Brian,
the wiring is *not* necessarily separate - it may be the *only*
wiring. consider the following case: a branch office connected to the hq
by vpn run in hardware on cisco routers. the remote router serves dhcp
addresses. the only piece of equipment connected directly to the remote
router is an ltsp (actually k12ltsp) server with 2 nics. the server gets
address from the router on eth1 and serves dhcp on eth0, under nat. all
the goodies from having a local server, dns, squidguard (i think), local
directories etc are there, protected. if the server fails, you can connect
everything directly to the router and provided the terminals can run X
when not booted from the ltsp server (e.g. thinknic cd rom-based) you are
still accessing the hq network. this is a fairly simple business scenario.
and it works.
julius
On Tue, 21 May 2002, Brian Fahrlander wrote:
> On Tue, 21 May 2002 16:37:56 -0400 (EDT), "Jim Wildman" <[EMAIL PROTECTED]> wrote:
>
> > Several reasons come to mind all based around the need for segregation
> > of traffic.
> > 1) DHCP. If I'm already running dhcp in the wider network, placing my
> > terminals on a separate network allows me to do the pxe/netboot stuff
> > without changing my 'public' dhcsp.
>
> I went just the other way in my dabblings at Lee Lumber; DHCP for everyone came
>from using it for DHCP.
>
> > 2) Security (Phase 1). I don't want others to see my terminal traffic
>
> This sounds good, and there are some places where it's mandatory, but where I
>was working, I had to keep telling people how to drag-n-drop, so it wasn't an issue.
>
> > 3) Security (Phase 2). NFS is not secure. I don't want my nfs shares
> > out where folks other than the terminals can see them.
>
> Again, in my experience (which is pretty casual and without serious threats)
>those folks thing NFS is some kinda Feminine Deodorant Spray. :)
>
> > 4) Security (Phase 3). I want to control the access of the terminals.
> > Having them gateway through the server gives me a single control &
> > monitoring point. (ie, SquidGuard)
>
> Yeah, I like the idea; enough to make me decide to make my future applications
>of LTSP that way. It's like Beowolf, with a lot of nodes connecting to a 'maestro'.
>It also means quieter traffic for the terminals, improving their action. And keeping
>your NFS close to the vest is just a good idea.
>
> Thanks for making the case; this is better this way, and well worth the seperate
>wiring, even if it costs more.
>
> ------------------------------------------------------------------------
> Brian Fahrländer Linux Zealot, Conservative, and Technomad
> Evansville, IN My Voyage: http://www.CounterMoon.com
> ICQ 5119262
> AOL: WheelDweller
> Yahoo: WheelDweller Me: http://www.kamakiriad.com/aboutme.html
> ------------------------------------------------------------------------
>
> _______________________________________________________________
>
> Don't miss the 2002 Sprint PCS Application Developer's Conference
> August 25-28 in Las Vegas -- http://devcon.sprintpcs.com/adp/index.cfm
>
> _____________________________________________________________________
> Ltsp-discuss mailing list. To un-subscribe, or change prefs, goto:
> https://lists.sourceforge.net/lists/listinfo/ltsp-discuss
> For additional LTSP help, try #ltsp channel on irc.openprojects.net
>
>
_______________________________________________________________
Don't miss the 2002 Sprint PCS Application Developer's Conference
August 25-28 in Las Vegas -- http://devcon.sprintpcs.com/adp/index.cfm
_____________________________________________________________________
Ltsp-discuss mailing list. To un-subscribe, or change prefs, goto:
https://lists.sourceforge.net/lists/listinfo/ltsp-discuss
For additional LTSP help, try #ltsp channel on irc.openprojects.net
