Hello,
Just wondering if it makes any sense to put out a management network interface to the internet securely or not.
The problem (not a problem btw a really good thing) : I have my gateway/firewall ( the critical one) and some other also severe impact services running on it.
The servers are hosted in a datacenter reachable only in few hours. Remote hands is available, but I just would prefer a second backup solution.
The scenario assign a public ip as managment if. Secure it (maybe operate it on a different port is possible - this case also vshere client mod is needed I think). I wish to keep root user just would like to deny it's login from non-trusted (ie internet) zone.
Also I know I can allow connections for certain IPs or ranges, will be done, but I can only limit to certain contries/europe, but that's still a large number of potencial hackers. :smileygrin:
And genrally any other idea is welcome to make this (if possbile as secure as possible).
I have vmware 5.0 free.
Many thanks.
Cheers,
If you lock it down to any known statics that you could be coming from (for the vsphere client) that is pretty secure (and what I do). The other thing is to remove shell access from the root user and create another user account that has shell access.
Thanks,
The shell access indeed a great idea.
One problem I could specify some fix ip's, but generally that's not a real solution for me.
I mean if I have to do anything while I'm in a hotel, etc I cannot know their IP and probably they have dynamic (as well as I have home).
Maybe keyauth I was thinking of.
However you gave me an idea :
Shh from outside allowed on a non-standard port with keyauth. If needed I log in and via CLI modify the firewall and allow vsphere client, and voila!
Rather a process than a solution, but seems secure.
Hi SzosszeNET
Hope doing great .
I mean if I have to do anything while I'm in a hotel, etc I cannot know their IP and probably they have dynamic
In this case you may need to configure dyndns & point to esxi ip. This come to my mind.