|
May 29
|
There has been a lot of discussion in the virtualization community about using virtualized DMZ’s. This is a great idea since you get all of the cost advantages of virtualization for systems in the protected DMZ. VMware has a great Best Practices paper that was written before the introduction of vSphere on this topic. Now that the VMsafe API’s have been released as a part of vSphere, the ability to move beyond best practices and significantly simplify the process of moving assets in and out of a DMZ area have become amazingly simple. Using our new vTrust technology within the VMC product, Reflex has used the concept of tags to ease the management of systems. Making tags a first class concept (vmTagging) in the management of an infrastructure can act as a demarcation point between virtualization administrators and security administrators as shown below.
Let’s say you are a virtualization administrator and you’ve gotten a request to put a system in the DMZ. You would simply right click on the virtual machine and choose the “DMZ” tag that was created by the security team. It doesn’t matter where the VM is located, what portgroup it is connected to, or what its IP addresses are, the security policy for the VM will be set correctly based on your change.
![captured_Image.png[11]](http://blog.reflexsystems.com/wp-content/uploads/2009/05/captured-image11.png)
![captured_Image.png[13]](http://blog.reflexsystems.com/wp-content/uploads/2009/05/captured-image13.png)