On 28/06/10 15:51, Jeremy Charles wrote: > From: Jeff Wasilko [mailto:[email protected]] >> Why not build a dedicated VLAN that carries only iSCSI traffic to your >> DMZ and only has the required servers on that network? > > That would also require separate iSCSI storage hardware (the targets). > That's more expensive, so it's Plan C.
Hi, I assume you both know that VLANs are just an administrative tool not a security measurement and that for "real" security the switches with external/DMZ VLANs should be *physically* separate from the switching infrastructure of your internal network.. Kind regards, Achim -- Achim Dreyer Network Security Consultant Senior Unix & Network Admin _______________________________________________ Tech mailing list [email protected] http://lopsa.org/cgi-bin/mailman/listinfo/tech This list provided by the League of Professional System Administrators http://lopsa.org/
