Virtualization Security

X

x86

New Member
Aug 19, 2014
21
0
1
Dear members / Proxmox,

I am planning to create a cloud environment using Proxmox VE with a premium subscription. But I was looking if Proxmox has Virtualization Security (like VMware vShield) support.
Is this available or is this something for the roadmap?

Thanks,
x86
 
x86 said:
Dear members / Proxmox,

I am planning to create a cloud environment using Proxmox VE with a premium subscription. But I was looking if Proxmox has Virtualization Security (like VMware vShield) support.
Is this available or is this something for the roadmap?

Thanks,
x86
Click to expand...

Hi, next version of proxmox (coming soon) will have a firewall feature. (firewall+ips for vms).

It's already available in pvetest repository
 
tom said:
not sure what you mean in detail with "virtualization security" and "cloud", but yes, Proxmox VE is secure.

take also a look on the new http://pve.proxmox.com/wiki/Proxmox_VE_Firewall
Click to expand...

Hi Tom,

I am talking about the security for VMs (Windows and Linux). VMware vShield offers anti-virus and anti-malware protection on the host layer instead of installing (fat) anti-virus software on VMs. An example is Deep Security by Trend Micro, see:
http://www.trendmicro.com/us/enterprise/cloud-solutions/deep-security/index.html
 
not sure if such a solution increase security - in fact, I expect the opposite.

but no, we do not plan something like this.
 
admin said:
not sure if such a solution increase security - in fact, I expect the opposite.

but no, we do not plan something like this.
Click to expand...

Hi admin,

Sad to hear. But it would make Proxmox even better to manage and easier to use it in different environments where security does matter on VMs. For example desktop virtualization or when cloning a template where you don't update anti-virus and anti-malware on every single system. I hope qemu will add "Virtualization Security" on the roadmap.

x86
 
Last edited:
kobuki said:
While respecting your opinion, could you be a bit more elaborate on this?
Click to expand...
Hi,
google for antivir and snakeoil ;)
You will find also this: https://en.wikipedia.org/wiki/Provable_security
Code: 
Finally, the term provable security is sometimes used by sellers of security software that are attempting to sell security products like firewalls, antivirus software and intrusion detection systems. As these products are typically not subject to scrutiny, many security researchers consider this type of claim to be selling snakeoil.
But you will feel much more secure, if you pay money for this - it's must be good and secure, because it's expensive!
Many people, esp. win-user, think that's true...

Udo
 
Hi,
I would like to say, that next proxmox with support firewall , but also IPS feature (through suricata),

So it's possible to scan virus/malware signature going through the network. (It's not perfect, but it's a start)
 
@Udo: well, you're right in that expensive placebo is unwanted. And also, expensive is not a requirement of better or more robust software, an eclatant example of free high quality SW is the PVE itself.

But hinting that installing security software is expected to lead to less security is quite a stretch, IMO. There are bad examples, like you mentioned. But I don't think that an (even an expensive) IPS or IDS software lessens security, probably that's why Suricata support has been added to recent devel versions of PVE. And there are paid rulesets for it, too. Purchase is not obligatory, but it gives the user better detection for new threats, for example. There are a lot of variables that cannot be controlled in a (customer's) VPS environment and for cases like this the only choice is to protect them somehow by building a stronger fence that's harder to jump. In short, it's not just snake oil, or at least not always, IMO.
 
kobuki said:
There are a lot of variables that cannot be controlled in a (customer's) VPS environment and for cases like this the only choice is to protect them somehow by building a stronger fence that's harder to jump. In short, it's not just snake oil, or at least not always, IMO.
Click to expand...

That is true, But if you install proprietary code, you will never know what that software is doing exactly ...
 
Okay, so I will change my question to: When will it be available on No-Subscription Repository ?
 
tdo said:
Okay, so I will change my question to: When will it be available on No-Subscription Repository ?
Click to expand...

as soon as the packages have the needed quality - or in other words, package are moved when they are ready for the move. there is never a fixed release date.
 
You must log in or register to reply here.

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Quick Navigation

Home Get Subscription Wiki Downloads Proxmox Customer Portal About

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!
Community platform by XenForo® © 2010-2024 XenForo Ltd.
Top Bottom
Back