[c-nsp] Virtualized services for Internal and Internet / DMZ

Enno Rey erey at ernw.de
Sat May 28 10:13:12 EDT 2011 

Hi,

security-wise in the end of the day it all depends if you trust the solution (or vendor) to provide sufficient isolation or not.
[there might be other factors coming into the picture like some CxO singing the "significant cost savings tune" or so).

Given their horrible history as for security bugs (think Cloudburst) many people including me don't think VMware ESX/vSphere is suited for this. I've blogged about this at some occasions:

http://www.insinuator.net/2009/12/some-reflections-on-virtualization-security-part-1/ ,
http://www.insinuator.net/2010/11/trust-control-in-the-age-of-virtualization-and-the-cloud/

have a great weekend

Enno


On Sat, May 28, 2011 at 09:11:16AM -0400, Chris Evans wrote:
> We stay away from it.  Physical security is the best security.
> 
> All depends if you are willing to accept the risk it now.
> On May 28, 2011 8:30 AM, "chris stand" <cstand141 at gmail.com> wrote:
> > Is anyone using shared VMware or HyperV environments for your Internal and
> > also External facing services on the same boxes ?
> >
> > Good idea ? Bad idea ? Vendor recommendations.
> >
> > Looking for others experiences in trying this as well.
> >
> > thank you,
> > Chris
> > _______________________________________________
> > cisco-nsp mailing list cisco-nsp at puck.nether.net
> > https://puck.nether.net/mailman/listinfo/cisco-nsp
> > archive at http://puck.nether.net/pipermail/cisco-nsp/
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/

-- 
Enno Rey

ERNW GmbH - Breslauer Str. 28 - 69124 Heidelberg - www.ernw.de
Tel. +49 6221 480390 - Fax 6221 419008 - Cell +49 174 3082474
PGP FP 055F B3F3 FE9D 71DD C0D5  444E C611 033E 3296 1CC1

Handelsregister Mannheim: HRB 337135
Geschaeftsfuehrer: Enno Rey

=======================================================
Blog: www.insinuator.net || Conference: www.troopers.de
=======================================================

More information about the cisco-nsp mailing list