XCP-ng
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Groups
    • Register
    • Login

    Xen online security

    Scheduled Pinned Locked Moved Xen Orchestra
    3 Posts 3 Posters 829 Views 4 Watching
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • A Offline
      adriangabura
      last edited by

      Hi, I know exposing stuff to the internet is bad per se for security. But do people expose Orchestra to internet in production environments?

      1 Reply Last reply Reply Quote 0
      • olivierlambertO Offline
        olivierlambert Vates 🪐 Co-Founder CEO
        last edited by

        Yes, there's various deployments done that way. XOA login got an anti-brute force system reducing the attempts per second. Obviously, if you do that, you MUST have good password and not having an obvious username.

        Then, reducing your attack surface is a good idea, so you can also use a VPN (wireguard or OpenVPN) to not expose it to everyone directly.

        1 Reply Last reply Reply Quote 1
        • ronivayR Offline
          ronivay Top contributor
          last edited by ronivay

          There’s usually little to no reasons to expose any mgmt systems to internet in actual production environments. Especially if it’s strictly for internal mgmt purposes. XO is no exception. Not because the system would be unsecure, but you simply want to make any attack surface as small as possible. It’s just a best a practice.

          1 Reply Last reply Reply Quote 0

          Hello! It looks like you're interested in this conversation, but you don't have an account yet.

          Getting fed up of having to scroll through the same posts each visit? When you register for an account, you'll always come back to exactly where you were before, and choose to be notified of new replies (either via email, or push notification). You'll also be able to save bookmarks and upvote posts to show your appreciation to other community members.

          With your input, this post could be even better 💗

          Register Login
          • First post
            Last post