Ah I understand. So you need a "DMZ" network tier with some device on it that filters all traffic to and from the other tiers? That's a bit beyond my VPC experience, sorry. Hopefully someone else might chime in at this point :)
Best regards, David Comerford ------------------------ Tel: +353 87 1238295 Email: [email protected] Website: http://dave.ie GPG key: http://gpg.dave.ie On 7 August 2013 00:39, Bradley Hieber <[email protected]> wrote: > In the design we are building, we need to have a DMZ tier that encompasses > all of the VPC's and all traffic needs to pass through it. > > > On Tue, Aug 6, 2013 at 7:15 PM, David Comerford <[email protected]> > wrote: > > > You don't need a proxy. The VPC is held together by the virtual router. > > That forwards the traffic to and from all the zones/DMZs or the > CloudStack > > term "network tiers". > > > > Ideally you would make a Web network tier where the web servers would > > reside. Anther tier for application servers, anto > > > > Best regards, > > David Comerford > > ------------------------ > > Tel: +353 87 1238295 > > Email: [email protected] > > Website: http://dave.ie > > GPG key: http://gpg.dave.ie > > > > > > On 7 August 2013 00:09, Bradley Hieber <[email protected]> wrote: > > > > > I need to place a proxy and web servers in my DMZ. Am I just not > getting > > > something? > > > > > > > > > On Tue, Aug 6, 2013 at 7:06 PM, David Comerford <[email protected]> > > > wrote: > > > > > > > The DMZ in your diagram would be the Guest Public network you have > > > defined. > > > > Each zone you have behind the router can be isolated on it's own VLAN > > and > > > > have it's own firewall rules controlling ingress/egress. > > > > > > > > This diagram might explain it a bit better: > > > > > > > > > > > > > > https://cwiki.apache.org/confluence/download/attachments/30747129/image001.png?version=1&modificationDate=1357237708000 > > > > > > > > Best regards, > > > > David Comerford > > > > ------------------------ > > > > Tel: +353 87 1238295 > > > > Email: [email protected] > > > > Website: http://dave.ie > > > > GPG key: http://gpg.dave.ie > > > > > > > > > > > > On 6 August 2013 23:59, Bradley Hieber <[email protected]> wrote: > > > > > > > > > How would I force the traffic to go through the DMZ? Would I set a > > > small > > > > > LAN in the virtual router to point to a proxy address in the DMZ? > > > > > — > > > > > Sent from Mailbox for iPhone > > > > > > > > > > On Tue, Aug 6, 2013 at 6:58 PM, David Comerford < > [email protected] > > > > > > > > wrote: > > > > > > > > > > > VPC's are the way to go. Your diagram is a text book example. > > > > > > > > > > > > > > > > > > > > > http://cloudstack.apache.org/docs/en-US/Apache_CloudStack/4.0.2/html/Installation_Guide/configure-vpc.html > > > > > > Best regards, > > > > > > David Comerford > > > > > > ------------------------ > > > > > > Tel: +353 87 1238295 > > > > > > Email: [email protected] > > > > > > Website: http://dave.ie > > > > > > GPG key: http://gpg.dave.ie > > > > > > On 6 August 2013 14:36, Bradley Hieber <[email protected]> > > wrote: > > > > > >> It could very well be VPC's. The idea is we are planning on > using > > > 5-6 > > > > > hosts > > > > > >> in this environment. So designing the solution to fit this > > hardware > > > > > >> requirement is critical. > > > > > >> > > > > > >> > > > > > >> On Tue, Aug 6, 2013 at 9:29 AM, Murali Reddy < > > > [email protected] > > > > > >> >wrote: > > > > > >> > > > > > >> > > > > > > >> > Can 'hosting zones' represented in diagram can be contained > > into a > > > > > >> > CloudStack zone? If so you can dedicated set of hosts to be in > > the > > > > > DMZ. > > > > > >> > Then you can leverage 'host tags' [1] functionality to place > > VM's > > > > > >> > providing edge services (CloudStack system VM's or user VM's) > on > > > the > > > > > >> hosts > > > > > >> > dedicated in DMZ. > > > > > >> > > > > > > >> > [1] > > > > > > https://cwiki.apache.org/CLOUDSTACK/host-tags-and-storage-tags.html > > > > > >> > > > > > > >> > On 05/08/13 11:28 PM, "Bradley Hieber" <[email protected]> > > > > wrote: > > > > > >> > > > > > > >> > >The goal is to have a virtualized dmz area where we can place > > > > public > > > > > >> > >facing > > > > > >> > >webservers, and other software based firewalls to protect the > > > > > different > > > > > >> > >virtualization areas. Each of the virtualization areas will > > host > > > > > >> different > > > > > >> > >environments for clients to utilize. > > > > > >> > > > > > > > >> > > > > > > > >> > >On Mon, Aug 5, 2013 at 1:55 PM, Chip Childers > > > > > >> > ><[email protected]>wrote: > > > > > >> > > > > > > > >> > >> Can you explain a bit more about what your diagram implies? > > > That > > > > > >> might > > > > > >> > >> help us help you. > > > > > >> > >> > > > > > >> > >> > > > > > >> > >> On Mon, Aug 5, 2013 at 10:24 AM, Bradley Hieber < > > > > > [email protected] > > > > > >> > >> >wrote: > > > > > >> > >> > > > > > >> > >> > Is it possible to create this type of architecture with > > > > > cloudstack? > > > > > >> > >>Any > > > > > >> > >> > design ideas you can provide? > > > > > >> > >> > > > > > > >> > >> > http://img850.imageshack.us/img850/7940/lnzp.jpg > > > > > >> > >> > > > > > > >> > >> > -- > > > > > >> > >> > Brad > > > > > >> > >> > > > > > > >> > >> > > > > > >> > > > > > > > >> > > > > > > > >> > > > > > > > >> > >-- > > > > > >> > >Brad > > > > > >> > > > > > > > >> > > > > > > >> > > > > > > >> > > > > > > >> > > > > > >> > > > > > >> -- > > > > > >> Brad > > > > > >> > > > > > > > > > > > > > > > > > > > > > -- > > > Brad > > > > > > > > > -- > Brad >
