np :) Looking forward to knowing the answer to this one actually. Best regards, David Comerford ------------------------ Tel: +353 87 1238295 Email: [email protected] Website: http://dave.ie GPG key: http://gpg.dave.ie
On 7 August 2013 00:50, Bradley Hieber <[email protected]> wrote: > I do appreciate the assistance David > — > Sent from Mailbox for iPhone > > On Tue, Aug 6, 2013 at 7:48 PM, David Comerford <[email protected]> > wrote: > > > Ah I understand. So you need a "DMZ" network tier with some device on it > > that filters all traffic to and from the other tiers? > > That's a bit beyond my VPC experience, sorry. Hopefully someone else > might > > chime in at this point :) > > Best regards, > > David Comerford > > ------------------------ > > Tel: +353 87 1238295 > > Email: [email protected] > > Website: http://dave.ie > > GPG key: http://gpg.dave.ie > > On 7 August 2013 00:39, Bradley Hieber <[email protected]> wrote: > >> In the design we are building, we need to have a DMZ tier that > encompasses > >> all of the VPC's and all traffic needs to pass through it. > >> > >> > >> On Tue, Aug 6, 2013 at 7:15 PM, David Comerford <[email protected]> > >> wrote: > >> > >> > You don't need a proxy. The VPC is held together by the virtual > router. > >> > That forwards the traffic to and from all the zones/DMZs or the > >> CloudStack > >> > term "network tiers". > >> > > >> > Ideally you would make a Web network tier where the web servers would > >> > reside. Anther tier for application servers, anto > >> > > >> > Best regards, > >> > David Comerford > >> > ------------------------ > >> > Tel: +353 87 1238295 > >> > Email: [email protected] > >> > Website: http://dave.ie > >> > GPG key: http://gpg.dave.ie > >> > > >> > > >> > On 7 August 2013 00:09, Bradley Hieber <[email protected]> wrote: > >> > > >> > > I need to place a proxy and web servers in my DMZ. Am I just not > >> getting > >> > > something? > >> > > > >> > > > >> > > On Tue, Aug 6, 2013 at 7:06 PM, David Comerford < > [email protected]> > >> > > wrote: > >> > > > >> > > > The DMZ in your diagram would be the Guest Public network you have > >> > > defined. > >> > > > Each zone you have behind the router can be isolated on it's own > VLAN > >> > and > >> > > > have it's own firewall rules controlling ingress/egress. > >> > > > > >> > > > This diagram might explain it a bit better: > >> > > > > >> > > > > >> > > > >> > > >> > https://cwiki.apache.org/confluence/download/attachments/30747129/image001.png?version=1&modificationDate=1357237708000 > >> > > > > >> > > > Best regards, > >> > > > David Comerford > >> > > > ------------------------ > >> > > > Tel: +353 87 1238295 > >> > > > Email: [email protected] > >> > > > Website: http://dave.ie > >> > > > GPG key: http://gpg.dave.ie > >> > > > > >> > > > > >> > > > On 6 August 2013 23:59, Bradley Hieber <[email protected]> > wrote: > >> > > > > >> > > > > How would I force the traffic to go through the DMZ? Would I > set a > >> > > small > >> > > > > LAN in the virtual router to point to a proxy address in the > DMZ? > >> > > > > — > >> > > > > Sent from Mailbox for iPhone > >> > > > > > >> > > > > On Tue, Aug 6, 2013 at 6:58 PM, David Comerford < > >> [email protected] > >> > > > >> > > > > wrote: > >> > > > > > >> > > > > > VPC's are the way to go. Your diagram is a text book example. > >> > > > > > > >> > > > > > >> > > > > >> > > > >> > > >> > http://cloudstack.apache.org/docs/en-US/Apache_CloudStack/4.0.2/html/Installation_Guide/configure-vpc.html > >> > > > > > Best regards, > >> > > > > > David Comerford > >> > > > > > ------------------------ > >> > > > > > Tel: +353 87 1238295 > >> > > > > > Email: [email protected] > >> > > > > > Website: http://dave.ie > >> > > > > > GPG key: http://gpg.dave.ie > >> > > > > > On 6 August 2013 14:36, Bradley Hieber <[email protected]> > >> > wrote: > >> > > > > >> It could very well be VPC's. The idea is we are planning on > >> using > >> > > 5-6 > >> > > > > hosts > >> > > > > >> in this environment. So designing the solution to fit this > >> > hardware > >> > > > > >> requirement is critical. > >> > > > > >> > >> > > > > >> > >> > > > > >> On Tue, Aug 6, 2013 at 9:29 AM, Murali Reddy < > >> > > [email protected] > >> > > > > >> >wrote: > >> > > > > >> > >> > > > > >> > > >> > > > > >> > Can 'hosting zones' represented in diagram can be contained > >> > into a > >> > > > > >> > CloudStack zone? If so you can dedicated set of hosts to > be in > >> > the > >> > > > > DMZ. > >> > > > > >> > Then you can leverage 'host tags' [1] functionality to > place > >> > VM's > >> > > > > >> > providing edge services (CloudStack system VM's or user > VM's) > >> on > >> > > the > >> > > > > >> hosts > >> > > > > >> > dedicated in DMZ. > >> > > > > >> > > >> > > > > >> > [1] > >> > > > > > >> https://cwiki.apache.org/CLOUDSTACK/host-tags-and-storage-tags.html > >> > > > > >> > > >> > > > > >> > On 05/08/13 11:28 PM, "Bradley Hieber" < > [email protected]> > >> > > > wrote: > >> > > > > >> > > >> > > > > >> > >The goal is to have a virtualized dmz area where we can > place > >> > > > public > >> > > > > >> > >facing > >> > > > > >> > >webservers, and other software based firewalls to protect > the > >> > > > > different > >> > > > > >> > >virtualization areas. Each of the virtualization areas > will > >> > host > >> > > > > >> different > >> > > > > >> > >environments for clients to utilize. > >> > > > > >> > > > >> > > > > >> > > > >> > > > > >> > >On Mon, Aug 5, 2013 at 1:55 PM, Chip Childers > >> > > > > >> > ><[email protected]>wrote: > >> > > > > >> > > > >> > > > > >> > >> Can you explain a bit more about what your diagram > implies? > >> > > That > >> > > > > >> might > >> > > > > >> > >> help us help you. > >> > > > > >> > >> > >> > > > > >> > >> > >> > > > > >> > >> On Mon, Aug 5, 2013 at 10:24 AM, Bradley Hieber < > >> > > > > [email protected] > >> > > > > >> > >> >wrote: > >> > > > > >> > >> > >> > > > > >> > >> > Is it possible to create this type of architecture > with > >> > > > > cloudstack? > >> > > > > >> > >>Any > >> > > > > >> > >> > design ideas you can provide? > >> > > > > >> > >> > > >> > > > > >> > >> > http://img850.imageshack.us/img850/7940/lnzp.jpg > >> > > > > >> > >> > > >> > > > > >> > >> > -- > >> > > > > >> > >> > Brad > >> > > > > >> > >> > > >> > > > > >> > >> > >> > > > > >> > > > >> > > > > >> > > > >> > > > > >> > > > >> > > > > >> > >-- > >> > > > > >> > >Brad > >> > > > > >> > > > >> > > > > >> > > >> > > > > >> > > >> > > > > >> > > >> > > > > >> > >> > > > > >> > >> > > > > >> -- > >> > > > > >> Brad > >> > > > > >> > >> > > > > > >> > > > > >> > > > >> > > > >> > > > >> > > -- > >> > > Brad > >> > > > >> > > >> > >> > >> > >> -- > >> Brad > >> >
