Hi Mice, As your ElasterShield solution, I see that one hypervisor node has one ESVA, which acts like Virtual Router. ESVA has one nic connects to Guest network, one nic connects to Management network. I wonder that how ESVA listens all network package? It has to talk with hypervisor, isn't it? Or something likes the "port mirroring" feature on Switch?
@Mice @Sebastien: One more question, do you know how to deploy one more SystemVM on CloudStack? Config files for system VMs has to appear somewhere in source code 2013/3/5 Mice Xia <mice_...@tcloudcomputing.com> > If you want to use the traditional NIDS, you'll can not know what do VMs > talk each other because this is virtual network. > [mice] yes, the drawback of traditional NIDS (deployed in the gateway of > an enterprise/datacenter) is that it's difficult to provide fine-grained > protection. Without more appliances, traffics inside the datacenter go > un-protected. > > if you use HIDS on VMs then I don't think it is suitable > [mice] for an enterprise IT guys can enforce HIDS installed and enabled on > each VM; but for a public cloud, agentless solution is more preferred. > > Another way is that you use IDS/IPS on Virtual Router > [mice] VR is an option, but considering the complexity of network topology > inside an enterprise or datacenter, what if users adopt shared network (or > hybrid network), in this case VR does not work in online mode and traffic > prevention is impossible. > > How about IDS/IPS on Hypervisors > [mice] almost all hypervisors have some mechanisms to implement IDS/IPS > (even anti-malware) for VMs, it's agentless and provide fine-grained > protection for each VM, and that's the solution we are integrating with > cloudstack now > > Regards. > Mice > > -----Original Message----- > From: Nguyen Anh Tu [mailto:ng.t...@gmail.com] > Sent: Sunday, March 03, 2013 5:05 PM > To: cloudstack-dev@incubator.apache.org > Subject: About intergrating IDS/IPS to CloudStack > > I'm interesting in integrate IDS/IPS to CloudStack, but didn't find any > effective solution. If you want to use the traditional NIDS, you'll can not > know what do VMs talk each other because this is virtual network. > Otherwise, if you use HIDS on VMs then I don't think it is suitable. This > even affects to performance. Another way is that you use IDS/IPS on Virtual > Router. It's OK but you know that Virtual Router now has to take too many > functions. How about IDS/IPS on Hypervisors? How you think? > > --- > > Nguyen Anh Tu > > Cloud Computing Core Dept. > > Viettel R&D Institute, Vietnam > -- N.g.U.y.e.N.A.n.H.t.U