[unisog] DMZ and Non DMZ using sharing VM infrastructure

Stefan netfortius at gmail.com
Wed Aug 5 21:08:17 GMT 2009


With virtualization extended into the network and storage layers,
there are ways to secure while providing the flexibility VMotion-like
processes require. Google for: nexus 1000v, nexus 7000, vdc, service
solutions sandwiched between virtual aggregation domains, vrf, etc. We
live in a world of having to accommodate active-active DCs across
layer 2 boundaries ... hardware/specific host bound solutions are
dying.

On 8/5/09, Michael Holstein <michael.holstein at csuohio.edu> wrote:
>
>> I am curious how others are handling the DMZ and non-DMZ VMs. Please
>> let me know.
>>
>
> Not allowed. Period.
>
> Here's just one example of why :
>
> http://isc.sans.org/diary.html?storyid=6190
> http://www.immunityinc.com/documentation/cloudburst-vista.html
>
> We also apply the same "rule" to situations like Blade Centers .. you
> don't get the DMZ vlans in the trunk to the chassis.
>
> Cheers,
>
> Michael Holstein
> Cleveland State University
> _______________________________________________
> unisog mailing list
> unisog at lists.dshield.org
> https://lists.sans.org/mailman/listinfo/unisog
>

-- 
Sent from my mobile device

***Stefan Mititelu
http://twitter.com/netfortius
http://www.linkedin.com/in/netfortius


More information about the unisog mailing list