While there are many ways to configure your virtualization host to connect to DMZ networks,
there are some best practices that you should follow to help improve security and minimize the
risks that could arise in connecting a host to a hostile network.
- Limit the number of people that can modify VM networks: While you can trust your
hypervisor to provide a secure environment for your VMs, you shouldn’t necessarily trust your users
and admins to do the right things. A hypervisor will do what it’s told to do, and configuration
changes can potentially expose your VMs to hostile conditions. With physical servers, you have to
physically unplug a cable from one switch and plug it into another to move it to another network. A
VM, on the other hand, can easily be moved from an internal network to a DMZ network with a click
of a but