has anyone ever used fog from the external WWW



  • has anyone used fog from an external internet standpoint? IE Fog being an outside facing machine?

    I was thinking about using it to deploy to client sites, and also standalone clients -

    so for example i have a satellite office without VPN that the fog client will connect to my external IP address, with the appropriate port mappings so that i can push snapins for example to machines scattered in different places.

    does anyone know what ports I’d need to do this? i saw the list in the wiki, am i correct in all of those? and if so, is there any way to specify different ports to the client?



  • @george1421 @Wayne-Workman
    thanks guys, originally the idea was more so that i could have a stable image with an IP for the fog server that could interface with a machine deployed now, to a server used in the future. But yes, ultimately I’m trying for a seperate box/vm to run fog for those reasons at each site. I’m just coming into a situation though and there is already excessive amounts of dedicated boxes that run pseudo important tasks, but maybe consolidating those will give me some hardware to run fog on anyways. more of a project is all.

    thanks though!



  • @p4cm4n said in has anyone ever used fog from the external WWW:

    satellite office without VPN that the fog client will connect to my external IP address

    That’s generally advised against for the reasons @george1421 has already listed. It’s difficult to completely secure all aspects of FOG given the current code base and the technologies it uses.


  • Moderator

    This setup is not advised at all. FOG is not (currently) configured for public network security. Placing your fog server directly on the internet would surely cause the fog server to be compromised in a very short period of time.

    You have several challenges here even if you put a storage node at the remote site.

    1. The storage node needs to connect to the FOG server, to use its database. This communication is done over port 3306.
    2. During pxe booting, the target computer has to communicate with the main fog server to find the location of its storage node. This communication is done over http.
    3. The fog client’s check in to the fog master server to see if there are any jobs to do. This is done over http.
    4. Imaging is done over NFS protocol v3 which is inherently insecure.

    Thinking about it, you might be better off to deploy a small fog server (like on an intel nuc) to each remote location. Then you could interface with the remote fog server over http/https from your main HQ.


 

511
Online

41.6k
Users

12.1k
Topics

114.3k
Posts