<div dir="auto">Hello, <div dir="auto"><br></div><div dir="auto">On the dmz Network you don't need any address configured on the host. </div><div dir="auto"><br></div><div dir="auto">You set ip address only on the vm. If the vm gets compromised, its access is limited only to DMZ Network.</div><div dir="auto"><br></div><div dir="auto"> There is no way for the attacker to gain access to ovirtmgmt if vm is not configured to use it.</div><div dir="auto"><br></div><div dir="auto">Luca</div></div><div class="gmail_extra"><br><div class="gmail_quote">Il 26 ott 2017 6:32 PM, "Istvan Buki" <<a href="mailto:buki.istvan@gmail.com">buki.istvan@gmail.com</a>> ha scritto:<br type="attribution"><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr"><div><div><div><div><div>Hello ovirt experts,<br><br></div>I'm totally new to ovirt and trying to learn as fast as I can.So, please bear with me and my possibly stupid questions.<br></div>Sorry if my questions have been answered already, but please point me to the place where I can find the answers.<br><br></div>I've setup ovirt 4.1.6 and created a first VM that I want to expose in a DMZ.<br></div>I attached a dedicated NIC to the VM using passthrough which is connected to the DMZ network. This is all working as expected.</div><div><br></div><div>Now,I'm wondering what to do about the ovirtmgmt interface. Obviously, in case the security of the VM is compromised and someone get unautorized access to it I do not want the attacker to have access to my internal network through the ovirtmgmt interface.</div><div><br></div><div>The most secure solution would be to remove that ovirtmgmt interface but then I loose management functionalities.</div><div>Can you suggest the possible solutions to protect the ovirtmgmt network from unwanted access?</div><div><br></div><div>Thanks for your answers</div><div><br></div><div>Istvan<br></div><div><br><br></div></div>
<br>______________________________<wbr>_________________<br>
Users mailing list<br>
<a href="mailto:Users@ovirt.org">Users@ovirt.org</a><br>
<a href="http://lists.ovirt.org/mailman/listinfo/users" rel="noreferrer" target="_blank">http://lists.ovirt.org/<wbr>mailman/listinfo/users</a><br>
<br></blockquote></div></div>