I was thinking of writing about these things a while ago. Will see if this takes to anywhere.
Well, TBH I don't have much to say now... "We apologize for the inconvenience."
Maybe just one note. I was reading Duncan's post about vShield Manager. My 5 cents:
- vShield Zones is basically a set of linux VMs with iptables AFAIK. It's not a bad idea to run a VM as a firewall on every ESX You have, but I think it's got a bit overhead. I would prefer (yet!) segmenting my network zones into VMware clusters with 1 physical firewall appliance (ASA, Checkpoint) between them. I will peek into some details sometime in the future, it's on my list.
- Better watch out for the version of documentation You read. Not just for VSZ of course. Particularly, vsz_10_admin.pdf got at least 2 versions I know of: EN-000167-01 & some older one (00?). The ancient one did not have the "Securing CLI User Accounts" part (pg. 63), which is an essential step, speaking about a security product.
- This new part has a KB now: http://kb.vmware.com/kb/1012479
No comments:
Post a Comment