Re: Examples of existing infrastructures?

On 29 Mar 2021, at 14:18 , listerin <listen(a)cryptoban.de&gt; wrote: hey hvjunk & maciej, thanks for your quick and helpful responses. On 29.03.21 01:04, hvjunk wrote: > I’m running a couple of ProxMox clusters on bare-metal servers [...] and use a “jump host” playset on another “separate and separately protected” environment that I use for creating users etc. [...] deployments to the hypervisors. I then have jumphosts that I created from my initial debian template [...] that is also provisioned from the same “jump host” as I use for the ProxMox hypervisors. There I configure the setup for Ansible/Debops as well as the various client’s logins to their jumphost. Just to check if I understood correctly: at first you have a dedicated ansible controller (are you using the term jump host as a synonyme?) for provisioning the proxmox instances AND the initial "stack" jump hosts / ansible controllers as entrypoints into their subnets?

> As I have a proper FortiGate-VM in play, I can do proper limiting of outgoing traffic and SSL deep inspection of outgoing traffic so that way I also force as much as possible DNS/apt-caching/etc. to internal servers, nd the devs needs to help me specify the specific outside resources they need to access. Sounds great. The location of jump hosts is still confusing to me, though. It sounds like you have: WAN -- FW -- jump host -- LAN1 |_ LAN2 |_ LAN3, etc.