Hi there, We are planning to move z/VM into production and having the same thoughts... What we decided to do was to use our current DMZ (a real one - outside of z/VM). Have one VSWITCH for your local Intranet and another VSWITCH connected only to the DMZ trough a separate OSA port. No connection what so ever between the local VSWITCH and the DMZ VSWITCH (or any other connection between the Linux machines). When trying to implement your DMZ this way you don't need the Firewalls (because they are already there in your real environment).
What do you think? Any downsides for this implementation? Thanks, Offer Baruch. -----Original Message----- From: Linux on 390 Port [mailto:linux-...@vm.marist.edu] On Behalf Of Richard Troth Sent: Thursday, December 11, 2008 2:25 PM To: LINUX-390@VM.MARIST.EDU Subject: Re: Setting up a DMZ under z/VM I am not aware of a cookbook for DMZ on VM in particular, but you may be able to correlate a cookbook for DMZ using standalone machines, and then the translation becomes straightforward. Consider your two networks, inside and outside (or maybe three with your "DMZ" in between). Let these be VSwitches. Then plug in your Linux guests. (The DMZ could be isolated to VM being a guest LAN with no link external to VM.) The usual rules for IPTables and Linux as s router then come into play. It's not rocket surgery. Don't let your management or security people turn it into that. Explain to them that VM's isolation of the zones is strong. On 12/11/08, Florian Bilek <florian.bi...@gmail.com> wrote: > Dear all, > > I am would like to set up a DMZ under z/VM with SUSE SLES or DEBIAN in order > to separate Internet related machines and local machines. Is there maybe > some cookbook or some Howto how to achieve this? > > > -- > Best regards > > Florian > > ---------------------------------------------------------------------- > For LINUX-390 subscribe / signoff / archive access instructions, > send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or > visit > http://www.marist.edu/htbin/wlvindex?LINUX-390 > -- Sent from Gmail for mobile | mobile.google.com -- R; <>< ---------------------------------------------------------------------- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390 No virus found in this incoming message. Checked by AVG - http://www.avg.com Version: 8.0.176 / Virus Database: 270.9.16/1842 - Release Date: 10/12/2008 18:53 ---------------------------------------------------------------------- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390
