I am looking to set up a View Security Server to be paired with my pre-existing Connection Server. From what I have gathered from best-practice white papers and the like, I should place the Security Server in a DMZ encapsulated within front-end and back-end firewalls. Are two firewalls entirely necessary, or is this just a recommendation? Also, my Security Server is a VM on my ESXi host cluster (3 hosts). I would like to run this server from this VM network if possible. Could I place the Security Server into its own VLAN on its own vSwitch (meaning I would have to add another NIC to the hosts, as I'm all tapped out, and I use dedicated ports), tie that vSwitch to the associated NIC, and connect that NIC to the associated DMZ port on my Cisco ASA? Or can everything be done in the virtual environment? What would be the best way to attack this for my environment, given I would rather not purchase another firewall or host to house the Security Server?
↧