Something that doesn't seem to be well discussed is how safe Openstack (and the corresponding services/API's) is to be exposed to the public. For instance, how safe is it to expose port 5000 to the general public? Port 8774?
Right now, the only thing we have exposed to the public is the Horizon dashboard. Our controller current sits on a private LAN segment (172.x.x.x). Anything that we do with the API, we utilize a VPN for (for the moment). So, how safe is it, and what can be safely exposed? We would like to enable our users (even if it is closely controlled via hardware firewall rules) to utilize the various API's. On an alternate topic, since we utilizing hardware firewalls, and thus, NAT, when we attempt to connect the the PUBLIC IP address (API, say 5000), our connection stalls attempting to make a connection to private_ip:8774. We assume this is what the public_endpoint directive in keystone.conf is for? (If it matters, we are running the Essex release on Ubuntu 12.04). Michael _______________________________________________ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
