[ previous ] [ next ] [ threads ]
 
 From:  "Ulrik Lunddahl (PROconsult)" <ul at proconsult dot dk>
 To:  <m0n0wall at lists dot m0n0 dot ch>
 Subject:  SV: [m0n0wall] Why should one not use Monowall for production systems on a VM Platform
 Date:  Wed, 10 Sep 2008 10:49:43 +0200
I have a customer that are about to buy a WMware setup to replace his Microsoft education setup that
are now running on physical boxes.

Every student would need to have the same network environment for their sandbox with MS servers and
XP, Vista Computers, all virtual.

I have planned to run a proof of concept using a series of m0n0wall VM's with a simple WAN, LAN, NAT
setup, that way every student can have the same internal addresses, but a different external
address.

I will report here if and when the project has been evaluated.

A side effect would be that every student get to see how great m0n0wall is for many purposes.


Med venlig hilsen, Best regards
Ulrik Lunddahl

Sales Manager - Salgschef

Tel: +45 63113333 - Tel dir: +45 63113341 - Mobil: +45 26363341 - Fax: +45 63113344
E-mail: ul at proconsult dot dk - Web site: www.proconsult.dk


VSP - Server Consolidation and Containment
VTSP - VMware Infrastructure Virtualization




-----Oprindelig meddelelse-----
Fra: Chris Buechler [mailto:cbuechler at gmail dot com] 
Sendt: 9. september 2008 23:47
Cc: m0n0wall at lists dot m0n0 dot ch
Emne: Re: [m0n0wall] Why should one not use Monowall for production systems on a VM Platform

On Tue, Sep 9, 2008 at 12:48 PM, Jeff Rhys-Jones
<jeff at acc dash international dot co dot uk> wrote:
> I have taken a good look at Monowall and think it's a great bit of coding.
> Monowall has a very small OS footprint, and is therefore idea to run in
> virtual environments.
>
> Initially I was very excited about the VMWare version of Monowall, as I can
> see a clear need for people to use Firewall VM appliances. It's a hot topic
> right now.
>
> However, on reading the manual - it could not be spelt out clearer, the
> message is this: DO NOT USE IT FOR PRODUCTION!
>
> What I would really like to know is - why?
>

That's a little strongly worded (I wrote it), I'll have to expand that
section with further clarification. The primary reason for the strong
wording is so people don't do stupid things, like use VMware
Workstation or Player on their PC as a production firewall. That
leaves you open to configuration mistakes leaving your PC wide open on
the Internet.

With ESX it's much less of a concern, though that depends on the
environment. In high security environments I would never recommend
mixing VMs or networks of differing trust levels on the same server,
whether ESX or any other hypervisor. Given the very good security
track record of ESX, I wouldn't hesitate to run even your perimeter
Internet firewall in ESX in many environments.

-Chris

---------------------------------------------------------------------
To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch