The only issue is if someone configures a VM to have a virtual NIC from both the inside Vswitch and the DMZ VSwitch then enables routing or does something stupid. As long as the procedure is locked down you should be fine. ________________________________ From: thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx] On Behalf Of Steve Greenberg Sent: February 19, 2007 8:49 AM To: thin@xxxxxxxxxxxxx Subject: [THIN] Re: OT: VMWare ESX 3.x Internal / DMZ networks on same physical server That's how we do our customer installations, with dedicated NICs for each network. As long you assign them correctly they are truly separate. This is easy to verify and demonstrate, ask them to test it! Steve Greenberg Thin Client Computing 34522 N. Scottsdale Rd D8453 Scottsdale, AZ 85262 (602) 432-8649 www.thinclient.net steveg@xxxxxxxxxxxxxx ________________________________ From: thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx] On Behalf Of Michael Pardee Sent: Sunday, February 18, 2007 4:44 PM To: thin@xxxxxxxxxxxxx Subject: [THIN] OT: VMWare ESX 3.x Internal / DMZ networks on same physical server We have dedicated physical NICs for the DMZ, Internal networks, and the console. Is anyone doing this today? We are, and even received the blessing of our Security team, but our Network Team now has concerns over the security and are trying to stop us from moving any further in this direction. Everything I can find actually leads me to believe that this is a solid solution, but I was curious if others here have had to deal with this. I don't want to jeopardize our security, but I also was not planning on additional hardware for 2007 if I need to bring VMWare ESX up physically in the DMZ. Thanks in advance. Michael Pardee http://www.blindsquirrel.org This communication is intended for the use of the recipient to which it is addressed, and may contain confidential, personal and or privileged information. Please contact us immediately if you are not the intended recipient. Do not copy, distribute or take action relying on it. Any communication received in error, or subsequent reply, should be deleted or destroyed.