I am managing a couple of VPS-es on an old platform I would like to no longer maintain. We used a widely used commercial VPS control panel to create the VPS-es in question.
The customers may access their VPS-es with root access.
We got a high availability cloud on VMware vSphere, and would like to use VMware to host our KVM VPS-es now :)
It's an OVH product. So we cannot add a hardware firewall to serve the VM's with NAT on different vLAN's. We do not plan on using the VMware tools (some malware may "recognize" the VMware tools apparently).
I am wondering what will be the best way to host the VPS-es with decent security since I know it's possible sometimes to sniff other VPS network traffic.
** QUESTION: What the best between: **
1) A VM firewall routing all traffic in NAT to different VLANs to the VPS (each customer having his own VLAN)
OR
2) Setup the VM's on the VM Network (public access to the internet). All VPS-es are protected by a software firewall + the OVH firewall and anti-DDoS (VAC)
My thoughts :
A VM firewall can get hacked. If it gets hacked, then all our VPS-es will be affected. Not a good idea then.
Other companies are using stuff like SolusVM. VMware will always be better, even if all VM's are on the same network. If the VM's are protected with a firewall then everything should be fine.
All traffic ends up by going in the VM Network. It all uses the same interface - if there is malware, it may infect all VM's anyway.
What's best to do exactly?
