Re: ESX Vmware Physically connected to different segments



Yes that makes sense :)

Actually we also do have different physical server for firewall/router/load balancer virtualization layer and different server for "internal". While we do not have dedicated servers for dmz/internal hosts, we will as we start gaining the customers who need it (currently we're about 50/50 internal vs external hosts, so as we grow we'll be looking to split those up as well. It's hard to do it "right" out of the box :)

David

Kurt Buff wrote:
Ah.

I misunderstood your business.

In a situation like this, I don't think you have a choice, though I
don't have enough experience in such a situation to comment
coherently.

I was envisioning the servers being at the client site, and that you
were using virtualization for hosts that were both in the DMZ and the
internal network(s), and that's what I was preaching against.

Kurt

On Jan 28, 2008 1:02 PM, David M. Zendzian <dmz@xxxxxxxx> wrote:
Just the fact that we mix customers in a virtual environment creates a
similar risk. We aren't able to offer a dedicated host for every
customer who wants a virtual environment, that would defeat the purpose
of virtualization.

Maybe I missed part of the earlier discussion, and I'm always ready to
look at other ways of approaching the problem. Other than dedicated
hosts for each customer, what would you suggest a basic design be to
provide what you are describing?

David


Kurt Buff wrote:
Sorry, hit send too quickly. More below:

On Jan 28, 2008 12:32 PM, David M. Zendzian <dmz@xxxxxxxx> wrote:
<snip>

The only way to be secure is to unplug, the rest of us have to work for
a living :)


There are other ways of hosting internet-exposed sites, and I believe
you are doing your customers a disservice by mixing domains in this
fashion, which (IMHO) exposes them to unnecessary risk.

Kurt





------------------------------------------------------------------------
This list is sponsored by: Cenzic

Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!

http://www.cenzic.com/downloads
------------------------------------------------------------------------



Relevant Pages

  • Re: [Winsock UDP] Why .Close to avoid Err 40020?
    ... port then the server,. ... chances are most of our ... customers use DHCP, with no static binding with hosts' MAC address, so ...
    (microsoft.public.vb.general.discussion)
  • [SLE] OT: Speaking of VMware.....
    ... EMC TO ACQUIRE VMware, ... ADVANCING CONVERGENCE OF SERVER AND ... STORAGE VIRTUALIZATION ...
    (SuSE)
  • Re: User licensing
    ... server, and then inside the Virtual Server create a couple of ... Without virtualization, you could simply buy 10 workstations, ... Citrix licensing is per concurrent session, ... This would allow an employee to log in to ...
    (microsoft.public.windows.terminal_services)
  • Re: User licensing
    ... you can run Virtual Server on a Windows 2003 ... Without virtualization, you could simply buy 10 workstations, ... Citrix licensing is per concurrent session, ... This would allow an employee to log in to ...
    (microsoft.public.windows.terminal_services)
  • Re: Testing Platforms
    ... I get the concept of a VM residing on a server, ... Now create a guest, which is just a matter of allocating about ... one final note on virtualization. ... management as part of a free initial consultation. ...
    (comp.databases.pick)