|
> Establish https connection to active box. I would imagine the shared IP
> resource:443 would be the best way of doing this, but obviously there's
> plenty of options here. I don't have a problem with controlled ssl access
> to an LVS box.. (restrict ip access via ipchains and you should be ok..)
I would say that some sort of authentication should be required, at
least optionally. Whether it be a basic .htaccess, or something that
calls PAM and does password authentication (perhaps using the root
password from /etc/shadow, or whatever - with PAM you might use
kerberos or SecurID) is not that important.
> Functionality / GUI ideas :
>
> - simple clean interface. keep things very simple at first and add
> functionality that beta testers ask for. A few features I would imagine are
> absolutely critical...
Absolutely. Implementation by iteration.
> a.) removal / adding in of servers to a vip.
> b.) 'syncing' the two boxes. (scp the .cf file to the other box, update
> running config on standby).
> c.) traffic view - show who's got what connections. Essentially 'ipvsadm
> -L' with a toggle box for '-n' functionality.
> d.) 'command line' functionality. provide an interface that lets you run
> commands to the active node. This should be capable of being disabled for
> security reasons.
Good choice of minimum feature set.
--
John Cronin
mailto: `echo NjsOc3@xxxxxxxxxxx | sed 's/[NOSPAM]//g'`
|
