FWIW I'm not aware of anyone working on this or planning to. -kevin
> -----Original Message----- > From: Chiradeep Vittal [mailto:[email protected]] > Sent: Wednesday, June 20, 2012 7:14 AM > To: [email protected] > Cc: [email protected]; int-cloud > Subject: Re: dedicated public IP ranges for system vms > > I've heard this request from other users as well with different justifications > > -- > Chiradeep > > On Jun 20, 2012, at 12:36, "Roeland Kuipers" <[email protected]> > wrote: > > > Hi, > > > > We have the same desire, for the following reasons. > > > > Given the type of customers we host we would like to be able to put the > Portal, SSVM, CPVM, API behind a (2-factor) secured SSL VPN solution > and/or also implement IDS/IPS in front of these services. > > On the same hand we would like being able to selectively whitelist access > to the API, for example for customers to allow hosted services like Rightscale > and others. > > This is currently hard to implement given the dynamic IP assignments of the > SSVM and CPVM. A dedicated VLAN for these services would be ideal to add > additional security. > > > > We feel the SSVM and CPVM are currently an Achilles heel since they have > a foot on the private and public network in order to serve images and VNC > sessions. If these VMs would get compromised, this means a potential > hacker has r/w access to our secondary storage but also access to the > management network (Xapi SSH etc) and is also able to sniff this network, > not desired. I understand this is a hardened machine, but not sure if this > argument will convince auditors of our customers. > > > > Basicly we want to be able to implement additional controls in front of all > public services which are part of the cloud infrastructure, SSVM,CPVM,Portal > and API. > > > > Cheers, > > Roeland > > > > -----Original Message----- > > From: Paul Angus [mailto:[email protected]] > > Sent: 20 June 2012 09:36 > > To: [email protected] > > Subject: RE: dedicated public IP ranges for system vms > > > > Thanks Alena, > > > > They want to make the allocation global so that system vms come from > certain public IP pools and all user public IPs come from different pools. > > > > -----Original Message----- > > From: Alena Prokharchyk [mailto:[email protected]] > > Sent: 19 June 2012 16:21 > > To: [email protected] > > Subject: Re: dedicated public IP ranges for system vms > > > > On 6/19/12 4:13 AM, "Paul Angus" <[email protected]> > wrote: > > > >> Is it possible to dedicate public IP address ranges to either system > >> vms or account virtual routers? > >> > >> It's a client request. > >> > >> thanks > >> > >> > >> Paul Angus > >> > >> > >> > > > > > > > > You can dedicate pubic ip ranges to user account, but there are some > limitations for this feature. Here is the article on that: > > > > http://wiki.cloudstack.org/display/RelOps/Adding+public+Vlan+per+accou > > nt > > > > > > -Alena. > > > > > > ShapeBlue provides a range of strategic and technical consulting and > implementation services to help IT Service Providers and Enterprises to build > a true IaaS compute cloud. ShapeBlue's expertise, combined with CloudStack > technology, allows IT Service Providers and Enterprises to deliver true, > utility > based, IaaS to the customer or end-user. > > > > ________________________________ > > > > This email and any attachments to it may be confidential and are intended > solely for the use of the individual to whom it is addressed. Any views or > opinions expressed are solely those of the author and do not necessarily > represent those of Shape Blue Ltd. If you are not the intended recipient of > this email, you must neither take any action based upon its contents, nor > copy or show it to anyone. Please contact the sender if you believe you have > received this email in error. Shape Blue Ltd is a company incorporated in > England & Wales.
