VMware Cloud Community
SzosszeNET
Contributor
Contributor
‎10-13-2012 02:59 PM

vmware with public ip?

Hello,

Just wondering if it makes any sense to put out a management network interface to the internet securely or not.

The problem (not a problem btw a really good thing) : I have my gateway/firewall ( the critical one) and some other also severe impact services running on it.

The servers are hosted in a datacenter reachable only in few hours. Remote hands is available, but I just would prefer a second backup solution.

The scenario assign a public ip as managment if. Secure it (maybe operate it on a different port is possible - this case also vshere client mod is needed I think). I wish to keep root user just would like to deny it's login from non-trusted (ie internet) zone.

Also I know I can allow connections for certain IPs or ranges, will be done, but I can only limit to certain contries/europe, but that's still a large number of potencial hackers. :smileygrin:

And genrally any other idea is welcome to make this (if possbile as secure as possible).

I have vmware 5.0 free.

Many thanks.

Cheers,

0 Kudos
3 Replies
MatthewShort
Contributor
Contributor
‎10-13-2012 11:36 PM

If you lock it down to any known statics that you could be coming from (for the vsphere client) that is pretty secure (and what I do).  The other thing is to remove shell access from the root user and create another user account that has shell access.

SzosszeNET
Contributor
Contributor
‎10-14-2012 12:35 AM

Thanks,

The shell access indeed a great idea.

One problem I could specify some fix ip's, but generally that's not a real solution for me.

I mean if I have to do anything while I'm in a hotel, etc I cannot know their IP and probably they have dynamic (as well as I have home).

Maybe keyauth I was thinking of.

However you gave me an idea :

Shh from outside allowed on a non-standard port with keyauth. If needed I log in and via CLI modify the firewall and allow vsphere client, and voila!

Rather a process than a solution, but seems secure.

0 Kudos
Ethan44
Enthusiast
Enthusiast
‎10-15-2012 06:56 AM

Hi SzosszeNET

Hope doing great .

I mean if I have to do anything while I'm in a hotel, etc I cannot know their IP and probably they have dynamic

In this case you may need to configure dyndns & point to esxi ip. This come to my mind.

"a journey of a thousand miles starts with a single step"
0 Kudos