If you want to use the traditional NIDS, you'll can not know what do VMs talk each other because this is virtual network. [mice] yes, the drawback of traditional NIDS (deployed in the gateway of an enterprise/datacenter) is that it's difficult to provide fine-grained protection. Without more appliances, traffics inside the datacenter go un-protected.
if you use HIDS on VMs then I don't think it is suitable [mice] for an enterprise IT guys can enforce HIDS installed and enabled on each VM; but for a public cloud, agentless solution is more preferred. Another way is that you use IDS/IPS on Virtual Router [mice] VR is an option, but considering the complexity of network topology inside an enterprise or datacenter, what if users adopt shared network (or hybrid network), in this case VR does not work in online mode and traffic prevention is impossible. How about IDS/IPS on Hypervisors [mice] almost all hypervisors have some mechanisms to implement IDS/IPS (even anti-malware) for VMs, it's agentless and provide fine-grained protection for each VM, and that's the solution we are integrating with cloudstack now Regards. Mice -----Original Message----- From: Nguyen Anh Tu [mailto:ng.t...@gmail.com] Sent: Sunday, March 03, 2013 5:05 PM To: cloudstack-dev@incubator.apache.org Subject: About intergrating IDS/IPS to CloudStack I'm interesting in integrate IDS/IPS to CloudStack, but didn't find any effective solution. If you want to use the traditional NIDS, you'll can not know what do VMs talk each other because this is virtual network. Otherwise, if you use HIDS on VMs then I don't think it is suitable. This even affects to performance. Another way is that you use IDS/IPS on Virtual Router. It's OK but you know that Virtual Router now has to take too many functions. How about IDS/IPS on Hypervisors? How you think? --- Nguyen Anh Tu Cloud Computing Core Dept. Viettel R&D Institute, Vietnam
