
<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:st1="urn:schemas-microsoft-com:office:smarttags" xmlns="http://www.w3.org/TR/REC-html40">


<head>

<meta http-equiv=Content-Type content="text/html; charset=us-ascii">

<meta name=Generator content="Microsoft Word 11 (filtered medium)">

<!--[if !mso]>

<style>

v\:* {behavior:url(#default#VML);}

o\:* {behavior:url(#default#VML);}

w\:* {behavior:url(#default#VML);}

.shape {behavior:url(#default#VML);}

</style>

<![endif]--><o:SmartTagType

 namespaceuri="urn:schemas-microsoft-com:office:smarttags" name="PersonName"/>

<!--[if !mso]>

<style>

st1\:*{behavior:url(#default#ieooui) }

</style>

<![endif]-->

<style>

<!--

 /* Font Definitions */

 @font-face

        {font-family:Tahoma;

        panose-1:2 11 6 4 3 5 4 4 2 4;}

 /* Style Definitions */

 p.MsoNormal, li.MsoNormal, div.MsoNormal

        {margin:0in;

        margin-bottom:.0001pt;

        font-size:12.0pt;

        font-family:"Times New Roman";}

a:link, span.MsoHyperlink

        {color:blue;

        text-decoration:underline;}

a:visited, span.MsoHyperlinkFollowed

        {color:blue;

        text-decoration:underline;}

span.EmailStyle17

        {mso-style-type:personal-reply;

        font-family:Arial;

        color:navy;}

@page Section1

        {size:8.5in 11.0in;

        margin:1.0in 1.25in 1.0in 1.25in;}

div.Section1

        {page:Section1;}

-->

</style>


</head>


<body lang=EN-US link=blue vlink=blue>


<div class=Section1>


<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:

10.0pt;font-family:Arial;color:navy'>Hi Daniel,<o:p></o:p></span></font></p>


<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:

10.0pt;font-family:Arial;color:navy'><o:p> </o:p></span></font></p>


<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:

10.0pt;font-family:Arial;color:navy'>It’s recommended to separate the external

traffic reaching the Dashboard from the management, so the Dashboard server(s)

should have at least two NICs (public and management).<o:p></o:p></span></font></p>


<p class=MsoNormal><st1:PersonName w:st="on"><font size=2 color=navy

 face=Arial><span style='font-size:10.0pt;font-family:Arial;color:navy'>The</span></font></st1:PersonName><font

size=2 color=navy face=Arial><span style='font-size:10.0pt;font-family:Arial;

color:navy'> installation guide covers only one of the multitudes of possible

deployment scenarios, and in this case it describes a single NIC deployment

model.<o:p></o:p></span></font></p>


<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:

10.0pt;font-family:Arial;color:navy'><o:p> </o:p></span></font></p>


<p class=MsoNormal><st1:PersonName w:st="on"><font size=2 color=navy

 face=Arial><span style='font-size:10.0pt;font-family:Arial;color:navy'>The</span></font></st1:PersonName><font

size=2 color=navy face=Arial><span style='font-size:10.0pt;font-family:Arial;

color:navy'> security recommendations for the Keystone endpoints are discussed

in the Security guide (<a

href="http://docs.openstack.org/security-guide/content/ch021_paste-and-middleware.html">http://docs.openstack.org/security-guide/content/ch021_paste-and-middleware.html</a>)

which is a must-read before deploying Openstack in production.<o:p></o:p></span></font></p>


<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:

10.0pt;font-family:Arial;color:navy'><o:p> </o:p></span></font></p>


<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:

10.0pt;font-family:Arial;color:navy'>George<o:p></o:p></span></font></p>


<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:

10.0pt;font-family:Arial;color:navy'><o:p> </o:p></span></font></p>


<div>


<div class=MsoNormal align=center style='text-align:center'><font size=3

face="Times New Roman"><span style='font-size:12.0pt'>


<hr size=2 width="100%" align=center tabindex=-1>


</span></font></div>


<p class=MsoNormal><b><font size=2 face=Tahoma><span style='font-size:10.0pt;

font-family:Tahoma;font-weight:bold'>From:</span></font></b><font size=2

face=Tahoma><span style='font-size:10.0pt;font-family:Tahoma'> Daniel Petersen

[mailto:daniel.petersen@hpc2n.umu.se] <br>

<b><span style='font-weight:bold'>Sent:</span></b> Thursday, June 12, 2014 3:20

AM<br>

<b><span style='font-weight:bold'>To:</span></b> openstack@lists.openstack.org<br>

<b><span style='font-weight:bold'>Subject:</span></b> [Openstack] Adapting the

install guide network setup for production</span></font><o:p></o:p></p>


</div>


<p class=MsoNormal><font size=3 face="Times New Roman"><span style='font-size:

12.0pt'><o:p> </o:p></span></font></p>


<div>


<p class=MsoNormal><font size=3 face="Times New Roman"><span style='font-size:

12.0pt'><br clear=all>

<o:p></o:p></span></font></p>


<div>


<p class=MsoNormal><font size=3 face=Arial><span style='font-size:12.0pt;

font-family:Arial'>edit: failed to add '[Openstack]' to the subject line

previously. Hopefully avoiding everyone's spam filter this time around!</span></font><o:p></o:p></p>


</div>


<div>


<p class=MsoNormal><font size=3 face="Times New Roman"><span style='font-size:

12.0pt'><o:p> </o:p></span></font></p>


</div>


<div>


<p class=MsoNormal><font size=1 face=Arial><span style='font-size:8.5pt;

font-family:Arial'>Hi,</span></font><o:p></o:p></p>


<div>


<p class=MsoNormal><font size=1 face=Arial><span style='font-size:8.5pt;

font-family:Arial'><o:p> </o:p></span></font></p>


</div>


<div>


<p class=MsoNormal><font size=1 face=Arial><span style='font-size:8.5pt;

font-family:Arial'>Using the network strategy from the 'Installation Guide for

Ubuntu' here:<o:p></o:p></span></font></p>


</div>


<div>


<p class=MsoNormal><font size=1 face=Arial><span style='font-size:8.5pt;

font-family:Arial'><o:p> </o:p></span></font></p>


</div>


<div>


<p class=MsoNormal><font size=1 face=Arial><span style='font-size:8.5pt;

font-family:Arial'><a

href="http://docs.openstack.org/icehouse/install-guide/install/apt/content/basics-networking-neutron.html"

target="_blank">http://docs.openstack.org/icehouse/install-guide/install/apt/content/basics-networking-neutron.html</a><o:p></o:p></span></font></p>


</div>


<div>


<p class=MsoNormal><font size=1 face=Arial><span style='font-size:8.5pt;

font-family:Arial'><o:p> </o:p></span></font></p>


</div>


<div>


<p class=MsoNormal><font size=1 face=Arial><span style='font-size:8.5pt;

font-family:Arial'>How might one adapt this for a production setup,

particularly with security in mind?<o:p></o:p></span></font></p>


</div>


<div>


<p class=MsoNormal><font size=1 face=Arial><span style='font-size:8.5pt;

font-family:Arial'><o:p> </o:p></span></font></p>


</div>


<div>


<p class=MsoNormal><font size=1 face=Arial><span style='font-size:8.5pt;

font-family:Arial'>A couple of thoughts that lead to this question:<o:p></o:p></span></font></p>


</div>


<div>


<p class=MsoNormal><font size=1 face=Arial><span style='font-size:8.5pt;

font-family:Arial'><o:p> </o:p></span></font></p>


</div>


<div>


<p class=MsoNormal><font size=1 face=Arial><span style='font-size:8.5pt;

font-family:Arial'>*With the controller node having only one NIC, all

management communication is passing through the same NIC as user API or

dashboard traffic. Wouldn't it be better to move user facing services, such as

the dashboard to another 'external' interface, thus keeping the management

network and interface isolated from external traffic?<o:p></o:p></span></font></p>


</div>


<div>


<p class=MsoNormal><font size=1 face=Arial><span style='font-size:8.5pt;

font-family:Arial'><o:p> </o:p></span></font></p>


</div>


<div>


<p class=MsoNormal><font size=1 face=Arial><span style='font-size:8.5pt;

font-family:Arial'>*Possibly related, how would the API service endpoint URLs

be affected by this change, or how should they be configured? (publicurl,

internalurl, adminurl) <o:p></o:p></span></font></p>


</div>


<div>


<p class=MsoNormal><font size=1 face=Arial><span style='font-size:8.5pt;

font-family:Arial'>As an aside, where might I find a good explanation of the

respective roles of these URLs? <st1:PersonName w:st="on">The</st1:PersonName>

CLI Reference only states the obvious, e.g.: "--publicurl - Public URL endpoint"<o:p></o:p></span></font></p>


</div>


<div>


<p class=MsoNormal><font size=1 face=Arial><span style='font-size:8.5pt;

font-family:Arial'><o:p> </o:p></span></font></p>


</div>


<div>


<p class=MsoNormal><font size=1 face=Arial><span style='font-size:8.5pt;

font-family:Arial'>Regards,<br clear=all>

<o:p></o:p></span></font></p>


<div>


<p class=MsoNormal><font size=1 face=Arial><span style='font-size:8.5pt;

font-family:Arial'><o:p> </o:p></span></font></p>


</div>


<div>


<p class=MsoNormal><font size=1 face=Arial><span style='font-size:8.5pt;

font-family:Arial'>Daniel<o:p></o:p></span></font></p>


</div>


</div>


</div>


<div>


<div>


<p class=MsoNormal><font size=3 face="Times New Roman"><span style='font-size:

12.0pt'><o:p> </o:p></span></font></p>


</div>


</div>


</div>


</div>


</body>


</html>