Ok, this allowed-adress seems interesting. It allows me to tie one single IP
adress to a NIC, and no other IP adresses are allowed.
http://docs.sun.com/app/docs/doc/821-1479/chapter5-2?l=sva=view
(I must use exclusive-ip, because several SunRay users can not simultaneously
access my network,
In message 1012850535.101293547415032.javamail.tweb...@sf-app1, Orvar Korvar
writes:
(I have also considered installing Sunray software in a local zone, but that m
eans all SunRay users are collected into one local zone. And they all run soft
I assume there's documentation for load balancing Sun
On Tue, Dec 28, 2010 at 06:45:00AM -0800, Orvar Korvar wrote:
My advice to the paranoid regarding regarding VMs would be to disable
extensions allowing the guest broader communication channels to services
on the host...
I didnt understand. You mean, for each local zone: disabling ssh and
On Tue, Dec 28, 2010 at 11:31:20AM -0800, Octave Orgeron wrote:
I would argue that even with VMware you have certain risks to consider when
you're depending on an underlining kernel or hypervisor that can actually see
into a guest memory or I/O space. And while there are add-ons like vSafe
On 12/27/10 05:34, Orvar Korvar wrote:
Ok, so virtual machines for x86 (VirtualBox, VMware, etc) does not
necessarily give you additional security. Security by virtualization is a
failure:
Ok, thanks. So, Solaris zones are probably not susceptible to these kind of
attacks, it seems.
But I was considering running VirtualBox in each local zone and surf from the
VirtualBox virtual machines. So, in that case, then you can exploit that attack
in each local zone. But you could not
But I was considering running VirtualBox in each local zone and surf from the
VirtualBox virtual machines. So, in that case, then you can exploit that
attack in each local zone. But you could not access the other local zones,
because of underlying Zone model?
As a part of VBox is located
On 12/27/10 08:15, Orvar Korvar wrote:
Ok, thanks. So, Solaris zones are probably not susceptible to these kind of
attacks, it seems.
But I was considering running VirtualBox in each local zone and surf from the
VirtualBox virtual machines. So, in that case, then you can exploit that
On (12/27/10 08:26), James Carlson wrote:
That's not quite what I'd call simple, but I guess it's a matter of
taste. That uses VNICs and exclusive IP stack zones, which wasn't what
I was describing in my previous message. Doing it that way means that
you have to grant privileges to the zones
In message 1922922131.01293446116372.javamail.tweb...@sf-app1, Orvar Korvar w
rites:
BTW, My original plan does not work. I have SunRay clients, which means I can
not shutdown the global zone's NIC - because then the SunRay will stop functio
n. I must somehow separate local zones traffic, from
10 matches
Mail list logo
