Hi Everyone,
I've got a support lab environment where we need to have the software we support interact with physical appliances. (When initially configured, our software requires knowledge of domain users for login credentials, database server info, etc, which has led me to decide that having a fenced configuration with a domain controller and additional VMs for our environment is the way to go.) My goal is to have a fenced configuration that has a domain controller (DC) and a series of VMs running our software (VMa, VMb, etc). This will allow our engineers to quickly deploy a pre-configured environment from a library configuration and get busy on support issues in no time.
Configuration of the software to communicate with the physical appliance can happen after the establishment of the library environment, meaning I can easily add references to the VMs in the library configuration (i.e. VMa) after deploying a cloned instance of the library configuration. The problem arises when I need to have the fenced environment interact with a physical appliance. At this point, when I add the physical appliance to the software, VMa needs to introduce itself to the physical appliance and let it know that VMa will be managing it from there on out. Because there is bi-directional communication between the software running on the fenced VMs and the physical appliance, communication fails because the physical appliance can't contact VMa at VMa.example.com. The only way the physical appliance could reach VMa is if it knew the external IP of VMa on the network, but there's no way to inform it of this.
If I could add the physical appliance to the fenced network, then I wouldn't have this problem, but that would probably defeat the purpose of having the fence in the first place.
Has anyone ever dealt with this type of issue? If so, how did you work around it? (Hopefully, I've explained things clearly enough.)
Thanks
-
If I am understanding what you are trying to do correctly then you need to add a route to whatever private network segment VMa.example.com sits on through the public IP of that network to the router that is attached to your physical appliance. This will allow the appliance to communicate with the VM. Unfortunately it will also allow any other device on that network segment to communicate with the VM which might in essence "unfence" your fenced environment. Hope that helps, or at least makes sense.
From Catherine MacInnes
0 comments:
Post a Comment