In the previous post, you saw an overview of the OpSource Cloud, a VMware vSphere-backed public IaaS cloud. Today we take a look at connecting to virtual machine instances for managing and consuming services.
OpSource networking is based on Cisco switches and security; cloud users have various options for configuring access for management or public services. When new virtual machines are instantiated, they are assigned private IP addresses and cannot be accessed from the Internet directly. This is a good thing for security, but how does an administrator manage workloads in the cloud?
VPN for VM Management
Cisco SSL VPN capabilities are built into this cloud platform, so administrators can connect from anywhere to securely manage virtual machines. This is very easy to use and even works from behind corporate firewalls and proxy servers — something that may be a concern if your public cloud requires direct access via SSH or RDP.
Directly Connect with NAT
For VMs providing services to the public Internet, a 1-1 NAT mapping can be configured for any of the 8 public IP addresses that come standard with an account. There are also richer load balancing capabilities that can spread requests across multiple web servers.
With a NAT mapping in place, it is possible to SSH or RDP without connecting via VPN — if desired — provided the necessary ACL (access-control list) is configured in the firewall:
These networking features provide enough security and flexibility for most private cloud needs. It’s a big benefit for corporate users to be able to connect via SSL VPN, since RDP and SSH are often blocked in this scenario to enhance security.