Welcome at the SmartOS club ! 😉
No matter what or how you decide (SDC/TDC/ pure SmartOS) I would strongly suggest that you use a hardware VPN solution. I always use Cisco ASA5512 in the front of our servers. Although it costs approx. € 2500,- including licenses and setup costs, I am 99.99% sure it protects my systems. IMHO With any software based VPN solution you are always hanging the whole world directly at your server and 1 tiny byte of data can mess up anything and you are screwed beyond imagination. I personally hate the idea that I can’t pull any plug without locking myself out of service. With a hardware based firewall you can disconnect the internet from your systems and all your servers and services keep running ( although not available to the world) I do not work for cisco and think they aks quite a lot of money. But then again, how much may any undisturbed night cost? Van: Lonnie Cumberland [mailto:[email protected]] Verzonden: donderdag 3 augustus 2017 14:15 Aan: [email protected] Onderwerp: [smartos-discuss] Proposed Experimental Setup Greetings All, I hope that you are having a wonderful day. As some of you already know, while still being very new to Joyent Tritent Data Center (SmartOS TDC), I am extremely excited about what I have learned thus far as well as with the capabilities of the platform. I have been searching for something with this type of potential for a very long time and, from what I have seen, blows away other competitor platforms with it methodology and still untapped potential. Truly an exciting platform and I am confident that this is where I will stay as the capabilities open up so many ideas and possibilities that I now want to seriously explore. With that in mind, I wish to propose and experimental setup and would like to ask for community feedback as to a good way to work an implementation. The TDC, previously known as SDC 7.0, I believe, seems to be very good at what it does and resides on the SmartOS core which comes from illumos which I also believes comes from a fork of OpenSolaris and thus Solaris 11. Boy, that's a mouth full. >From my reading in the TDC documentation >(https://docs.joyent.com/private-cloud/install/network-layout) the current >implementation really needs 3 networks (Admin, External, and Underlay) of >which 2 are isolated and typically handled within the local physical data >center which yields great performance if everything is handled within a >physical hardware installation. This is wonderful and show great planning on >the part of Joyent in their design, but I think that it also does no open the >doors for another segment professionals seeking the next level of IaaS, PaaS, >and CaaS platform services. I too, wish to move towards setting up a Private Cloud with TDC, although not completely in the traditional sense where everything is located in a centralized physical data center, but in a hybrid approach that allows for the traditional TDC implementation as well as the inclusion of "distributed" secondary Host Nodes (HN) and Compute Nodes (CN) as well so that additional augmented resources could be located across the WAN and not just the LAN of the local installation group. To this end, and please forgive the long winded introduction as it helps me keep my thoughts on track, I am proposing to figure out a way to enable and instance of Cloud on A Laptop (Coal) but to enable the user to select VPN settings for the isolated networks (Admin & Underlay) so that CoaL (or Triton as the case may be) could easily have WAN CN's. To achieve this, it seems only reasonable to we should be able to take advantage of the TUN/TAP driver in SmartOS in the "Base OS" Global-Zone by adding a core package that is setup during Boot-Time in the LIVE SmartOS portion of the installation. For this to happen, we would need to be able to instantiate 2 VPN to cover the isolated networks. On this note, I have come across a number of possible solutions to explore to include OpenVPN, TincVPN & PeerVPN. Of the 3, and there may be more, I think that PeerVPN (https://peervpn.net/) might offer an interesting solution because you only need to contact 1 node and it self-balances. This in our experimental design, I could see SmartOS booting up for the HN installation and then setting up 2 PeerVPN on their respective subnets, thus when a WAN-based CN boots, it simply, calls the HN to connect to the VPN's and thus we have all of the requirements for a WAN-Based CoaL/Triton Data Center albeit at a loss in performance due to network latency, but that may be fine for some folks. at least initially until they have had a chance to evolve and grow their businesses. Additionally, this would all work in conjunction with the Local-Group CN's in the physical data center as well, but more importantly, this would open the door for other developers and systems integrators to utilize the Joyent technology across LAN, WAN, and Hybrid topologies. I would like to explore this possibility to see what may, or may not, be achievable towards this distributed extension approach. Just a thought and I would really welcome any input, comments, or suggestions from the community. Cheers and have a GREAT day, Lonnie PS) I must give an awesome shout-out to Casey Bisson for really doing an amazing job in the videos and articles that I have seen him present on the platform https://www.joyent.com/blog/spin-up-a-docker-dev-test-environment-in-60-minutes-or-less https://www.youtube.com/watch?v=5WWNGB60VLk smartos-discuss | <https://www.listbox.com/member/archive/184463/=now> Archives <https://www.listbox.com/member/archive/rss/184463/27966043-4eecc9e4> | <https://www.listbox.com/member/?&;> Modify Your Subscription <http://www.listbox.com> ------------------------------------------- smartos-discuss Archives: https://www.listbox.com/member/archive/184463/=now RSS Feed: https://www.listbox.com/member/archive/rss/184463/25769125-55cfbc00 Modify Your Subscription: https://www.listbox.com/member/?member_id=25769125&id_secret=25769125-7688e9fb Powered by Listbox: http://www.listbox.com
