XCP NG Internal/External Facing VMs

Computer Hardware & Server Infrastructure Builds
1

Just curious what the recommended security posture is for the following:

We are planning to have external facing VM’s (on their own VLAN) and
also internal only VMs.

Is the VM-Host security isolation model sufficient enough to allow placing these both on the same XCP-NG host? Or is best practice to put them on separate hosts. And if separate, can they be in the same pool?

Many thanks,

2

Network isolation is sufficient with the VMs being in an DMZ and the VMs can live on the same host as internal only VMs.

The goal is to deny lateral movements in the environment if compromised.

1 Like