Sign in with
Sign up | Sign in
Your question
Solved

What do you guys think?

Last response: in Networking
Share
February 11, 2011 7:00:20 PM

Let me know of any issues that might arise from me having 4 virtual machines on one machine, multiple VM's.

I want to try to add a VM router(NAT) and DHCP, VM Domain server, VM print server, and VM web server on one machine.

Do you guys think this will affect the security of the other connected machines? By the way the router will be Firewalled along with the other VM's.

More about : guys

February 12, 2011 2:48:14 AM

I can't see why it wouldn't work or would be a problem. The only way it would affect security is if you allowed untrusted users on the VM machines / or allowed access to it from the internet without taking proper precautions regarding firewalling / access control.
m
0
l
February 13, 2011 4:08:44 AM

Well I just want to make sure that if my web server gets hacked into that my other systems will not be compromised.
m
0
l
Related resources
February 21, 2011 2:09:25 AM

Anyone have any extra advice?
m
0
l
February 21, 2011 5:20:13 AM

accolite said:
Anyone have any extra advice?



All I can add is that's an awful lot of very important and breakable eggs you're proposing to put in one vulnerable basket.

m
0
l

Best solution

February 21, 2011 1:40:25 PM

VM's are great at creating a testing environment for a production environment that consists of several real separate machines. Using a VM instillation for production purposes is not generally recommended.

Where VM's can be very useful is to run multiple services / sites / companies off of one installed hardware server, where each customer wants full control over a 'machine.' Security devices should never be integrated with hosting services; I propose that network infrastructure for a production environment should not be either.

Again, for testing / proof of concept, VM away, but if your making money off it, don't trust it for very long.
Share
February 21, 2011 8:55:28 PM

Very good points brought up. I am going to have to rethink some of this.

Just want to clear up that this will be for my home network and that the website is just for hosting my images on.

This is one reason:
In the past I have noticed if I have one of my rigs running NAT and DHCP that my ping response times are lower compared to my router DGL-4300, when playing games. Is this due to the PC hardware being superior or is it a software/firmware thing?

Or is there a router out there that will perform better ping response time wise/ lag than my DGL-4300?

The other reason to do this is to consolidate all the separate hardware machines to one, so I can bring the electric bill down (It's going to run on a laptop).



EDIT: I'll start a new thread pertaining to the ping responses.
m
0
l
February 22, 2011 2:08:45 PM

Best answer selected by accolite.
m
0
l
February 24, 2011 3:36:23 AM

someone19 said:

Again, for testing / proof of concept, VM away, but if your making money off it, don't trust it for very long.


I'll agree to a limited extent, however you also have to realize some of the advantages that can be afforded by virtualization within a production environment, specifically:

1) The ability to dynamically scale capacity as needed, hardware upgrades tons easier too if you need to go that direction.

2) Perform upgrades in a "duplicate" or cloned environment, perform the update or upgrade, and then switch the entire upgraded VM for the production VM without taking down a production environment for hours during a "risky" software or server OS upgrade. This is especially helpful on machines that can't be effectively backed up in the traditional manor, especially where it would take days to rebuild them, and you need 24/7 up time.

3) Fault tolerance with the ability to quickly and easily move "virtual" severs from one physical box to the other in the event of physical hardware failure, including automatically with VMotion. This also can help out in a DR situation where you only need VM hypervisors on standby in your DR site, you just need to swing the VM images (and network routing of course) over to your DR site and you're back up and in production again in record time.

Sure, there is <some> risk by virtualizing, however properly planned, implemented, and using the correct tools, and hardware properly it can be done quite successfully and securely. Your environment, your needs, your SLA's, and size all play into the equation of what makes the most sense.
m
0
l
February 24, 2011 11:49:38 PM

@brian_tii:

I agree completely with your points entirely, but what I was more specifically suggesting was to the OP's point of having a firewall and other network services running as a VM on the same machine as the servers being protected. Good for testing, don't trust it for production. VM's have their place as you point out, but not for network infrastructure.

Just clarifying my position.
m
0
l
February 25, 2011 1:54:01 AM

Ahh gotcha, and I'd agree with you with a few possible (and not common) exceptions.
m
0
l
!