PRODuction & QA\Test sites.

Comments

7 comments

  • Avatar
    Ian Butteriss

    Hi Fred

    • Have two IPs on a single server.  Check. > If  cannot detect an IP address, you can add one by going to 'Server Manager' > 'Advanced' > 'Interface Advanced Settings'. Add the IP address to 'Undetected IP Addresses', 'Update' to save, then restart the Cerberus service. You will then be able to manually create new listeners with the second IP address by going to 'Server Manager' > 'Listeners'
    • Have Cerberus monitor SFTP (or any protocol) on both IPs. Check. > If you do the above, Cerberus will be able to receive traffic via multiple IP's
    • Configure users into multiple Groups. PRODuction & QA\Test. Check. > All users are housed in 'User Manager' > 'Users'.
    • Limit a Group (its members) to logging in on a particular IP.  Possible? > Yes. When you set up the group/user, you can limit the IP addresses they can log in with by going to 'Constraints' > 'Allowed IP Addresses'

    Thank you!

    Ian

    -1
    Comment actions Permalink
  • Avatar
    Ian Butteriss

    Fred,

    Some additional information. Even if you set up a second set of listeners on another IP, it will use the same pool of users, virtual directories, reporting, and security settings. It is not possible to set up two entirely segregated Cerberus file servers on one physical or virtual server. If you want a QA or Staging instance, that would need to be on a separate server. We do offer a DR/QA license at a 50% discount if you will have a server with Cerberus on it that will not carry production traffic.

    Thanks,

    Ian

    0
    Comment actions Permalink
  • Avatar
    Fredrick Campbell

    Ian Butteriss, 

    Everything in the list is accomplished (check) except the last bullet.

    • Limit a Group (its members) to logging in on a particular IP.  Possible?

     

    I probably should add more clarity.  The goal is to only allow, users in the QA group, to access the service on one of the IPs Cerberus is listening on.  So if Cerberus is listening to port 22 on IPs .100 and .200, I want to limit a User Group to only using the listeners on IP .200.

    So I want to limit the internal IPs not the users external IPs.

    The option you reference is for limiting IPs from the outside, I believe.

    Thanks!
    fc

    0
    Comment actions Permalink
  • Avatar
    Fredrick Campbell

    Ian Butteriss,

    Our QA traffic is very low, only about 1% of our users utilize QA initially.  So I am not wanting to spin up an addition server for QA.  My fall back is to use our existing solution for QA and Cerberus for PROD.  My preference would be to retire our current solution totally.  Hence, this posting.

    0
    Comment actions Permalink
  • Avatar
    Ian Butteriss

    Hi Frederick,

    If you have Cerberus listening on more than one set of IP addresses, at the moment there is no way of limiting users to accessing one set, but not the other. Limitations can be by users' IP addresses or by Protocol, but, as you see, those limitations apply to accessing the entire file server. If you want to have separate QA and a Production instances, they should really be on separate servers or VM's.

    Thanks!

    Ian

    0
    Comment actions Permalink
  • Avatar
    Fredrick Campbell

    FWIW, Cerberus is absolutely AWESOME!

    0
    Comment actions Permalink
  • Avatar
    Ian Butteriss

    Thanks for the kind comment, Frederick! If you need further assistance, please feel free to let us know, or you can open a support ticket at support@cerberus.com

    Ian

    0
    Comment actions Permalink

Please sign in to leave a comment.