Hello, 

On the dmz Network you don't need any address configured on the host. 

You set ip address only on the vm. If the vm gets compromised, its access is limited only to DMZ Network.

 There is no way for the attacker to gain access to ovirtmgmt if vm is not configured to use it.

Luca

Il 26 ott 2017 6:32 PM, "Istvan Buki" <buki.istvan@gmail.com> ha scritto:
Hello ovirt experts,

I'm totally new to ovirt and trying to learn as fast as I can.So, please bear with me and my possibly stupid questions.
Sorry if my questions have been answered already, but please point me to the place where I can find the answers.

I've setup ovirt 4.1.6 and created a first VM that I want to expose in a DMZ.
I attached a dedicated NIC to the VM using passthrough which is connected to the DMZ network. This is all working as expected.

Now,I'm wondering what to do about the ovirtmgmt interface. Obviously, in case the security of the VM is compromised and someone get unautorized access to it I do not want the attacker to have access to my internal network through the ovirtmgmt interface.

The most secure solution would be to remove that ovirtmgmt interface but then I loose management functionalities.
Can you suggest the possible solutions to protect the ovirtmgmt network from unwanted access?

Thanks for your answers

Istvan



_______________________________________________
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users