More tenants than Floating IP's - How to provide connectivity?

asked 2015-12-09 13:05:21 -0500

anonymous user

Anonymous

updated 2015-12-09 14:32:07 -0500

I'm new to OpenStack and, after completing a pilot installation, am designing a cloud infrastructure to support an organization of ~100 people. I envision each person in the org setting up his or her own tenant and instantiating a mixture of Windows and Linux machines on a private, isolated tenant network.

My problem is that I've only been allocated 5 IP addresses on the corporate network. I need to use a couple of those for things like the Horizon interface and one or two other infrastructure servers that need to be exposed to both corpnet and the VM infrastructure. Everything else has to be on an isolated (physical) network that's not directly connected to corpnet. That leaves only 2 or 3 IP addresses to provide client connectivity to the VM's. (The original architecture had Windows on the physical boxes and connectivity was provided through a TS Gateway "hop box" that had one NIC on corpnet and one NIC on the isolated network.)

Ideally, I'd like to allow clients to make HTTP, HTTPS, SSH, and/or RDP connections to the VM's. I'd like the connections to be as simple for the end-users as possible, because many of them lack the skills to set up a client connection that requires any networking skills.

EDIT: Upon reflection, I don't really NEED RDP or SSH connectivity; rather, I need a GUI client experience for the Windows machines, and a command-line client experience for the UNIX/Linux machines. While it would be nice to allow the VM's to host services such as web servers, that also isn't necessary.

What strategies are there to allow me to do this? I've looked around and, so far, all I've seen documented is a floating-IP-per-VM configuration. I'm sure I'm not the only person who's been in this boat, and I'd appreciate hearing how others have solved this problem.

edit retag flag offensive close merge delete

Comments

Do you need inbound/outbound connectivity for each cloud VM , might be only outbound connectivity sufficient ?

dbaxps gravatar imagedbaxps ( 2015-12-09 13:47:45 -0500 )edit

@dbaxps, thanks for making me think on this. EDIT has been added to the original question; I merely need a GUI client experience for the Windows machines and a command-line client experience for the Linux machines.

Nogginboink gravatar imageNogginboink ( 2015-12-09 14:33:17 -0500 )edit

Just a resume, if you need inbound connectivity you need FIP for your VM. Outbound connectivity doesn't need FIP. Standard configuration Controller (DVR_SNAT) && Compute Nodes (DVR). As far as FIP is lost by VM, centralized routing via SNAT is serving VM via Controller/Network Node.

dbaxps gravatar imagedbaxps ( 2015-12-09 15:08:27 -0500 )edit

Sorry, you are correct. I am too much on my own wave.

dbaxps gravatar imagedbaxps ( 2015-12-09 16:15:28 -0500 )edit