07-06-2011 08:36 PM - edited 03-10-2019 05:24 AM
Can anyone elaborate on an IDS solution for a virtualized environment?
I have blade servers running ESX/ESXi - heavily virtualized environment. Im using blade switches as chassis I/O - no pass throughs.
The requirement is to run an IDS service such that VM-to-VM traffic is monitored. The traffic flow can be between two VMs on the same blade, 2 VMs on two separate blades in the same chassis, or two VMs on two separate chasses...
In that case, I see 3 traffic flows off the bat...
same blade: vm-to-vm traffic is switched by a hypervisor switch (1000v or vmware vDS).
different blades in same chassis: vm-to-vm traffic will leave blade and be switched by chassis hardware switch (chassis I/O blade).
different chassis: vm-to-vm traffic will have to go to ToR (maybe even end-of-row).
NOTE: if VMs are on different VLANs, traffic will always go to end-of-row/agg switches (the L3/L2 boundary).
So given all those possible flows, what is the best way to go about deploying an IDS service? Placement? Virtual or physical? etc....
Thanks!
07-19-2011 12:06 AM
Moving it to Security community for them to have a look
Pulkit Nagpal
Technical Support Community Manager - Routing and Switching
07-19-2011 08:45 AM
This topic was disccussed in this thread from last week:
(too bad we can't merge threads)
https://supportforums.cisco.com/thread/2092838?tstart=30
- Bob
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: