hi folks,

got a little query to you as to the SMEs from mentioned topic, let me describe what bothers me in short steps first:

all R80.10 take 122 (just so you know)

1. Imagin we've got MDS server (VM) behind (NATed) Cluster of 5600 appliances in Active/Passive mode

2. Imagin we've got MDS server as a Central Management of 2 Clusters and several remote sites hooked up by Site2SiteVPN Tunnel, SICed to MDS "not via VPN" but over the public Internet instead

3. Here is the strategic question though: is there any official "guide" I could provide to my customer in order to clarify that we have got 2 options in such scenarios, 1/ SIC over VPN, 2/SIC over Internet but each with some pros and cons? Meaning do we have any sk for such "deployments best practices" and if we do what is the number?

4. If we do not have such "guide" for CCSA's mainly ... has anyone made any kind of article/docs about "VPN Remote Site Deployments with MDS/P1/MDSM behind (NATed) Cluster (not LSM!) at all ?

I'd appreciate you constructive hints if any also bear in mind that I did both scenarios myself but the one over the Internet with SIC it ends up nearly all the time with modifying the "masters files" - I want to avoid that option including GUIDBEDIT if possible and offer customer confidence that SIC over the VPN is possible not not necessarily the most complicated as they say.

Also note that all devices, VMs or any components are R80.10 based with everything up&running. What I'm actually seeking is any "written" version which may or may not convince my Customer that potentially "SIC over the Internet is not a best idea on earth"

Dameon Welch Abernathy‌ - what you think about that buddy ?

Cheers

Jerry