Re: Is that safe to put public IP directly on Virtual Router/ System VMs?

://www.shodan.io/search?query=cloudstack - Rohit <https://cloudstack.apache.org> From: Netlynker Sent: Wednesday, September 26, 2018 6:59:10 AM To: users@cloudstack.apache.org Subject: Is that safe to put public IP directly on Virtual Router/ System VMs?

Re: Is that safe to put public IP directly on Virtual Router/ System VMs?

Hi Eric Lee, Thanks for detail explanation. You shed some light to my doubts. Regards, Netlynker On Thu, 27 Sep 2018 at 9:37 AM, Eric Lee Green wrote: > On 9/26/18 6:21 PM, Netlynker wrote: > > Hi Eric, > > > > Usual setup for my other infra service is that we use external firewall > > doing

Re: Is that safe to put public IP directly on Virtual Router/ System VMs?

Hi Eric Tykwinski, Care to explain more what is not correct and why it is not? Thanks, Netlynker On Thu, 27 Sep 2018 at 10:32 AM, Eric Tykwinski wrote: > Eric, > > Actually that not correct, ASA’s are basically blackbox linux machines. > > > From a design perspective they're no more or less

Re: Is that safe to put public IP directly on Virtual Router/ System VMs?

Eric, Actually that not correct, ASA’s are basically blackbox linux machines. > From a design perspective they're no more or less secure than your current > NAT firewall, which is also a small Linux distribution unless it's a Cisco. Here’s a good video from 2012:

Re: Is that safe to put public IP directly on Virtual Router/ System VMs?

On 9/26/18 6:21 PM, Netlynker wrote: Hi Eric, Usual setup for my other infra service is that we use external firewall doing NAT and protecting the resource behind. The public IP will stay on that firewall and it is NATed to private IP of the service internal. What CS document imply is to put

Re: Is that safe to put public IP directly on Virtual Router/ System VMs?

Hi Eric, Usual setup for my other infra service is that we use external firewall doing NAT and protecting the resource behind. The public IP will stay on that firewall and it is NATed to private IP of the service internal. What CS document imply is to put “real” public IP address on System VMs

Re: Is that safe to put public IP directly on Virtual Router/ System VMs?

Each sysem VM have a single (at minimum) public IP address attached: - cpvm need it to enable your laptop/you access to the console of the VM from anywhere on internet (its authenticated) - ssvm need it to download templates from internet (and offer you download link when you download i.e.

Is that safe to put public IP directly on Virtual Router/ System VMs?

Hi, I looked at the deployment architecture from document and it said to have public IP addresses on Virtaul Router/System VMs. Is that recommended setup? How safe will it be to expose Virtaul Router/ System VMs directly to internet? Any recommendation is welcomed. Thanks in advance,