The DMZ in your diagram would be the Guest Public network you have defined. Each zone you have behind the router can be isolated on it's own VLAN and have it's own firewall rules controlling ingress/egress.
This diagram might explain it a bit better: https://cwiki.apache.org/confluence/download/attachments/30747129/image001.png?version=1&modificationDate=1357237708000 Best regards, David Comerford ------------------------ Tel: +353 87 1238295 Email: [email protected] Website: http://dave.ie GPG key: http://gpg.dave.ie On 6 August 2013 23:59, Bradley Hieber <[email protected]> wrote: > How would I force the traffic to go through the DMZ? Would I set a small > LAN in the virtual router to point to a proxy address in the DMZ? > — > Sent from Mailbox for iPhone > > On Tue, Aug 6, 2013 at 6:58 PM, David Comerford <[email protected]> > wrote: > > > VPC's are the way to go. Your diagram is a text book example. > > > http://cloudstack.apache.org/docs/en-US/Apache_CloudStack/4.0.2/html/Installation_Guide/configure-vpc.html > > Best regards, > > David Comerford > > ------------------------ > > Tel: +353 87 1238295 > > Email: [email protected] > > Website: http://dave.ie > > GPG key: http://gpg.dave.ie > > On 6 August 2013 14:36, Bradley Hieber <[email protected]> wrote: > >> It could very well be VPC's. The idea is we are planning on using 5-6 > hosts > >> in this environment. So designing the solution to fit this hardware > >> requirement is critical. > >> > >> > >> On Tue, Aug 6, 2013 at 9:29 AM, Murali Reddy <[email protected] > >> >wrote: > >> > >> > > >> > Can 'hosting zones' represented in diagram can be contained into a > >> > CloudStack zone? If so you can dedicated set of hosts to be in the > DMZ. > >> > Then you can leverage 'host tags' [1] functionality to place VM's > >> > providing edge services (CloudStack system VM's or user VM's) on the > >> hosts > >> > dedicated in DMZ. > >> > > >> > [1] > https://cwiki.apache.org/CLOUDSTACK/host-tags-and-storage-tags.html > >> > > >> > On 05/08/13 11:28 PM, "Bradley Hieber" <[email protected]> wrote: > >> > > >> > >The goal is to have a virtualized dmz area where we can place public > >> > >facing > >> > >webservers, and other software based firewalls to protect the > different > >> > >virtualization areas. Each of the virtualization areas will host > >> different > >> > >environments for clients to utilize. > >> > > > >> > > > >> > >On Mon, Aug 5, 2013 at 1:55 PM, Chip Childers > >> > ><[email protected]>wrote: > >> > > > >> > >> Can you explain a bit more about what your diagram implies? That > >> might > >> > >> help us help you. > >> > >> > >> > >> > >> > >> On Mon, Aug 5, 2013 at 10:24 AM, Bradley Hieber < > [email protected] > >> > >> >wrote: > >> > >> > >> > >> > Is it possible to create this type of architecture with > cloudstack? > >> > >>Any > >> > >> > design ideas you can provide? > >> > >> > > >> > >> > http://img850.imageshack.us/img850/7940/lnzp.jpg > >> > >> > > >> > >> > -- > >> > >> > Brad > >> > >> > > >> > >> > >> > > > >> > > > >> > > > >> > >-- > >> > >Brad > >> > > > >> > > >> > > >> > > >> > >> > >> -- > >> Brad > >> >
