Appendix B: Security : DMZ Considerations
DMZ Considerations
VMware recommends that you follow standard DMZ firewall design guidelines in a vCloud environment. However, the following aspects require special consideration. Some vCloud Director operations involve sessions that remain open to management infrastructure, which is protected by the back end firewall, for an extended period.
*Idle session timeouts – Depending on the level of activity within the vCloud environment, some connections, such as sessions to vSphere hosts to retrieve thumbnails by way of the vslad agent and to vCenter Server for inventory, might require adjustment to default TCP timeout policies. This also applies to the Oracle Notification Service (ONS) connections needed for fast connection failover support in Oracle RAC environments.
*Dead connection detection or equivalent – Many firewalls support functionality to allow idle but still valid connections to persist. This modifies the idle timeout behavior by probing endpoints of the connection and verifying that the session is not terminated.
*LoggingSend firewall logs to a centralized syslog server.
*SMTP filtering – Many firewalls filter email connections, restricting ESMTP commands. It might be necessary to disable this capability to permit vCloud Director to send mail notifications.
*Bandwidth – Some vCloud operations require either high throughput or low latency (examples of this are NFS transfer access and database access). The firewall must be correctly specified so that it does not become a performance bottleneck.
*AvailabilityDeploy firewalls and load balancers in highly available pairs where possible.
*Secure Administrative AccessTightly control access to the management networks using strong authentication, logging, and encryption.
*Scalability – vCloud environments are typically architected to scale and support a large number of workloads and users. Scale firewalls along with the vCloud to help avoid future downtime.