Security Basics mailing list archives
RE: MS Virtual Server- SW Development Scenario
From: "Rob McShinsky" <Rob () McShinsky com>
Date: Wed, 13 Jun 2007 12:54:32 -0400
Yes I think you should multi-home the host system in this case. One NIC will be used for the office LAN and the other will be used to access the outside network. With Virtual server installed on the developers desktop you will need to make sure that the NIC Properties are set properly to provide the correct host isolation of the 2 networks. One should have Client for Microsoft Networks, File and Print Sharing, and TCP/IP. The other should only have the Virtual Machine Network Service. The development environment could be either housed as a virtual guest through the external NIC and the internal NIC could be used for normal day to day office activities or vice versa. You could also consider the price difference between installing and maintaining all the different development environments on individual PCs with the cost of second NICs, memory and potentially CPU upgrades, versus installing a server with a virtual server solution on it where you could have all these environments at a location that is secured in a datacenter and more easily maintained and backed up. They will continue to used their current PC's for basic office tasks and remotely connect to their virtual guest servers through RDP, VNC, PCAnywhere, or VMRC(Microsoft). It will probably cost more, but would be less of a headache. Rob McShinsky http://virtuallyaware.spaces.live.com From: WALI [mailto:hkhasgiwale () gmail com] Sent: Wednesday, June 13, 2007 12:29 PM To: Rob () McShinsky com; 'Megan Kielman'; security-basics () securityfocus com Subject: MS Virtual Server- SW Development Scenario A related question to the ongoing thread of VMware. I have heard a lot about deploying Virtual Server for Software development and test environment rather than keeping 10 machines stacked under the developers tables. But there is a small glitch. Each of our developers has / need access to office LAN for checking out emails/browsing internet etc. Now, Compliance dictates that development/test environments should be isolated with developers having little/no access to production except that they can have read/execute permissions on the software that they developed. Virtual Sever 2005R2 allows me with two options: 1. Virtual machines in their own internal network, accessible only through Remote Control after I enter into the host machines. 2. Virtual machines connected to the outside network (physical NIC of the host machine) and available via Remote desktop from anywhere in the LAN. I don't want to assign two desktops to each developer. One for accessing his Development machines on Virtual Server, and the other to be able to access office emails/ browse internet etc. What is the right way? Can I multihome developers desktop?
Current thread:
- RE: MS Virtual Server- SW Development Scenario Rob McShinsky (Jun 13)