Question : DMZ guests + Internal Guests on Internal ESX HostS?

We currently have a Vmware ESX cluster running on our internal LAN for our internal guests.

This cluster has no visibility to any external resources.

We would like to take advantage of our internal ESX cluster to host guests in our DMZ (such as our SMTP relay for incoming mail).

Call us cheap, but we don't want to buy a whole new ESX host for our DMZ.

Instead, We want to take two new NICs and add them to our hosts in the cluster, and patch these NICs into our DMZ. Then run our DMZ guests on our internal host, with these guests only connected to a virtual switch that has DMZ connectivity.

Is this an acceptable solution? And what are the security ramifications?

I suppose if there was a VMWARE security bug which could enable a guest in the DMZ to compromise the host, they would then be on our inside network.

Yikes! That scares us, but how likely that scenario?

All thoughts and comments welcome and very much appreciated,
Thanks,
Mike

Answer : DMZ guests + Internal Guests on Internal ESX HostS?

VMware calls this a collapsed DMZ with physical seperate trust zones ... check it out! :-)
We implement ESX in a similar method, but we do
http://www.vmware.com/files/pdf/dmz_virtualization_vmware_infra_wp.pdf

Random Solutions

Re-enable the password expiration notice banner in exchange OWA

BJEZPRN caused a divide error in module BJEZIMG.DLL

When access a web site, it redirect to a domainselelr site

How do I recover a corrupted transaction log?

Default page for people to get to their email

How to calculate MAX or MIN within a form

Can't Ghost HP 2133 Mini Note

convert datetime in sybase ASE 11.5

Can you submit a form and close the window without connection reset by peer error?

Asynchronous execution from an Oracle 8i stored procedure