Question

Locked

security

By samitoronto ·
I have an ESXI 5 server running multiple server. The ESXI server is behind the firewall. It has 2 network cards. Is there a safe way to run an external FTP server as a virtual server inside that ESXI server. The objective is to have the FTP server outside the firewall and no access to the network.

This conversation is currently closed to new comments.

2 total posts (Page 1 of 1)  
| Thread display: Collapse - | Expand +

All Answers

Collapse -

The safest thing to do is create a separate VLAN (DMZ) within VMware

by robo_dev In reply to security

Of course, technically, 'outside the firewall' simply means that you have a firewall rule that opens one port for FTP and a NAT forwarding rule to the internal IP address of the server. Logically you create a separate firewalled-off network (DMZ) depending on exactly where you need data to go, and for other purposes (e.g. backup, administration, etc).

Within VMware a private vSwitch provides network isolation and establishes a DMZ, and assuming you need to move data from the FTP server, configure a virtual firewall such as Smoothwall so that there is tight control over what goes in and out of the DMZ. Use a dedicated vSwitch for DMZ with separate NICs.

I have an ESX server that has internal and DMZ VMs on them; it's no different than any other device...just harden the box, don't expose any ports, keep it patched, etc.

Is this secure enough?

Some companies create all virtual Internet-facing infrastructure, some put the DMZ stuff on it's own ESX server, and others create their DMZ systems as physical boxes.

VMware is just a server, and like any server, there are hardening guidelines (as there are for FTP servers, of course). I have not (knock wood) seen any exploits or attacks against VMware that would apply in this case.

The ONLY potential issue I can think of is that a DDOS attack might create performance issues dues to processor utilization. There are no known exploits to compromise internal VMs, or the Service Console, from a VM in the DMZ network even if they got root on that system.

Collapse -

performance issues dues to processor utilization

by samitoronto In reply to security

performance issues dues to processor utilization, Good thinking I never thought about that one an I am not sure there is a way to limit the processor allocations to each VMs as we do with the RAM.

Back to Networks Forum
2 total posts (Page 1 of 1)  

Related Discussions

Related Forums