![]() ![]() Typically, this is known as a high-availability (HA) configuration, although there are two other HA configurations that can be enabled for MAAS: one for BMC access (for powering on machines), and one for DHCP, which enables primary and secondary DHCP instances that manage the same VLAN.Ī TLS-terminated load balancer is a load balancer that carries encryption and decryption as far down the pipe as possible, in this case, all the way to the load balancer itself. This reduces both load on MAAS and wait times for user requests. In the context of MAAS, a load balancer distributes the incoming Web UI and API requests across multiple region controllers. One of the best steps you can take to improve both security and availability of your MAAS installation is to install TLS-terminating load balancer. How to configure a TLS-terminating load balancer Recognise that your particular configuration and version may vary, so consult the appropriate firewall manual pages for your specific MAAS host system. You could then follow that with commands similar to these: sudo ufw allow 5240 For example, assuming you have installed ufw, you could execute: sudo ufw enable ![]() Note that port 80 is typically used in high-availability environments.Ĭonsider setting your firewall on your rack and region controllers to disallow communication on all ports except those used by MAAS. HTTP communication with each region controller. Whom to contact for MAAS security consultingĮach rack controller must be able to initiate TCP connections on the following ports: Port(s).About other things you can do to harden MAAS.How to use logs to identify security issues.How to configure a TLS-terminating load balancer.While there are too many variables to make meaningful suggestions for your deployed machines, there are a number of steps you can take to improve the overall security of your MASS setup. As a MAAS administrator, you have the critical responsibility of hardening your installation to help repudiate attacks and malicious actors.
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |