VMware Cloud Community
edawg
Enthusiast
Enthusiast

DMZ Question

Hello-

I am going to be spinning up a two host esxi 4.1 cluster in our DMZ utilizing a small iSCSI SAN and had a few "real world" questions.  I have looked around the white papers and studied up a bit on the topic but was hoping I could get a feel for what people are actually implementing?  Are people using the Nexus 1000v to help lock down their environment or are there other better/cheaper/out of box options out there?

Appreciate your responses...


Erik

Reply
0 Kudos
3 Replies
Dave_Mishchenko
Immortal
Immortal

The 1000v requires Enterprise Plus licensing so it's not always an option to use with customers.  What sort of DMZ needs do you have?  If you need to isolate VMs and you're running Advanced licensing then you might find vShield Zones helpful.  In most cases a VM or physical firewall is sufficient for a DMZ and the vSwitch can be  connected to an isolated switch or segmented from other traffic with a VLAN.

Reply
0 Kudos
idle-jam
Immortal
Immortal

have a look at vshield products, it it's able to create secured zones .. http://www.vmware.com/products/vshield/overview.html

Reply
0 Kudos
bulletprooffool
Champion
Champion

It depends how you mean 'secure'

you can of course manage access to VMs etc using normal Firewalls and so on.

Have a look at the Whitepaper form VMWare on the 3 different DMZ models.

My preference is to actually have management / storage etc on the inside of the network and only present the NICs used for VM access into the DMZ.

I then simply let networks take care of Firewalls etc as they do for all of our physical Servers in the DMZ.

http://www.vmware.com/files/pdf/dmz_virtualization_vmware_infra_wp.pdf

One day I will virtualise myself . . .
Reply
0 Kudos