[unisog] DMZ and Non DMZ using sharing VM infrastructure

Harris, Michael C. HarrisMC at health.missouri.edu
Wed Aug 5 13:13:36 GMT 2009

This question extends beyond just DMZ vs non-DMZ to other areas of differing data segregation or security zones such as PCI credit card data, HIPAA health data, or other personally identifiable or protected data.
     | Michael C. Harris,                                CISSP|
     | Principal Security Analyst & Clinical Instructor       |
     | University Of Missouri Health Care                     |
     | harrismc at health.missouri.edu                     KCØPAH|


From: unisog-bounces at lists.dshield.org [mailto:unisog-bounces at lists.dshield.org] On Behalf Of Paul Guarino
Sent: Tuesday, August 04, 2009 1:08 PM
To: unisog at lists.dshield.org
Subject: [unisog] DMZ and Non DMZ using sharing VM infrastructure


Wanted to get a feel for what others are doing with regards to the DMZ and Non-DMZ VMs


I am under the stance that DMZ and Non-DMZ host should not share the same vm hosts among other things, but at least;


Isolate ALL Storage Networks from DMZ VMs 

Separate LUNs

Use separate virtualization hosts for DMZ VMs  

Keep VMotion, SC, and storage networks out of the DMZ

Do not mix security zones on the same vSwitch


I am curious how others are handling the DMZ and non-DMZ VMs. Please let me know.





Paul Guarino

Suffolk University






This E-mail message is confidential, intended only for the recipient(s) named above and may contain information that is privileged, exempt from disclosure under applicable law. If you have received this message in error, or are not the named recipient(s), please immediately notify the sender by return email or by calling (617) 573-8523, and delete this message from your computer. Thank you.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.sans.org/pipermail/unisog/attachments/20090805/9959bddf/attachment.htm 

More information about the unisog mailing list