I’m setting up bare-metal as a service for Dell servers with iDRAC Enterprise.
MaaS is on our LAN and PXE boots machines via the primary NIC. we are able to deploy OS of choice without issues, Our network switches are Cisco or Brocade mostly - Each server have 2x Nics to redundant switches and 1 NIC for IPMI iDRAC port
I been going through documentations and tutorials but have not get a proper flow for our design without manual intervention to deliver those servers to users (un-trusted segment/network) and have an end to end automated delivery with ability to re-deploy as needed.
I’d appreciate thoughts on these questions:
Should servers move to a client-specific VLAN after provisioning?
How should interfaces be assigned for client use?
How can we prevent clients from accessing our LAN post-build?
Is shutting the switch port after provisioning necessary? any automated way to do that?
Should we set up another MaaS instance on a public network with DHCP?
Given that you want to use MAAS for production and base your business on it, it’s hard to provide a proper solution for your case. This is because your request is missing a lot of context such as what’s the solution you want to offer, your use cases, your topology, your tools and so forth and so on.
Still, I can answer part of your questions such as
MAAS is not capable of managing switches (yet).
Just FYI, Canonical offers enterprise support and consultancy for this specific reason: listen to your specific case in details and provide a solution. Otherwise, If you are willing to share your use case very in details, somebody from community can try to provide some ideas - but still you are picking something from a forum!
Let me clarify and provide the context. We plan to offer dedicated servers as a service, and we will develop our own front-end for client engagement. Here’s the flow:
The client selects a dedicated server package, OS, number of IPs, hostname, and SSH key.
We automatically deploy the server based on the request.
The client has direct access to the server.
There are still some unanswered questions. The topology is straightforward: one server with three links — two for a stacked switch fabric and one for IPMI management on a different network.
The goal is to isolate the client server after deployment so that they cannot access our LAN. Additionally, we aim to implement a zero-trust model while allowing the client to rebuild their server as needed. I hope this provides more clarity.
Thanks for sharing that Canonical offers enterprise support. We’ll explore that once we have a working PoC and start onboarding clients.
Are we the first to use MaaS in such a production environment for a dedicated servers hosting business?
Please feel free to ask any questions if further clarification is needed.