Internet access is not a requirement by any means. Your public network
must be able to reach your webserver - thats as far as it goes.
Aslo, in global settings, define your networks for a config
secstorage.allowed.internal.sites to your trusted networks, comma seprated..
i.e. 192.168.0.0/16,10.0.0.0/8
On 5/28/15 3:07 PM, Andrija Panic wrote:
Correct. Public netowrk,is the one attached to VR, SSVM, CPVM ("public" NIC
inside these system VMs)
On 29 May 2015 at 00:04, Alex McWhirter <[email protected]> wrote:
So in other words, the public network can be any network that has internet
access? I doesn't necessarily have to provide public ip adddress, but at
least IP addresses that are routable to the internet?
On 05/28/2015 05:35 PM, Erik Weber wrote:
On Thu, May 28, 2015 at 11:21 PM, Alex McWhirter <
[email protected]>
wrote:
On 05/28/2015 05:16 PM, Erik Weber wrote:
On Thu, May 28, 2015 at 11:11 PM, Alex McWhirter <
[email protected]>
wrote:
I'm working on a private cloud using cloudstack and im stuck on which
networking topology i should chose. Our network is segregated by VLANS
and
each department has it's own VLAN. I want to add each department into
CloudStack as a project and then add users into each project. Each
project
should have it's own VLAN.
So the KVM hosts have two physical NIC's. One dedicated purely for NFS
and
the other for the rest of the networking.
eth0 - General networking, VLAN trunk enabled
eth1 - NFS, no VLAN trunking enabled.
In the Basic mode i should be able to setup a single physical network
with
management labeled to eth0, storage labeled to eth1, and guest labeled
to
br0 (which is attached to eth0).
But in this scenario how can i tell each project to tag it's guests
traffic to a different VLAN?
Advanced mode seems way to complex for what i want to do. I don't need
a
public network. We have a hardware gateway for that. I don’t need any
virtual routers or anything like that as well. I just need a guest to
boot
tagged to a specific VLAN and the gateway should handle the DHCP and
routing.
Basic network doesn't support multiple isolated networks (AFAIK).
You would probably want to check out shared networks in advanced mode,
that'll let you use your hardware router etc.
I think you still need to provide a small public range for system vms
and
such, but your tenants won't have to use that, they can rely on shared
networks.
Do i have the wrong idea on what the public network is? Im taking
public
as in actual public IP space on the internet?
Or is it something different like the network the management server uses
to talk to the KVM hosts?
Just to clarify why there is a distinct public network - not all
companies/organizations/whatever allow internet access from (all) their
networks.
This way we're able to ensure that those VMs who needs it, usually system
vms and routers, have internet access, while things like management and
storage networks doesn't require that access.
