Firewall Wizards mailing list archives
Re: Semi-OT: blade servers, backplanes, and DMZs
From: George Capehart <capegeo () opengroup org>
Date: Sun, 8 Feb 2004 11:24:00 -0500
On Thursday 05 February 2004 11:51 pm, Phil Burg wrote:
Folks a somewhat off-topic question that I'd appreciate some insight into: A client has proposed implementing blade servers in a common enclosure on two different DMZs (obviously with two different security policies in place).
What do the security policies say? If they don't address the acceptability of implementing blade servers which are affected by different security policies in the same enclosure, they need to. The decision needs to be made by the owners of the risk . . .
My immediate response is no - the claim that nothing can possibly leak across a blade enclosure backplane sounds a lot like the old claims about VLANs being effective security devices - but the client sees an opportunity to save floor space in a data centre, and is pushing hard.
*My* response would be to go through a very quick and dirty Certification and Accreditation process, require that the customer address the (lack of) policy issue, and, then, whatever the response, get them to sign off on the residual risk . . . Then do whatever it is that they insist on knowing that they have formally and publicly accepted the risks associated with their decision. In other words, CYA. :-) My $0.02 Cheers, George Capehart -- George Capehart capegeo at opengroup dot org PGP Key ID: 0x63F0F642 available on most public key servers "It is always possible to agglutenate multiple separate problems into a single complex interdependent solution. In most cases this is a bad idea." -- RFC 1925 _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- Semi-OT: blade servers, backplanes, and DMZs Phil Burg (Feb 06)
- Re: Semi-OT: blade servers, backplanes, and DMZs Christopher Hicks (Feb 07)
- Re: Semi-OT: blade servers, backplanes, and DMZs George Capehart (Feb 08)
- Re: Semi-OT: blade servers, backplanes, and DMZs David Lang (Feb 09)