<div dir="auto"><div>Sorry,<div dir="auto"><br></div><div dir="auto">But you didn't understood well what i've said.</div><div dir="auto"><br></div><div dir="auto">If your host has no ip addresses on that network, you're not encountering any risk because you've no access to that network at layer 3.</div><div dir="auto"><br></div><div dir="auto">Removing ovirtmgmt is not possibile, that network is mandatory.</div><div dir="auto"><br></div><div dir="auto">Luca</div><br><div class="gmail_extra"><br><div class="gmail_quote">Il 27 ott 2017 1:36 PM, "Istvan Buki" <<a href="mailto:buki.istvan@gmail.com">buki.istvan@gmail.com</a>> ha scritto:<br type="attribution"><blockquote class="quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="auto"><div>Hello,</div><div dir="auto"><br></div><div dir="auto">I totally agree on the First part: IP set only on the VM. </div><div dir="auto"><br></div><div dir="auto">For the ovirtmgmt access, if I understand correctly, I have to choose between sécurity and ease of management of my VM but I can not have both. </div><font color="#888888"><div dir="auto"><br></div></font><div dir="auto"><font color="#888888">Istvan </font><div class="elided-text"><br><div class="gmail_extra" dir="auto"><br><div class="gmail_quote">Le 26 oct. 2017 6:41 PM, "Luca 'remix_tj' Lorenzetto" <<a href="mailto:lorenzetto.luca@gmail.com" target="_blank">lorenzetto.luca@gmail.com</a>> a écrit :<br type="attribution"><blockquote class="m_-5965256535540777093quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="auto">Hello, <div dir="auto"><br></div><div dir="auto">On the dmz Network you don't need any address configured on the host. </div><div dir="auto"><br></div><div dir="auto">You set ip address only on the vm. If the vm gets compromised, its access is limited only to DMZ Network.</div><div dir="auto"><br></div><div dir="auto"> There is no way for the attacker to gain access to ovirtmgmt if vm is not configured to use it.</div><div dir="auto"><br></div><div dir="auto">Luca</div></div><div class="gmail_extra"><br><div class="gmail_quote"><div class="m_-5965256535540777093elided-text">Il 26 ott 2017 6:32 PM, "Istvan Buki" <<a href="mailto:buki.istvan@gmail.com" target="_blank">buki.istvan@gmail.com</a>> ha scritto:<br type="attribution"></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div class="m_-5965256535540777093elided-text"><div dir="ltr"><div><div><div><div><div>Hello ovirt experts,<br><br></div>I'm totally new to ovirt and trying to learn as fast as I can.So, please bear with me and my possibly stupid questions.<br></div>Sorry if my questions have been answered already, but please point me to the place where I can find the answers.<br><br></div>I've setup ovirt 4.1.6 and created a first VM that I want to expose in a DMZ.<br></div>I attached a dedicated NIC to the VM using passthrough which is connected to the DMZ network. This is all working as expected.</div><div><br></div><div>Now,I'm wondering what to do about the ovirtmgmt interface. Obviously, in case the security of the VM is compromised and someone get unautorized access to it I do not want the attacker to have access to my internal network through the ovirtmgmt interface.</div><div><br></div><div>The most secure solution would be to remove that ovirtmgmt interface but then I loose management functionalities.</div><div>Can you suggest the possible solutions to protect the ovirtmgmt network from unwanted access?</div><div><br></div><div>Thanks for your answers</div><div><br></div><div>Istvan<br></div><div><br><br></div></div>
<br></div>______________________________<wbr>_________________<br>
Users mailing list<br>
<a href="mailto:Users@ovirt.org" target="_blank">Users@ovirt.org</a><br>
<a href="http://lists.ovirt.org/mailman/listinfo/users" rel="noreferrer" target="_blank">http://lists.ovirt.org/mailman<wbr>/listinfo/users</a><br>
<br></blockquote></div></div>
</blockquote></div><br></div></div></div></div>
</blockquote></div><br></div></div></div>