I would like to know if there's a network IDS (Intrusion Detection System) solution for PowerVM, i.e. to monitor the ethernet communication between the VMs inside the same host ?
With VMware, there are "virtual appliances" that you can install inside the host that can interact with the hypervisor.
I'm wondering if there's such a solution for PowerVM.
This topic has been locked.
3 replies Latest Post - 2013-01-31T22:01:41Z by seroyer
Pinned topic Network IDS for PowerVM ?
Answered question This question has been answered.
Unanswered question This question has not been answered yet.
Updated on 2013-01-31T22:01:41Z at 2013-01-31T22:01:41Z by seroyer
k0da 060000J5883 Posts
SystemAdmin 110000D4XK1744 PostsACCEPTED ANSWER
Re: Network IDS for PowerVM ?2013-01-31T20:48:56Z in response to k0daI know I can compile "snort" but after that, I need to redirect all the ethernet communications from other VMs to the one that has snort. I don't want to change the ethernet configuration from other VMs.
I was wondering if there's a product that can interact directly to the hypervisor or the virtual switch ? Or there's a way to configure port mirroring or switched port analyzer (SPAN)on the virtual switch ?
seroyer 120000AD3Y352 PostsACCEPTED ANSWER
Re: Network IDS for PowerVM ?2013-01-31T22:01:41Z in response to SystemAdminThere is no such solution today. Direct LPAR to LPAR communication cannot be intercepted by any third party. If you can force all traffic to flow out through an SEA to a physical network, then you could trace it there. You would have to use tricks like ensuring no client LPARs are on the same subnet and their gateways are external to physical system.