> -----Original Message----- > From: Chip Childers [mailto:chip.child...@sungard.com] > Sent: Wednesday, February 06, 2013 7:43 AM > To: cloudstack-users@incubator.apache.org > Subject: Re: mgmt VM access to VPC > > On Wed, Feb 06, 2013 at 02:23:08AM +0000, Alex Heneveld wrote: > > Hi, > > > > We're trying to set up a VPC/nTier-App such that a single VM (call it a > > management node) outside the VPC has ssh access to the VM's inside the > > VPC. (And to do this for multiple VPC's, same mgmt node.) What's the > > best way to implement this? > > > > It seems like #754 [1] would be the right way to go about this when > > available (is that right?) but already there are a few things we could > > do now: > > > > - set up an extra public IP on each tier with careful port forwarding > > and ACL restricted to the mgmt node > > - use an s2s vpn where the other "site" is just the mgmt node > > - use a shared network, seems supported based on #748 [2] (but this > > would break isolation?) > > > > Any thoughts on these or others? > > > > TIA, > > Alex > > > > > > [1] https://issues.apache.org/jira/browse/CLOUDSTACK-754 > > [2] https://issues.apache.org/jira/browse/CLOUDSTACK-748 > > > > > > Is this "other VM" going to be in a different zone? > > This seems like you would have to consider it as being a completely > different entity from the VPC that it will be connecting into. With > that being the case, you're best off setting up an IP sec tunnel > into the VPC from that VM. I don't think you'll want to manage a bunch > of port forwarding rules for each VM in the VPC.
+1 I don't think shared network is supported by VPC at this point so s2s vpn should be the best way to go. --Alex
