Forum Discussion

Sekhar's avatar
Sekhar
Icon for Nimbostratus rankNimbostratus
May 09, 2016

F5 VCMP Security

Hi,

 

We are trying to deploy 5250 in our DMZ network and make use of VCMP feature to host both internal and external applications as two different guests (internal as one instance and external as another instance). I would like to know how secured is VCMP from the hypervisor perspective?if external instance gets compromised, how does F5 provide security on this? Please shed some light on this.

 

Thanks,

 

Sekhar

 

  • Hello,

     

    Firstly, an attacker should not be able to gain control of the Guest via the Data Plane (where you have selfip).

     

    However, if an attacker gain access to the management plane, he will be able to try to connect to the host or the other guest in the standard mode. When using isolation mode, all guests are isolated from each others at the network level.

     

    All resources are dedicated to every guest except the SSL and Compression cards that share resource accross every guest.

     

    Moreover, you can turn your guest into appliance mode to strenghten the security.

     

    • Sekhar's avatar
      Sekhar
      Icon for Nimbostratus rankNimbostratus
      Thank you Yann, for providing info on this.
  • Hello,

     

    Firstly, an attacker should not be able to gain control of the Guest via the Data Plane (where you have selfip).

     

    However, if an attacker gain access to the management plane, he will be able to try to connect to the host or the other guest in the standard mode. When using isolation mode, all guests are isolated from each others at the network level.

     

    All resources are dedicated to every guest except the SSL and Compression cards that share resource accross every guest.

     

    Moreover, you can turn your guest into appliance mode to strenghten the security.

     

    • Sekhar's avatar
      Sekhar
      Icon for Nimbostratus rankNimbostratus
      Thank you Yann, for providing info on this.