Accepting a Virtualized Functions (VNFs) into Corporate IT
bicknell at ufp.org
Tue Nov 29 15:02:42 UTC 2016
In a message written on Mon, Nov 28, 2016 at 01:10:29PM -0500, Jared Mauch wrote:
> my experiences say that most people would accept this. things like IT are a cost
> and any way to externalize that cost makes sense. If you look at something like
> a SMB service, where you have mandatory NID or provider managed CPE/handoff,
> having a solution pre-built seems like a no-brainer.
Historically, I agree.
However I sense the winds are changing on this issue. Various
auditors and certification schemes have changed over the past 2-3
years to be much more skeptical of these sorts of devices. They
want to see "endpoint security" (AV and/or Fingerprinting) on all
devices. To the extent these "appliance" VM's are standard OS's
(often CentOS) they are more insistant it should be possible. Where
it is not possible, they want to see severe network quarantine, for
instance per host firewalls to lock down the devices.
I'm not sure why the OP was asking, but if they are developing a
new product of this type I might suggest they consider their response
to a customer who says they need endpoint security on it before
Leo Bicknell - bicknell at ufp.org
PGP keys at http://www.ufp.org/~bicknell/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 811 bytes
Desc: not available
More information about the NANOG