We have the same setup. Just make sure you only have NICs for the DMZ network in that VM. Your network team should be able to run a sniffer on the LAN interface and watch for traffic from that VM. Roger Riggins Network Administrator Lutheran Services in Iowa w: 319.859.3543 c: 319.290.5687 http://www.lsiowa.org -----Original Message----- From: thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx] On Behalf Of Joe Shonk Sent: Sunday, February 18, 2007 6:20 PM To: thin@xxxxxxxxxxxxx Subject: [THIN] Re: OT: VMWare ESX 3.x Internal / DMZ networks on same physical server Well, can your security team provide you any information on why they think it's a bad idea? Just because someone thinks something is possible doesn't mean it is possible. Likewise, any device you expose to the internet is susceptible to attacks. For the most you should be ok provided you setup a separate vswitch with a separate set of NICs. Perhaps if they don't like your solution, they can provide the funds for a better one. Joe On 2/18/07, Michael Pardee <pardeemp.list@xxxxxxxxx> wrote: We have dedicated physical NICs for the DMZ, Internal networks, and the console. Is anyone doing this today? We are, and even received the blessing of our Security team, but our Network Team now has concerns over the security and are trying to stop us from moving any further in this direction. Everything I can find actually leads me to believe that this is a solid solution, but I was curious if others here have had to deal with this. I don't want to jeopardize our security, but I also was not planning on additional hardware for 2007 if I need to bring VMWare ESX up physically in the DMZ. Thanks in advance. Michael Pardee http://www .blindsquirrel.org <b>Lutheran Services in Iowa Confidentiality Notice:</b><br> <red>The information contained in this communication may be confidential, is intended only for the use of the recipient(s) named above, and may be legally privileged. If the reader of this message is not the intended recipient, you are hereby notified that any dissemination, distribution, or copying of this communication, or any of its contents, is strictly prohibited. If you have received this communication in error, please return it to the sender immediately and delete the original message and any copy of it from your computer system. If you have any questions concerning this message, please contact the sender.</red>