wiki:ClassNetworkStructure

The basic idea is to give each student their own firewall and virtual network, and connect the firewalls to a shared virtual network. For additional security, the shared network sits behind an edge firewall that limits access from the campus network or the Internet at large.

Before class begins, the instructor needs a list of student usernames to automatically generate the following on the edge router:

  • Routing table entries for the edge router
  • DNS delegation for the edge router
  • DHCP hostnames and IP addresses for each student firewall
  • DNAT (port-forwarding) rules to allow SSH access from outside to each puppetmaster (forward port 10122 to 192.168.1.2:22, 10222 to 192.168.2.2:22, 10322 to 192.168.3.2:22, ...)

If possible, the same list should be used to automatically generate the following on VCenter (some items may be easier to script than others):

  • Student VMnets
  • Student VM folders under a class folder
  • Firewall VM for each student (connecting eth0 to the shared network, and eth1 to the student VMnet)
  • Student VM template (connecting eth0 to the student VMnet)

Last modified 5 years ago Last modified on Mar 17, 2013, 9:10:10 AM

Attachments (1)

Download all attachments as: .zip