That's how we do our customer installations, with dedicated NICs for each network. As long you assign them correctly they are truly separate. This is easy to verify and demonstrate, ask them to test it! Steve Greenberg Thin Client Computing 34522 N. Scottsdale Rd D8453 Scottsdale, AZ 85262 (602) 432-8649 www.thinclient.net steveg@xxxxxxxxxxxxxx _____ From: thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx] On Behalf Of Michael Pardee Sent: Sunday, February 18, 2007 4:44 PM To: thin@xxxxxxxxxxxxx Subject: [THIN] OT: VMWare ESX 3.x Internal / DMZ networks on same physical server We have dedicated physical NICs for the DMZ, Internal networks, and the console. Is anyone doing this today? We are, and even received the blessing of our Security team, but our Network Team now has concerns over the security and are trying to stop us from moving any further in this direction. Everything I can find actually leads me to believe that this is a solid solution, but I was curious if others here have had to deal with this. I don't want to jeopardize our security, but I also was not planning on additional hardware for 2007 if I need to bring VMWare ESX up physically in the DMZ. Thanks in advance. Michael Pardee http://www.blindsquirrel.org