On Mar 5, 2013, at 11:35 AM, Nguyen Anh Tu <ng.t...@gmail.com> wrote:
> Hi Mice, > > As your ElasterShield solution, I see that one hypervisor node has one > ESVA, which acts like Virtual Router. ESVA has one nic connects to Guest > network, one nic connects to Management network. I wonder that how ESVA > listens all network package? It has to talk with hypervisor, isn't it? Or > something likes the "port mirroring" feature on Switch? > > @Mice @Sebastien: One more question, do you know how to deploy one more > SystemVM on CloudStack? Config files for system VMs has to appear somewhere > in source code I actually don't. A quick work around is to create a new template, and start an instance with that template in your guest network. > > 2013/3/5 Mice Xia <mice_...@tcloudcomputing.com> > >> If you want to use the traditional NIDS, you'll can not know what do VMs >> talk each other because this is virtual network. >> [mice] yes, the drawback of traditional NIDS (deployed in the gateway of >> an enterprise/datacenter) is that it's difficult to provide fine-grained >> protection. Without more appliances, traffics inside the datacenter go >> un-protected. >> >> if you use HIDS on VMs then I don't think it is suitable >> [mice] for an enterprise IT guys can enforce HIDS installed and enabled on >> each VM; but for a public cloud, agentless solution is more preferred. >> >> Another way is that you use IDS/IPS on Virtual Router >> [mice] VR is an option, but considering the complexity of network topology >> inside an enterprise or datacenter, what if users adopt shared network (or >> hybrid network), in this case VR does not work in online mode and traffic >> prevention is impossible. >> >> How about IDS/IPS on Hypervisors >> [mice] almost all hypervisors have some mechanisms to implement IDS/IPS >> (even anti-malware) for VMs, it's agentless and provide fine-grained >> protection for each VM, and that's the solution we are integrating with >> cloudstack now >> >> Regards. >> Mice >> >> -----Original Message----- >> From: Nguyen Anh Tu [mailto:ng.t...@gmail.com] >> Sent: Sunday, March 03, 2013 5:05 PM >> To: cloudstack-dev@incubator.apache.org >> Subject: About intergrating IDS/IPS to CloudStack >> >> I'm interesting in integrate IDS/IPS to CloudStack, but didn't find any >> effective solution. If you want to use the traditional NIDS, you'll can not >> know what do VMs talk each other because this is virtual network. >> Otherwise, if you use HIDS on VMs then I don't think it is suitable. This >> even affects to performance. Another way is that you use IDS/IPS on Virtual >> Router. It's OK but you know that Virtual Router now has to take too many >> functions. How about IDS/IPS on Hypervisors? How you think? >> >> --- >> >> Nguyen Anh Tu >> >> Cloud Computing Core Dept. >> >> Viettel R&D Institute, Vietnam >> > > > > -- > > N.g.U.y.e.N.A.n.H.t.U
