You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@cloudstack.apache.org by Michal Rodzos <mi...@cloudcentral.com.au> on 2013/12/01 04:09:02 UTC

Replacing Virtual Router with a custom virtual appliance template

Is it possible to create a network offering, which would use a custom
virtual appliance instead of the default Debian template?


My understanding is currently only following network providers are
supported/available in ACS:

-          Citrix NetScaler

-          F5

-          Juniper SRX

-          Virtual Router

-          Cisco ASA 100v (Citrix CloudPlatform only?)

 

I've found a wiki page
https://cwiki.apache.org/confluence/display/CLOUDSTACK/Palo+Alto+Firewall+In
tegration# that somebody managed to integrate the Palo Alto Firewall into
ACS. Plus some other people managed to get the midokura or Nicira to work ?

So it seems that  custom network providers are feasible.


I'd like to provide a premium network offering with a commercial security
gateway/UTM virtual appliance as a network provider. Ie the FortiGate UTM
provides VPN, NAT, DNS, DHCP, routing and other network features similar to
Virtual Router, but also offers security features like anitispam, virus
scanning, deep packet inspection, IPS etc. So the question is how hard is,
and how much dev effort is required?


Other option is to create a network like this
Internet -> ACS VR-> FortiGate TM VM ->  customer VMs
But not sure how can force all the public traffic from the VMs to go via the
FortiGate? 


The environment is XenServer 6.2 and ACS 4.2.1 with Advanced Networking

Thanks,
Michal

 

Regards,
Michal Rodzos
Solutions Architect

 
<http://www.cloudcentral.com.au/?utm_source=michal&utm_medium=email&utm_camp
aign=cloudcentral> CloudCentral - Secure Australian Cloud
Phone: 1300 144 007 | Mobile: +61 421 834 204
 <http://www.linkedin.com/in/michalrodzos> View Michal Rodzos' profile on
LinkedIn| Skype: michal.rodzos |  <https://twitter.com/cloudcentral> Twitter

RE: Replacing Virtual Router with a custom virtual appliance template

Posted by "Lisa B." <no...@hotmail.de>.

hey michal,

i am not sure if this is what you are looking for but i just came across this blog post while tracking down a different problem:

http://blog.remibergsma.com/2012/08/30/going-beyond-cloudstack-advanced-networking-how-i-replaced-the-virtual-router-with-my-own-physical-linux-router/

good luck!
lisa

________________________________
> From: michal.rodzos@cloudcentral.com.au 
> To: users@cloudstack.apache.org 
> Subject: Replacing Virtual Router with a custom virtual appliance template 
> Date: Sun, 1 Dec 2013 14:09:02 +1100 
> 
> 
> Is it possible to create a network offering, which would use a custom 
> virtual appliance instead of the default Debian template? 
> 
> My understanding is currently only following network providers are 
> supported/available in ACS: 
> 
> - Citrix NetScaler 
> 
> - F5 
> 
> - Juniper SRX 
> 
> - Virtual Router 
> 
> - Cisco ASA 100v (Citrix CloudPlatform only?) 
> 
> 
> 
> I’ve found a wiki page 
> https://cwiki.apache.org/confluence/display/CLOUDSTACK/Palo+Alto+Firewall+Integration& 
> that somebody managed to integrate the Palo Alto Firewall into ACS. 
> Plus some other people managed to get the midokura or Nicira to work ? 
> 
> So it seems that custom network providers are feasible… 
> 
> I'd like to provide a premium network offering with a commercial 
> security gateway/UTM virtual appliance as a network provider. Ie the 
> FortiGate UTM provides VPN, NAT, DNS, DHCP, routing and other network 
> features similar to Virtual Router, but also offers security features 
> like anitispam, virus scanning, deep packet inspection, IPS etc. So the 
> question is how hard is, and how much dev effort is required? 
> 
> Other option is to create a network like this 
> Internet -> ACS VR-> FortiGate TM VM -> customer VMs 
> But not sure how can force all the public traffic from the VMs to go 
> via the FortiGate? 
> 
> The environment is XenServer 6.2 and ACS 4.2.1 with Advanced Networking 
> 
> Thanks, 
> Michal 
> 
> 
> 
> Regards, 
> Michal Rodzos 
> Solutions Architect 
> 
> [CloudCentral - Secure Australian 
> Cloud]<http://www.cloudcentral.com.au/?utm_source=michal&utm_medium=email&utm_campaign=cloudcentral> 
> Phone: 1300 144 007 | Mobile: +61 421 834 204 
> [View Michal Rodzos' profile on 
> LinkedIn]<http://www.linkedin.com/in/michalrodzos>| Skype: 
> michal.rodzos | Twitter<https://twitter.com/cloudcentral> 
> 
>