LVS
lvs-users
Google
 
Web LinuxVirtualServer.org

Re: https admin (Was: ipvs-0.9.2 available)

To: lvs-users@xxxxxxxxxxxxxxxxxxxxxx
Subject: Re: https admin (Was: ipvs-0.9.2 available)
From: jsc3@xxxxxxxxxxxxx (John Cronin)
Date: Wed, 20 Jun 2001 15:42:26 -0400 (EDT)
> Establish https connection to active box.  I would imagine the shared IP
> resource:443 would be the best way of doing this, but obviously there's
> plenty of options here.  I don't have a problem with controlled ssl access
> to an LVS box.. (restrict ip access via ipchains and you should be ok..)

I would say that some sort of authentication should be required, at
least optionally.  Whether it be a basic .htaccess, or something that
calls PAM and does password authentication (perhaps using the root
password from /etc/shadow, or whatever - with PAM you might use
kerberos or SecurID) is not that important.
 
> Functionality / GUI ideas :
> 
> - simple clean interface.  keep things very simple at first and add
> functionality that beta testers ask for.  A few features I would imagine are
> absolutely critical...

Absolutely.  Implementation by iteration.

> a.) removal / adding in of servers to a vip.
> b.) 'syncing' the two boxes.  (scp the .cf file to the other box, update
> running config on standby).
> c.) traffic view - show who's got what connections.  Essentially 'ipvsadm
> -L' with a toggle box for '-n' functionality.
> d.) 'command line' functionality.  provide an interface that lets you run
> commands to the active node.  This should be capable of being disabled for
> security reasons.

Good choice of minimum feature set.
 
-- 
John Cronin
mailto: `echo NjsOc3@xxxxxxxxxxx | sed 's/[NOSPAM]//g'`


<Prev in Thread] Current Thread [Next in Thread>