[192841] in North American Network Operators' Group
Re: Accepting a Virtualized Functions (VNFs) into Corporate IT
daemon@ATHENA.MIT.EDU (Leo Bicknell)
Tue Nov 29 10:02:51 2016
X-Original-To: nanog@nanog.org
Date: Tue, 29 Nov 2016 07:02:42 -0800
From: Leo Bicknell <bicknell@ufp.org>
To: nanog@nanog.org
Mail-Followup-To: nanog@nanog.org
In-Reply-To: <80DC6D6F-E608-4E84-B758-9C63F584DBC3@puck.nether.net>
Errors-To: nanog-bounces@nanog.org
--9jxsPFA5p3P2qPhR
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
In a message written on Mon, Nov 28, 2016 at 01:10:29PM -0500, Jared Mauch =
wrote:
> my experiences say that most people would accept this. things like IT ar=
e a cost
> and any way to externalize that cost makes sense. If you look at somethi=
ng like
> a SMB service, where you have mandatory NID or provider managed CPE/hando=
ff,
> having a solution pre-built seems like a no-brainer.
Historically, I agree.
However I sense the winds are changing on this issue. Various
auditors and certification schemes have changed over the past 2-3
years to be much more skeptical of these sorts of devices. They
want to see "endpoint security" (AV and/or Fingerprinting) on all
devices. To the extent these "appliance" VM's are standard OS's
(often CentOS) they are more insistant it should be possible. Where
it is not possible, they want to see severe network quarantine, for
instance per host firewalls to lock down the devices.
I'm not sure why the OP was asking, but if they are developing a
new product of this type I might suggest they consider their response
to a customer who says they need endpoint security on it before
building it.
--=20
Leo Bicknell - bicknell@ufp.org
PGP keys at http://www.ufp.org/~bicknell/
--9jxsPFA5p3P2qPhR
Content-Type: application/pgp-signature
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIVAwUBWD2YkbN3O8aJIdTMAQLOBQ/+PWnpnUevPvgiFqaG9nSZftHP0iWAt9wa
k38hJ+20ngMOTWj4u8iMq03Xdqh8r7AUALfCDaRcyULUVQkiX3kfqb8/QortGVwg
qe/jD/r7EJMXykmesHnA+4f5bljWldtP12uXON7fcJa4ishjUmS7EgY+fq2bbj3n
INUa3rv1UHHUniEASm44wEE4nFIV2i1FQOTh+aUPYk8B+B/S8IV+R+7bRenJVxUF
xNKgcaETUTxQzAwb1+hR1eVCrWahiomN5p2hwwe2Q9AwM/tsujXeNilF0HgsQleW
n5bNPZNN7geJsEg9wESuH9P+XN9PDDBgT9MgB/YIsmLUOX5dyZTihKvjIvnRmukr
X71s3dUNe9u+N9QNrOCPV0bVfKZ91t7ol86jW9JoeWxwApuS1Kam/xsQuLdaKBG7
v7dv+MzYhy56mYV7ok/KszNRn3xcNazv+I+Bq3mk6TH2gn55DhglpII63ABtBStB
nVWLfaT2JturwnvdeXop+Qf1hAtMMBXOGEhQMHKhDuOgmILD89wCT5JwXU3onQXZ
5Rr1n0dfoQvsDoeTL10fEQoRHHfo8NupglTSnUzKry5Lo7UIs0HFF7VWBV+p6wWq
puY9tTzS6Ox48tp6/81A7YmmEOqhuFMVpwgFjQAsVg7KmIlZq26Jawh0z/xTi9/k
jV33zfs77BQ=
=UC+x
-----END PGP SIGNATURE-----
--9jxsPFA5p3P2qPhR--
