The security virtual appliance in this solution has only one NIC, and it connects to management network in order to communicate with the security manager center. (this is a little irrelevant to cloudstack) It intercepts the traffic by mechanism provided by hypervisors, for xenserver, it co-works with the kernel module installed on dom0 to capture packages and redirect to SVA. For VMware it has VMsafe API.
Regards Mice -----Original Message----- From: Nguyen Anh Tu [mailto:ng.t...@gmail.com] Sent: Wednesday, March 06, 2013 12:36 AM To: cloudstack-dev@incubator.apache.org Subject: Re: About intergrating IDS/IPS to CloudStack Hi Mice, As your ElasterShield solution, I see that one hypervisor node has one ESVA, which acts like Virtual Router. ESVA has one nic connects to Guest network, one nic connects to Management network. I wonder that how ESVA listens all network package? It has to talk with hypervisor, isn't it? Or something likes the "port mirroring" feature on Switch? @Mice @Sebastien: One more question, do you know how to deploy one more SystemVM on CloudStack? Config files for system VMs has to appear somewhere in source code 2013/3/5 Mice Xia <mice_...@tcloudcomputing.com> > If you want to use the traditional NIDS, you'll can not know what do > VMs talk each other because this is virtual network. > [mice] yes, the drawback of traditional NIDS (deployed in the gateway > of an enterprise/datacenter) is that it's difficult to provide > fine-grained protection. Without more appliances, traffics inside the > datacenter go un-protected. > > if you use HIDS on VMs then I don't think it is suitable [mice] for an > enterprise IT guys can enforce HIDS installed and enabled on each VM; > but for a public cloud, agentless solution is more preferred. > > Another way is that you use IDS/IPS on Virtual Router [mice] VR is an > option, but considering the complexity of network topology inside an > enterprise or datacenter, what if users adopt shared network (or > hybrid network), in this case VR does not work in online mode and > traffic prevention is impossible. > > How about IDS/IPS on Hypervisors > [mice] almost all hypervisors have some mechanisms to implement > IDS/IPS (even anti-malware) for VMs, it's agentless and provide > fine-grained protection for each VM, and that's the solution we are > integrating with cloudstack now > > Regards. > Mice > > -----Original Message----- > From: Nguyen Anh Tu [mailto:ng.t...@gmail.com] > Sent: Sunday, March 03, 2013 5:05 PM > To: cloudstack-dev@incubator.apache.org > Subject: About intergrating IDS/IPS to CloudStack > > I'm interesting in integrate IDS/IPS to CloudStack, but didn't find > any effective solution. If you want to use the traditional NIDS, > you'll can not know what do VMs talk each other because this is virtual > network. > Otherwise, if you use HIDS on VMs then I don't think it is suitable. > This even affects to performance. Another way is that you use IDS/IPS > on Virtual Router. It's OK but you know that Virtual Router now has to > take too many functions. How about IDS/IPS on Hypervisors? How you think? > > --- > > Nguyen Anh Tu > > Cloud Computing Core Dept. > > Viettel R&D Institute, Vietnam > -- N.g.U.y.e.N.A.n.H.t.U
