I do appreciate the assistance David — Sent from Mailbox for iPhone On Tue, Aug 6, 2013 at 7:48 PM, David Comerford <[email protected]> wrote:
> Ah I understand. So you need a "DMZ" network tier with some device on it > that filters all traffic to and from the other tiers? > That's a bit beyond my VPC experience, sorry. Hopefully someone else might > chime in at this point :) > Best regards, > David Comerford > ------------------------ > Tel: +353 87 1238295 > Email: [email protected] > Website: http://dave.ie > GPG key: http://gpg.dave.ie > On 7 August 2013 00:39, Bradley Hieber <[email protected]> wrote: >> In the design we are building, we need to have a DMZ tier that encompasses >> all of the VPC's and all traffic needs to pass through it. >> >> >> On Tue, Aug 6, 2013 at 7:15 PM, David Comerford <[email protected]> >> wrote: >> >> > You don't need a proxy. The VPC is held together by the virtual router. >> > That forwards the traffic to and from all the zones/DMZs or the >> CloudStack >> > term "network tiers". >> > >> > Ideally you would make a Web network tier where the web servers would >> > reside. Anther tier for application servers, anto >> > >> > Best regards, >> > David Comerford >> > ------------------------ >> > Tel: +353 87 1238295 >> > Email: [email protected] >> > Website: http://dave.ie >> > GPG key: http://gpg.dave.ie >> > >> > >> > On 7 August 2013 00:09, Bradley Hieber <[email protected]> wrote: >> > >> > > I need to place a proxy and web servers in my DMZ. Am I just not >> getting >> > > something? >> > > >> > > >> > > On Tue, Aug 6, 2013 at 7:06 PM, David Comerford <[email protected]> >> > > wrote: >> > > >> > > > The DMZ in your diagram would be the Guest Public network you have >> > > defined. >> > > > Each zone you have behind the router can be isolated on it's own VLAN >> > and >> > > > have it's own firewall rules controlling ingress/egress. >> > > > >> > > > This diagram might explain it a bit better: >> > > > >> > > > >> > > >> > >> https://cwiki.apache.org/confluence/download/attachments/30747129/image001.png?version=1&modificationDate=1357237708000 >> > > > >> > > > Best regards, >> > > > David Comerford >> > > > ------------------------ >> > > > Tel: +353 87 1238295 >> > > > Email: [email protected] >> > > > Website: http://dave.ie >> > > > GPG key: http://gpg.dave.ie >> > > > >> > > > >> > > > On 6 August 2013 23:59, Bradley Hieber <[email protected]> wrote: >> > > > >> > > > > How would I force the traffic to go through the DMZ? Would I set a >> > > small >> > > > > LAN in the virtual router to point to a proxy address in the DMZ? >> > > > > — >> > > > > Sent from Mailbox for iPhone >> > > > > >> > > > > On Tue, Aug 6, 2013 at 6:58 PM, David Comerford < >> [email protected] >> > > >> > > > > wrote: >> > > > > >> > > > > > VPC's are the way to go. Your diagram is a text book example. >> > > > > > >> > > > > >> > > > >> > > >> > >> http://cloudstack.apache.org/docs/en-US/Apache_CloudStack/4.0.2/html/Installation_Guide/configure-vpc.html >> > > > > > Best regards, >> > > > > > David Comerford >> > > > > > ------------------------ >> > > > > > Tel: +353 87 1238295 >> > > > > > Email: [email protected] >> > > > > > Website: http://dave.ie >> > > > > > GPG key: http://gpg.dave.ie >> > > > > > On 6 August 2013 14:36, Bradley Hieber <[email protected]> >> > wrote: >> > > > > >> It could very well be VPC's. The idea is we are planning on >> using >> > > 5-6 >> > > > > hosts >> > > > > >> in this environment. So designing the solution to fit this >> > hardware >> > > > > >> requirement is critical. >> > > > > >> >> > > > > >> >> > > > > >> On Tue, Aug 6, 2013 at 9:29 AM, Murali Reddy < >> > > [email protected] >> > > > > >> >wrote: >> > > > > >> >> > > > > >> > >> > > > > >> > Can 'hosting zones' represented in diagram can be contained >> > into a >> > > > > >> > CloudStack zone? If so you can dedicated set of hosts to be in >> > the >> > > > > DMZ. >> > > > > >> > Then you can leverage 'host tags' [1] functionality to place >> > VM's >> > > > > >> > providing edge services (CloudStack system VM's or user VM's) >> on >> > > the >> > > > > >> hosts >> > > > > >> > dedicated in DMZ. >> > > > > >> > >> > > > > >> > [1] >> > > > > >> https://cwiki.apache.org/CLOUDSTACK/host-tags-and-storage-tags.html >> > > > > >> > >> > > > > >> > On 05/08/13 11:28 PM, "Bradley Hieber" <[email protected]> >> > > > wrote: >> > > > > >> > >> > > > > >> > >The goal is to have a virtualized dmz area where we can place >> > > > public >> > > > > >> > >facing >> > > > > >> > >webservers, and other software based firewalls to protect the >> > > > > different >> > > > > >> > >virtualization areas. Each of the virtualization areas will >> > host >> > > > > >> different >> > > > > >> > >environments for clients to utilize. >> > > > > >> > > >> > > > > >> > > >> > > > > >> > >On Mon, Aug 5, 2013 at 1:55 PM, Chip Childers >> > > > > >> > ><[email protected]>wrote: >> > > > > >> > > >> > > > > >> > >> Can you explain a bit more about what your diagram implies? >> > > That >> > > > > >> might >> > > > > >> > >> help us help you. >> > > > > >> > >> >> > > > > >> > >> >> > > > > >> > >> On Mon, Aug 5, 2013 at 10:24 AM, Bradley Hieber < >> > > > > [email protected] >> > > > > >> > >> >wrote: >> > > > > >> > >> >> > > > > >> > >> > Is it possible to create this type of architecture with >> > > > > cloudstack? >> > > > > >> > >>Any >> > > > > >> > >> > design ideas you can provide? >> > > > > >> > >> > >> > > > > >> > >> > http://img850.imageshack.us/img850/7940/lnzp.jpg >> > > > > >> > >> > >> > > > > >> > >> > -- >> > > > > >> > >> > Brad >> > > > > >> > >> > >> > > > > >> > >> >> > > > > >> > > >> > > > > >> > > >> > > > > >> > > >> > > > > >> > >-- >> > > > > >> > >Brad >> > > > > >> > > >> > > > > >> > >> > > > > >> > >> > > > > >> > >> > > > > >> >> > > > > >> >> > > > > >> -- >> > > > > >> Brad >> > > > > >> >> > > > > >> > > > >> > > >> > > >> > > >> > > -- >> > > Brad >> > > >> > >> >> >> >> -- >> Brad >>
