Apoyar Wiki

Apoyar Infrastructure Security

Revision as of 09:07, 22 April 2021 by Admin (talk | contribs) (Created page with "We have 2 ESX host, 1 Disk array these provides access to VM’s We have separate server Vcentre, which is a physical server and provides - management over vpshere - access...")
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)

We have 2 ESX host, 1 Disk array these provides access to VM’s

We have separate server Vcentre, which is a physical server and provides

- management over vpshere

- access to VM’s


We have firewall called Juniper (2 firewall), if one fails other starts

Also we have Clavister, which has same level as Juniper. Clavister has better support for different types of VPN

It supports 3 types of VPN

- L2TP

- IPsec (used to connect customer’s)

- OpenVPN 



Connecting any of Apoyar server


Weather we are connecting through OpenVPN or L2TP, we always getting through Clavister.

For connecting using OpenVPN, we just need AD logins

If we are connecting as L2TP user, it uses passphrase

If we are connecting from any AWS console VM, it uses certificate


Certificates on AWS RMG server

Login to rmg.aws.apoyar

• Cd /etc/isakmpd

• cd ca

• ls

ca.crt (this is the certificate authority of mother or father certificate)

It is only saved on clavister (one copy)

Also on each AWS console machine, its only get compared not sent


To see certificates


• openssl x509 –in ca.crt –text –noout


To check local certificate

• Cd ../certs/

• openssl x509 –in local.crt –text –noout


these certificates contain the information related to

• Issuer

• Customer

• Expiry

• DNS

Retrieved from ‘https://wiki.apoyar.eu/index.php?title=Apoyar_Infrastructure_Security&oldid=165