Xen online security
Hi, I know exposing stuff to the internet is bad per se for security. But do people expose Orchestra to internet in production environments?
Yes, there's various deployments done that way. XOA login got an anti-brute force system reducing the attempts per second. Obviously, if you do that, you MUST have good password and not having an obvious username.
Then, reducing your attack surface is a good idea, so you can also use a VPN (wireguard or OpenVPN) to not expose it to everyone directly.
There’s usually little to no reasons to expose any mgmt systems to internet in actual production environments. Especially if it’s strictly for internal mgmt purposes. XO is no exception. Not because the system would be unsecure, but you simply want to make any attack surface as small as possible. It’s just a best a practice.