+ Post New Thread
Results 1 to 8 of 8
Thin Client and Virtual Machines Thread, Secure DMZ VM deployment using separate vSwitch in Technical; Hi All, I've setup my curent ESXi host with 2 pNIC for secure deployment of production VM like the attached ...
  1. #1

    Join Date
    May 2009
    Location
    Sydney
    Posts
    282
    Thank Post
    322
    Thanked 3 Times in 3 Posts
    Rep Power
    11

    Question Secure DMZ VM deployment using separate vSwitch

    Hi All,

    I've setup my curent ESXi host with 2 pNIC for secure deployment of production VM like the attached screenshot:

    The reason is to make it easier to backup through the management network (Gigabit Ethernet connected to my LAN switch) while the actual VM is connected into DMZ-Network separate vSwitch and then the uplink is connected directly to the router for access to the world.

    I wonder if this is the typical secure deployment that everyone else is using ?
    Any kind of comments would be greatly appreciated.

    Thanks.
    Attached Images Attached Images

  2. #2
    bio
    bio is offline
    bio's Avatar
    Join Date
    Apr 2008
    Location
    netherlands
    Posts
    520
    Thank Post
    16
    Thanked 130 Times in 102 Posts
    Rep Power
    38
    Well we are going to implement this as well. But in the security world this is not considered secure because you are connecting the outside world directly into your virtual environment. Buw we are a NON profit corporation so there is nothing to gain from our internal network. So we just take the risk

    bio..

  3. Thanks to bio from:

    albertwt (3rd March 2010)

  4. #3

    powdarrmonkey's Avatar
    Join Date
    Feb 2008
    Location
    Alcester, Warwickshire
    Posts
    4,859
    Thank Post
    412
    Thanked 777 Times in 650 Posts
    Rep Power
    182
    Quote Originally Posted by bio View Post
    Buw we are a NON profit corporation so there is nothing to gain from our internal network. So we just take the risk
    Nothing to gain?


  5. Thanks to powdarrmonkey from:

    albertwt (3rd March 2010)

  6. #4

    Join Date
    May 2009
    Location
    Sydney
    Posts
    282
    Thank Post
    322
    Thanked 3 Times in 3 Posts
    Rep Power
    11
    Quote Originally Posted by bio View Post
    Well we are going to implement this as well. But in the security world this is not considered secure because you are connecting the outside world directly into your virtual environment. Buw we are a NON profit corporation so there is nothing to gain from our internal network. So we just take the risk

    bio..
    yeah that does make sense mate !
    thanks.

  7. #5
    bio
    bio is offline
    bio's Avatar
    Join Date
    Apr 2008
    Location
    netherlands
    Posts
    520
    Thank Post
    16
    Thanked 130 Times in 102 Posts
    Rep Power
    38
    Quote Originally Posted by powdarrmonkey View Post
    Nothing to gain?

    Well the student grades are hosted on a seperatebox outside our network. So i don't think a real good hacker takes the time and effort to get into our network.

    bio..

  8. Thanks to bio from:

    albertwt (11th March 2010)

  9. #6

    powdarrmonkey's Avatar
    Join Date
    Feb 2008
    Location
    Alcester, Warwickshire
    Posts
    4,859
    Thank Post
    412
    Thanked 777 Times in 650 Posts
    Rep Power
    182
    Quote Originally Posted by bio View Post
    Well the student grades are hosted on a seperatebox outside our network. So i don't think a real good hacker takes the time and effort to get into our network.

    bio..
    I don't care much for student grades, I'm more interested in what else you carelessly leave lying around... pay details perhaps? details of staff I can use to strengthen my impersonation of them?

  10. Thanks to powdarrmonkey from:

    albertwt (11th March 2010)

  11. #7


    Join Date
    Dec 2005
    Location
    In the server room, with the lead pipe.
    Posts
    4,656
    Thank Post
    276
    Thanked 780 Times in 607 Posts
    Rep Power
    224
    Quote Originally Posted by powdarrmonkey View Post
    I don't care much for student grades, I'm more interested in what else you carelessly leave lying around... pay details perhaps? details of staff I can use to strengthen my impersonation of them?
    Ok, but I've got dibs on their bandwidth for my drones.

    OP: Read this to get started - http://www.vmware.com/files/pdf/dmz_...e_infra_wp.pdf

    Done properly, there's no reason you can't have a virtual dmz.

  12. 3 Thanks to pete:

    albertwt (11th March 2010), bio (5th March 2010), shreevie (16th March 2010)

  13. #8

    Join Date
    May 2009
    Location
    Sydney
    Posts
    282
    Thank Post
    322
    Thanked 3 Times in 3 Posts
    Rep Power
    11
    Quote Originally Posted by pete View Post
    Ok, but I've got dibs on their bandwidth for my drones.

    OP: Read this to get started - http://www.vmware.com/files/pdf/dmz_...e_infra_wp.pdf

    Done properly, there's no reason you can't have a virtual dmz.
    thank you for the response sir, I really appreciate it.

    Cheers.

    AWT

SHARE:
+ Post New Thread

Similar Threads

  1. Esxi - Vswitch config help needed
    By pooley in forum Thin Client and Virtual Machines
    Replies: 15
    Last Post: 7th November 2011, 09:34 AM
  2. Replies: 6
    Last Post: 13th April 2009, 06:29 PM
  3. Proposal to RBC for DMZ
    By j17sparky in forum School ICT Policies
    Replies: 2
    Last Post: 21st May 2008, 04:16 PM
  4. Help needed creating a DMZ
    By pooley in forum Wireless Networks
    Replies: 12
    Last Post: 11th January 2006, 10:42 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •