incubator-cloudstack-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Sebastien Goasguen <run...@gmail.com>
Subject Re: About intergrating IDS/IPS to CloudStack
Date Mon, 04 Mar 2013 09:53:47 GMT

On Mar 3, 2013, at 4:05 AM, Nguyen Anh Tu <ng.tuna@gmail.com> wrote:

> I'm interesting in integrate IDS/IPS to CloudStack, but didn't find any
> effective solution. If you want to use the traditional NIDS, you'll can not
> know what do VMs talk each other because this is virtual network.
> Otherwise, if you use HIDS on VMs then I don't think it is suitable. This
> even affects to performance. Another way is that you use IDS/IPS on Virtual
> Router. It's OK but you know that Virtual Router now has to take too many
> functions. How about IDS/IPS on Hypervisors? How you think?

You could put an IDS/IPS on each hypervisors but I don't think that will fall under the control
of cloudstack as it would be a baremetal config.
If the virtual route is not "strong" enough you could potentially have another "system VMs"
that only contains the IDS/IPS.

> 
> ---
> 
> Nguyen Anh Tu
> 
> Cloud Computing Core Dept.
> 
> Viettel R&D Institute, Vietnam


Mime
View raw message