Virtualization Company Logos Sun.com Intel.com AMD.com HP.com RedHat.com Apple.com SWSoft.com VMware.com Parallels.com Microsoft.com cj tracking image cj tracking image
« Happy 1st Birthday x86Virtualization, A Year in Review
Register for The Virtualization Conference & Expo 2008 »
DIY: Secure Virtual Machine Network In A Box
December 8th, 2007 under Virtual Networking, Dell, DIY Plans, SWSoft, x86 Virtualization, Enterprise Computing, Virtualization, Intel, News

Want to build a safe secure redundant load balanced corporate infrastructure all inside one box?

Here are some simple DIY plans.

What is required is a dual nic server, with a installed virtual machine manager capable of supporting a virtual networks along with bridged connections to the intranet and internet.

Here is the diagram of the layout of your secure network:

Secure Virtual Network in a box

The thinking behind this is to protect your servers from attacks from the internet. By passing all traffic from the first physical nic into a firewall virtual machine and then onto the virtual network prevents many common attacks, yet provides effective access to all resources from the outside and inside your corporation. The addition of a load balancer virtual machine allows the addition of multple http or mail servers to cover the demands. By adding a second virtual network for the database and http server it prevents bottlenecks on the main virtual network and secures the database server from outside attacks.

Some other ideas include having a VPN virtual machine to allow direct access from the primary physical nic to the secondary nic, bypassing the firewall and virtual network.

Here are some great pre made virtual images to use for your secure virtual network:

Firewall Images
Sieve Firewall

Load Balancer Images:
The Loadbalancer.org Virtual Appliance

Hercules Load Balancer Virtual Appliance

Web Server Only Images:
Apache Appliance

Database Only Images:
MySQL Database Server
Microsoft SQL Server 2005 Enterprise Edition Virtual Appliance
PostgreSQL Database Server

Mail Server Images:
MailEdge Enterprise Messaging Server 2.0
Microsoft Exchange Server 2007 Virtual Appliance

Network Attached Storage:
FreeNAS

VOIP Image:
Asterisk-Skypho 0.9.1
PBXware - IP-PBX Phone System
VoIPonCD - an easy to configure Voice over IP PBX

Additional Points of Interest:

Network firewalls

Virtual machines are not protected by any firewall software on the host operating system. The reason for this is that the virtual machines are essentially connected to the network at layer 2 while most conventional firewalls operate at layer 3 or higher (http://en.wikipedia.org/wiki/OSI_model). As such virtual machines should always have appropriate fire walling software enabled. If your guest operating system does not have firewall software readily handy (or you do not want to install a software firewall in the guest operating system) using Shared Networking under Virtual PC (as opposed to connecting the virtual machine directly to the network) will gain you a modicum of network security as - like with most NAT routing solutions - external network entities will be unable to communicate directly with your virtual machine. source

Additional Articles

Virtual PC Guy’s WebLog : Network Load Balancing (NLB) and virtual machines

Network Load Balancing scenarios that are supported for use with Virtual Server 2005 R2

How to build an ISA firewall lab with Virtual PC 2004

Setting Up A Virtual Pc “complex” Network

Microsoft.com: Securing Virtual Server

Related posts:


Leave a Reply