Just a quick question can you have a standalone Foreman server manage a couple of different network segments? Or does a Foreman need to be installer in each different segment? I have a semi-working, working out the configuration challenges, Foreman and want this to manage close to 1,000 Linux virtual machines and physical servers. Do I need to stand up a new Foreman box for all the different networks or can I have one that they connect to? What is the best practice for this? Thank you.
Hi,
Foreman can manage hosts on any network that can reach your Foreman host (and depending on your use cases, you might also want to have your Foreman be able to reach those). The Foreman instance does not have to have an interface in every network it has to manage. So as long as routing is configured and there is no Firewall blocking the connections, you should not encounter any problem with this.
In addition to managing all directly reachable networks, you can deploy a Smart Proxy in a separated network to manage services in this network. With the Smart Proxy only one communication has to be allowed to the separated network and depending on the features you need one to Foreman.
For example to manage a second DNS server, you can simple install a Smart Proxy with the DNS feature and the required provider, to have full provisioning in a separate network like a DMZ it will require also TFTP, DHCP and perhaps other features and access to the Foreman URL to callback when provisioning is finished.
Yes, smart proxies were built exactly for that. They can provide all communication between foreman and managed nodes. Keep in mind they do not proxy all comm however, for example if you have hypervisors in these remote sites, foreman talks to hypervisors directly (not via proxy). In that case you need a direct connection, but for most other things not (e.g. provisioning templates etc).
Thank you very much for your help and advice.