I am using Orchestrator in a multi-tenancy environment. What I need to try to do is:
Set up a master orchestrator instance where I can centralize workflow execution.
Set up slave instances in the different tenant environments that I can call with the Multi-node plug-in.
The problem is that the environments are separated and can only be accessed via a vpn tunnel.
how should I set up orchestrator master and slave to communicate over the vpn?
Should I:
1. Use a "VPN connection plugin" if there is one, to establish a connection over the vpn?
2. Use the HTTP-Rest plug-in, and give both vCO's a public IP and some time of public web interface, if that can be done securely, perhaps sticking slave vCO's in DMZ's?
3. Some other way?
Thanks for input!
If you have an always on VPN connection to the remote/slave instances then just open Firewall ports to allow the master to communicate to the remote/slave instance.
Ports are listed on page 38 & 39:
Multi-node plugin documentation:
From what I can tell you would need the following ports opened from the master (source) to the remote/slave (destination):
Anyone?
The multinode plug-in (in recent versions) is using the vCO REST API so you just have to make sure a master vCO can access to vCO API port.
AFAIK, there is no VPN plug-in.
What use case scenarios do you want to cover? For example, do you want the master vCO to control VPN connections to slave vCOs? Eg. master vCO establishes a new VPN connection to a given slave vCO, then calls a vCO REST API to invoke a workflow on the child vCO, and then drops the VPN connection.
If you have an always on VPN connection to the remote/slave instances then just open Firewall ports to allow the master to communicate to the remote/slave instance.
Ports are listed on page 38 & 39:
Multi-node plugin documentation:
From what I can tell you would need the following ports opened from the master (source) to the remote/slave (destination):
Ok thanks. I think that basically answers it. I have to either have a dedicated VPN connection, or I need to create a plug-in/workflow to establish a VPN connection temporarily when the master and slave VCO need to communicate.