On Wed, Feb 06, 2013 at 02:23:08AM +0000, Alex Heneveld wrote: > Hi, > > We're trying to set up a VPC/nTier-App such that a single VM (call it a > management node) outside the VPC has ssh access to the VM's inside the > VPC. (And to do this for multiple VPC's, same mgmt node.) What's the > best way to implement this? > > It seems like #754 [1] would be the right way to go about this when > available (is that right?) but already there are a few things we could > do now: > > - set up an extra public IP on each tier with careful port forwarding > and ACL restricted to the mgmt node > - use an s2s vpn where the other "site" is just the mgmt node > - use a shared network, seems supported based on #748 [2] (but this > would break isolation?) > > Any thoughts on these or others? > > TIA, > Alex > > > [1] https://issues.apache.org/jira/browse/CLOUDSTACK-754 > [2] https://issues.apache.org/jira/browse/CLOUDSTACK-748 > >
Is this "other VM" going to be in a different zone? This seems like you would have to consider it as being a completely different entity from the VPC that it will be connecting into. With that being the case, you're best off setting up an IP sec tunnel into the VPC from that VM. I don't think you'll want to manage a bunch of port forwarding rules for each VM in the VPC.
