Thank you, Alvaro and Luis, your technical skills and the information you are providing us will be very helpful to understand which constraints and capabilities we need to negotiate for the setup of the Robotics-live-demo environment in FIWARE-LAB . We are using the node in Trento for FIWARE-Lab and have available a Robotics-live-demo project. Sadly, we have one Public IP address; we can maybe ask for a second one but hardly for a third one. I try to summarize your points below : 1) Wirecloud and FIWARE-LAB VMs must communicate through public addresses because are on different domains. 2) A VPN could solve the issue of communication Wirecloud FIWARE-LAB 3) Cross Domain for Wirecloud is solved thanks to a internal Proxy; 4) Wirecloud proxy cannot be used for Kurento websockets but in that case (and we use Mashup in FIWARE LAB) we can use certificates, or ask the user to accept manually connection to kurento 5) Kurento may work on a private address but a STUN server is required. These are a lot of important technical issues… I try to summarize some possible solutions (that we can discuss with someone at FIWARE-LAB in Trento). Please tell me if some of them are wrong or if you see others: Solution A): 3 Public IP addr. ====================== We use three Public IP addresses, one for Kurento VM, one for Robotics VM, one for Orion VM. Wirecloud must access all three of them. Robots must access Kurento and Robotics. Solution B): 2 Public IP addr. Needs PAT or Proxy. ====================================== In this compact case we could have one Public IP addr for Robotics+Orion on the same private subnet (and a router in it, but if we don’t have a VPN we also need a PAT function or proxy), another Public IP addr one is however required for Kurento. Solution C): 2 Public IP addr? Needs VPN. =========================== If we deploy a VPN we can avoid one Public IP. Also, the Robots already us a VPN to connect to Robotics, than the VPN might be on that VMs. Orion VM and especially Kurento VM will still need a public IP Addr. Orion and Robotics could be on the same Subnet (and one public IP addr), in that case Wirecloud communicate to Orion from the public IP? Solution D): 1 public IP addr? Needs STUN Server+PAT (+VPN?) ================================================ We can deploy a STUN server (and a NAT/PAT too?) to avoid using a public IP for Kurento, but we might need solutions to make Wirecloud working. Orion and Robotics can be reached thanks to a PAT/PROXY (or a VPN for Robotics and PAT for Orion and Kurento?) Here I see of solution with a mix of VPN/PAT/PROXY/STUN… Are these solution correct? Which of these solution do you think might be the easiest ? Do you see other solutions? Gianmario Da: aarranz at conwet.com [mailto:aarranz at conwet.com] Per conto di Álvaro Arranz Inviato: mercoledì 15 luglio 2015 14:44 A: Luis López Fernández Cc: Bollano Gianmario; amagan at conwet.com; Javier Soriano; fdelavega at fi.upm.es; fiware-robotics at lists.fi-ware.org Oggetto: Re: Robotics in FIWARE-LAB: public IP addresses Hi Gianmario, the Wirecloud instance on FIWARE Lab is hosted by Red.es, so it cannot use, directly, the internal IPs provided in FIWARE Lab. However, we can deploy a VPN service if required, what region of FIWARE Lab are you using? Cross domain is not a problem for Wirecloud (as it provides a proxy), the only thing that cannot go through the proxy are the connections to the websockets created by the Kurento Application, but in that case is very easy to use the access control headers. Here we can have a problem if we are going to use the Mashup portal of FIWARE Lab, as it is running over HTTPS, so the ideal is to also use certificates on the websockets created by the Kurento Applicaition to avoid some security alerts from the browser. I think is feasible to ask for certificates and for domain names for the services we are going to make public for the demo... Anyway, this is not going to be a serious problem, as the demo can work without those domain names and certificates (the drawback is that the user will have to accept connecting with the kurento application server). Best regards, Álvaro On 15 July 2015 at 12:23, Luis López Fernández <luis.lopez at urjc.es<mailto:luis.lopez at urjc.es>> wrote: Kurento Media Server does not require a public IP address if you configure a STUN server for it. However, the Kurento Application server needs to be reachable from the external world (i.e. needs to accept HTTP requests coming from browsers). You can use the same IP for this application server and for the wirecloud one, but this may generate XSS problems and the browser, you'll need to check and to architect appropriately the applications for avoiding them. Best regards. El 14/07/2015, a las 12:26, Bollano Gianmario <gianmario.bollano at telecomitalia.it<mailto:gianmario.bollano at telecomitalia.it>> escribió: Dear Alvaro and others, we have successfully asked for the creation of an account for the Robotics Live Demo. We are now facing a major issue: it seems we can only have one public IP address. We would like to ask you an important question: using Wirecloud instance in FIWARE, can Widgets access to VMs hosted in FIWARE-LAB (through piping) using their private addresses? Or do we need a public IP address for each VM? For instance, we’ll have one VM for Kurento, one VM for ContextBroker, one VM for Robotics, and widgets will access each of them: can we do this using their private IP addresses if we’ll only have one public IP address for all Robotics environment? Gianmario ------------------------------------------------------------------------------------ Telecom Italia Gianmario Bollano Innovation - Mobile Devices & Sim Applications Via Reiss Romoli, n° 274 Cap 10151 Torino Phone 011 228 7103 Cell Phone 3316015048 Questo messaggio e i suoi allegati sono indirizzati esclusivamente alle persone indicate. La diffusione, copia o qualsiasi altra azione derivante dalla conoscenza di queste informazioni sono rigorosamente vietate. Qualora abbiate ricevuto questo documento per errore siete cortesemente pregati di darne immediata comunicazione al mittente e di provvedere alla sua distruzione, Grazie. This e-mail and any attachments is confidential and may contain privileged information intended for the addressee(s) only. Dissemination, copying, printing or use by anybody else is unauthorised. If you are not the intended recipient, please delete this message and any attachments and advise the sender by return e-mail, Thanks. <logo Ambiente_foglia2.jpg>Rispetta l'ambiente. Non stampare questa mail se non è necessario. <logo Ambiente_foglia2.jpg> -------------- next part -------------- An HTML attachment was scrubbed... URL: <https://lists.fiware.org/private/fiware-robotics/attachments/20150715/46c84e91/attachment.html>
You can get more information about our cookies and privacy policies clicking on the following links: Privacy policy Cookies policy