Boston Linux & UNIX was originally founded in 1994 as part of The Boston Computer Society. We meet on the third Wednesday of each month at the Massachusetts Institute of Technology, in Building E51.

BLU Discuss list archive


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Discuss] Securing a VMware ESXi server at a colo site?



My backup solution is for each guest VM to back itself up. I already do
this for the old servers that I plan to replace with guest VMs: each server
runs a nightly cron job that backs itself up to Amazon S3 in a manner that
mimics rsnapshot.



On Tue, Mar 10, 2015 at 11:51 AM, Edward Ned Harvey (blu) <blu at nedharvey.com
> wrote:

> > From: John Abreau [mailto:abreauj at gmail.com]
> >
> > I did a bit of googling to see how to setup a vpn server on the ESXi
> host, and it
> > seems that's not possible. And managing the host through a vpn running
> on a
> > guest VM sounds unreliable; if you need to use the management console to
> > fix a problem that affects the vpn server guest, you have no access to
> the
> > management console until the problem is fixed.
> > So it seems I'll still need a separate physical server to provide the
> vpn.
>
> Correct(ish).
>
> You should not imagine ESXi as being a "normal" linux - although it runs a
> linux kernel, it has little to no semblance to any normal linux
> distribution that you're used to.  It is intended to be a bare metal black
> box, and it's generally best to let it be that way.  As I said before,
> there is some useful stuff you can do via ssh, but good reasons to avoid it.
>
> Presumably you have some other backup solution available, right?  Don't
> expect the host OS to do anything useful in terms of software raid or
> backups, or even hardware raid management.  HW raid management is a whole
> separate subject - Some things you can do, others you can't.
>
> The *best* solution is to have the ESXi host running VM's, which are
> network shared via iscsi from a storage server, which is *designed* to do
> storage and iscsi well (such as a ZFS server).  I like to run ESXi
> diskless, because they do crap for disk management.
>
> You *can* install a VPN server in a VM running on the ESXi host - and I
> have before - and it works fine - as long as nothing goes wrong with that
> guest VM.  Some time ago, I had to put in extra effort to make pfSense work
> in a VM, but I think the recent versions actually support it, or something
> - you can check with pfSense if you want.
>
> Of course, if anything goes wrong with your ESXi host, you'll be glad to
> have a separate hardware vpn, and remote access to the iLom or whatever.
> _______________________________________________
> Discuss mailing list
> Discuss at blu.org
> http://lists.blu.org/mailman/listinfo/discuss
>



-- 
John Abreau / Executive Director, Boston Linux & Unix
Email jabr at blu.org / WWW http://www.abreau.net / PGP-Key-ID 0x920063C6
PGP-Key-Fingerprint A5AD 6BE1 FEFE 8E4F 5C23  C2D0 E885 E17C 9200 63C6



BLU is a member of BostonUserGroups
BLU is a member of BostonUserGroups
We also thank MIT for the use of their facilities.

Valid HTML 4.01! Valid CSS!



Boston Linux & Unix / webmaster@blu.org