Re: [ovirt-users] ovirtmgmt network security
Sorry,
But you didn't understood well what i've said.
If your host has no ip addresses on that network, you're not encountering
any risk because you've no access to that network at layer 3.
Removing ovirtmgmt is not possibile, that network is mandatory.
Luca
Il 27 ott 2017 1:36 PM, "Istvan Buki" <buki.istvan(a)gmail.com> ha scritto:
Hello,
I totally agree on the First part: IP set only on the VM.
For the ovirtmgmt access, if I understand correctly, I have to choose
between sécurity and ease of management of my VM but I can not have both.
Istvan
Le 26 oct. 2017 6:41 PM, "Luca 'remix_tj' Lorenzetto" <
lorenzetto.luca(a)gmail.com> a écrit :
Hello,
On the dmz Network you don't need any address configured on the host.
You set ip address only on the vm. If the vm gets compromised, its access
is limited only to DMZ Network.
There is no way for the attacker to gain access to ovirtmgmt if vm is not
configured to use it.
Luca
Il 26 ott 2017 6:32 PM, "Istvan Buki" <buki.istvan(a)gmail.com> ha scritto:
Hello ovirt experts,
I'm totally new to ovirt and trying to learn as fast as I can.So, please
bear with me and my possibly stupid questions.
Sorry if my questions have been answered already, but please point me to
the place where I can find the answers.
I've setup ovirt 4.1.6 and created a first VM that I want to expose in a
DMZ.
I attached a dedicated NIC to the VM using passthrough which is connected
to the DMZ network. This is all working as expected.
Now,I'm wondering what to do about the ovirtmgmt interface. Obviously, in
case the security of the VM is compromised and someone get unautorized
access to it I do not want the attacker to have access to my internal
network through the ovirtmgmt interface.
The most secure solution would be to remove that ovirtmgmt interface but
then I loose management functionalities.
Can you suggest the possible solutions to protect the ovirtmgmt network
from unwanted access?
Thanks for your answers
Istvan
_______________________________________________
Users mailing list
Users(a)ovirt.org
http://lists.ovirt.org/mailman/listinfo/users
Attachments:
- attachment.html (text/html — 4.1 KB)