You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@cloudstack.apache.org by Bradley Hieber <me...@gmail.com> on 2013/08/05 16:24:48 UTC
Architecture Question
Is it possible to create this type of architecture with cloudstack? Any
design ideas you can provide?
http://img850.imageshack.us/img850/7940/lnzp.jpg
--
Brad
Re: Architecture Question
Posted by David Comerford <da...@gmail.com>.
np :)
Looking forward to knowing the answer to this one actually.
Best regards,
David Comerford
------------------------
Tel: +353 87 1238295
Email: davestyle@gmail.com
Website: http://dave.ie
GPG key: http://gpg.dave.ie
On 7 August 2013 00:50, Bradley Hieber <me...@gmail.com> wrote:
> I do appreciate the assistance David
> —
> Sent from Mailbox for iPhone
>
> On Tue, Aug 6, 2013 at 7:48 PM, David Comerford <da...@gmail.com>
> wrote:
>
> > Ah I understand. So you need a "DMZ" network tier with some device on it
> > that filters all traffic to and from the other tiers?
> > That's a bit beyond my VPC experience, sorry. Hopefully someone else
> might
> > chime in at this point :)
> > Best regards,
> > David Comerford
> > ------------------------
> > Tel: +353 87 1238295
> > Email: davestyle@gmail.com
> > Website: http://dave.ie
> > GPG key: http://gpg.dave.ie
> > On 7 August 2013 00:39, Bradley Hieber <me...@gmail.com> wrote:
> >> In the design we are building, we need to have a DMZ tier that
> encompasses
> >> all of the VPC's and all traffic needs to pass through it.
> >>
> >>
> >> On Tue, Aug 6, 2013 at 7:15 PM, David Comerford <da...@gmail.com>
> >> wrote:
> >>
> >> > You don't need a proxy. The VPC is held together by the virtual
> router.
> >> > That forwards the traffic to and from all the zones/DMZs or the
> >> CloudStack
> >> > term "network tiers".
> >> >
> >> > Ideally you would make a Web network tier where the web servers would
> >> > reside. Anther tier for application servers, anto
> >> >
> >> > Best regards,
> >> > David Comerford
> >> > ------------------------
> >> > Tel: +353 87 1238295
> >> > Email: davestyle@gmail.com
> >> > Website: http://dave.ie
> >> > GPG key: http://gpg.dave.ie
> >> >
> >> >
> >> > On 7 August 2013 00:09, Bradley Hieber <me...@gmail.com> wrote:
> >> >
> >> > > I need to place a proxy and web servers in my DMZ. Am I just not
> >> getting
> >> > > something?
> >> > >
> >> > >
> >> > > On Tue, Aug 6, 2013 at 7:06 PM, David Comerford <
> davestyle@gmail.com>
> >> > > wrote:
> >> > >
> >> > > > The DMZ in your diagram would be the Guest Public network you have
> >> > > defined.
> >> > > > Each zone you have behind the router can be isolated on it's own
> VLAN
> >> > and
> >> > > > have it's own firewall rules controlling ingress/egress.
> >> > > >
> >> > > > This diagram might explain it a bit better:
> >> > > >
> >> > > >
> >> > >
> >> >
> >>
> https://cwiki.apache.org/confluence/download/attachments/30747129/image001.png?version=1&modificationDate=1357237708000
> >> > > >
> >> > > > Best regards,
> >> > > > David Comerford
> >> > > > ------------------------
> >> > > > Tel: +353 87 1238295
> >> > > > Email: davestyle@gmail.com
> >> > > > Website: http://dave.ie
> >> > > > GPG key: http://gpg.dave.ie
> >> > > >
> >> > > >
> >> > > > On 6 August 2013 23:59, Bradley Hieber <me...@gmail.com>
> wrote:
> >> > > >
> >> > > > > How would I force the traffic to go through the DMZ? Would I
> set a
> >> > > small
> >> > > > > LAN in the virtual router to point to a proxy address in the
> DMZ?
> >> > > > > —
> >> > > > > Sent from Mailbox for iPhone
> >> > > > >
> >> > > > > On Tue, Aug 6, 2013 at 6:58 PM, David Comerford <
> >> davestyle@gmail.com
> >> > >
> >> > > > > wrote:
> >> > > > >
> >> > > > > > VPC's are the way to go. Your diagram is a text book example.
> >> > > > > >
> >> > > > >
> >> > > >
> >> > >
> >> >
> >>
> http://cloudstack.apache.org/docs/en-US/Apache_CloudStack/4.0.2/html/Installation_Guide/configure-vpc.html
> >> > > > > > Best regards,
> >> > > > > > David Comerford
> >> > > > > > ------------------------
> >> > > > > > Tel: +353 87 1238295
> >> > > > > > Email: davestyle@gmail.com
> >> > > > > > Website: http://dave.ie
> >> > > > > > GPG key: http://gpg.dave.ie
> >> > > > > > On 6 August 2013 14:36, Bradley Hieber <me...@gmail.com>
> >> > wrote:
> >> > > > > >> It could very well be VPC's. The idea is we are planning on
> >> using
> >> > > 5-6
> >> > > > > hosts
> >> > > > > >> in this environment. So designing the solution to fit this
> >> > hardware
> >> > > > > >> requirement is critical.
> >> > > > > >>
> >> > > > > >>
> >> > > > > >> On Tue, Aug 6, 2013 at 9:29 AM, Murali Reddy <
> >> > > Murali.Reddy@citrix.com
> >> > > > > >> >wrote:
> >> > > > > >>
> >> > > > > >> >
> >> > > > > >> > Can 'hosting zones' represented in diagram can be contained
> >> > into a
> >> > > > > >> > CloudStack zone? If so you can dedicated set of hosts to
> be in
> >> > the
> >> > > > > DMZ.
> >> > > > > >> > Then you can leverage 'host tags' [1] functionality to
> place
> >> > VM's
> >> > > > > >> > providing edge services (CloudStack system VM's or user
> VM's)
> >> on
> >> > > the
> >> > > > > >> hosts
> >> > > > > >> > dedicated in DMZ.
> >> > > > > >> >
> >> > > > > >> > [1]
> >> > > > >
> >> https://cwiki.apache.org/CLOUDSTACK/host-tags-and-storage-tags.html
> >> > > > > >> >
> >> > > > > >> > On 05/08/13 11:28 PM, "Bradley Hieber" <
> mercsniper@gmail.com>
> >> > > > wrote:
> >> > > > > >> >
> >> > > > > >> > >The goal is to have a virtualized dmz area where we can
> place
> >> > > > public
> >> > > > > >> > >facing
> >> > > > > >> > >webservers, and other software based firewalls to protect
> the
> >> > > > > different
> >> > > > > >> > >virtualization areas. Each of the virtualization areas
> will
> >> > host
> >> > > > > >> different
> >> > > > > >> > >environments for clients to utilize.
> >> > > > > >> > >
> >> > > > > >> > >
> >> > > > > >> > >On Mon, Aug 5, 2013 at 1:55 PM, Chip Childers
> >> > > > > >> > ><ch...@sungard.com>wrote:
> >> > > > > >> > >
> >> > > > > >> > >> Can you explain a bit more about what your diagram
> implies?
> >> > > That
> >> > > > > >> might
> >> > > > > >> > >> help us help you.
> >> > > > > >> > >>
> >> > > > > >> > >>
> >> > > > > >> > >> On Mon, Aug 5, 2013 at 10:24 AM, Bradley Hieber <
> >> > > > > mercsniper@gmail.com
> >> > > > > >> > >> >wrote:
> >> > > > > >> > >>
> >> > > > > >> > >> > Is it possible to create this type of architecture
> with
> >> > > > > cloudstack?
> >> > > > > >> > >>Any
> >> > > > > >> > >> > design ideas you can provide?
> >> > > > > >> > >> >
> >> > > > > >> > >> > http://img850.imageshack.us/img850/7940/lnzp.jpg
> >> > > > > >> > >> >
> >> > > > > >> > >> > --
> >> > > > > >> > >> > Brad
> >> > > > > >> > >> >
> >> > > > > >> > >>
> >> > > > > >> > >
> >> > > > > >> > >
> >> > > > > >> > >
> >> > > > > >> > >--
> >> > > > > >> > >Brad
> >> > > > > >> > >
> >> > > > > >> >
> >> > > > > >> >
> >> > > > > >> >
> >> > > > > >>
> >> > > > > >>
> >> > > > > >> --
> >> > > > > >> Brad
> >> > > > > >>
> >> > > > >
> >> > > >
> >> > >
> >> > >
> >> > >
> >> > > --
> >> > > Brad
> >> > >
> >> >
> >>
> >>
> >>
> >> --
> >> Brad
> >>
>
Re: Architecture Question
Posted by Bradley Hieber <me...@gmail.com>.
I do appreciate the assistance David
—
Sent from Mailbox for iPhone
On Tue, Aug 6, 2013 at 7:48 PM, David Comerford <da...@gmail.com>
wrote:
> Ah I understand. So you need a "DMZ" network tier with some device on it
> that filters all traffic to and from the other tiers?
> That's a bit beyond my VPC experience, sorry. Hopefully someone else might
> chime in at this point :)
> Best regards,
> David Comerford
> ------------------------
> Tel: +353 87 1238295
> Email: davestyle@gmail.com
> Website: http://dave.ie
> GPG key: http://gpg.dave.ie
> On 7 August 2013 00:39, Bradley Hieber <me...@gmail.com> wrote:
>> In the design we are building, we need to have a DMZ tier that encompasses
>> all of the VPC's and all traffic needs to pass through it.
>>
>>
>> On Tue, Aug 6, 2013 at 7:15 PM, David Comerford <da...@gmail.com>
>> wrote:
>>
>> > You don't need a proxy. The VPC is held together by the virtual router.
>> > That forwards the traffic to and from all the zones/DMZs or the
>> CloudStack
>> > term "network tiers".
>> >
>> > Ideally you would make a Web network tier where the web servers would
>> > reside. Anther tier for application servers, anto
>> >
>> > Best regards,
>> > David Comerford
>> > ------------------------
>> > Tel: +353 87 1238295
>> > Email: davestyle@gmail.com
>> > Website: http://dave.ie
>> > GPG key: http://gpg.dave.ie
>> >
>> >
>> > On 7 August 2013 00:09, Bradley Hieber <me...@gmail.com> wrote:
>> >
>> > > I need to place a proxy and web servers in my DMZ. Am I just not
>> getting
>> > > something?
>> > >
>> > >
>> > > On Tue, Aug 6, 2013 at 7:06 PM, David Comerford <da...@gmail.com>
>> > > wrote:
>> > >
>> > > > The DMZ in your diagram would be the Guest Public network you have
>> > > defined.
>> > > > Each zone you have behind the router can be isolated on it's own VLAN
>> > and
>> > > > have it's own firewall rules controlling ingress/egress.
>> > > >
>> > > > This diagram might explain it a bit better:
>> > > >
>> > > >
>> > >
>> >
>> https://cwiki.apache.org/confluence/download/attachments/30747129/image001.png?version=1&modificationDate=1357237708000
>> > > >
>> > > > Best regards,
>> > > > David Comerford
>> > > > ------------------------
>> > > > Tel: +353 87 1238295
>> > > > Email: davestyle@gmail.com
>> > > > Website: http://dave.ie
>> > > > GPG key: http://gpg.dave.ie
>> > > >
>> > > >
>> > > > On 6 August 2013 23:59, Bradley Hieber <me...@gmail.com> wrote:
>> > > >
>> > > > > How would I force the traffic to go through the DMZ? Would I set a
>> > > small
>> > > > > LAN in the virtual router to point to a proxy address in the DMZ?
>> > > > > —
>> > > > > Sent from Mailbox for iPhone
>> > > > >
>> > > > > On Tue, Aug 6, 2013 at 6:58 PM, David Comerford <
>> davestyle@gmail.com
>> > >
>> > > > > wrote:
>> > > > >
>> > > > > > VPC's are the way to go. Your diagram is a text book example.
>> > > > > >
>> > > > >
>> > > >
>> > >
>> >
>> http://cloudstack.apache.org/docs/en-US/Apache_CloudStack/4.0.2/html/Installation_Guide/configure-vpc.html
>> > > > > > Best regards,
>> > > > > > David Comerford
>> > > > > > ------------------------
>> > > > > > Tel: +353 87 1238295
>> > > > > > Email: davestyle@gmail.com
>> > > > > > Website: http://dave.ie
>> > > > > > GPG key: http://gpg.dave.ie
>> > > > > > On 6 August 2013 14:36, Bradley Hieber <me...@gmail.com>
>> > wrote:
>> > > > > >> It could very well be VPC's. The idea is we are planning on
>> using
>> > > 5-6
>> > > > > hosts
>> > > > > >> in this environment. So designing the solution to fit this
>> > hardware
>> > > > > >> requirement is critical.
>> > > > > >>
>> > > > > >>
>> > > > > >> On Tue, Aug 6, 2013 at 9:29 AM, Murali Reddy <
>> > > Murali.Reddy@citrix.com
>> > > > > >> >wrote:
>> > > > > >>
>> > > > > >> >
>> > > > > >> > Can 'hosting zones' represented in diagram can be contained
>> > into a
>> > > > > >> > CloudStack zone? If so you can dedicated set of hosts to be in
>> > the
>> > > > > DMZ.
>> > > > > >> > Then you can leverage 'host tags' [1] functionality to place
>> > VM's
>> > > > > >> > providing edge services (CloudStack system VM's or user VM's)
>> on
>> > > the
>> > > > > >> hosts
>> > > > > >> > dedicated in DMZ.
>> > > > > >> >
>> > > > > >> > [1]
>> > > > >
>> https://cwiki.apache.org/CLOUDSTACK/host-tags-and-storage-tags.html
>> > > > > >> >
>> > > > > >> > On 05/08/13 11:28 PM, "Bradley Hieber" <me...@gmail.com>
>> > > > wrote:
>> > > > > >> >
>> > > > > >> > >The goal is to have a virtualized dmz area where we can place
>> > > > public
>> > > > > >> > >facing
>> > > > > >> > >webservers, and other software based firewalls to protect the
>> > > > > different
>> > > > > >> > >virtualization areas. Each of the virtualization areas will
>> > host
>> > > > > >> different
>> > > > > >> > >environments for clients to utilize.
>> > > > > >> > >
>> > > > > >> > >
>> > > > > >> > >On Mon, Aug 5, 2013 at 1:55 PM, Chip Childers
>> > > > > >> > ><ch...@sungard.com>wrote:
>> > > > > >> > >
>> > > > > >> > >> Can you explain a bit more about what your diagram implies?
>> > > That
>> > > > > >> might
>> > > > > >> > >> help us help you.
>> > > > > >> > >>
>> > > > > >> > >>
>> > > > > >> > >> On Mon, Aug 5, 2013 at 10:24 AM, Bradley Hieber <
>> > > > > mercsniper@gmail.com
>> > > > > >> > >> >wrote:
>> > > > > >> > >>
>> > > > > >> > >> > Is it possible to create this type of architecture with
>> > > > > cloudstack?
>> > > > > >> > >>Any
>> > > > > >> > >> > design ideas you can provide?
>> > > > > >> > >> >
>> > > > > >> > >> > http://img850.imageshack.us/img850/7940/lnzp.jpg
>> > > > > >> > >> >
>> > > > > >> > >> > --
>> > > > > >> > >> > Brad
>> > > > > >> > >> >
>> > > > > >> > >>
>> > > > > >> > >
>> > > > > >> > >
>> > > > > >> > >
>> > > > > >> > >--
>> > > > > >> > >Brad
>> > > > > >> > >
>> > > > > >> >
>> > > > > >> >
>> > > > > >> >
>> > > > > >>
>> > > > > >>
>> > > > > >> --
>> > > > > >> Brad
>> > > > > >>
>> > > > >
>> > > >
>> > >
>> > >
>> > >
>> > > --
>> > > Brad
>> > >
>> >
>>
>>
>>
>> --
>> Brad
>>
Re: Architecture Question
Posted by David Comerford <da...@gmail.com>.
Ah I understand. So you need a "DMZ" network tier with some device on it
that filters all traffic to and from the other tiers?
That's a bit beyond my VPC experience, sorry. Hopefully someone else might
chime in at this point :)
Best regards,
David Comerford
------------------------
Tel: +353 87 1238295
Email: davestyle@gmail.com
Website: http://dave.ie
GPG key: http://gpg.dave.ie
On 7 August 2013 00:39, Bradley Hieber <me...@gmail.com> wrote:
> In the design we are building, we need to have a DMZ tier that encompasses
> all of the VPC's and all traffic needs to pass through it.
>
>
> On Tue, Aug 6, 2013 at 7:15 PM, David Comerford <da...@gmail.com>
> wrote:
>
> > You don't need a proxy. The VPC is held together by the virtual router.
> > That forwards the traffic to and from all the zones/DMZs or the
> CloudStack
> > term "network tiers".
> >
> > Ideally you would make a Web network tier where the web servers would
> > reside. Anther tier for application servers, anto
> >
> > Best regards,
> > David Comerford
> > ------------------------
> > Tel: +353 87 1238295
> > Email: davestyle@gmail.com
> > Website: http://dave.ie
> > GPG key: http://gpg.dave.ie
> >
> >
> > On 7 August 2013 00:09, Bradley Hieber <me...@gmail.com> wrote:
> >
> > > I need to place a proxy and web servers in my DMZ. Am I just not
> getting
> > > something?
> > >
> > >
> > > On Tue, Aug 6, 2013 at 7:06 PM, David Comerford <da...@gmail.com>
> > > wrote:
> > >
> > > > The DMZ in your diagram would be the Guest Public network you have
> > > defined.
> > > > Each zone you have behind the router can be isolated on it's own VLAN
> > and
> > > > have it's own firewall rules controlling ingress/egress.
> > > >
> > > > This diagram might explain it a bit better:
> > > >
> > > >
> > >
> >
> https://cwiki.apache.org/confluence/download/attachments/30747129/image001.png?version=1&modificationDate=1357237708000
> > > >
> > > > Best regards,
> > > > David Comerford
> > > > ------------------------
> > > > Tel: +353 87 1238295
> > > > Email: davestyle@gmail.com
> > > > Website: http://dave.ie
> > > > GPG key: http://gpg.dave.ie
> > > >
> > > >
> > > > On 6 August 2013 23:59, Bradley Hieber <me...@gmail.com> wrote:
> > > >
> > > > > How would I force the traffic to go through the DMZ? Would I set a
> > > small
> > > > > LAN in the virtual router to point to a proxy address in the DMZ?
> > > > > —
> > > > > Sent from Mailbox for iPhone
> > > > >
> > > > > On Tue, Aug 6, 2013 at 6:58 PM, David Comerford <
> davestyle@gmail.com
> > >
> > > > > wrote:
> > > > >
> > > > > > VPC's are the way to go. Your diagram is a text book example.
> > > > > >
> > > > >
> > > >
> > >
> >
> http://cloudstack.apache.org/docs/en-US/Apache_CloudStack/4.0.2/html/Installation_Guide/configure-vpc.html
> > > > > > Best regards,
> > > > > > David Comerford
> > > > > > ------------------------
> > > > > > Tel: +353 87 1238295
> > > > > > Email: davestyle@gmail.com
> > > > > > Website: http://dave.ie
> > > > > > GPG key: http://gpg.dave.ie
> > > > > > On 6 August 2013 14:36, Bradley Hieber <me...@gmail.com>
> > wrote:
> > > > > >> It could very well be VPC's. The idea is we are planning on
> using
> > > 5-6
> > > > > hosts
> > > > > >> in this environment. So designing the solution to fit this
> > hardware
> > > > > >> requirement is critical.
> > > > > >>
> > > > > >>
> > > > > >> On Tue, Aug 6, 2013 at 9:29 AM, Murali Reddy <
> > > Murali.Reddy@citrix.com
> > > > > >> >wrote:
> > > > > >>
> > > > > >> >
> > > > > >> > Can 'hosting zones' represented in diagram can be contained
> > into a
> > > > > >> > CloudStack zone? If so you can dedicated set of hosts to be in
> > the
> > > > > DMZ.
> > > > > >> > Then you can leverage 'host tags' [1] functionality to place
> > VM's
> > > > > >> > providing edge services (CloudStack system VM's or user VM's)
> on
> > > the
> > > > > >> hosts
> > > > > >> > dedicated in DMZ.
> > > > > >> >
> > > > > >> > [1]
> > > > >
> https://cwiki.apache.org/CLOUDSTACK/host-tags-and-storage-tags.html
> > > > > >> >
> > > > > >> > On 05/08/13 11:28 PM, "Bradley Hieber" <me...@gmail.com>
> > > > wrote:
> > > > > >> >
> > > > > >> > >The goal is to have a virtualized dmz area where we can place
> > > > public
> > > > > >> > >facing
> > > > > >> > >webservers, and other software based firewalls to protect the
> > > > > different
> > > > > >> > >virtualization areas. Each of the virtualization areas will
> > host
> > > > > >> different
> > > > > >> > >environments for clients to utilize.
> > > > > >> > >
> > > > > >> > >
> > > > > >> > >On Mon, Aug 5, 2013 at 1:55 PM, Chip Childers
> > > > > >> > ><ch...@sungard.com>wrote:
> > > > > >> > >
> > > > > >> > >> Can you explain a bit more about what your diagram implies?
> > > That
> > > > > >> might
> > > > > >> > >> help us help you.
> > > > > >> > >>
> > > > > >> > >>
> > > > > >> > >> On Mon, Aug 5, 2013 at 10:24 AM, Bradley Hieber <
> > > > > mercsniper@gmail.com
> > > > > >> > >> >wrote:
> > > > > >> > >>
> > > > > >> > >> > Is it possible to create this type of architecture with
> > > > > cloudstack?
> > > > > >> > >>Any
> > > > > >> > >> > design ideas you can provide?
> > > > > >> > >> >
> > > > > >> > >> > http://img850.imageshack.us/img850/7940/lnzp.jpg
> > > > > >> > >> >
> > > > > >> > >> > --
> > > > > >> > >> > Brad
> > > > > >> > >> >
> > > > > >> > >>
> > > > > >> > >
> > > > > >> > >
> > > > > >> > >
> > > > > >> > >--
> > > > > >> > >Brad
> > > > > >> > >
> > > > > >> >
> > > > > >> >
> > > > > >> >
> > > > > >>
> > > > > >>
> > > > > >> --
> > > > > >> Brad
> > > > > >>
> > > > >
> > > >
> > >
> > >
> > >
> > > --
> > > Brad
> > >
> >
>
>
>
> --
> Brad
>
Re: Architecture Question
Posted by Bradley Hieber <me...@gmail.com>.
In the design we are building, we need to have a DMZ tier that encompasses
all of the VPC's and all traffic needs to pass through it.
On Tue, Aug 6, 2013 at 7:15 PM, David Comerford <da...@gmail.com> wrote:
> You don't need a proxy. The VPC is held together by the virtual router.
> That forwards the traffic to and from all the zones/DMZs or the CloudStack
> term "network tiers".
>
> Ideally you would make a Web network tier where the web servers would
> reside. Anther tier for application servers, anto
>
> Best regards,
> David Comerford
> ------------------------
> Tel: +353 87 1238295
> Email: davestyle@gmail.com
> Website: http://dave.ie
> GPG key: http://gpg.dave.ie
>
>
> On 7 August 2013 00:09, Bradley Hieber <me...@gmail.com> wrote:
>
> > I need to place a proxy and web servers in my DMZ. Am I just not getting
> > something?
> >
> >
> > On Tue, Aug 6, 2013 at 7:06 PM, David Comerford <da...@gmail.com>
> > wrote:
> >
> > > The DMZ in your diagram would be the Guest Public network you have
> > defined.
> > > Each zone you have behind the router can be isolated on it's own VLAN
> and
> > > have it's own firewall rules controlling ingress/egress.
> > >
> > > This diagram might explain it a bit better:
> > >
> > >
> >
> https://cwiki.apache.org/confluence/download/attachments/30747129/image001.png?version=1&modificationDate=1357237708000
> > >
> > > Best regards,
> > > David Comerford
> > > ------------------------
> > > Tel: +353 87 1238295
> > > Email: davestyle@gmail.com
> > > Website: http://dave.ie
> > > GPG key: http://gpg.dave.ie
> > >
> > >
> > > On 6 August 2013 23:59, Bradley Hieber <me...@gmail.com> wrote:
> > >
> > > > How would I force the traffic to go through the DMZ? Would I set a
> > small
> > > > LAN in the virtual router to point to a proxy address in the DMZ?
> > > > —
> > > > Sent from Mailbox for iPhone
> > > >
> > > > On Tue, Aug 6, 2013 at 6:58 PM, David Comerford <davestyle@gmail.com
> >
> > > > wrote:
> > > >
> > > > > VPC's are the way to go. Your diagram is a text book example.
> > > > >
> > > >
> > >
> >
> http://cloudstack.apache.org/docs/en-US/Apache_CloudStack/4.0.2/html/Installation_Guide/configure-vpc.html
> > > > > Best regards,
> > > > > David Comerford
> > > > > ------------------------
> > > > > Tel: +353 87 1238295
> > > > > Email: davestyle@gmail.com
> > > > > Website: http://dave.ie
> > > > > GPG key: http://gpg.dave.ie
> > > > > On 6 August 2013 14:36, Bradley Hieber <me...@gmail.com>
> wrote:
> > > > >> It could very well be VPC's. The idea is we are planning on using
> > 5-6
> > > > hosts
> > > > >> in this environment. So designing the solution to fit this
> hardware
> > > > >> requirement is critical.
> > > > >>
> > > > >>
> > > > >> On Tue, Aug 6, 2013 at 9:29 AM, Murali Reddy <
> > Murali.Reddy@citrix.com
> > > > >> >wrote:
> > > > >>
> > > > >> >
> > > > >> > Can 'hosting zones' represented in diagram can be contained
> into a
> > > > >> > CloudStack zone? If so you can dedicated set of hosts to be in
> the
> > > > DMZ.
> > > > >> > Then you can leverage 'host tags' [1] functionality to place
> VM's
> > > > >> > providing edge services (CloudStack system VM's or user VM's) on
> > the
> > > > >> hosts
> > > > >> > dedicated in DMZ.
> > > > >> >
> > > > >> > [1]
> > > > https://cwiki.apache.org/CLOUDSTACK/host-tags-and-storage-tags.html
> > > > >> >
> > > > >> > On 05/08/13 11:28 PM, "Bradley Hieber" <me...@gmail.com>
> > > wrote:
> > > > >> >
> > > > >> > >The goal is to have a virtualized dmz area where we can place
> > > public
> > > > >> > >facing
> > > > >> > >webservers, and other software based firewalls to protect the
> > > > different
> > > > >> > >virtualization areas. Each of the virtualization areas will
> host
> > > > >> different
> > > > >> > >environments for clients to utilize.
> > > > >> > >
> > > > >> > >
> > > > >> > >On Mon, Aug 5, 2013 at 1:55 PM, Chip Childers
> > > > >> > ><ch...@sungard.com>wrote:
> > > > >> > >
> > > > >> > >> Can you explain a bit more about what your diagram implies?
> > That
> > > > >> might
> > > > >> > >> help us help you.
> > > > >> > >>
> > > > >> > >>
> > > > >> > >> On Mon, Aug 5, 2013 at 10:24 AM, Bradley Hieber <
> > > > mercsniper@gmail.com
> > > > >> > >> >wrote:
> > > > >> > >>
> > > > >> > >> > Is it possible to create this type of architecture with
> > > > cloudstack?
> > > > >> > >>Any
> > > > >> > >> > design ideas you can provide?
> > > > >> > >> >
> > > > >> > >> > http://img850.imageshack.us/img850/7940/lnzp.jpg
> > > > >> > >> >
> > > > >> > >> > --
> > > > >> > >> > Brad
> > > > >> > >> >
> > > > >> > >>
> > > > >> > >
> > > > >> > >
> > > > >> > >
> > > > >> > >--
> > > > >> > >Brad
> > > > >> > >
> > > > >> >
> > > > >> >
> > > > >> >
> > > > >>
> > > > >>
> > > > >> --
> > > > >> Brad
> > > > >>
> > > >
> > >
> >
> >
> >
> > --
> > Brad
> >
>
--
Brad
Re: Architecture Question
Posted by David Comerford <da...@gmail.com>.
You don't need a proxy. The VPC is held together by the virtual router.
That forwards the traffic to and from all the zones/DMZs or the CloudStack
term "network tiers".
Ideally you would make a Web network tier where the web servers would
reside. Anther tier for application servers, anto
Best regards,
David Comerford
------------------------
Tel: +353 87 1238295
Email: davestyle@gmail.com
Website: http://dave.ie
GPG key: http://gpg.dave.ie
On 7 August 2013 00:09, Bradley Hieber <me...@gmail.com> wrote:
> I need to place a proxy and web servers in my DMZ. Am I just not getting
> something?
>
>
> On Tue, Aug 6, 2013 at 7:06 PM, David Comerford <da...@gmail.com>
> wrote:
>
> > The DMZ in your diagram would be the Guest Public network you have
> defined.
> > Each zone you have behind the router can be isolated on it's own VLAN and
> > have it's own firewall rules controlling ingress/egress.
> >
> > This diagram might explain it a bit better:
> >
> >
> https://cwiki.apache.org/confluence/download/attachments/30747129/image001.png?version=1&modificationDate=1357237708000
> >
> > Best regards,
> > David Comerford
> > ------------------------
> > Tel: +353 87 1238295
> > Email: davestyle@gmail.com
> > Website: http://dave.ie
> > GPG key: http://gpg.dave.ie
> >
> >
> > On 6 August 2013 23:59, Bradley Hieber <me...@gmail.com> wrote:
> >
> > > How would I force the traffic to go through the DMZ? Would I set a
> small
> > > LAN in the virtual router to point to a proxy address in the DMZ?
> > > —
> > > Sent from Mailbox for iPhone
> > >
> > > On Tue, Aug 6, 2013 at 6:58 PM, David Comerford <da...@gmail.com>
> > > wrote:
> > >
> > > > VPC's are the way to go. Your diagram is a text book example.
> > > >
> > >
> >
> http://cloudstack.apache.org/docs/en-US/Apache_CloudStack/4.0.2/html/Installation_Guide/configure-vpc.html
> > > > Best regards,
> > > > David Comerford
> > > > ------------------------
> > > > Tel: +353 87 1238295
> > > > Email: davestyle@gmail.com
> > > > Website: http://dave.ie
> > > > GPG key: http://gpg.dave.ie
> > > > On 6 August 2013 14:36, Bradley Hieber <me...@gmail.com> wrote:
> > > >> It could very well be VPC's. The idea is we are planning on using
> 5-6
> > > hosts
> > > >> in this environment. So designing the solution to fit this hardware
> > > >> requirement is critical.
> > > >>
> > > >>
> > > >> On Tue, Aug 6, 2013 at 9:29 AM, Murali Reddy <
> Murali.Reddy@citrix.com
> > > >> >wrote:
> > > >>
> > > >> >
> > > >> > Can 'hosting zones' represented in diagram can be contained into a
> > > >> > CloudStack zone? If so you can dedicated set of hosts to be in the
> > > DMZ.
> > > >> > Then you can leverage 'host tags' [1] functionality to place VM's
> > > >> > providing edge services (CloudStack system VM's or user VM's) on
> the
> > > >> hosts
> > > >> > dedicated in DMZ.
> > > >> >
> > > >> > [1]
> > > https://cwiki.apache.org/CLOUDSTACK/host-tags-and-storage-tags.html
> > > >> >
> > > >> > On 05/08/13 11:28 PM, "Bradley Hieber" <me...@gmail.com>
> > wrote:
> > > >> >
> > > >> > >The goal is to have a virtualized dmz area where we can place
> > public
> > > >> > >facing
> > > >> > >webservers, and other software based firewalls to protect the
> > > different
> > > >> > >virtualization areas. Each of the virtualization areas will host
> > > >> different
> > > >> > >environments for clients to utilize.
> > > >> > >
> > > >> > >
> > > >> > >On Mon, Aug 5, 2013 at 1:55 PM, Chip Childers
> > > >> > ><ch...@sungard.com>wrote:
> > > >> > >
> > > >> > >> Can you explain a bit more about what your diagram implies?
> That
> > > >> might
> > > >> > >> help us help you.
> > > >> > >>
> > > >> > >>
> > > >> > >> On Mon, Aug 5, 2013 at 10:24 AM, Bradley Hieber <
> > > mercsniper@gmail.com
> > > >> > >> >wrote:
> > > >> > >>
> > > >> > >> > Is it possible to create this type of architecture with
> > > cloudstack?
> > > >> > >>Any
> > > >> > >> > design ideas you can provide?
> > > >> > >> >
> > > >> > >> > http://img850.imageshack.us/img850/7940/lnzp.jpg
> > > >> > >> >
> > > >> > >> > --
> > > >> > >> > Brad
> > > >> > >> >
> > > >> > >>
> > > >> > >
> > > >> > >
> > > >> > >
> > > >> > >--
> > > >> > >Brad
> > > >> > >
> > > >> >
> > > >> >
> > > >> >
> > > >>
> > > >>
> > > >> --
> > > >> Brad
> > > >>
> > >
> >
>
>
>
> --
> Brad
>
Re: Architecture Question
Posted by Bradley Hieber <me...@gmail.com>.
I need to place a proxy and web servers in my DMZ. Am I just not getting
something?
On Tue, Aug 6, 2013 at 7:06 PM, David Comerford <da...@gmail.com> wrote:
> The DMZ in your diagram would be the Guest Public network you have defined.
> Each zone you have behind the router can be isolated on it's own VLAN and
> have it's own firewall rules controlling ingress/egress.
>
> This diagram might explain it a bit better:
>
> https://cwiki.apache.org/confluence/download/attachments/30747129/image001.png?version=1&modificationDate=1357237708000
>
> Best regards,
> David Comerford
> ------------------------
> Tel: +353 87 1238295
> Email: davestyle@gmail.com
> Website: http://dave.ie
> GPG key: http://gpg.dave.ie
>
>
> On 6 August 2013 23:59, Bradley Hieber <me...@gmail.com> wrote:
>
> > How would I force the traffic to go through the DMZ? Would I set a small
> > LAN in the virtual router to point to a proxy address in the DMZ?
> > —
> > Sent from Mailbox for iPhone
> >
> > On Tue, Aug 6, 2013 at 6:58 PM, David Comerford <da...@gmail.com>
> > wrote:
> >
> > > VPC's are the way to go. Your diagram is a text book example.
> > >
> >
> http://cloudstack.apache.org/docs/en-US/Apache_CloudStack/4.0.2/html/Installation_Guide/configure-vpc.html
> > > Best regards,
> > > David Comerford
> > > ------------------------
> > > Tel: +353 87 1238295
> > > Email: davestyle@gmail.com
> > > Website: http://dave.ie
> > > GPG key: http://gpg.dave.ie
> > > On 6 August 2013 14:36, Bradley Hieber <me...@gmail.com> wrote:
> > >> It could very well be VPC's. The idea is we are planning on using 5-6
> > hosts
> > >> in this environment. So designing the solution to fit this hardware
> > >> requirement is critical.
> > >>
> > >>
> > >> On Tue, Aug 6, 2013 at 9:29 AM, Murali Reddy <Murali.Reddy@citrix.com
> > >> >wrote:
> > >>
> > >> >
> > >> > Can 'hosting zones' represented in diagram can be contained into a
> > >> > CloudStack zone? If so you can dedicated set of hosts to be in the
> > DMZ.
> > >> > Then you can leverage 'host tags' [1] functionality to place VM's
> > >> > providing edge services (CloudStack system VM's or user VM's) on the
> > >> hosts
> > >> > dedicated in DMZ.
> > >> >
> > >> > [1]
> > https://cwiki.apache.org/CLOUDSTACK/host-tags-and-storage-tags.html
> > >> >
> > >> > On 05/08/13 11:28 PM, "Bradley Hieber" <me...@gmail.com>
> wrote:
> > >> >
> > >> > >The goal is to have a virtualized dmz area where we can place
> public
> > >> > >facing
> > >> > >webservers, and other software based firewalls to protect the
> > different
> > >> > >virtualization areas. Each of the virtualization areas will host
> > >> different
> > >> > >environments for clients to utilize.
> > >> > >
> > >> > >
> > >> > >On Mon, Aug 5, 2013 at 1:55 PM, Chip Childers
> > >> > ><ch...@sungard.com>wrote:
> > >> > >
> > >> > >> Can you explain a bit more about what your diagram implies? That
> > >> might
> > >> > >> help us help you.
> > >> > >>
> > >> > >>
> > >> > >> On Mon, Aug 5, 2013 at 10:24 AM, Bradley Hieber <
> > mercsniper@gmail.com
> > >> > >> >wrote:
> > >> > >>
> > >> > >> > Is it possible to create this type of architecture with
> > cloudstack?
> > >> > >>Any
> > >> > >> > design ideas you can provide?
> > >> > >> >
> > >> > >> > http://img850.imageshack.us/img850/7940/lnzp.jpg
> > >> > >> >
> > >> > >> > --
> > >> > >> > Brad
> > >> > >> >
> > >> > >>
> > >> > >
> > >> > >
> > >> > >
> > >> > >--
> > >> > >Brad
> > >> > >
> > >> >
> > >> >
> > >> >
> > >>
> > >>
> > >> --
> > >> Brad
> > >>
> >
>
--
Brad
Re: Architecture Question
Posted by David Comerford <da...@gmail.com>.
The DMZ in your diagram would be the Guest Public network you have defined.
Each zone you have behind the router can be isolated on it's own VLAN and
have it's own firewall rules controlling ingress/egress.
This diagram might explain it a bit better:
https://cwiki.apache.org/confluence/download/attachments/30747129/image001.png?version=1&modificationDate=1357237708000
Best regards,
David Comerford
------------------------
Tel: +353 87 1238295
Email: davestyle@gmail.com
Website: http://dave.ie
GPG key: http://gpg.dave.ie
On 6 August 2013 23:59, Bradley Hieber <me...@gmail.com> wrote:
> How would I force the traffic to go through the DMZ? Would I set a small
> LAN in the virtual router to point to a proxy address in the DMZ?
> —
> Sent from Mailbox for iPhone
>
> On Tue, Aug 6, 2013 at 6:58 PM, David Comerford <da...@gmail.com>
> wrote:
>
> > VPC's are the way to go. Your diagram is a text book example.
> >
> http://cloudstack.apache.org/docs/en-US/Apache_CloudStack/4.0.2/html/Installation_Guide/configure-vpc.html
> > Best regards,
> > David Comerford
> > ------------------------
> > Tel: +353 87 1238295
> > Email: davestyle@gmail.com
> > Website: http://dave.ie
> > GPG key: http://gpg.dave.ie
> > On 6 August 2013 14:36, Bradley Hieber <me...@gmail.com> wrote:
> >> It could very well be VPC's. The idea is we are planning on using 5-6
> hosts
> >> in this environment. So designing the solution to fit this hardware
> >> requirement is critical.
> >>
> >>
> >> On Tue, Aug 6, 2013 at 9:29 AM, Murali Reddy <Murali.Reddy@citrix.com
> >> >wrote:
> >>
> >> >
> >> > Can 'hosting zones' represented in diagram can be contained into a
> >> > CloudStack zone? If so you can dedicated set of hosts to be in the
> DMZ.
> >> > Then you can leverage 'host tags' [1] functionality to place VM's
> >> > providing edge services (CloudStack system VM's or user VM's) on the
> >> hosts
> >> > dedicated in DMZ.
> >> >
> >> > [1]
> https://cwiki.apache.org/CLOUDSTACK/host-tags-and-storage-tags.html
> >> >
> >> > On 05/08/13 11:28 PM, "Bradley Hieber" <me...@gmail.com> wrote:
> >> >
> >> > >The goal is to have a virtualized dmz area where we can place public
> >> > >facing
> >> > >webservers, and other software based firewalls to protect the
> different
> >> > >virtualization areas. Each of the virtualization areas will host
> >> different
> >> > >environments for clients to utilize.
> >> > >
> >> > >
> >> > >On Mon, Aug 5, 2013 at 1:55 PM, Chip Childers
> >> > ><ch...@sungard.com>wrote:
> >> > >
> >> > >> Can you explain a bit more about what your diagram implies? That
> >> might
> >> > >> help us help you.
> >> > >>
> >> > >>
> >> > >> On Mon, Aug 5, 2013 at 10:24 AM, Bradley Hieber <
> mercsniper@gmail.com
> >> > >> >wrote:
> >> > >>
> >> > >> > Is it possible to create this type of architecture with
> cloudstack?
> >> > >>Any
> >> > >> > design ideas you can provide?
> >> > >> >
> >> > >> > http://img850.imageshack.us/img850/7940/lnzp.jpg
> >> > >> >
> >> > >> > --
> >> > >> > Brad
> >> > >> >
> >> > >>
> >> > >
> >> > >
> >> > >
> >> > >--
> >> > >Brad
> >> > >
> >> >
> >> >
> >> >
> >>
> >>
> >> --
> >> Brad
> >>
>
Re: Architecture Question
Posted by Bradley Hieber <me...@gmail.com>.
How would I force the traffic to go through the DMZ? Would I set a small LAN in the virtual router to point to a proxy address in the DMZ?
—
Sent from Mailbox for iPhone
On Tue, Aug 6, 2013 at 6:58 PM, David Comerford <da...@gmail.com>
wrote:
> VPC's are the way to go. Your diagram is a text book example.
> http://cloudstack.apache.org/docs/en-US/Apache_CloudStack/4.0.2/html/Installation_Guide/configure-vpc.html
> Best regards,
> David Comerford
> ------------------------
> Tel: +353 87 1238295
> Email: davestyle@gmail.com
> Website: http://dave.ie
> GPG key: http://gpg.dave.ie
> On 6 August 2013 14:36, Bradley Hieber <me...@gmail.com> wrote:
>> It could very well be VPC's. The idea is we are planning on using 5-6 hosts
>> in this environment. So designing the solution to fit this hardware
>> requirement is critical.
>>
>>
>> On Tue, Aug 6, 2013 at 9:29 AM, Murali Reddy <Murali.Reddy@citrix.com
>> >wrote:
>>
>> >
>> > Can 'hosting zones' represented in diagram can be contained into a
>> > CloudStack zone? If so you can dedicated set of hosts to be in the DMZ.
>> > Then you can leverage 'host tags' [1] functionality to place VM's
>> > providing edge services (CloudStack system VM's or user VM's) on the
>> hosts
>> > dedicated in DMZ.
>> >
>> > [1] https://cwiki.apache.org/CLOUDSTACK/host-tags-and-storage-tags.html
>> >
>> > On 05/08/13 11:28 PM, "Bradley Hieber" <me...@gmail.com> wrote:
>> >
>> > >The goal is to have a virtualized dmz area where we can place public
>> > >facing
>> > >webservers, and other software based firewalls to protect the different
>> > >virtualization areas. Each of the virtualization areas will host
>> different
>> > >environments for clients to utilize.
>> > >
>> > >
>> > >On Mon, Aug 5, 2013 at 1:55 PM, Chip Childers
>> > ><ch...@sungard.com>wrote:
>> > >
>> > >> Can you explain a bit more about what your diagram implies? That
>> might
>> > >> help us help you.
>> > >>
>> > >>
>> > >> On Mon, Aug 5, 2013 at 10:24 AM, Bradley Hieber <mercsniper@gmail.com
>> > >> >wrote:
>> > >>
>> > >> > Is it possible to create this type of architecture with cloudstack?
>> > >>Any
>> > >> > design ideas you can provide?
>> > >> >
>> > >> > http://img850.imageshack.us/img850/7940/lnzp.jpg
>> > >> >
>> > >> > --
>> > >> > Brad
>> > >> >
>> > >>
>> > >
>> > >
>> > >
>> > >--
>> > >Brad
>> > >
>> >
>> >
>> >
>>
>>
>> --
>> Brad
>>
Re: Architecture Question
Posted by David Comerford <da...@gmail.com>.
VPC's are the way to go. Your diagram is a text book example.
http://cloudstack.apache.org/docs/en-US/Apache_CloudStack/4.0.2/html/Installation_Guide/configure-vpc.html
Best regards,
David Comerford
------------------------
Tel: +353 87 1238295
Email: davestyle@gmail.com
Website: http://dave.ie
GPG key: http://gpg.dave.ie
On 6 August 2013 14:36, Bradley Hieber <me...@gmail.com> wrote:
> It could very well be VPC's. The idea is we are planning on using 5-6 hosts
> in this environment. So designing the solution to fit this hardware
> requirement is critical.
>
>
> On Tue, Aug 6, 2013 at 9:29 AM, Murali Reddy <Murali.Reddy@citrix.com
> >wrote:
>
> >
> > Can 'hosting zones' represented in diagram can be contained into a
> > CloudStack zone? If so you can dedicated set of hosts to be in the DMZ.
> > Then you can leverage 'host tags' [1] functionality to place VM's
> > providing edge services (CloudStack system VM's or user VM's) on the
> hosts
> > dedicated in DMZ.
> >
> > [1] https://cwiki.apache.org/CLOUDSTACK/host-tags-and-storage-tags.html
> >
> > On 05/08/13 11:28 PM, "Bradley Hieber" <me...@gmail.com> wrote:
> >
> > >The goal is to have a virtualized dmz area where we can place public
> > >facing
> > >webservers, and other software based firewalls to protect the different
> > >virtualization areas. Each of the virtualization areas will host
> different
> > >environments for clients to utilize.
> > >
> > >
> > >On Mon, Aug 5, 2013 at 1:55 PM, Chip Childers
> > ><ch...@sungard.com>wrote:
> > >
> > >> Can you explain a bit more about what your diagram implies? That
> might
> > >> help us help you.
> > >>
> > >>
> > >> On Mon, Aug 5, 2013 at 10:24 AM, Bradley Hieber <mercsniper@gmail.com
> > >> >wrote:
> > >>
> > >> > Is it possible to create this type of architecture with cloudstack?
> > >>Any
> > >> > design ideas you can provide?
> > >> >
> > >> > http://img850.imageshack.us/img850/7940/lnzp.jpg
> > >> >
> > >> > --
> > >> > Brad
> > >> >
> > >>
> > >
> > >
> > >
> > >--
> > >Brad
> > >
> >
> >
> >
>
>
> --
> Brad
>
Re: Architecture Question
Posted by Bradley Hieber <me...@gmail.com>.
It could very well be VPC's. The idea is we are planning on using 5-6 hosts
in this environment. So designing the solution to fit this hardware
requirement is critical.
On Tue, Aug 6, 2013 at 9:29 AM, Murali Reddy <Mu...@citrix.com>wrote:
>
> Can 'hosting zones' represented in diagram can be contained into a
> CloudStack zone? If so you can dedicated set of hosts to be in the DMZ.
> Then you can leverage 'host tags' [1] functionality to place VM's
> providing edge services (CloudStack system VM's or user VM's) on the hosts
> dedicated in DMZ.
>
> [1] https://cwiki.apache.org/CLOUDSTACK/host-tags-and-storage-tags.html
>
> On 05/08/13 11:28 PM, "Bradley Hieber" <me...@gmail.com> wrote:
>
> >The goal is to have a virtualized dmz area where we can place public
> >facing
> >webservers, and other software based firewalls to protect the different
> >virtualization areas. Each of the virtualization areas will host different
> >environments for clients to utilize.
> >
> >
> >On Mon, Aug 5, 2013 at 1:55 PM, Chip Childers
> ><ch...@sungard.com>wrote:
> >
> >> Can you explain a bit more about what your diagram implies? That might
> >> help us help you.
> >>
> >>
> >> On Mon, Aug 5, 2013 at 10:24 AM, Bradley Hieber <mercsniper@gmail.com
> >> >wrote:
> >>
> >> > Is it possible to create this type of architecture with cloudstack?
> >>Any
> >> > design ideas you can provide?
> >> >
> >> > http://img850.imageshack.us/img850/7940/lnzp.jpg
> >> >
> >> > --
> >> > Brad
> >> >
> >>
> >
> >
> >
> >--
> >Brad
> >
>
>
>
--
Brad
Re: Architecture Question
Posted by Ahmad Emneina <ae...@gmail.com>.
this is how cloudstacks public network works. one can have a pool of public
ip's directly assigned to vm's with 'shared networks' or have a virtualized
firewall (virtual router) in front of these vm's and provide
NAT/Firewalling and load balancing services.
On Mon, Aug 5, 2013 at 10:58 AM, Bradley Hieber <me...@gmail.com>wrote:
> The goal is to have a virtualized dmz area where we can place public facing
> webservers, and other software based firewalls to protect the different
> virtualization areas. Each of the virtualization areas will host different
> environments for clients to utilize.
>
>
> On Mon, Aug 5, 2013 at 1:55 PM, Chip Childers <chip.childers@sungard.com
> >wrote:
>
> > Can you explain a bit more about what your diagram implies? That might
> > help us help you.
> >
> >
> > On Mon, Aug 5, 2013 at 10:24 AM, Bradley Hieber <mercsniper@gmail.com
> > >wrote:
> >
> > > Is it possible to create this type of architecture with cloudstack? Any
> > > design ideas you can provide?
> > >
> > > http://img850.imageshack.us/img850/7940/lnzp.jpg
> > >
> > > --
> > > Brad
> > >
> >
>
>
>
> --
> Brad
>
Re: Architecture Question
Posted by Murali Reddy <Mu...@citrix.com>.
Can 'hosting zones' represented in diagram can be contained into a
CloudStack zone? If so you can dedicated set of hosts to be in the DMZ.
Then you can leverage 'host tags' [1] functionality to place VM's
providing edge services (CloudStack system VM's or user VM's) on the hosts
dedicated in DMZ.
[1] https://cwiki.apache.org/CLOUDSTACK/host-tags-and-storage-tags.html
On 05/08/13 11:28 PM, "Bradley Hieber" <me...@gmail.com> wrote:
>The goal is to have a virtualized dmz area where we can place public
>facing
>webservers, and other software based firewalls to protect the different
>virtualization areas. Each of the virtualization areas will host different
>environments for clients to utilize.
>
>
>On Mon, Aug 5, 2013 at 1:55 PM, Chip Childers
><ch...@sungard.com>wrote:
>
>> Can you explain a bit more about what your diagram implies? That might
>> help us help you.
>>
>>
>> On Mon, Aug 5, 2013 at 10:24 AM, Bradley Hieber <mercsniper@gmail.com
>> >wrote:
>>
>> > Is it possible to create this type of architecture with cloudstack?
>>Any
>> > design ideas you can provide?
>> >
>> > http://img850.imageshack.us/img850/7940/lnzp.jpg
>> >
>> > --
>> > Brad
>> >
>>
>
>
>
>--
>Brad
>
Re: Architecture Question
Posted by Bradley Hieber <me...@gmail.com>.
The goal is to have a virtualized dmz area where we can place public facing
webservers, and other software based firewalls to protect the different
virtualization areas. Each of the virtualization areas will host different
environments for clients to utilize.
On Mon, Aug 5, 2013 at 1:55 PM, Chip Childers <ch...@sungard.com>wrote:
> Can you explain a bit more about what your diagram implies? That might
> help us help you.
>
>
> On Mon, Aug 5, 2013 at 10:24 AM, Bradley Hieber <mercsniper@gmail.com
> >wrote:
>
> > Is it possible to create this type of architecture with cloudstack? Any
> > design ideas you can provide?
> >
> > http://img850.imageshack.us/img850/7940/lnzp.jpg
> >
> > --
> > Brad
> >
>
--
Brad
Re: Architecture Question
Posted by Chip Childers <ch...@sungard.com>.
Can you explain a bit more about what your diagram implies? That might
help us help you.
On Mon, Aug 5, 2013 at 10:24 AM, Bradley Hieber <me...@gmail.com>wrote:
> Is it possible to create this type of architecture with cloudstack? Any
> design ideas you can provide?
>
> http://img850.imageshack.us/img850/7940/lnzp.jpg
>
> --
> Brad
>