2

I have created a fancy interface which pretends to be an unified interface to access to different local tools located inside different datacenters. These tools are not accesible from the outside.

To solve this I thought that the best solution would be to create different VPN tunnels to the different DCs so I would have access to the different LANs and hence the tools. However, it sounds a bit complex as soon as I have ten or more different datacenters to manage and the list of tunnels increases (hence the probability of local IP crush due to shared subnets between DCs).

Is there any other better approach?

Reg Edit
  • 244
  • 2
  • 11
Will
  • 23
  • 3
  • I use site-to-site VPN tunnels for this. Have you had a problem with this approach? – ewwhite Aug 27 '14 at 16:55
  • No, not at all - it's just that I've done this only on a small scale and not sure if there's a better way. – Will Aug 27 '14 at 16:58

1 Answers1

1

This depends on how much control and how much complexity you want to manage/afford. However, your biggest hurdle is if your datacenters are using a similar subnet schemes in multiple datacenters; example, using 172.16.0.0/24 in two or more datacenters.

If all the datacenters are under your management and you can sign off on it, set up an MPLS between all the datacenters (or site-to-site VPN). This will require you to change the network scheme at all the datacenters so each datacenter is on its own subnet to prevent confusion. For example, datacenter 1 gets 10.10.1.0/24, datacenter 2 gets 10.10.2.0/24. Then, you only need one remote access tunnel.

CIA
  • 1,604
  • 2
  • 13
  • 32