On Mar 3, 2013, at 4:05 AM, Nguyen Anh Tu <ng.t...@gmail.com> wrote:
> I'm interesting in integrate IDS/IPS to CloudStack, but didn't find any > effective solution. If you want to use the traditional NIDS, you'll can not > know what do VMs talk each other because this is virtual network. > Otherwise, if you use HIDS on VMs then I don't think it is suitable. This > even affects to performance. Another way is that you use IDS/IPS on Virtual > Router. It's OK but you know that Virtual Router now has to take too many > functions. How about IDS/IPS on Hypervisors? How you think? You could put an IDS/IPS on each hypervisors but I don't think that will fall under the control of cloudstack as it would be a baremetal config. If the virtual route is not "strong" enough you could potentially have another "system VMs" that only contains the IDS/IPS. > > --- > > Nguyen Anh Tu > > Cloud Computing Core Dept. > > Viettel R&D Institute, Vietnam
