RE: hide network from lower domains?
FYI I figured it out! Cloudmonkey create network command has attribute subdomainaccess (Boolean) if set to true child domains will not see the network. I just tested it and shared network on Root level is not seen by its subdomains! Best regards, Jordan -Original Message- From: Yordan Kostov Sent: Tuesday, June 1, 2021 8:10 PM To: users@cloudstack.apache.org Subject: RE: hide network from lower domains? [X] This message came from outside your organization Hey Dan, The problem is that the network itself is managed by external firewall and not by the virtual Router. The VR only provides DNS, DHCP and USERDATA services. What I am working towards is - lets say we have 2 teams and 2 networks managed by external firewall. Each team should be able to see and deploy VMs in their own network but not have access or visibility to the other team network. Regards, Jordan -Original Message- From: Daan Hoogland Sent: Tuesday, June 1, 2021 6:59 PM To: users Subject: Re: hide network from lower domains? [X] This message came from outside your organization Jordan, is there a reason it must be a shared network? It seems to me you want an isolated network or a VPC. On Tue, Jun 1, 2021 at 5:19 PM Yordan Kostov wrote: > Hey everyone, > > I am playing around with shared networks and I noticed > that when network is created for the ROOT user the lower level domains > see it too. > Is there a way to hide that network from the lower > level domain users? > > Here is my setup: > > * Domains > * ROOT > * ROOT/DEVELOPERS > * Accounts - there is a separate account ACC-DEV for ROOT/DEVELOPERS > domain > > One thing I tried was to create a network with offering that is not > public but the result is the same. > > Best regards, > Jordan > -- Daan 11!
RE: hide network from lower domains?
Hey Dan, The problem is that the network itself is managed by external firewall and not by the virtual Router. The VR only provides DNS, DHCP and USERDATA services. What I am working towards is - lets say we have 2 teams and 2 networks managed by external firewall. Each team should be able to see and deploy VMs in their own network but not have access or visibility to the other team network. Regards, Jordan -Original Message- From: Daan Hoogland Sent: Tuesday, June 1, 2021 6:59 PM To: users Subject: Re: hide network from lower domains? [X] This message came from outside your organization Jordan, is there a reason it must be a shared network? It seems to me you want an isolated network or a VPC. On Tue, Jun 1, 2021 at 5:19 PM Yordan Kostov wrote: > Hey everyone, > > I am playing around with shared networks and I noticed > that when network is created for the ROOT user the lower level domains > see it too. > Is there a way to hide that network from the lower > level domain users? > > Here is my setup: > > * Domains > * ROOT > * ROOT/DEVELOPERS > * Accounts - there is a separate account ACC-DEV for ROOT/DEVELOPERS > domain > > One thing I tried was to create a network with offering that is not > public but the result is the same. > > Best regards, > Jordan > -- Daan
Re: hide network from lower domains?
Jordan, is there a reason it must be a shared network? It seems to me you want an isolated network or a VPC. On Tue, Jun 1, 2021 at 5:19 PM Yordan Kostov wrote: > Hey everyone, > > I am playing around with shared networks and I noticed > that when network is created for the ROOT user the lower level domains see > it too. > Is there a way to hide that network from the lower level > domain users? > > Here is my setup: > > * Domains > * ROOT > * ROOT/DEVELOPERS > * Accounts - there is a separate account ACC-DEV for ROOT/DEVELOPERS > domain > > One thing I tried was to create a network with offering that is not public > but the result is the same. > > Best regards, > Jordan > -- Daan
hide network from lower domains?
Hey everyone, I am playing around with shared networks and I noticed that when network is created for the ROOT user the lower level domains see it too. Is there a way to hide that network from the lower level domain users? Here is my setup: * Domains * ROOT * ROOT/DEVELOPERS * Accounts - there is a separate account ACC-DEV for ROOT/DEVELOPERS domain One thing I tried was to create a network with offering that is not public but the result is the same. Best regards, Jordan