VMware Cloud Community
ipman
Contributor
Contributor
‎05-05-2008 01:36 PM

Is it more secure to have your Service Console inside the DMZ or out??

I was thinking of setting up my esx host dedicated to DMZ servers with the following configurations:

physical nic0 - Service Console internal network access

physical nic1- VM Network dmz network access

Could someone please let me know if there are some security risks I'm over looking? At no time do I plan on having an internal vm network on the same host as one with a dmz network.. so there is not chance a lazy admin could add both networks to 1 VM.

thanks

IPMAN

0 Kudos
3 Replies
weinstein5
Immortal
Immortal
‎05-05-2008 02:13 PM

no there are no security concerns you are overlooking - this would be the way I would set up my ESX server - the only way a 'lazy admin' could connect the vm to the secure network is by first adding a virtual machine port group to the same virtual switch as the service console port and then adding a seond NIC to a VM and connecting it to the new VM Port Group on the service console virtual switch -

If you find this or any other answer useful please consider awarding points by marking the answer correct or helpful
Texiwill
Leadership
Leadership
‎05-06-2008 04:32 AM

Hello,

Everything looks fine. The SC, vMotion, and Storage Networks should be connected to your internal network, a private network, and an isolated network, while your VMs live within the DMZ.

A VM can not be placed directly on the SC portgroup. However, one thing I would suggest is to use physical pNIC separation. 1 for SC and 1 for DMZ on two distinctly different vSwitches. I would also add more pNIC to increase redundancy on each Network (at least 2 more pNIC). VLANs can be used and are currently safe, but if you plan for them to not be safe you are a step a head of the hackers.


Best regards,

Edward L. Haletky

VMware Communities User Moderator

====

Author of the book 'VMWare ESX Server in the Enterprise: Planning and Securing Virtualization Servers', Copyright 2008 Pearson Education. As well as the Virtualization Wiki at http://www.astroarch.com/wiki/index.php/Virtualization

--
Edward L. Haletky
vExpert XIV: 2009-2023,
VMTN Community Moderator
vSphere Upgrade Saga: https://www.astroarch.com/blogs
GitHub Repo: https://github.com/Texiwill
ipman
Contributor
Contributor
‎05-06-2008 06:33 AM

Thanks for the advice guys!

0 Kudos