incubator-cloudstack-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Sheng Yang <sh...@yasker.org>
Subject Re: PRD Review on Byron Requirement: Remote-access VPN on External devices
Date Wed, 10 Oct 2012 22:02:52 GMT
On Wed, Oct 10, 2012 at 11:11 AM, Sheng Yang <sheng@yasker.org> wrote:
> On Wed, Oct 10, 2012 at 12:09 AM, Sanjeev Neelarapu
> <sanjeev.neelarapu@citrix.com> wrote:
>> +cloudstack-dev@incubator.apache.org
>
> Hi Sanjeev,
>
>>
>> From: Chiradeep Vittal
>> Sent: Wednesday, October 10, 2012 12:35 PM
>> To: Sanjeev Neelarapu; Sheng Yang
>> Cc: #Cloud - Engineering
>> Subject: Re: PRD Review on Byron Requirement: Remote-access VPN on External devices
>>
>> This discussion should happen on the ML
>>
>> From: Sanjeev Neelarapu <sanjeev.neelarapu@citrix.com<mailto:sanjeev.neelarapu@citrix.com>>
>> Date: Wed, 10 Oct 2012 00:02:33 -0700
>> To: Sheng Yang <Sheng.Yang@citrix.com<mailto:Sheng.Yang@citrix.com>>
>> Cc: #Cloud - Engineering <engineering@cloud.com<mailto:engineering@cloud.com>>
>> Subject: PRD Review on Byron Requirement: Remote-access VPN on External devices
>>
>> Sheng,
>>
>> Following are the review comments on Byron Requirement: Remote-access VPN on External
devices:
>>
>>
>> 1.      What JUNOS version SRX should have for this feature to work?
>
> 10.4 r1 or above. Added to wiki.
>>
>> 2.      What protocol SRX uses for remote access vpn?
>
> Ipsec. But in fact it's more like Juniper propriety combination, since
> we need to download client from SRX, and it would configure the client
> as well.
>>
>> 3.      In network-inline-mode FS ( http://wiki.cloudstack.org/display/RelOps/Network+inline+mode+functional+spec)
use case 4 talks about network offering and it says vpn is not supported with the combination
given there.
>> Does it mean if F5 and SRX are operating inline mode, remote access vpn can't be
configured on srx?
>
> No, that is obsolete. Updated.
>>
>> 4.      Is this feature hyper visor dependent? If yes please let me know the list
of hypervisors supported.
>
> It's hypervisor independent.
>>
>> 5.      How many users can connect to SRX at a given time?
>
> As stated in wiki, it's depends on SRX. Without purchasing new
> licenses from Juniper, the number is limited to 2.
>>
>> 6.      From a single user how many concurrent connections are allowed?
>
> It's still 2 without new licenses.
>>
>> 7.      Do we have the limitation of only one instance of each external devices existed
in one zone? If yes how do we limit the remote access to account specific.(In case of VR,
each account will have a VR and remote access to VR's public IP will give access to guest
vms present in the account).
>
> The public ip is still owned by account. And the accessing to the
> public ip still gain the access to the guest network.
>
> Well, we don't have resource controlling of VPN user at this time.
> It's time to think about it.

Seems the license controlled the maximum number of concurrent
connection to the firewall(rather than user numbers), and we have no
way to control that. Would have to leave it to end user.

--Sheng
>
> --Sheng
>>
>>
>>
>>
>> Thanks,
>> Sanjeev
>>
>>
>>
>>

Mime
View raw message