But we'd welcome patches :) --David
On Wed, Jun 20, 2012 at 12:33 PM, Kevin Kluge <[email protected]> wrote: > FWIW I'm not aware of anyone working on this or planning to. > > -kevin > >> -----Original Message----- >> From: Chiradeep Vittal [mailto:[email protected]] >> Sent: Wednesday, June 20, 2012 7:14 AM >> To: [email protected] >> Cc: [email protected]; int-cloud >> Subject: Re: dedicated public IP ranges for system vms >> >> I've heard this request from other users as well with different >> justifications >> >> -- >> Chiradeep >> >> On Jun 20, 2012, at 12:36, "Roeland Kuipers" <[email protected]> >> wrote: >> >> > Hi, >> > >> > We have the same desire, for the following reasons. >> > >> > Given the type of customers we host we would like to be able to put the >> Portal, SSVM, CPVM, API behind a (2-factor) secured SSL VPN solution >> and/or also implement IDS/IPS in front of these services. >> > On the same hand we would like being able to selectively whitelist access >> to the API, for example for customers to allow hosted services like >> Rightscale >> and others. >> > This is currently hard to implement given the dynamic IP assignments of the >> SSVM and CPVM. A dedicated VLAN for these services would be ideal to add >> additional security. >> > >> > We feel the SSVM and CPVM are currently an Achilles heel since they have >> a foot on the private and public network in order to serve images and VNC >> sessions. If these VMs would get compromised, this means a potential >> hacker has r/w access to our secondary storage but also access to the >> management network (Xapi SSH etc) and is also able to sniff this network, >> not desired. I understand this is a hardened machine, but not sure if this >> argument will convince auditors of our customers. >> > >> > Basicly we want to be able to implement additional controls in front of all >> public services which are part of the cloud infrastructure, SSVM,CPVM,Portal >> and API. >> > >> > Cheers, >> > Roeland >> > >> > -----Original Message----- >> > From: Paul Angus [mailto:[email protected]] >> > Sent: 20 June 2012 09:36 >> > To: [email protected] >> > Subject: RE: dedicated public IP ranges for system vms >> > >> > Thanks Alena, >> > >> > They want to make the allocation global so that system vms come from >> certain public IP pools and all user public IPs come from different pools. >> > >> > -----Original Message----- >> > From: Alena Prokharchyk [mailto:[email protected]] >> > Sent: 19 June 2012 16:21 >> > To: [email protected] >> > Subject: Re: dedicated public IP ranges for system vms >> > >> > On 6/19/12 4:13 AM, "Paul Angus" <[email protected]> >> wrote: >> > >> >> Is it possible to dedicate public IP address ranges to either system >> >> vms or account virtual routers? >> >> >> >> It's a client request. >> >> >> >> thanks >> >> >> >> >> >> Paul Angus >> >> >> >> >> >> >> > >> > >> > >> > You can dedicate pubic ip ranges to user account, but there are some >> limitations for this feature. Here is the article on that: >> > >> > http://wiki.cloudstack.org/display/RelOps/Adding+public+Vlan+per+accou >> > nt >> > >> > >> > -Alena. >> > >> > >> > ShapeBlue provides a range of strategic and technical consulting and >> implementation services to help IT Service Providers and Enterprises to build >> a true IaaS compute cloud. ShapeBlue's expertise, combined with CloudStack >> technology, allows IT Service Providers and Enterprises to deliver true, >> utility >> based, IaaS to the customer or end-user. >> > >> > ________________________________ >> > >> > This email and any attachments to it may be confidential and are intended >> solely for the use of the individual to whom it is addressed. Any views or >> opinions expressed are solely those of the author and do not necessarily >> represent those of Shape Blue Ltd. If you are not the intended recipient of >> this email, you must neither take any action based upon its contents, nor >> copy or show it to anyone. Please contact the sender if you believe you have >> received this email in error. Shape Blue Ltd is a company incorporated in >> England & Wales.
