Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2373
Views
0
Helpful
2
Replies

IDS in a Virtualized Environment (vmware)

lamav
Level 8
Level 8

‎07-06-2011 08:36 PM - edited ‎03-10-2019 05:24 AM

Can anyone elaborate on an IDS solution for a virtualized environment?

I have blade servers running ESX/ESXi - heavily virtualized environment. Im using blade switches as chassis I/O - no pass throughs.

The requirement is to run an IDS service such that VM-to-VM traffic is monitored. The traffic flow can be between two VMs on the same blade, 2 VMs on two separate blades in the same chassis, or two VMs on two separate chasses...

In that case, I see 3 traffic flows off the bat...

same blade: vm-to-vm traffic is switched by a hypervisor switch (1000v or vmware vDS).

different blades in same chassis: vm-to-vm traffic will leave blade and be switched by chassis hardware switch (chassis I/O blade).

different chassis: vm-to-vm traffic will have to go to ToR (maybe even end-of-row).

NOTE: if VMs are on different VLANs, traffic will always go to end-of-row/agg switches (the L3/L2 boundary).

So given all those possible flows, what is the best way to go about deploying an IDS service? Placement? Virtual or physical? etc....

Thanks!

Labels:
0 Helpful
2 Replies 2

Pulkit Nagpal
Cisco Employee
Cisco Employee

‎07-19-2011 12:06 AM

Moving it to Security community for them to have a look

Pulkit Nagpal

Technical Support Community Manager - Routing and Switching

0 Helpful

rhermes
Level 7
Level 7
In response to Pulkit Nagpal

‎07-19-2011 08:45 AM

This topic was disccussed in this thread from last week:

(too bad we can't merge threads)

https://supportforums.cisco.com/thread/2092838?tstart=30

- Bob

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card