Educause Security Discussion mailing list archives
Re: Securing VM servers
From: John Ladwig <John.Ladwig () CSU MNSCU EDU>
Date: Thu, 29 May 2008 16:21:50 -0500
In our shop, we're staying in your Option 1 until, at least, such time as we believe that hypervisors are giving the same level of inter-host (-guest) access logging and access control as we get from our network devices. We're not expecting to have VM systems straddling security compartments anytime soon. -jml
Michael Jewett <mgj () UNB CA> 2008-05-29 09:16 >>>
Hi, We're having a debate right now over securing our VMware clusters. We currently have a couple of DMZs (Public/Private). The DMZ policies state no multi-homed servers for obvious reasons, so we are not allowing servers to be members of both. Now we are aggressively looking into VM clusters. 1) Part of me is saying one VM cluster per DMZ to have a good separation of our Public and Private servers. 2) And the part of me is saying one cluster with each host being multi-homed and using virtual switches in VMWare to sort out which guest is a member of which DMZ. This allows a bigger cluster for higher availability and we'd see greater savings. Using the theory that we need N+1 for availability, that would mean 1) would require a minimum of 2 servers per DMZ or 4 servers and 2) would require only 3 servers... If all things remain equal. I'm over simplifying the number of servers, but just giving it as an example. What are other people doing about this? One large Multi-homed cluster or multiple smaller single-homed cluster? How secure is virtual switching in VMware? Any thought or suggestions would be greatly appreciated. Thanks in advance! Michael -- Michael Jewett University of New Brunswick, Fredericton, NB mgj () unb ca (506) 447-3022 (506) 453-3590 (FAX) ITS@UNB - Services, Solutions, Strategies ITS is a scent-reduced workplace – www.unbf.ca/its/policies
Current thread:
- Securing VM servers Michael Jewett (May 29)
- <Possible follow-ups>
- Re: Securing VM servers HALL, NATHANIEL D. (May 29)
- Re: Securing VM servers Jenkins, Matthew (May 29)
- Re: Securing VM servers Jeff Wolfe (May 29)
- Re: Securing VM servers Mike Lococo (May 29)
- Re: Securing VM servers Paul Keser (May 29)
- Re: Securing VM servers Alex (May 29)
- Re: Securing VM servers John Ladwig (May 29)
- Re: Securing VM servers John Hoffoss (Jun 06)