Page MenuHomePhabricator

Phacility Cluster Bastion
Updated 2,114 Days AgoPublic

This document describes bastion hosts, which serve as gatekeepers for operational access to the Phacility Cluster.

Here and elsewhere, "operational access" refers to deploying, administrating, and managing hosts, services, and data in the cluster.


The Phacility cluster runs in a VPC. Most devices in the cluster do not have external interfaces, and operational access to the VPC (for example, deploying and upgrading hosts) occurs through a bastion host. The bastion serves as an SSH proxy that authorizes users to act within the cluster. This is a common way to configure access to a private network, see Bastion Host on Wikipedia.

Using a bastion helps protect the cluster from external threats: inbound operational traffic is limited to a single tightly-controlled gateway.

Using a bastion also helps protect the cluster from internal threats, like a compromised employee account or rogue staff member. The bastion identifies and authorizes the connecting user, but also authorizes the commands they are executing. Operations staff can be given limited access to the cluster or selective access to specific instances.

Using the Bastion

Some light operational work can be performed from the instance administration UI on

Most operational work occurs via the bastion proper, via the CLI Tools.

Last Author
Last Edited
Feb 17 2015, 3:08 PM