Editing Apoyar Infrastructure Security

We have 2 ESX host, 1 Disk array these provides access to VM’s

We have separate server Vcentre, which is a physical server and provides

- management over vpshere

- access to VM’s


We have firewall called Juniper (2 firewall), if one fails other starts

Also we have Clavister, which has same level as Juniper. Clavister has better support for different types of VPN 

It supports 3 types of VPN

- L2TP

- IPsec (used to connect customer’s)

- OpenVPN




 Connecting any of Apoyar server
----------------------------------


Weather we are connecting through OpenVPN or L2TP, we always getting through Clavister.

For connecting using OpenVPN, we just need AD logins

If we are connecting as L2TP user, it uses passphrase

If we are connecting from any AWS console VM, it uses certificate


Certificates on AWS RMG server
-------------------------------

Login to rmg.aws.apoyar 

•	Cd /etc/isakmpd

•	cd ca

•	ls

ca.crt (this is the certificate authority of mother or father certificate)

It is only saved on clavister (one copy)

Also on each AWS console machine, its only get compared not sent



To see certificates
--------------------


•	openssl  x509  –in  ca.crt  –text –noout


To check local certificate

•	Cd ../certs/

•	openssl   x509  –in  local.crt  –text  –noout


these certificates contain the information related to

•	Issuer

•	Customer

•	Expiry

•	DNS