Ovirt Engine WAN security
This is a multipart message in MIME format. ------=_NextPart_000_0301_01D01AD6.E6399000 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit I would like to inquire if anyone is using the ovirt engine to control remote datacenters, and if so.. How are you securing it. I realize you cannot devulge trade secrets or your actual setup.. Just general info, like we are using vpn, or SSH.. Thanks for any info anybody can provide. Donny D ------=_NextPart_000_0301_01D01AD6.E6399000 Content-Type: text/html; charset="us-ascii" Content-Transfer-Encoding: quoted-printable <html xmlns:v=3D"urn:schemas-microsoft-com:vml" = xmlns:o=3D"urn:schemas-microsoft-com:office:office" = xmlns:w=3D"urn:schemas-microsoft-com:office:word" = xmlns:m=3D"http://schemas.microsoft.com/office/2004/12/omml" = xmlns=3D"http://www.w3.org/TR/REC-html40"><head><META = HTTP-EQUIV=3D"Content-Type" CONTENT=3D"text/html; = charset=3Dus-ascii"><meta name=3DGenerator content=3D"Microsoft Word 14 = (filtered medium)"><style><!-- /* Font Definitions */ @font-face {font-family:Calibri; panose-1:2 15 5 2 2 2 4 3 2 4;} /* Style Definitions */ p.MsoNormal, li.MsoNormal, div.MsoNormal {margin:0in; margin-bottom:.0001pt; font-size:11.0pt; font-family:"Calibri","sans-serif";} a:link, span.MsoHyperlink {mso-style-priority:99; color:blue; text-decoration:underline;} a:visited, span.MsoHyperlinkFollowed {mso-style-priority:99; color:purple; text-decoration:underline;} span.EmailStyle17 {mso-style-type:personal-compose; font-family:"Calibri","sans-serif"; color:windowtext;} .MsoChpDefault {mso-style-type:export-only; font-family:"Calibri","sans-serif";} @page WordSection1 {size:8.5in 11.0in; margin:1.0in 1.0in 1.0in 1.0in;} div.WordSection1 {page:WordSection1;} --></style><!--[if gte mso 9]><xml> <o:shapedefaults v:ext=3D"edit" spidmax=3D"1026" /> </xml><![endif]--><!--[if gte mso 9]><xml> <o:shapelayout v:ext=3D"edit"> <o:idmap v:ext=3D"edit" data=3D"1" /> </o:shapelayout></xml><![endif]--></head><body lang=3DEN-US link=3Dblue = vlink=3Dpurple><div class=3DWordSection1><p class=3DMsoNormal>I would = like to inquire if anyone is using the ovirt engine to control remote = datacenters, and if so.. How are you securing it. I realize you cannot = devulge trade secrets or your actual setup.. Just general info, like we = are using vpn, or SSH.. <o:p></o:p></p><p = class=3DMsoNormal><o:p> </o:p></p><p class=3DMsoNormal>Thanks for = any info anybody can provide.<o:p></o:p></p><p class=3DMsoNormal>Donny = D<o:p></o:p></p></div></body></html> ------=_NextPart_000_0301_01D01AD6.E6399000--
Hello, Ovirt engine->vdsm communication cannot be exposed to the public Internet. vdsm was not designed to be opened to the public. You should use VPN between the engine and hosts, and add firewall to allow http/https access to engine. Using novnc and websocket proxy will enable you to reroute the display communication via the engine as well. Regards, Alon ----- Original Message -----
From: "Donny Davis" <donny@cloudspin.me> To: users@ovirt.org Sent: Friday, December 19, 2014 12:25:45 AM Subject: [ovirt-users] Ovirt Engine WAN security
I would like to inquire if anyone is using the ovirt engine to control remote datacenters, and if so.. How are you securing it. I realize you cannot devulge trade secrets or your actual setup.. Just general info, like we are using vpn, or SSH..
Thanks for any info anybody can provide.
Donny D
_______________________________________________ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
participants (2)
-
Alon Bar-Lev -
Donny Davis