ONE 5.0.1 - Networking best practice

Hi!

I would be very gratefull if somebody will be able to point me to any articles or even google search terms to find any info about OpenNebula multi-tenant network best practices.

For example, is it possible to give rights to a user group to create their own private networks with their own (private) IP space (and without oneadmin intervention) in a secure way - I mean, in a way where users will not be able to join other user group or system networks? Something like it’s possible with openstack.

Thank you in advance!

Best regards,
Vladimir

http://docs.opennebula.org/5.0/operation/network_management/manage_vnets.html#virtual-network-self-provisioning-reservations

Thanks, ruben!

To be honest, I’ve read this chapter before. Do I understand it correctly that different users (group of users) will have an access to the reserved network parts of each other (cause they use the same bridge/VLAN configuration)?

Best regards,
Vladimir

Hi Vladimir,

You are right, In this case you setup a network and let users of the same
group to get subnetworks from there.

If the users needs to access different isolated networks, the safer way is
to pre-set the available network in your infrastructure and assigned them
to the users. You could also let the users create the networks by updating
the ACLs, but in this case they will need to define some low-level
parameters…

Cheers

1 Like

heathen opennebula@discoursemail.com writes:

Hi!

Hello,

I would be very gratefull if somebody will be able to point me to any articles or even google search terms to find any info about OpenNebula multi-tenant network best practices.

For example, is it possible to give rights to a user group to create their own private networks with their own (private) IP space (and without oneadmin intervention) in a secure way - I mean, in a way where users will not be able to join other user group or system networks? Something like it’s possible with openstack.

We openned a request[1] for this.

Regards.

Footnotes:
[1] Feature #3224: Authorize user/group to create restricted networks - OpenNebula - OpenNebula Development pages

Daniel Dehennin
Récupérer ma clef GPG: gpg --recv-keys 0xCC1E9E5B7A6FE2DF
Fingerprint: 3E69 014E 5C23 50E8 9ED6 2AAD CC1E 9E5B 7A6F E2DF

1 Like

Daniel,

thanks for the pointing, this feature is exactly what I was looking for. Will try to watch this request.

Best regards,
Vladimir