Archived

This forum has been archived. Please start a new discussion on GitHub.

solution for firewall

Hi All experts

I would like to ask what kind solution I should implement and how it works.

My case is this.

I have some campuses all over the world. Each of them uses, say domain names as
abc1.com,
abc2.com,
abc3.com.

They also belong to main domain
abc-all.com.

Each campus has its own firewalls.

I have some IceStorm servers located within one campus abc3.com. The servers use static IPs

I have several clients in each campus. They all use DHCP IP addresses.as
a1.abc1.com,
a2.abc1.com

b1.abc2.com
b2.abc2.co3

c1.abc3.com3

All IceStorm servers are located within abc3.com

server1.abc3.com
server2.abc3.com


Some of clients are publishers and some of them are subscribers. Each Campus has publisher and subscriber.

There are several laptops using VPN connecting campus using domain name abc-all.com.

Those clients machines and laptops can be publishers or subscribers, too.

How can I enable any of those publisher and subscriber to talk to IceStorm servers through those firewalls?

We only can open up limited fix ports on each firewall server for this purpose.

Is the Glacier2 the only option? How it works? How many Glacier2 needed.

From programmer side, we wish that the programer do not need know any thing about firewall or glacier2. That is, they coded the software as if the firewalls are not there.

Comments

  • benoit
    benoit Rennes, France
    Hi,

    Glacier2 should provide a solution for your deployment. Since the IceStorm servers are located at abc3.com, you can deploy Glacier2 on a machine in this domain. You will just need to open a single port on the firewall of abc3.com to let Glacier2 clients outside abc3.com access the Glacier2 server.

    The Glacier2 clients will need to establish a session with Glacier2 and once established, they will be able to access the IceStorm servers behind the firewall to either subscribe or publish to IceStorm topics.

    I recommend to look at our Chat Demo. Even if it doesn't use IceStorm, it will provide a good overview of a more complex deployment that involves Glacier2.

    See also the Glacier2 document into the Ice manual: Glacier2 - Ice 3.5 - ZeroC

    Cheers,
    Benoit.