[OOTB-infra] Live showcase
Heiko Robert
heiko.orderofthebee.info at ecm4u.de
Fri Oct 17 18:17:31 BST 2014
Martin,
my suggestion would be to make all VMs accessable via HTTP/HTTPS from
one public IP.
We can register as much subdomains as we want and create CNAME entries
to the one real one A-HOST. 80/443 will be forwarded to a minimal
reverse-proxy VM running a hardened apache. Every subdomain has its own
virtual host and mod_proxy_ajp config. Resolution is then done from one
apache by hostname/subdomain. We are running > 20 testsystems that way
at a time. If you want to access another VM we just need to make an DNS
entry, copy the virtual host config and change subdomain name/VM-IP. If
you have only one access point / one reverse proxy it's much easier to
make it secure, bann attacks etc.
If direct SSH access is required we could forward SSH on ports like
9122, 9222,9322 etc. or better we use VPN for that. If we use VPN we are
save here also and don't need to monitor every VM.
So my suggestion is:
Order
* 1 EX4 box with remark "prepared with ESX 5.1 (to run with the Realtec
card)"
* 2nd IP can be ordered/activated when hardware is seen in the Admin
interface
When everything is set up we can order a second machine and devide VM in
a manner: productive/official systems like website, blog, demos run on
the first server and all testing, develop/build/stressing VMs can be
moved to the second server.
We can automatically create online VM snapshots from one host to the
other. This makes backup / desaster recovery very easy.
Am 16.10.2014 um 18:46 schrieb Martin Cosgrave:
> Not sure I'm following the logic; we probably want the VMs to be
> independently addressable from the internet even if they go through
> 1:1 NAT in pfsense
More information about the OOTB-infra
mailing list