XCP-ng
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Groups
    • Register
    • Login

    Continuous replication over WAN ?

    Scheduled Pinned Locked Moved Advanced features
    13 Posts 3 Posters 868 Views 4 Watching
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • olivierlambertO Offline
      olivierlambert Vates 🪐 Co-Founder CEO
      last edited by

      Hi!

      It's now called "Incremental replication", and yes, you can use it regardless the link type 🙂

      1 Reply Last reply Reply Quote 0
      • planedropP Offline
        planedrop Top contributor
        last edited by

        You can do this, first things first though I'd highly recommend using a VPN instead of just letting it do it over the public internet. Wireguard is pretty easy to get going and very fast.

        1 Reply Last reply Reply Quote 0
        • olivierlambertO Offline
          olivierlambert Vates 🪐 Co-Founder CEO
          last edited by olivierlambert

          If you have XO proxies on the other end, it's pretty secure. Also the traffic itself is encrypted. I would simply avoid to expose host APIs on the internet (therefore using XO proxies or a VPN or any tunneling solution)

          planedropP S 2 Replies Last reply Reply Quote 1
          • planedropP Offline
            planedrop Top contributor @olivierlambert
            last edited by

            @olivierlambert true, proxies help a lot, I personally still just prefer to avoid things on the WAN as much as I can and IMO VPNs aren't too hard nowadays.

            But either is fine for sure.

            1 Reply Last reply Reply Quote 0
            • S Offline
              SylvainB @olivierlambert
              last edited by

              @olivierlambert

              So, if I understand correctly, we can, from site A, replicate on site B with incremental replication using an XOProxy present on site B?

              This proxy is exposed on the internet, is that right? Can the proxy manage an IP address whitelist?

              1 Reply Last reply Reply Quote 0
              • planedropP Offline
                planedrop Top contributor
                last edited by

                Either way you should have a firewall on both sides right? So you could just use the firewall to whitelist things with rules to the proxy.

                I think personally I'd take the VPN route here, but @olivierlambert may disagree and if I'm honest I haven't used XO Proxy much so maybe I'm way off here lol.

                1 Reply Last reply Reply Quote 0
                • olivierlambertO Offline
                  olivierlambert Vates 🪐 Co-Founder CEO
                  last edited by

                  If you use a proxy, you don't need to white list anything, because there's a secret token to allow connect to the proxy from the main XOA. That's the great thing about the proxy: it's pretty small (reducing the attack surface) and only communicating with a valid token in HTTPS. So it's pretty safe to expose the Proxy (and nothing else on the remote site).

                  planedropP 1 Reply Last reply Reply Quote 1
                  • planedropP Offline
                    planedrop Top contributor @olivierlambert
                    last edited by

                    @olivierlambert That's actually something I didn't know about XO Proxy, learn something new everyday haha!

                    1 Reply Last reply Reply Quote 0
                    • olivierlambertO Offline
                      olivierlambert Vates 🪐 Co-Founder CEO
                      last edited by olivierlambert

                      Again, both solutions are valid: tunnels or XO proxies. XO Proxies are meant to simplify the case where you can't extend your current network with tunnels and/or VPNs. So you can build your XCP-ng infrastructure across different places and different network while still enjoy a central XO console to manage AND backup them all 🙂

                      S 1 Reply Last reply Reply Quote 1
                      • S Offline
                        SylvainB @olivierlambert
                        last edited by

                        @olivierlambert

                        Thank you Olivier,

                        I still need to clarify two points:

                        How can we manage an XCP-NG infrastructure present on a site B, from an XOA present on a site A?

                        How to deploy XOProxy on site B infrastructure from site A?

                        1 Reply Last reply Reply Quote 0
                        • olivierlambertO Offline
                          olivierlambert Vates 🪐 Co-Founder CEO
                          last edited by olivierlambert

                          See https://xen-orchestra.com/blog/xo-proxy-a-concrete-guide/ 🙂

                          We use that setup for our own remote site which is only reachable via internet, so the proxy on site B allows us to manage everything from the main site.

                          S 1 Reply Last reply Reply Quote 0
                          • S Offline
                            SylvainB @olivierlambert
                            last edited by

                            @olivierlambert

                            Thank you very much Olivier, this is exactly what I want to do!

                            1 Reply Last reply Reply Quote 1
                            • First post
                              Last post