[OOTB-infra] Live showcase

[Heiko Robert]

Martin,

my suggestion would be to make all VMs accessable via HTTP/HTTPS from 
one public IP.
We can register as much subdomains as we want and create CNAME entries 
to the one real one A-HOST. 80/443 will be forwarded to a minimal 
reverse-proxy VM running a hardened apache. Every subdomain has its own 
virtual host and mod_proxy_ajp config. Resolution is then done from one 
apache by hostname/subdomain. We are running > 20 testsystems that way 
at a time. If you want to access another VM we just need to make an DNS 
entry, copy the virtual host config and change subdomain name/VM-IP. If 
you have only one access point / one reverse proxy it's much easier to 
make it secure, bann attacks etc.

If direct SSH access is required we could forward SSH on ports like 
9122, 9222,9322 etc. or better we use VPN for that. If we use VPN we are 
save here also and don't need to monitor every VM.

So my suggestion is:

Order
* 1 EX4 box with remark "prepared with ESX 5.1 (to run with the Realtec 
card)"
* 2nd IP can be ordered/activated when hardware is seen in the Admin 
interface

When everything is set up we can order a second machine and devide VM in 
a manner: productive/official systems like website, blog, demos run on 
the first server and all testing, develop/build/stressing VMs can be 
moved to the second server.
We can automatically create online VM snapshots from one host to the 
other. This makes backup / desaster recovery very easy.


Am 16.10.2014 um 18:46 schrieb Martin Cosgrave:
> Not sure I'm following the logic; we probably want the VMs to be 
> independently addressable from the internet even if they go through 
> 1:1 NAT in pfsense