As with many IT shops, an on-going consideration is being discussed sharing a VMware ESX host with Internet and Intranet facing guests running Windows 2000 Web sites. What is the risk of having the same ESX host, serving up Internet facing content, while having other guests on the same host serving up Intranet type Web and applications services? What are the proposed methods in using VMware in a DMZ?

    Requires Free Membership to View

The risk for such a venture is proportionate to the amount of trust you place in VMware ESX's networking stack. If you place the Internet and Intranet hosts on a separate Virtual Switch (or port group) and turn off promiscuous mode, IP spoofing, and MAC spoofing, then you will have architected the most secure networking design possible with ESX. However, if you are wary of the goings-on of how VMware has implemented all of this under the covers, then an alternative design would be to segregate ESX servers not just by access to shared storage (the typical segregation decision), but also by role (Internet, Intranet). If you would like to know more please feel free to email me. Hope this helps!

This was first published in November 2007

There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: