PRODuction & QA\Test sites.
I am looking at replacing our current FTP solution with Cerberus. And have not been able to achieve the configuration I desire.
Below is the configuration I want to support, is this possible with Cerberus?
- Have two IPs on a single server. Check.
- Have Cerberus monitor SFTP (or any protocol) on both IPs. Check.
- Configure users into multiple Groups. PRODuction & QA\Test. Check.
- Limit a Group (its members) to logging in on a particular IP. Possible?
-
Hi Fred
- Have two IPs on a single server. Check. > If cannot detect an IP address, you can add one by going to 'Server Manager' > 'Advanced' > 'Interface Advanced Settings'. Add the IP address to 'Undetected IP Addresses', 'Update' to save, then restart the Cerberus service. You will then be able to manually create new listeners with the second IP address by going to 'Server Manager' > 'Listeners'
- Have Cerberus monitor SFTP (or any protocol) on both IPs. Check. > If you do the above, Cerberus will be able to receive traffic via multiple IP's
- Configure users into multiple Groups. PRODuction & QA\Test. Check. > All users are housed in 'User Manager' > 'Users'.
- Limit a Group (its members) to logging in on a particular IP. Possible? > Yes. When you set up the group/user, you can limit the IP addresses they can log in with by going to 'Constraints' > 'Allowed IP Addresses'
Thank you!
Ian
-1 -
Fred,
Some additional information. Even if you set up a second set of listeners on another IP, it will use the same pool of users, virtual directories, reporting, and security settings. It is not possible to set up two entirely segregated Cerberus file servers on one physical or virtual server. If you want a QA or Staging instance, that would need to be on a separate server. We do offer a DR/QA license at a 50% discount if you will have a server with Cerberus on it that will not carry production traffic.
Thanks,
Ian
0 -
Ian Butteriss,
Everything in the list is accomplished (check) except the last bullet.
- Limit a Group (its members) to logging in on a particular IP. Possible?
I probably should add more clarity. The goal is to only allow, users in the QA group, to access the service on one of the IPs Cerberus is listening on. So if Cerberus is listening to port 22 on IPs .100 and .200, I want to limit a User Group to only using the listeners on IP .200.
So I want to limit the internal IPs not the users external IPs.
The option you reference is for limiting IPs from the outside, I believe.
Thanks!
fc0 -
Ian Butteriss,
Our QA traffic is very low, only about 1% of our users utilize QA initially. So I am not wanting to spin up an addition server for QA. My fall back is to use our existing solution for QA and Cerberus for PROD. My preference would be to retire our current solution totally. Hence, this posting.
0 -
Hi Frederick,
If you have Cerberus listening on more than one set of IP addresses, at the moment there is no way of limiting users to accessing one set, but not the other. Limitations can be by users' IP addresses or by Protocol, but, as you see, those limitations apply to accessing the entire file server. If you want to have separate QA and a Production instances, they should really be on separate servers or VM's.
Thanks!
Ian
0 -
FWIW, Cerberus is absolutely AWESOME!
0 -
Thanks for the kind comment, Frederick! If you need further assistance, please feel free to let us know, or you can open a support ticket at support@cerberus.com
Ian
0
Please sign in to leave a comment.
Comments
7 comments