I am working on a project to provide IPS and FW protection in a virtual environment. Part of the configuration requires the virtual machines I want protected to be specifically defined by IP address. Is there anything unique to virtual environments where protecting via an IP address identifier won't work?
I have already considered these two cases: (1) I am handling DHCP by specifying the range of valid IPs, so that should handle that case; (2) A VMotion event actually maintains the IP address, so that shouldn't be an issue.
With the two cases above accounted for, anything else I should be aware of? Are there any other configurations or options where a VM will change its IP address, potentially leaving itself unprotected or falling under a stricter/looser protection policy? Any practical configurations in which an ESX Server could be host to multiple VMs with identical IP addresses (aside from mistakenly statically setting them the same). Maybe a VLAN configuration using the same subnet?"
Right now I don't have the luxury of being able to reference a VM by any other marker (such as VM name, ID, etc.).
Am I making sense here? Disclaimer: I am new to all of this and I'm by no means a virtualization expert nor a security expert.
Thanks to everyone for your help. Your comments are greatly appreciated.
A VM will not suddenly change its IP address unless the GUest OS does this with a DHCP lease renewal or there is code to do that within the guest. The virtual infrastructure does not affect IP address. DHCP lease renewals can happen at boot time as well such as when VMware HA kicks in, but again that is handled within the guest.
I use have been using IP for my firewall/ID for several years, nothing in my virtualization environment has adversely affected the working of any IDS/FW I have used.
Edward L. Haletky
VMware Communities User Moderator
Author of the book 'VMWare ESX Server in the Enterprise: Planning and Securing Virtualization Servers', Copyright 2008 Pearson Education.
SearchVMware Blog: http://itknowledgeexchange.techtarget.com/virtualization-pro/
Blue Gears Blogs - http://www.itworld.com/ and http://www.networkworld.com/community/haletky
As well as the Virtualization Wiki at http://www.astroarch.com/wiki/index.php/Virtualization
Unless someone gets up to no good the IP address should stay fixed but It's quite easy to change the "network" for a VM.
I've been shown examples where this has gone wrong, so I suggest you put in some process around change and configuration management for the VM settings.