adimcev -> RE: ISA on ESX (7.Oct.2009 12:16:22 PM)
It's not that simple in one just jumping in and answer your question.[;)]
Security is always a tradeoff.
Like it or not, security and virtualization (will) mix together(yeah, I know the exprimation was lame), unless you are living under a rock.
Is not that you take ISA and running it as a virtual firewall protecting some VMs with it, and for that you do X and Y, and you did it right. Then if something bad happens just blame VMware 'cause is insecure to run ISA in VMware.
I would like to go deeper into this, but that would require some (long) writing(as ISA is just a piece of the puzzle) and I feel kinda lazy right now(if I write a brief description one may feel I've left something out of the picture).
For example, this document from DISA for DoD has 100 pages and actually does not discuss a specific virtual network infrastructure, rather it goes and details VMware ESX and guidelines for implementing it(I highly recommend you reading it if you go VMware's way, although it might be a little outdated when it comes to vSphere, but may touch the "trust" you are interesting in):
These ones also worth a reading:
Aditionally you can take at:
If this conforts you in any way:
A non-ISA example of intersection of virtualization(VMware) and security:
As you can note, hypervisors evolved, and they can now address other things, things in the past they could not address(including in the security area).
What I'm saying is that is not secure or insecure to run ISA in VMware or Hyper-V, this is what you(or the person in the position of deciding in your company) based on your company's needs and infrastructure(I doubt you are supposed to detail these on a forum so that a reasonable opinion to be given).