How do you remotly manage XO
-
Hi,
I am new in xcp-ng or xenserver.
I installed Xcp-ng on 3 servers and installed XO community in VM and I can managed all the node with no issue.
I am d=going to send the servers to the datacenter soon and I was wondering how to manage Xen Orchestra when it its no longer on the same LAN as me.In front of the server I run pfSense so my option as far as i can see is:
Opt1: openvpn to pfSense and and access xcp-ng nodes
Opt2: set public ip to all xcp-ng nodes.How do you guys do it?
I welcome any sugestion
Thank you
-
Host XO in the DC, only expose it (and not XCP-ng APIs). This way it will work and acting like a "proxy" for you (one entry point to manage all your stuff)
-
@olivierlambert said in How do you remotly manage XO:
Host XO in the DC, only expose it
So do I set a firewall to only allow access to https to that VM to my IP for example?
Or is there other way in XO itself? -
For example, XOA is already running with a firewall and some customers do expose it only in HTTPS. Then, XOA will connect "internally" to the other hosts (in the same DC). There is already, in XO login mechanism, an anti-brute force system, plus you can use a SSO system with it.
Only HTTPS can be exposed and it will work
-
Thank you
-
@fred974 if you are unsure, do only expose the vpn port of your firewall. It is much safer as exposing your management tool (xenorchestra) to the whole (hacker) world.
-
Thank you @borzel
-
Only thru VPN.
