lnzp.jpg
> > > > >> > >> >
> > > > >> > >> > --
> > > > >> > >> > Brad
> > > > >> > >> >
> > > > >> > >>
> > > > >> > >
> > > > >> > >
> > > > >> > >
> > > > >> > >--
> > > > >> > >Brad
> > > > >> > >
> > > > >> >
> > > > >> >
> > > > >> >
> > > > >>
> > > > >>
> > > > >> --
> > > > >> Brad
> > > > >>
> > > >
> > >
> >
> >
> >
> > --
> > Brad
> >
>



-- 
Brad

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message