Re: Securing VM servers

[John Ladwig <John.Ladwig () CSU MNSCU EDU>]

In our shop, we're staying in your Option 1 until, at least, such time
as we believe that hypervisors are giving the same level of inter-host
(-guest) access logging and access control as we get from our network
devices.  

We're not expecting to have VM systems straddling security compartments
anytime soon.

    -jml

> > > Michael Jewett <mgj () UNB CA> 2008-05-29 09:16 >>>
Hi,

We're having a debate right now over securing our VMware clusters.  We

currently have a couple of DMZs (Public/Private).  The DMZ policies 
state no multi-homed servers for obvious reasons, so we are not
allowing 
servers to be members of both.  Now we are aggressively looking into VM

clusters.

1) Part of me is saying one VM cluster per DMZ to have a good
separation 
of our Public and Private servers.

2) And the part of me is saying one cluster with each host being 
multi-homed and using virtual switches in VMWare to sort out which
guest 
is a member of which DMZ.  This allows a bigger cluster for higher 
availability and we'd see greater savings.

Using the theory that we need N+1 for availability, that would mean 1)

would require a minimum of 2 servers per DMZ or 4 servers and 2) would

require only 3 servers... If all things remain equal.

I'm over simplifying the number of servers, but just giving it as an 
example.

What are other people doing about this?  One large Multi-homed cluster

or multiple smaller single-homed cluster?  How secure is virtual 
switching in VMware?

Any thought or suggestions would be greatly appreciated.

Thanks in advance!

Michael

-- 
    Michael Jewett
    University of New Brunswick, Fredericton, NB
    mgj () unb ca       (506) 447-3022       (506) 453-3590 (FAX)

    ITS@UNB - Services, Solutions, Strategies
    ITS is a scent-reduced workplace – www.unbf.ca/its/policies