Jump to content

Virtualization and DMZ help


shonen
 Share

Recommended Posts

Hey Hak5 community,

I was recently handed an assignment to design a network for a company and was considering using a virtualization solution much like the one Matt discussed in season 5 episodes 11 for handling all the server operating systems and services required for end users.

The company for this assignment needs a couple of publically accessible services such as a web, mail etc and from my understanding these should be placed in a demilitarized zone. I was curious as to if it this is ok (secure/best practice) to run these publically available services off say a Windows 2003 virtual machine configured specifically for IIS, which is situated on the data store alongside the private server VM's running Active Directory etc. I am assuming that if I was to do this I would have to dedicate a physical network card for the virtual IIS enabled machine and allocate a different TCP/IP address to establish the demilitarized zone.

To honest I know very little about Virtualization architecture and best practices so my assumption maybe completely wrong. I did do some lurking on google but failed at finding anything that can answer my question for the above. I would greatly appreciate any discussion on the subject or linkage that can point me in the right direction.

Thanks in advance.

Link to comment
Share on other sites

Physically seperation is the best idea, so I would look at using a separate server for your DMZ stuff. You simply place the management NIC on a separate network from your VM networks nic. If you have to use the same hardware then you will need separate NIC's and a dedicated datastore.

Link to comment
Share on other sites

Ah I figured physical separation may have been the best idea, thanks a bundle for clearing that up for me Vako. Looks like its Visio time. XD

If you trust VLANs then physical separation isn't needed, just virtual. Some people don't trust vlans, not sure why, but I can respect that. Also the benefit here is more NIC ports for all your connections, instead of 2 for this one and 2 for that one, you get 4 for this one.

Link to comment
Share on other sites

If you trust VLANs then physical separation isn't needed, just virtual. Some people don't trust vlans, not sure why, but I can respect that. Also the benefit here is more NIC ports for all your connections, instead of 2 for this one and 2 for that one, you get 4 for this one.

Its covering you ass really, and if its a server that random people on the web can touch I'd much rather have red/green physical seperation as no matter how good the hacker, they won't be able to do jack if there isn't a link between the systems.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...