[one-users] Dynamic firewall like Amazon

Steven Timm timm at fnal.gov
Tue Feb 1 10:47:20 PST 2011

OpenNebula allows you to define private networks that
are accessible by different user groups.  What it does
not have is the ability to assign a (public IP, port)
combination and forward that traffic into the private net.
(In Eucalyptus, for instance, this is the euca-allocate-address,
euca-associate-address set of commands).

It is tricky to do that implementation correctly.  WE liked the
feature but Eucalyptus implemented it in a pig-headed way that
made the frontend be a single bottleneck for network traffic
and a single point of failure.  Hopefully if Opennebula ever
tries it they will do it right.

Steve Timm

On Tue, 1 Feb 2011, Zeeshan Ali Shah wrote:

> No Firewall yet  , that is i am asking how to put mechanism like Security 
> Group of amazon . preferably with out any HW (if possible)
> Zeeshan
> On 02/01/2011 06:50 PM, Toens Bueker wrote:
>> Zeeshan Ali Shah<zashah at pdc.kth.se>  wrote:
>>> any way to configure Dynamic firewall options like in Amazon or
>>> Eucalyptus . (security group)
>> What kind of firewall-mechanism do you use? How is it configured?
>> Regards,
>> Töns

Steven C. Timm, Ph.D  (630) 840-8525
timm at fnal.gov  http://home.fnal.gov/~timm/
Fermilab Computing Division, Scientific Computing Facilities,
Grid Facilities Department, FermiGrid Services Group, Group Leader.
Lead of FermiCloud project.

More information about the Users mailing list