Tom’s new video got me thinking about how I’m managing my XCP-NG server. Can you remotely, and securely, manage an XCP-NG server via XOA over WAN?
Based on their announcement, this looks like it was already possible, and now they are improving upon it: Xen Orchestra 5.70
Right now, I have a server with two public IPs. One IP is assigned to the XCP-NG management interface*, and the other is assigned to my pfSense VM. Behind the pfsense is my HTTPS proxy, and behind the proxy is XOA. So XOA is several VMs and virtual networks deep which is not super ideal for reliability. If one of the things in the chain breaks, I can’t access XOA. I figure having XOA remotely hosted on Digital Ocean or something would be a lot better in terms of reliability, but can I do this securely?
*I know having a public IP on the management interface isn’t ideal, BUT do to the setup it’s the only way I’d have direct access to the host in the case that pfSense, or anything XOA related breaks. This has saved me many times because I can use the XCPNG Manager app and connect to the host directly to fix issues with XOA