Accessing Resources for Demonstration
A simulated internet network and VLAN have been setup 10.99.99.0/24 VLAN 99. The switch is configured with VLAN assignments on the following ports. This enables access to the management VLAN as well as the simulated internet.
Ports 37-42 > VLAN 5 - MANAGEMENT
Ports 43-48 > VLAN 99 - SIMULATED INTERNET
To access the resources from the respective networks, the IP and DNS server need to be set accordingly on the ethernet interface of the PC/Laptop. although DHCP has been enabled for the respective networks on the router
MANAGEMENT - IP Range 10.0.0.50-254 - DNS: 10.0.9.10
SIMULATED INTERNET - IP Range 10.99.99.50-254 - DNS: 10.99.99.5
with DNS records, a Reverse Proxy and port forwarding in place, from the Simulated Internet it is possible to visit:
adatum.com
contoso.com
fabrikam.com
fmjsystems.com
admin.fmjsystems.com
fmjadmin.fmjsystems.com
since port forwarding is enabled for each tenants VPN, from the simulated internet it is possible to connect to each tenants public subnet. This will allow you to reach the AD DC in the private subnet as well as access the VPN web interface for the respective tenant, for example:
Connected to Simulated Internet
vpn.adatum.com > UNAUTHORIZED
Adatum VPN Connected
vpn.adatum.com
From the management network, since there are local DNS records for the URLs pointing toward the local address of the shared services Reverse Proxy, as well as Access Control Rules on the Reverse Proxy, it is possible to visit:
adatum.com
vpn.adatum.com
contoso.com
vpn.contoso.com
fabrikam.com
vpn.fabrikam.com
fmjsystems.com
vpn.fmjsystems.com
npm.fmjsystems.com
dns.fmjsystems.com
admin.fmjsystems.com
fmjadmin.fmjsystems.com
Note - To get a proper HTTPS connection from the web servers/reverse proxy, the root CA certificate from the simulated internet CA needs to be installed on the system connecting to the website
Credentials
One thing to note is that most passwords in this reference architecture are P@ssw0rd. Although it is known to be one of the most secure passwords known to mankind, it is advised to use a unique password for each service. Tenants would be responsible for their respective passwords though.
Proxmox Web Interface
The Proxmox web interface for tenants is reachable at admin.fmjsystems.com All passwords to the Proxmox web interface are set to P@ssw0rd. Tenants are provisioned with an Admin account in the PVE realm as well as their active directory, integrated with Proxmox.
Tenant admin account credentials in the PVE realms are:
Username - TenantAdmin
Password - P@ssw0rd
Ex Adatum:
Username - AdatumAdmin
Password - P@ssw0rd
Each tenants active directory environment is integrated as a realm in Proxmox. to authenticate with an Active Directory account, select the respective realm and enter your credentials. Each tenant AD Environment is provisioned with essentially the same script. available users to login to the realms are as follows:
A.Park
C.Murphy
D.Kim
E.Brown
F.Rahman
J.Davis
M.Tynan
M.Wilson
R.Scott
T.Singh
all passwords for these users are P@ssw0rd and are in all available realms. The same applies for the FMJ systems node at fmjadmin.fmjsystems.com but the tenants do not have accounts nor are their AD environments integrated.
VPNs
to access the management interfaces for each tenant, it is located at vpn.tenant.com and the user name and password are as follows:
vpn.tenant.com
Username - TenantAdmin
Password - P@ssw0rd
Ex Adatum:
vpn.adatum.com
Username - AdatumAdmin
Password - P@ssw0rd
Reverse Proxy
npm.fmjsystems.com
Username - [email protected]
Password - P@ssw0rd
Ex Adatum:
Username - [email protected]
Password - P@ssw0rd