[plug] clients "phone home" to server. VPN maybe?
Daniel Pittman
daniel at rimspace.net
Sun May 3 08:53:33 WST 2009
Adrian Chadd <adrian at creative.net.au> writes:
[...]
> Don't try TCP over TCP and expect it to perform well. All I have to
> say is "eww".
For what it is worth, long experience tells me that you should say more
than "eww" to people — TCP-in-TCP seems to work fine, until it doesn't,
and many people don't know why it fails because it *sounds* like it
should work. ;)
[...]
> If you want to scale past a few dozen appliances, don't have them poll
> every 30 minutes for updates.
Since this is a reference back to my comment, this was suggested for
establishing the initial system key; it shouldn't take more than one
poll (if automated), or a couple of dozen (if manual) in most cases.
> And if they do, make sure you make them sleep a random point before
> they poll. You don't want to have to handle a few hundred boxes all
> polling the same server every 30 minutes on the dot - you've got 29.95
> other minutes to poll during; so spread the load across them a bit. :)
If you expect the polling to continue long term then, yes, this is very
good advice. The random sleep is probably good if you ever ship more
than one or two new appliances at a time. ;)
Regards,
Daniel
I would automate the VPN key signing, then manually permit that host
access to things later, but wasn't explicit about that assumption in my
post, so thank you for correcting me.
More information about the plug
mailing list