[pfSense-discussion] xen aware pfsense.
has anyone considered the possibility of intergrating xen with pfsense ? i might be loosing my mind but wouldn't it be nice to have a pfsense running on harware and a vistualization environemnt that allow us to install our OS's of choice perfectly protected behind pfsense ? does anything else think it's a good idea ?
Re: [pfSense-discussion] xen aware pfsense.
Something akin to this idea was discussed a while ago, and the best practice would be to steer clear of it. It's not always advantageous to put all your eggs in one basket (sorry for the overused analogy). Ideally, if you need something as complex as what pfSense provides, you would be better off implementing physically separate devices. Combining them all creates too great a point of failure, and dilutes the goals of pfSense development. This is my experience from my background. Thanks, Adrian - Original Message - From: pfsense sense pfse...@kavadas.org To: discussion@pfsense.com Sent: Tuesday, January 27, 2009 7:42:18 PM GMT -05:00 US/Canada Eastern Subject: [pfSense-discussion] xen aware pfsense. has anyone considered the possibility of intergrating xen with pfsense ? i might be loosing my mind but wouldn't it be nice to have a pfsense running on harware and a vistualization environemnt that allow us to install our OS's of choice perfectly protected behind pfsense ? does anything else think it's a good idea ? - To unsubscribe, e-mail: discussion-unsubscr...@pfsense.com For additional commands, e-mail: discussion-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense-discussion] xen aware pfsense.
On Tue, Jan 27, 2009 at 17:42, pfsense sense pfse...@kavadas.org wrote: has anyone considered the possibility of intergrating xen with pfsense ? i might be loosing my mind but wouldn't it be nice to have a pfsense running on harware and a vistualization environemnt that allow us to install our OS's of choice perfectly protected behind pfsense ? does anything else think it's a good idea ? Regardless of what virtual appliance vendors would like to tell you, network security solutions aren't particularly well-suited for virtualization. Response times will never be as good as those on the raw hardware, and there are more subtle concerns with the added complexity, particularly in failover situations. Even more disconcerting is exposing the hypervisor within which the rest of your presumably sensitive infrastructure runs to edge security concerns. That said, there's nothing stopping you from running on an HVM-aware solution - I personally use Linux KVM on a Phenom 98xx, and Xen has at least some HVM support. - To unsubscribe, e-mail: discussion-unsubscr...@pfsense.com For additional commands, e-mail: discussion-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense-discussion] xen aware pfsense.
i'm not suggesting pfsense be run inside a VM, i am suggesting pfsense provide VM functionality i'm fully aware the VM's shortcomings, i manage a 14TB ESX cluster let me say that again... i am suggesting pfsense provide VM functionality cloud -- pfsense -- os -- service On Wed, Jan 28, 2009 at 2:03 PM, RB aoz@gmail.com wrote: On Tue, Jan 27, 2009 at 17:42, pfsense sense pfse...@kavadas.org wrote: has anyone considered the possibility of intergrating xen with pfsense ? i might be loosing my mind but wouldn't it be nice to have a pfsense running on harware and a vistualization environemnt that allow us to install our OS's of choice perfectly protected behind pfsense ? does anything else think it's a good idea ? Regardless of what virtual appliance vendors would like to tell you, network security solutions aren't particularly well-suited for virtualization. Response times will never be as good as those on the raw hardware, and there are more subtle concerns with the added complexity, particularly in failover situations. Even more disconcerting is exposing the hypervisor within which the rest of your presumably sensitive infrastructure runs to edge security concerns. That said, there's nothing stopping you from running on an HVM-aware solution - I personally use Linux KVM on a Phenom 98xx, and Xen has at least some HVM support. - To unsubscribe, e-mail: discussion-unsubscr...@pfsense.com For additional commands, e-mail: discussion-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense-discussion] xen aware pfsense.
On Tue, Jan 27, 2009 at 10:15 PM, pfsense sense pfse...@kavadas.org wrote: i'm not suggesting pfsense be run inside a VM, i am suggesting pfsense provide VM functionality i'm fully aware the VM's shortcomings, i manage a 14TB ESX cluster let me say that again... i am suggesting pfsense provide VM functionality cloud -- pfsense -- os -- service It certainly is a intriguing idea. This tweet caught my attention earlier today: http://twitter.com/Taggerz/statuses/1152928366 Scott - To unsubscribe, e-mail: discussion-unsubscr...@pfsense.com For additional commands, e-mail: discussion-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense-discussion] xen aware pfsense.
On Tue, Jan 27, 2009 at 10:15 PM, pfsense sense pfse...@kavadas.org wrote: i'm not suggesting pfsense be run inside a VM, i am suggesting pfsense provide VM functionality Refer back to my earlier post. - To unsubscribe, e-mail: discussion-unsubscr...@pfsense.com For additional commands, e-mail: discussion-h...@pfsense.com Commercial support available - https://portal.pfsense.org