<div dir="ltr"><br clear="all"><div><font face="arial, sans-serif">edit: failed to add '[Openstack]' to the subject line previously. Hopefully avoiding everyone's spam filter this time around!</font></div><div>
<span style="font-family:arial,sans-serif;font-size:12.727272033691406px"><br></span></div><div><span style="font-family:arial,sans-serif;font-size:12.727272033691406px">Hi,</span><div style="font-family:arial,sans-serif;font-size:12.727272033691406px">
<br></div><div style="font-family:arial,sans-serif;font-size:12.727272033691406px">Using the network strategy from the 'Installation Guide for Ubuntu' here:</div><div style="font-family:arial,sans-serif;font-size:12.727272033691406px">
<br></div><div style="font-family:arial,sans-serif;font-size:12.727272033691406px"><a href="http://docs.openstack.org/icehouse/install-guide/install/apt/content/basics-networking-neutron.html" target="_blank">http://docs.openstack.org/icehouse/install-guide/install/apt/content/basics-networking-neutron.html</a></div>
<div style="font-family:arial,sans-serif;font-size:12.727272033691406px"><br></div><div style="font-family:arial,sans-serif;font-size:12.727272033691406px">How might one adapt this for a production setup, particularly with security in mind?</div>
<div style="font-family:arial,sans-serif;font-size:12.727272033691406px"><br></div><div style="font-family:arial,sans-serif;font-size:12.727272033691406px">A couple of thoughts that lead to this question:</div><div style="font-family:arial,sans-serif;font-size:12.727272033691406px">
<br></div><div style="font-family:arial,sans-serif;font-size:12.727272033691406px">*With the controller node having only one NIC, all management communication is passing through the same NIC as user API or dashboard traffic. Wouldn't it be better to move user facing services, such as the dashboard to another 'external' interface, thus keeping the management network and interface isolated from external traffic?</div>
<div style="font-family:arial,sans-serif;font-size:12.727272033691406px"><br></div><div style="font-family:arial,sans-serif;font-size:12.727272033691406px">*Possibly related, how would the API service endpoint URLs be affected by this change, or how should they be configured? (publicurl, internalurl, adminurl) </div>
<div style="font-family:arial,sans-serif;font-size:12.727272033691406px">As an aside, where might I find a good explanation of the respective roles of these URLs? The CLI Reference only states the obvious, e.g.: "--publicurl - Public URL endpoint"</div>
<div style="font-family:arial,sans-serif;font-size:12.727272033691406px"><br></div><div style="font-family:arial,sans-serif;font-size:12.727272033691406px">Regards,<br clear="all"><div><br></div><div dir="ltr">Daniel</div>
</div></div><div dir="ltr"><div><br></div></div>
</div>