[ovirt-users] ovirtmgmt network security
Luca 'remix_tj' Lorenzetto
lorenzetto.luca at gmail.com
Thu Oct 26 16:41:35 UTC 2017
Hello,
On the dmz Network you don't need any address configured on the host.
You set ip address only on the vm. If the vm gets compromised, its access
is limited only to DMZ Network.
There is no way for the attacker to gain access to ovirtmgmt if vm is not
configured to use it.
Luca
Il 26 ott 2017 6:32 PM, "Istvan Buki" <buki.istvan at gmail.com> ha scritto:
> Hello ovirt experts,
>
> I'm totally new to ovirt and trying to learn as fast as I can.So, please
> bear with me and my possibly stupid questions.
> Sorry if my questions have been answered already, but please point me to
> the place where I can find the answers.
>
> I've setup ovirt 4.1.6 and created a first VM that I want to expose in a
> DMZ.
> I attached a dedicated NIC to the VM using passthrough which is connected
> to the DMZ network. This is all working as expected.
>
> Now,I'm wondering what to do about the ovirtmgmt interface. Obviously, in
> case the security of the VM is compromised and someone get unautorized
> access to it I do not want the attacker to have access to my internal
> network through the ovirtmgmt interface.
>
> The most secure solution would be to remove that ovirtmgmt interface but
> then I loose management functionalities.
> Can you suggest the possible solutions to protect the ovirtmgmt network
> from unwanted access?
>
> Thanks for your answers
>
> Istvan
>
>
>
> _______________________________________________
> Users mailing list
> Users at ovirt.org
> http://lists.ovirt.org/mailman/listinfo/users
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ovirt.org/pipermail/users/attachments/20171026/0919e670/attachment.html>
More information about the Users
mailing list