Hi,
a customer of mine have purchased the enterprise plus of vSphere, however, his production / dev / DMZ
are already isolated by an hardware firewall..is there any logic in implementing vShield Zones?
Thanks
Itzik
vShield can work in "allow all" mode to collect statistics.
---
MCSA, MCTS, VCP, VMware vExpert '2009
Hello,
vShield Zones and a zone to zone firewall and generally cannot be used as an edge firewall, granted this depends on your 'edge' and whether you need port redirection, NAT, etc. However, it can definitely be used to segment your virtual network and protect it outside the DMZ or even within it.
The key is that vshield zones provides a way to segment your network between two vSwitches (VLAN constructs) for zone to zone transfers of data.
FOr example I may use it to firewall off my 'management tools for the virtual environment' from the rest of my virtual machines and track access to them.
Zone to Zone use cases depend on how 'layered' you would like to get.
Best regards,
Edward L. Haletky VMware Communities User Moderator, VMware vExpert 2009
Now Available: 'VMware vSphere(TM) and Virtual Infrastructure Security'[/url]
Also available 'VMWare ESX Server in the Enterprise'[/url]
Blogging: The Virtualization Practice[/url]|Blue Gears[/url]|TechTarget[/url]|Network World[/url]
Podcast: Virtualization Security Round Table Podcast[/url]|Twitter: Texiwll[/url]