Adding ZeroTier to the NTG Lab
scottalanmiller last edited by scottalanmiller
So looking at use cases and what we plan to do and the scale of the NTG Lab, it seems like the best course of action is going to be to make a single "NTG Lab" network on ZeroTier (using their hosted ZeroTier Central service) and let everyone connect to the lab in that way. This is because we have the massive Scale HC3 and XS clusters so the amount of communications between systems in the lab is rather enormous. This has upsides and downsides, of course. But it covers a lot of important ground.
- Single address pool for all lab users.
- Greatly reduced need for public IP addresses.
- Greatly reduced need for firewall management.
- Easy isolation for systems that don't need any public exposure.
- Effectively unlimited address space.
- Transparent access to all lab systems and locations in a single pool.
- Slightly cumbersome lab access with VPN needs.
- Exposure of all lab users to one another on a single network.
The good is that the ZeroTier security is pretty tight and all the NTG Lab users know each other for the most part. This is not a publicly accessible system, but it is not a private production one either. The idea here is that instead of needing to access every resource through a jump box to do anything, which is somewhat slow and resource intensive, a lot of things can be done directly. For example, if you want to build an application that uses port 3001 on a VM, you can access it directly from your desktop's web browser. No need to log in through some other means first. If you want to consume a database connection directly from your desktop, same thing.
For those concerned that their desktops or laptops will become exposed to the lab environment, which is a reasonable concern, I recommend creating a lab access VM, which can be very light and security (actually we'd all prefer that) that is treated as a rather production system. A Linux desktop is really ideal for being lightweight, very functional and no licensing concerns. Then things like RDP, X2go, SSH, VNC or whatever can be used directly from that to access lab resources.
Dashrender last edited by
As I was reading this I was thinking that I'd want a VM to connect to the network - and as usual, you were on the ball ;)
scottalanmiller last edited by
This will be good for things like the Rocket.Chat system too. Was thinking that we would get that up and running in the lab for communication between people working in the lab so that they could coordinate easily. Although perhaps just an IRC channel would make more sense for that. But delivering those kinds of things over ZeroTier is easy.