yahoo-eng-team team mailing list archive

Thread
Date

[Bug 1381061] Re: VMware: ESX hosts must not be externally routable

To: yahoo-eng-team@xxxxxxxxxxxxxxxxxxx
From: Gary Kotton <1381061@xxxxxxxxxxxxxxxxxx>
Date: Thu, 02 Apr 2015 14:46:43 -0000
Reply-to: Bug 1381061 <1381061@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

This is a documentation issue and not a nova bug

** No longer affects: nova

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Compute (nova).
https://bugs.launchpad.net/bugs/1381061

Title:
  VMware: ESX hosts must not be externally routable

Status in OpenStack Manuals:
  Triaged

Bug description:
  Change I70fd7d3ee06040d6ce49d93a4becd9cbfdd71f78 removed passwords
  from VNC hosts. This change is fine because we proxy the VNC
  connection and do access control at the proxy, but it assumes that ESX
  hosts are not externally routable.

  In a non-OpenStack VMware deployment, accessing a VM's console
  requires the end user to have a direct connection to an ESX host. This
  leads me to believe that many VMware administrators may leave ESX
  hosts externally routable if not specifically directed otherwise.

  The above change makes a design decision which requires ESX hosts not
  to be externally routable. There may also be other reasons. We need to
  ensure that this is very clearly documented. This may already be
  documented, btw, but I don't know how our documentation is organised,
  and would prefer that somebody more familiar with it assures
  themselves that this has been given appropriate weight.

To manage notifications about this bug go to:
https://bugs.launchpad.net/openstack-manuals/+bug/1381061/+subscriptions

References

[Bug 1381061] [NEW] VMware: ESX hosts must not be externally routable
From: Matthew Booth, 2014-10-14