Ok, so virtual machines for x86 (VirtualBox, VMware, etc) does not necessarily give you additional security. "Security by virtualization is a failure": http://www.serverwatch.com/tutorials/article.php/3905096/Use-Virtual-8086-Mode-to-Secure-Virtual-Servers.htm
I wonder, how does the Solaris Zone VM model compare to these? Can you use the same type of exploit on Zones? Are Zones vulnerable to what he talks of, are Zones more secure? Or, are all VMs insecure, no matter what model? BTW, My original plan does not work. I have SunRay clients, which means I can not shutdown the global zone's NIC - because then the SunRay will stop function. I must somehow separate local zones traffic, from the global zone's traffic. So... the global zone's NIC is on but I never touch it, or surf from the global zone (unless I must upgrade/patch Solaris). I only surf from local zones. How do I setup this scenario? Now I am confused. 1) Global Zone NIC, I dont touch it 2) For each local zone, I create a vnic and assign the vnic to the global zone e1000g0. Now I am done? Does this suffice? Or should I create a "subnet" and create vnics in the subnet, and attach all local zones to those vnics - then I have separated global NIC and local zones? Any hints? Anybody? (If I get it to work, I will write down explicitly how I did this, to help others) -- This message posted from opensolaris.org _______________________________________________ zones-discuss mailing list zones-discuss@opensolaris.org
