I agree with Will's suggestion. -Wei
2017-01-17 6:13 GMT+01:00 Will Stevens <wstev...@cloudops.com>: > Rene, this is probably not going to solve your problem, but I use this > trick for other use cases. You can setup more than one range. ACS seems > to always exhaust one range before moving on to the next range. If it is a > new install, then you can do a range with only 2 IPs in it and make it > first. Since the first two IPs which will be provisioned when ACS is setup > is the SSVM and CPVM, they will automatically take the two IPs from that > special range. > > I am pretty sure I have tested this. Later when other IPs have been used > from the other range, if you destroy the SSVM or CPVM, they will come back > up on one of the two IPs that they were on before because they will be free > again and they will be used first again. If your system is really active, > then you will be in a race condition while the SSVM and CPVM get bounced to > get the same IPs back. > > Anyway, I figured I would mention it because it may be a workaround you can > make use of. I do this in dev/staging environments which need real public > IPs, but I don't need the SSVM and CPVM to have real public IPs. This lets > me preserve two real public IPs by using private IPs for that first range > for the SSVM and CPVM. > > Cheers, > > *Will STEVENS* > Lead Developer > > <https://goo.gl/NYZ8KK> > > On Mon, Jan 16, 2017 at 11:37 PM, Nitin Kumar Maharana < > nitinkumar.mahar...@accelerite.com> wrote: > > > Hi Rene, > > > > The default pool, which means are you mentioning the public IP range? > > > > If it is a public IP range, user VMs won’t be consuming any IP from > there. > > Only system VMs(CPVM/SSVM/VR) will be consuming. VRs will be providing > > public access to the user VMs. > > > > > > Thanks, > > Nitin > > > On 16-Jan-2017, at 8:56 PM, Rene Moser <m...@renemoser.net> wrote: > > > > > > Hi > > > > > > We would like to make a change proposal for SSVM/CPVM. > > > > > > Currently, the SSVM/CPVM get an IP from the "default" pool of > > > vlaniprange which is the from the account "system" > > > > > > > > > "vlaniprange": [ > > > { > > > "account": "system", > > > "domain": "ROOT", > > > "endip": "10.101.0.250", > > > "forvirtualnetwork": true, > > > "gateway": "10.101.0.1", > > > "netmask": "255.255.255.0", > > > "startip": "10.101.0.11", > > > ... > > > > > > }, > > > > > > > > > "systemvm": [ > > > { > > > "activeviewersessions": 0, > > > "gateway": "10.101.0.1", > > > "hypervisor": "VMware", > > > "id": "d9a8abe5-b1e0-47d6-8f39-01b48ff1e0fa", > > > "name": "v-5877-VM", > > > "privatenetmask": "255.255.255.0", > > > "publicip": "10.101.0.113", > > > "publicnetmask": "255.255.255.0", > > > "state": "Running", > > > ... > > > }, > > > > > > > > > For security considerations we would like to define a dedicated IP > range > > > for SSVM/CPVM, which, preferably, should not have any relation to the > > > default pool range. > > > > > > The default pool range should be used for userVMs only. To indicate the > > > use I propolse 2 new flags, which only considered for "account=system" > > > and indicate if the range can be used for userVMs or/and systemVMs. > > > > > > For backwards compatibility this would be the default > > > > > > "foruservms": true, > > > "forsystemvms": true, > > > > > > > > > to have a separate range for UserVMs/SystemVMs, it would look like > > > > > > > > > "vlaniprange": [ > > > { > > > "account": "system", > > > "domain": "ROOT", > > > "foruservms": true, > > > "forsystemvms": false, > > > "endip": "192.160.123.250", > > > "forvirtualnetwork": true, > > > "gateway": "192.160.123.1", > > > "netmask": "255.255.255.0", > > > "startip": "192.160.123.11", > > > ... > > > > > > }, > > > > > > "vlaniprange": [ > > > { > > > "account": "system", > > > "domain": "ROOT", > > > "foruservms": false, > > > "forsystemvms": true, > > > "endip": "10.101.0.250", > > > "forvirtualnetwork": true, > > > "gateway": "10.101.0.1", > > > "netmask": "255.255.255.0", > > > "startip": "10.101.0.11", > > > ... > > > > > > }, > > > > > > > > > Does anyone has see any conflicts with this proposal? > > > > > > Regards > > > René > > > > > > > > > > > > > DISCLAIMER > > ========== > > This e-mail may contain privileged and confidential information which is > > the property of Accelerite, a Persistent Systems business. It is intended > > only for the use of the individual or entity to which it is addressed. If > > you are not the intended recipient, you are not authorized to read, > retain, > > copy, print, distribute or use this message. If you have received this > > communication in error, please notify the sender and delete all copies of > > this message. Accelerite, a Persistent Systems business does not accept > any > > liability for virus infected mails. > > >
