Re: ESX Vmware Physically connected to different segments

David M. Zendzian wrote:
> Just the fact that we mix customers in a virtual environment creates a
> similar risk. We aren't able to offer a dedicated host for every
> customer who wants a virtual environment, that would defeat the purpose
> of virtualization.
>
> Maybe I missed part of the earlier discussion, and I'm always ready to
> look at other ways of approaching the problem. Other than dedicated
> hosts for each customer, what would you suggest a basic design be to
> provide what you are describing?

That's fine (well, its not fine, but its understandable; customers know
what they are buying, and it isn't a dedicated machine for themselves in
its own VLAN; if they want that, they can pay you more and GET that)

   As long as you assume that machines on the shared ESX server are no
more or less secure than accounts on the *same* server separated by use
of chroot, then you can give a customer (Or potential customer) a
realistic estimate of the security he is buying. He isn't getting the
same level of security he would get from a dedicated machine, but he
isn't PAYING for that, so he has to live with what the product he buys
provides. As long as everyone knows that up front, I don't see how they
have grounds for complaint.


------------------------------------------------------------------------
This list is sponsored by: Cenzic

Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!

http://www.cenzic.com/downloads
------------------------------------------------------------------------