Network / environment design for production use

First post, Thanks for the work on MaaS!

I’m setting up bare-metal as a service for Dell servers with iDRAC Enterprise.

MaaS is on our LAN and PXE boots machines via the primary NIC. we are able to deploy OS of choice without issues, Our network switches are Cisco or Brocade mostly - Each server have 2x Nics to redundant switches and 1 NIC for IPMI iDRAC port

I been going through documentations and tutorials but have not get a proper flow for our design without manual intervention to deliver those servers to users (un-trusted segment/network) and have an end to end automated delivery with ability to re-deploy as needed.

I’d appreciate thoughts on these questions:

1. Should servers move to a client-specific VLAN after provisioning?
2. How should interfaces be assigned for client use?
3. How can we prevent clients from accessing our LAN post-build?
4. Is shutting the switch port after provisioning necessary? any automated way to do that?
5. Should we set up another MaaS instance on a public network with DHCP?

Thanks in advance.

Hey!

Given that you want to use MAAS for production and base your business on it, it’s hard to provide a proper solution for your case. This is because your request is missing a lot of context such as what’s the solution you want to offer, your use cases, your topology, your tools and so forth and so on.

Still, I can answer part of your questions such as

MAAS is not capable of managing switches (yet).

Just FYI, Canonical offers enterprise support and consultancy for this specific reason: listen to your specific case in details and provide a solution. Otherwise, If you are willing to share your use case very in details, somebody from community can try to provide some ideas - but still you are picking something from a forum!

No, that’s a common use case.