I'm also wondering about this. Strange that CP don't have the kernel
sources easily available. I think there used to be a possibility to
contact checkpoint and they would send you a cd with the sources. We
would really only need the kernel headers in order to compile the vmware
tools. These tools are needed for better memory management and better
network performance (vmxnet instead of AMD PCNET driver).
Running fw-1 on esx server is in theory not such a bad idea. Network
transfers between the virtual machines across fw-1 will go at bus speed
(through virtual switches) instead of entering the physical network.
More and more ISVs are now supporting ESX server as it has proved to be
a very reliable and well performing platform.
One thing that counts against esx server for being a suitable platform
is the number of nics that can be used from a single guest os. There's a
limit of 6 pci devices and you always have a virtual pci vga adapter and
a pci scsi controller in the system so there's a limit of 4 virtual
nics. You might use vlan tagging, but then again you will have to enter
the physical network for this traffic.
http://www.vmware.com/pdf/esx_vlan.pdf
ESX server is very interesting from an enterprise perspective as it
contains high availability functions that are transparent to the virtual
machine, and the upcoming version will also make it possible to load
balance the virtual machines across many physical servers connected to
the same SAN/iSCSI/NAS device.
http://www.vmware.com/vmworld/2005/pac195-b.pdf
And from a security standpoint VMware has a focus on security as well
and a cooperation with NSA:
http://www.vmware.com/news/releases/nsa_pr.html
Other security related material:
http://www.vmware.com/vmworld/2005/sln138.pdf
http://www.vmware.com/vmworld/2005/sln138-b.pdf
http://www.vmware.com/vmworld/2005/sln240.pdf
http://www.vmware.com/vmworld/2005/sln699.pdf
http://www.vmware.com/vmworld/2005/lab006_manual.pdf
http://www.vmware.com/vmworld/2005/lab007_manual.pdf
I'm really sorry for writing this lenghty email, but ATM I'm quite
excited about the esx server environment. I'm not saying it's the
solution for everything (it's not), but consolidation of systems to this
platform has proved to be very successful.
Lars
>
> I've heard several people now say things along the lines of
> this - i.e. installing any other package will void your
> support. However, I haven't been able to find any
> documentation from Check Point that confirms this. I have had
> conversations with Check Point engineers, who have told me
> that I should be able to install (e.g.) the HP management
> agents on SecurePlatform. They won't directly support the
> agents themselves, but it does NOT void your support. Which
> seems entirely reasonable to me.
>
> Can anyone provide a link to a statement from Check Point
> saying that the installation of any other package on
> SecurePlatform will void all support for that system?
>
> - Lindsay
>
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================
|
