Question : DMZ guests + Internal Guests on Internal ESX HostS?

We currently have a Vmware ESX cluster running on our internal LAN for our internal guests.

This cluster has no visibility to any external resources.

We would like to take advantage of our internal ESX cluster to host guests in our DMZ (such as our SMTP relay for incoming mail).

Call us cheap, but we don't want to buy a whole new ESX host for our DMZ.

Instead, We want to take two new NICs and add them to our hosts in the cluster, and patch these NICs into our DMZ. Then run our DMZ guests on our internal host, with these guests only connected to a virtual switch that has DMZ connectivity.

Is this an acceptable solution? And what are the security ramifications?

I suppose if there was a VMWARE security bug which could enable a guest in the DMZ to compromise the host, they would then be on our inside network.

Yikes! That scares us, but how likely that scenario?

All thoughts and comments welcome and very much appreciated,
Thanks,
Mike

Answer : DMZ guests + Internal Guests on Internal ESX HostS?

VMware calls this a collapsed DMZ with physical seperate trust zones ... check it out! :-)
We implement ESX in a similar method, but we do
http://www.vmware.com/files/pdf/dmz_virtualization_vmware_infra_wp.pdf

Random Solutions

How to stop Windows from opening an explorer window when a CD is inserterted?

Constant winsock XP repair

Does Office 2003 compress VBA code

Need help converting this crystal syntax to work in SQL Reporting Services

PowerShell in Windows 7 - HowTo Add-Computer to specific OU?

AutoRun Feature is not working. When CD is inserted, it doesn't open the contents automatically

I need someone to walk me through getting Windows Media Player working with whatever codecs and/or other ancilliary files.

Citrix: SSL Error 61

Paypal, country codes/names, state/provence codes/names