Great!!! That's exactly what I'm looking for. Many thank, Sebastien :-) 2013/3/4 Sebastien Goasguen <run...@gmail.com>
> > On Mar 4, 2013, at 8:17 AM, Nguyen Anh Tu <ng.t...@gmail.com> wrote: > > > Thanks Sebastien !!! Great idea with setting up one more SystemVM, but I > > don't know how to do this. Please show me if you don't mind :D > > > > Mice Xia may be able to comment better than I can: > http://www.slideshare.net/mice_xia/integration-3rd-party-security-solution > > > > > 2013/3/4 Sebastien Goasguen <run...@gmail.com> > > > >> > >> On Mar 3, 2013, at 4:05 AM, Nguyen Anh Tu <ng.t...@gmail.com> wrote: > >> > >>> I'm interesting in integrate IDS/IPS to CloudStack, but didn't find any > >>> effective solution. If you want to use the traditional NIDS, you'll can > >> not > >>> know what do VMs talk each other because this is virtual network. > >>> Otherwise, if you use HIDS on VMs then I don't think it is suitable. > This > >>> even affects to performance. Another way is that you use IDS/IPS on > >> Virtual > >>> Router. It's OK but you know that Virtual Router now has to take too > many > >>> functions. How about IDS/IPS on Hypervisors? How you think? > >> > >> You could put an IDS/IPS on each hypervisors but I don't think that will > >> fall under the control of cloudstack as it would be a baremetal config. > >> If the virtual route is not "strong" enough you could potentially have > >> another "system VMs" that only contains the IDS/IPS. > >> > >>> > >>> --- > >>> > >>> Nguyen Anh Tu > >>> > >>> Cloud Computing Core Dept. > >>> > >>> Viettel R&D Institute, Vietnam > >> > >> > > > > > > -- > > > > N.g.U.y.e.N.A.n.H.t.U > > -- N.g.U.y.e.N.A.n.H.t.U
