From: Matt Nuzum (matt.followers_at_gmail.com)
Date: Wed 22 Sep 2004 - 14:57:10 BST
On Wed, 22 Sep 2004 15:18:54 +0200, Herbert Poetzl <herbert_at_13thfloor.at> wrote:
> On Wed, Sep 22, 2004 at 12:17:41AM +0200, Gilles wrote:
> > Hi.
> >
> >
> > > > Is it possible to set up the equivalent of a LAN with a DMZ and
> > > > a "secure" part, all within a single physical machine (with a
> > > > single network adapter)?
> > >
> > > yes, it is possible, but it does only make limited
> > > sense if you are concerned about security ...
> >
A good reason someone might be interested in this and not concerned
with the possible security implications is to test application
interoperability.
I will be pursing this later in the winter because I want to see how
my applications run in a distributed environment. I can go find 10
computers and wire them together or I could figure out how to emulate
10 computers in a virtual network.
VMware does this, but it is too heavy due to the overhead. CoLinux
for Windows can do this too, because it uses the bridged networking
facilities of windows XP/2000 but it has very poor network performance
(probably due to the Tap drivers for windows, not CoLinux itself) and
cannot emulate a 100MB network connection. As we know, linux-vserver
is the most resource-friendly server virtualization project around so
it would be very interesting to use it in this case.
Let me also point out that linux-vserver is very secure. Herbert, I
don't think you're meaning to imply that there are security problems
with this project, but that if someone is able to get access to the
root server via some exploit probably not related to the linux-vserver
project that all of the virtual servers are compromised as well. If
you're looking for security, many experts suggest layers of protection
and with the linux-vserver project you really don't have that.
If you've taken the recomended precautions and feel confident about
the security of the root server and your main concern is the
possibility of a child server being compromised, due to delegated
administrative authority for example, know that If a child server is
compromised, they will be contained in that child server. Of course,
no warranty expressed or implied, YMMV, use at your own risk, etc. ;-)
-- Matthew Nuzum | Makers of "Elite Content Management System" www.followers.net | View samples of Elite CMS in action matt_at_followers.net | http://www.followers.net/portfolio/ _______________________________________________ Vserver mailing list Vserver_at_list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver