Return-Path: X-Original-To: apmail-cloudstack-users-archive@www.apache.org Delivered-To: apmail-cloudstack-users-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 051C5109F4 for ; Tue, 6 Aug 2013 23:16:03 +0000 (UTC) Received: (qmail 27341 invoked by uid 500); 6 Aug 2013 23:16:02 -0000 Delivered-To: apmail-cloudstack-users-archive@cloudstack.apache.org Received: (qmail 27306 invoked by uid 500); 6 Aug 2013 23:16:02 -0000 Mailing-List: contact users-help@cloudstack.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: users@cloudstack.apache.org Delivered-To: mailing list users@cloudstack.apache.org Received: (qmail 27298 invoked by uid 99); 6 Aug 2013 23:16:02 -0000 Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 06 Aug 2013 23:16:02 +0000 X-ASF-Spam-Status: No, hits=2.5 required=5.0 tests=FREEMAIL_REPLY,HTML_MESSAGE,RCVD_IN_DNSWL_LOW,SPF_PASS X-Spam-Check-By: apache.org Received-SPF: pass (athena.apache.org: domain of davestyle@gmail.com designates 209.85.216.172 as permitted sender) Received: from [209.85.216.172] (HELO mail-qc0-f172.google.com) (209.85.216.172) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 06 Aug 2013 23:15:58 +0000 Received: by mail-qc0-f172.google.com with SMTP id a1so569525qcx.3 for ; Tue, 06 Aug 2013 16:15:37 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :content-type; bh=kfx+XWAo8OGg8faULel3j6svK7/pyZrooOkauK6cBpQ=; b=sCTX0jyY6PRZcl3/FrKZzobExXz/j/ubiIBACvTvlDWsgyFck6/JLJ3BuqaxgsqDvV 4pbKPYXfxTN1W4mDH4I3zEhKI3DOPFCsriHs2jVPT4P8G0NR4sM1My4tgzxNV9R4DGwe cqbp/VXt1atjz2KZsfAbsjPbVqi/r3p4jRRb2YQlCwZc5y/Mpda7Ji5A3ToYn/FiCPf4 twJdyo+H0k2SamwJSvFfQkkOt9toQ5cNr8t2/PHMxKCrEqxKFXyO/qKzM0e8/QflxtxF 5Zz4kKkklSDVThtggo9jBwklLJRqYyc+U4vWiGeIZTgCYOhDGzcGa7670G7d15jKnHLe H7Bg== MIME-Version: 1.0 X-Received: by 10.49.62.3 with SMTP id u3mr688479qer.6.1375830937544; Tue, 06 Aug 2013 16:15:37 -0700 (PDT) Received: by 10.49.29.73 with HTTP; Tue, 6 Aug 2013 16:15:37 -0700 (PDT) In-Reply-To: References: <1375829972705.bbbb1d45@Nodemailer> Date: Wed, 7 Aug 2013 00:15:37 +0100 Message-ID: Subject: Re: Architecture Question From: David Comerford To: users@cloudstack.apache.org Content-Type: multipart/alternative; boundary=047d7bdc15ac4db0aa04e34f9a03 X-Virus-Checked: Checked by ClamAV on apache.org --047d7bdc15ac4db0aa04e34f9a03 Content-Type: text/plain; charset=windows-1252 Content-Transfer-Encoding: quoted-printable You don't need a proxy. The VPC is held together by the virtual router. That forwards the traffic to and from all the zones/DMZs or the CloudStack term "network tiers". Ideally you would make a Web network tier where the web servers would reside. Anther tier for application servers, anto Best regards, David Comerford ------------------------ Tel: +353 87 1238295 Email: davestyle@gmail.com Website: http://dave.ie GPG key: http://gpg.dave.ie On 7 August 2013 00:09, Bradley Hieber wrote: > I need to place a proxy and web servers in my DMZ. Am I just not getting > something? > > > On Tue, Aug 6, 2013 at 7:06 PM, David Comerford > wrote: > > > The DMZ in your diagram would be the Guest Public network you have > defined. > > Each zone you have behind the router can be isolated on it's own VLAN a= nd > > have it's own firewall rules controlling ingress/egress. > > > > This diagram might explain it a bit better: > > > > > https://cwiki.apache.org/confluence/download/attachments/30747129/image00= 1.png?version=3D1&modificationDate=3D1357237708000 > > > > Best regards, > > David Comerford > > ------------------------ > > Tel: +353 87 1238295 > > Email: davestyle@gmail.com > > Website: http://dave.ie > > GPG key: http://gpg.dave.ie > > > > > > On 6 August 2013 23:59, Bradley Hieber wrote: > > > > > How would I force the traffic to go through the DMZ? Would I set a > small > > > LAN in the virtual router to point to a proxy address in the DMZ? > > > =97 > > > Sent from Mailbox for iPhone > > > > > > On Tue, Aug 6, 2013 at 6:58 PM, David Comerford > > > wrote: > > > > > > > VPC's are the way to go. Your diagram is a text book example. > > > > > > > > > > http://cloudstack.apache.org/docs/en-US/Apache_CloudStack/4.0.2/html/Inst= allation_Guide/configure-vpc.html > > > > Best regards, > > > > David Comerford > > > > ------------------------ > > > > Tel: +353 87 1238295 > > > > Email: davestyle@gmail.com > > > > Website: http://dave.ie > > > > GPG key: http://gpg.dave.ie > > > > On 6 August 2013 14:36, Bradley Hieber wrote= : > > > >> It could very well be VPC's. The idea is we are planning on using > 5-6 > > > hosts > > > >> in this environment. So designing the solution to fit this hardwar= e > > > >> requirement is critical. > > > >> > > > >> > > > >> On Tue, Aug 6, 2013 at 9:29 AM, Murali Reddy < > Murali.Reddy@citrix.com > > > >> >wrote: > > > >> > > > >> > > > > >> > Can 'hosting zones' represented in diagram can be contained into= a > > > >> > CloudStack zone? If so you can dedicated set of hosts to be in t= he > > > DMZ. > > > >> > Then you can leverage 'host tags' [1] functionality to place VM'= s > > > >> > providing edge services (CloudStack system VM's or user VM's) on > the > > > >> hosts > > > >> > dedicated in DMZ. > > > >> > > > > >> > [1] > > > https://cwiki.apache.org/CLOUDSTACK/host-tags-and-storage-tags.html > > > >> > > > > >> > On 05/08/13 11:28 PM, "Bradley Hieber" > > wrote: > > > >> > > > > >> > >The goal is to have a virtualized dmz area where we can place > > public > > > >> > >facing > > > >> > >webservers, and other software based firewalls to protect the > > > different > > > >> > >virtualization areas. Each of the virtualization areas will hos= t > > > >> different > > > >> > >environments for clients to utilize. > > > >> > > > > > >> > > > > > >> > >On Mon, Aug 5, 2013 at 1:55 PM, Chip Childers > > > >> > >wrote: > > > >> > > > > > >> > >> Can you explain a bit more about what your diagram implies? > That > > > >> might > > > >> > >> help us help you. > > > >> > >> > > > >> > >> > > > >> > >> On Mon, Aug 5, 2013 at 10:24 AM, Bradley Hieber < > > > mercsniper@gmail.com > > > >> > >> >wrote: > > > >> > >> > > > >> > >> > Is it possible to create this type of architecture with > > > cloudstack? > > > >> > >>Any > > > >> > >> > design ideas you can provide? > > > >> > >> > > > > >> > >> > http://img850.imageshack.us/img850/7940/lnzp.jpg > > > >> > >> > > > > >> > >> > -- > > > >> > >> > Brad > > > >> > >> > > > > >> > >> > > > >> > > > > > >> > > > > > >> > > > > > >> > >-- > > > >> > >Brad > > > >> > > > > > >> > > > > >> > > > > >> > > > > >> > > > >> > > > >> -- > > > >> Brad > > > >> > > > > > > > > > -- > Brad > --047d7bdc15ac4db0aa04e34f9a03--