Ask Your Question

Revision history [back]

I would recommend you to hide your complete OpenStack management network in a separate VLAN. And then setup a HaProxy as firewall and just forward the needed ports (with a ip whitelist if possible). Or just use a VPN server to access these services.

Horizon does not have protections against brute-force attacks or something like that. The same counts also for the Keystone API.