Re: ESX Vmware Physically connected to different segments

Yes that makes sense :)

Actually we also do have different physical server for firewall/router/load balancer virtualization layer and different server for "internal". While we do not have dedicated servers for dmz/internal hosts, we will as we start gaining the customers who need it (currently we're about 50/50 internal vs external hosts, so as we grow we'll be looking to split those up as well. It's hard to do it "right" out of the box :)

David

Kurt Buff wrote:
Ah.

I misunderstood your business.

In a situation like this, I don't think you have a choice, though I
don't have enough experience in such a situation to comment
coherently.

I was envisioning the servers being at the client site, and that you
were using virtualization for hosts that were both in the DMZ and the
internal network(s), and that's what I was preaching against.

Kurt

On Jan 28, 2008 1:02 PM, David M. Zendzian <dmz@xxxxxxxx> wrote:
Just the fact that we mix customers in a virtual environment creates a
similar risk. We aren't able to offer a dedicated host for every
customer who wants a virtual environment, that would defeat the purpose
of virtualization.

Maybe I missed part of the earlier discussion, and I'm always ready to
look at other ways of approaching the problem. Other than dedicated
hosts for each customer, what would you suggest a basic design be to
provide what you are describing?

David


Kurt Buff wrote:
Sorry, hit send too quickly. More below:

On Jan 28, 2008 12:32 PM, David M. Zendzian <dmz@xxxxxxxx> wrote:
<snip>

The only way to be secure is to unplug, the rest of us have to work for
a living :)


There are other ways of hosting internet-exposed sites, and I believe
you are doing your customers a disservice by mixing domains in this
fashion, which (IMHO) exposes them to unnecessary risk.

Kurt





------------------------------------------------------------------------
This list is sponsored by: Cenzic

Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!

http://www.cenzic.com/downloads
------------------------------------------------------------------------

Relevant Pages

  • Re: [Winsock UDP] Why .Close to avoid Err 40020?
    ... port then the server,. ... chances are most of our ... customers use DHCP, with no static binding with hosts' MAC address, so ...
    (microsoft.public.vb.general.discussion)
  • [SLE] OT: Speaking of VMware.....
    ... EMC TO ACQUIRE VMware, ... ADVANCING CONVERGENCE OF SERVER AND ... STORAGE VIRTUALIZATION ...
    (SuSE)
  • Re: User licensing
    ... server, and then inside the Virtual Server create a couple of ... Without virtualization, you could simply buy 10 workstations, ... Citrix licensing is per concurrent session, ... This would allow an employee to log in to ...
    (microsoft.public.windows.terminal_services)
  • Re: Running SBS 2003 on a virtual server?
    ... I am hopeful there is a GUI with Hyper-V Server if I go that direction. ... Budget is an issue so going with Hyper-V Server has to be a consideration because it saves buying a copy of Server 2008 Standard, ... Finally, because I plan to go from SBS 2003 to SBS 2003 to start, does anyone know if Jeff's migration kit works all right migrating to a virtual SBS 2003? ... Frankly, I'm not about to mess with virtualization without the GUI to manage it, at this point. ...
    (microsoft.public.windows.server.sbs)
  • Re: Using Hyper-V with Windows Small Business Server 2008
    ... Virtual Server running or VMware. ... I use the virtual machines to host ... Only in the later case is the real Virtualization technology making the most ... you run the hardware as Windows Hyper-V Server and virtualise SBS. ...
    (microsoft.public.windows.server.sbs)