Domain or no domain, that is the question.
hello there,
just trying write concept consolidate 32 physical servers 4 hyper-v hosts.
i guess start th dcs , migrate member servers 1 one (mostly w2k3 severs).
now question: kind of role should 4 hyper-v hosts have in network?
should create seperate domain them or should i isolate them security reasons.
i also have hp msa san fiber channel adaptors. can connect guest os (e.g. file server cluster) direct san?
any thoughts appreciated !
chris
sysadmin
just trying write concept consolidate 32 physical servers 4 hyper-v hosts.
i guess start th dcs , migrate member servers 1 one (mostly w2k3 severs).
now question: kind of role should 4 hyper-v hosts have in network?
should create seperate domain them or should i isolate them security reasons.
i also have hp msa san fiber channel adaptors. can connect guest os (e.g. file server cluster) direct san?
any thoughts appreciated !
chris
sysadmin
i'm not aware of specific microsoft recommendation. i'm inclined go separate hyper-v server dmz. if 1 physical hyper-v server used virtual machines, should have dedicated network adapters dmz virtual machines. wouldn't want network adapters shared machines in , out of dmz.
you've raised issue of dmz, i'd expound on concept generically. presence of dmz indicates @ least degree of concern security. sake of discussion, i'll postulate medical records or credit card data must secured hackers. have experience defending clients in security audits. have practical. when dealing audits, technology isn't thing consider. have deal perception. can argue , argue piece of technology provides isolation , security , can correct. if requires explanation, you're going lose. , if win argument, can pyrrhic victory because of time wasted defending position. when add cost of people's time, arguing technical point can exceed cost of getting physical server. you're going have easiest time defending configuration has 2 separate, physical machines. it's comedy - if have explain joke, it's not joke.
now consider case of credit card data being compromised , lawsuit alleging negligence being filed. not want try explain jury 1 physical machine connected both internet , internal network secure. jury able understand 2 physical machines being secure, 1 exposed internet, 1 not. although wasn't trial technology, have been witness in criminal trial , know cross examined.
you've raised issue of dmz, i'd expound on concept generically. presence of dmz indicates @ least degree of concern security. sake of discussion, i'll postulate medical records or credit card data must secured hackers. have experience defending clients in security audits. have practical. when dealing audits, technology isn't thing consider. have deal perception. can argue , argue piece of technology provides isolation , security , can correct. if requires explanation, you're going lose. , if win argument, can pyrrhic victory because of time wasted defending position. when add cost of people's time, arguing technical point can exceed cost of getting physical server. you're going have easiest time defending configuration has 2 separate, physical machines. it's comedy - if have explain joke, it's not joke.
now consider case of credit card data being compromised , lawsuit alleging negligence being filed. not want try explain jury 1 physical machine connected both internet , internal network secure. jury able understand 2 physical machines being secure, 1 exposed internet, 1 not. although wasn't trial technology, have been witness in criminal trial , know cross examined.
Windows Server > Hyper-V
Comments
Post a Comment