VMware security and IDS

We have a VM's network with 150 virtual servers with only one port group (PGProd). I have been reading all about sniffer and IDS. They talk about enabling the promiscuous option in the vswitch, mirroing the physical switch etc.
My understanding is that enabling promiscuous is not good idea in   the Vswitch. Experts out there, you must have a Sniffer/IDS in your virtual environment.
How do we go about deploying the sniffer?.
LVL 1
sara2000Asked:
Who is Participating?
 
Andrew Hancock (VMware vExpert / EE MVE^2)Connect With a Mentor VMware and Virtualization ConsultantCommented:
My understanding is that enabling promiscuous is not good idea in   the Vswitch.

We have it enabled, and use sniffers, and traffic analysers, and don't see any adverse effects.
0
 
sara2000Author Commented:
Thanks Andrew,
If I understood correctly, the sniffer or IDS will be in the same port group as on the rest of the virtual server and promiscuous will be enabled, am I correct?
0
 
Andrew Hancock (VMware vExpert / EE MVE^2)VMware and Virtualization ConsultantCommented:
That is correct.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.