ML
    • Recent
    • Categories
    • Tags
    • Popular
    • Users
    • Groups
    • Register
    • Login

    Adding ZeroTier to the NTG Lab

    IT Discussion
    ntg lab zerotier vpn
    2
    3
    1.8k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • scottalanmillerS
      scottalanmiller
      last edited by scottalanmiller

      So looking at use cases and what we plan to do and the scale of the NTG Lab, it seems like the best course of action is going to be to make a single "NTG Lab" network on ZeroTier (using their hosted ZeroTier Central service) and let everyone connect to the lab in that way. This is because we have the massive Scale HC3 and XS clusters so the amount of communications between systems in the lab is rather enormous. This has upsides and downsides, of course. But it covers a lot of important ground.

      Upsides:

      • Single address pool for all lab users.
      • Greatly reduced need for public IP addresses.
      • Greatly reduced need for firewall management.
      • Easy isolation for systems that don't need any public exposure.
      • Effectively unlimited address space.
      • Transparent access to all lab systems and locations in a single pool.

      Downsides:

      • Slightly cumbersome lab access with VPN needs.
      • Exposure of all lab users to one another on a single network.

      The good is that the ZeroTier security is pretty tight and all the NTG Lab users know each other for the most part. This is not a publicly accessible system, but it is not a private production one either. The idea here is that instead of needing to access every resource through a jump box to do anything, which is somewhat slow and resource intensive, a lot of things can be done directly. For example, if you want to build an application that uses port 3001 on a VM, you can access it directly from your desktop's web browser. No need to log in through some other means first. If you want to consume a database connection directly from your desktop, same thing.

      For those concerned that their desktops or laptops will become exposed to the lab environment, which is a reasonable concern, I recommend creating a lab access VM, which can be very light and security (actually we'd all prefer that) that is treated as a rather production system. A Linux desktop is really ideal for being lightweight, very functional and no licensing concerns. Then things like RDP, X2go, SSH, VNC or whatever can be used directly from that to access lab resources.

      1 Reply Last reply Reply Quote 7
      • DashrenderD
        Dashrender
        last edited by

        As I was reading this I was thinking that I'd want a VM to connect to the network - and as usual, you were on the ball 😉

        1 Reply Last reply Reply Quote 2
        • scottalanmillerS
          scottalanmiller
          last edited by

          This will be good for things like the Rocket.Chat system too. Was thinking that we would get that up and running in the lab for communication between people working in the lab so that they could coordinate easily. Although perhaps just an IRC channel would make more sense for that. But delivering those kinds of things over ZeroTier is easy.

          1 Reply Last reply Reply Quote 0
          • 1 / 1
          • First post
            Last post