I keep reading conflicting reports regarding Xencenters' management capabilities.
Is it true that you have to be on the same subnet to connect to Xenserver via XenCenter?
I keep reading conflicting reports regarding Xencenters' management capabilities.
Is it true that you have to be on the same subnet to connect to Xenserver via XenCenter?
So long as traffic is properly routed, you should be able to manage remotely via XenCenter, in fact, I've done it before. I believe XenCenter uses ports 80 and 443.
In my experience, I have had a XenServer hosted at a colo datacenter two counties away, and XenCenter running on a local PC in my office. I have never had any problems using most of the features in XenCenter to administer the Dom0 or DomUs on the XenServer.
However, I did have an issue with a firewall on the server-side (data center firewall) blocking ports that are used for the Console built-in to XenCenter. You would just have to make sure you have those ports unblocked. I believe they use 6001-600X (X being the total number of DomUs you have, so your fourth virtual machine would have its console available on 6005).
I do believe there are options in the command line of the XenServer that allow you to configure which hosts are allowed or disallowed from accessing any remote administration but I never enabled or used those features.
As ChrisSoyars stated above, XenCenter connects through port 80 and port 443 for XenCenter and port 22 for SSH. So, as long as those ports aren't blocked on the server-side firewall, you shouldn't have any problems.
As a own rule i NEVER allow direct access to my xenservers from WAN. I either setup a site-to-site vpn or just a standard roadwarrior vpn setup to be able to access the internal subnet.
This way you have secure access to the management subnet and don't have to expose your xenservers to outside threats.
I myself prefer OpenVPN but you could use any VPN solution.
If your firewall don't have the ability to act as a VPN server your could setup a Linux box with openvpn on 128MB ram.