Proper use of Secure Socket Layer security is a mystery even to many virtual server administrators, but it seems to be mysterious even to the developers who build it into their products-whether they know it or not.
While my previous blog on the SSL MiTM attack refutes even the first statement, I didn't mention that the data being communicated along with those early packets is mainly credential information, which should be protected. I also didn't go into whether we need to protect the rest.
Before we can answer that question we need to understand how the traffic is transferred and between what points. There are at least two systems involved, if not three. So a quick summary of communication is needed.
The first connection is between the VMware Infrastructure (VIC), Remote CLI (RCLI), or VI SDK client and the Virtual Center Management Server (VCMS).
[Disclaimer: I am an employee at VMware but opinions expressed here are my own and do not necessarily reflect those of my employer.]
I'm a developer at VMware. Here's my attempt to clarify exactly how we use SSL.
All network communication with the VMware APIs/interfaces in VI3 (ESX 3.0, 3.5, VC 2.0, 2.5 etc. as well as Server 2.0) is SSL encrypted. This includes all SDK and management agent communication with VirtualCenter and the Virtual Infrastructure client, which uses SOAP over HTTPS. It also includes direct communication between a browser and the ESX host, *and* remote display and remote device connections initiated by remote clients.
The only exception to this are management connections initiated from the same machine over the loopback interface, which are allowed to use unencrypted SOAP over HTTP rather than HTTPS.
by Ramesh Dharan (not verified) on 8/16/08 at 10:24 am |reply
Sidekick: The Good News & the Bad News Either way you look at it Microsoft Data Center management did not follow standards or best practices in this failure. In which case it makes me wonder more about the outsourcing of corporate data much less personal data.
- mburton325
Surviving Windows is easier than you think… MKS offers the power of an integrated all-in-one environment and provides you with the Power of UNIX on Windows Learn More
Brought to you by:
Free books
We have 5 copies of these two new books to give to some lucky readers. The deadline for entries is November 30, 2009.
AISO founders envisioned a Web hosting company that was environmentally friendly. While the company employed energy-efficient innovations like solar panels, its infrastructure produced unacceptable power and cooling requirements. Find out how AISO leveraged AMD technology to overcome their challenge in this case study white paper.
In this whitepaper, Scalar explores the opportunity to change the landscape with respect to mission critical databases
built around Oracle. Leveraging technologies such as Linux, high-end commodity processing power and Oracle RAC
technology to architect, design, build and maintain database infrastructure that delivers maximum availability, reliability
and performance at a fraction of traditional cost.
On a typical day, weather.com, the Web site for The Weather Channel in Atlanta, serves up between 15 million and 20 million page views. But in September 2004, when back-to-back hurricanes ransacked Florida, the peak traffic on one day more than tripled: over 70 million page views by more than 7 million unique visitors. Read the full success story now.
jfruh
pasmith
Esther Schindler
mikelgan
David Strom
sjvn
Sandra Henry-Stocker
Quick, practical advice for IT pros. Made fresh daily.
[Disclaimer: I am an
[Disclaimer: I am an employee at VMware but opinions expressed here are my own and do not necessarily reflect those of my employer.]I'm a developer at VMware. Here's my attempt to clarify exactly how we use SSL.
All network communication with the VMware APIs/interfaces in VI3 (ESX 3.0, 3.5, VC 2.0, 2.5 etc. as well as Server 2.0) is SSL encrypted. This includes all SDK and management agent communication with VirtualCenter and the Virtual Infrastructure client, which uses SOAP over HTTPS. It also includes direct communication between a browser and the ESX host, *and* remote display and remote device connections initiated by remote clients.
The only exception to this are management connections initiated from the same machine over the loopback interface, which are allowed to use unencrypted SOAP over HTTP rather than HTTPS.
There should be an expertise
There should be an expertise requires to use and install SSL Certificate.Web Design SEO Services Website Designers
Experience Requires
I think the installing VMware and SSL Settings. You have to require experience. Web Design Web Design Firms Professional Web Design Web Designers Business Proposals Proposal Software RFP Response RFP Software