Educause Security Discussion mailing list archives
VMWare Policy Enforcement
From: Karen Stopford <stopfordk () CT EDU>
Date: Wed, 29 Apr 2009 10:13:06 -0400
Like most of the world, we are going virtual in our data center and have taken the opportunity to rethink our VLAN strategy and integrate that with the concept of security zones in the vm world. The problem is, with the move to virtual switching you lose some separation of duties between server and network administrators and some abilities to monitor connections and enforce inter-host communication policies. We will be using vmotion as well. In the physical world, we can use firewalls and layer 2 switches to enforce security policies; in the virtual world, we don't have these capabilities out of the box. We are beginning to research options for enforcing network policy consistently across movement of vms. Cisco and Apani are two options. Is anyone out there using Apani or other products to enforce policy? We'd like to hear how successful (or not) that has been. Thanks, Karen C. Karen Stopford, CISSP Associate Executive Officer for I.T. Security CT State University System 39 Woodland Street Hartford, CT 06105 (860) 493-0116
Current thread:
- VMWare Policy Enforcement Karen Stopford (Apr 29)