Re: ESX Vmware Physically connected to different segments
- From: "David M. Zendzian" <dmz@xxxxxxxx>
- Date: Mon, 28 Jan 2008 16:10:38 -0500
Yes that makes sense :)
Actually we also do have different physical server for firewall/router/load balancer virtualization layer and different server for "internal". While we do not have dedicated servers for dmz/internal hosts, we will as we start gaining the customers who need it (currently we're about 50/50 internal vs external hosts, so as we grow we'll be looking to split those up as well. It's hard to do it "right" out of the box :)
David
Kurt Buff wrote:
Ah.
I misunderstood your business.
In a situation like this, I don't think you have a choice, though I
don't have enough experience in such a situation to comment
coherently.
I was envisioning the servers being at the client site, and that you
were using virtualization for hosts that were both in the DMZ and the
internal network(s), and that's what I was preaching against.
Kurt
On Jan 28, 2008 1:02 PM, David M. Zendzian <dmz@xxxxxxxx> wrote:
Just the fact that we mix customers in a virtual environment creates a
similar risk. We aren't able to offer a dedicated host for every
customer who wants a virtual environment, that would defeat the purpose
of virtualization.
Maybe I missed part of the earlier discussion, and I'm always ready to
look at other ways of approaching the problem. Other than dedicated
hosts for each customer, what would you suggest a basic design be to
provide what you are describing?
David
Kurt Buff wrote:
Sorry, hit send too quickly. More below:
On Jan 28, 2008 12:32 PM, David M. Zendzian <dmz@xxxxxxxx> wrote:
<snip>
The only way to be secure is to unplug, the rest of us have to work forThere are other ways of hosting internet-exposed sites, and I believe
a living :)
you are doing your customers a disservice by mixing domains in this
fashion, which (IMHO) exposes them to unnecessary risk.
Kurt
------------------------------------------------------------------------
This list is sponsored by: Cenzic
Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!
http://www.cenzic.com/downloads
------------------------------------------------------------------------
- References:
- ESX Vmware Physically connected to different segments
- From: Albert R. Campa
- Re: ESX Vmware Physically connected to different segments
- From: Kurt Buff
- RE: ESX Vmware Physically connected to different segments
- From: Loupe, Jeffrey J
- Re: ESX Vmware Physically connected to different segments
- From: Kurt Buff
- Re: ESX Vmware Physically connected to different segments
- From: David M. Zendzian
- Re: ESX Vmware Physically connected to different segments
- From: Kurt Buff
- Re: ESX Vmware Physically connected to different segments
- From: David M. Zendzian
- Re: ESX Vmware Physically connected to different segments
- From: Kurt Buff
- ESX Vmware Physically connected to different segments
- Prev by Date: Re: ESX Vmware Physically connected to different segments
- Next by Date: RE: ESX Vmware Physically connected to different segments
- Previous by thread: Re: ESX Vmware Physically connected to different segments
- Next by thread: Re: ESX Vmware Physically connected to different segments
- Index(es):
Relevant Pages
|
|
