The Scenario-A provides access to cloud lab environment via windows Remote Desktop Protocol (RDP) access to a jump server from where we can access the cloud labs.We use higher tcp port range excluding 1023 (well known) ports and translate the standard TCP port 3389 to a higher range randomized port number for access.
Also, the RDP access is associated with a username and a strong password authorized using LDAP Server.
The firewall will handle the NAT for Jump server and we use a dedicated VLAN or network for JUMP server not shared by another CloudMyLab customer.
All the inbound RDP requests will be inspected by firewall and being checked for any illegitimate connections and if found any then it will be dropped by firewall.
The Scenario-B provides access to CloudMyLab environment via web-rdp which uses SSL connection.
The firewall will handle the NAT for WEB RDP service and we use a dedicated VLAN or network for web RDP service not shared by another CloudMyLab customer.
All the inbound WEB RDP request will be inspected by firewall and being checked for any illegitimate connections and if found any then it will dropped by firewall.
The Scenario-C provides access to CloudMyLab environment over CiscoAnyConnect VPNClient.
In this scenario CloudMyLab firewall will terminate the VPN connection and inspect the connection.
For monitoring and user access/accounting, we use Paessler PRTG to monitor and log the network events activity and Cisco Identity Services Engine for Authentication Authorization and Accounting.
Juniper vQFX 10K VRE 15.1X53 (routing engine)
Juniper vQFX 10K VFE 15.1X53 (forwarding engine)
Junos Space 16.1
Alcatel 7750SR: 13.0.R3
A10, vThunder 2.7.1
Apple OSX ( https://github.com/kholia/OSX-KVM )
Aruba: Clearpass 6.4.X
Aruba Virtual Mobility Controller 8.X
Arista vEOS 4,17.2F and later versions
VMWare vCenter 6.5
Cisco Firepower 6.1, 6.2 Management centre (FMC)
Cisco Firepower 6.1, 6.2 Treat Defence ASAv (FTD)
Cisco Firepower 6.1, 62 NGIPSv
Cisco Firepoer 5.4 (NGIPS, FMC)
Cisco CSR 3.16, 3.17
Cisco CSR 16.03 Denali
Cisco CSR 16.04 Everest
Cisco vIOS L3
Cisco vIOS L2
Cisco ESA 9.7, 9.8 Email Security Appliance
Cisco WSA 8.6, 9.2, 10.0 Web Security Appliance
Cisco CDA 1.0 Context Delivery Agent
Cisco NXOS Titanium 188.8.131.52
Cisco NXOS9k (Require source of 2xCPU and 8G RAM for single node) VPC Supported
Cisco Prime Infre 3.X
Cisco XRv 5.2.2, 5.3.2, 6.0.1, 6.0.2, 6.3, 6.4
Cisco XRvK9 6.0.1, 6.1.2 (Require source of 4xCPU and 16G Ram for single node)