RE: VMWARE/DMZ Question

Do the virtual machines only have a virtual nic on the dmz side of the
network or one on both the DMZ and the private network?

-----Original Message-----
From: Richard St John [mailto:Richard.StJohn@gbe.com] 
Sent: Thursday, July 21, 2005 1:39 PM
To: firewalls@securityfocus.com
Subject: VMWARE/DMZ Question

Hello List,

This is not necessarily a firewall question, but would like opinions.

One of our managers would like to take a server running VMWARE and connect
it to our DMZ and assigning specific OSs to the DMZ NIC. Not bad so far, 8
or 9 servers running through one NIC on our DMZ.

The hmmmm part of the problem is the servers he wants to use already have
another NIC on our internal server network and is running 2 or 3 servers.

So essentially he is asking to put the same server on our internal network
and our DMZ, using VMWARE which he assures me cannot be compromised in such
a way that the compromised OS can see the NIC card it is not assigned to
see. The installed OS for each VMWARE section can only see what it is
assigned to see and cannot see the rest of the
machine(s) and hardware.

Having not worked with VMWARE as much as I would like to, can someone see
any issues with this, confirm it works securely, or confirms it fails
miserably.

I am leery about it because I have one machine on two networks that
essentially traverse the firewall. Is VMWARE secure enough to do this?

Thought, comments, suggestions

Richard St. John