Cryptzone Support

 
If you wish to submit a support ticket please sign in to your customer portal or use the “submit a ticket” button at the top menu.
If you need to find documentation about our Sheriff Suite please login to the Hive- Click Here

 

Article

AppGate (classic) physical appliance vs virtualised appliance

« Go Back

Information

 
Article Number000001200
Article

Overview

Cryptzone offers the AppGate server as a hardened hardware appliance. It is though possible to purchase a virtualized appliance called Ax-V, the virtual appliance. There are many benefits through virtualization, and yes, there are differences in security aspects. This article explains what those differences are.

What tier is AppGate?

The AppGate server can often seen as a middleware-tier  (application proxy) or network access component/concentrator. Depending on it's configuration and purpose, it is important to situate the appliance in the "trusted zone of purpose"; but bear in mind to always use the least privilege approach first.  

AppGate physical appliance vs virtualized appliance

If you consider to use a virtual appliance in production you should consider the following list
  • A physical AppGate is a hardened entity from HW, OS through application; the integrity is guaranteed and ends where the networks are attached.
  • Network interface cards are separated physical devices and the appliance provides a separate physical management interface (NIC).
  • The hosting system, hypervisor and guests must be seen as risk which must go under a proper life cycle management and monitoring:
    • Do the guests cross trust domain?
      • VM-Rule #1: never cross trust domains.
    • Are there separate physical interfaces for vm-management and production?
      • VM-Rule #2: always have a separated physical NIC for, and only for, management access.
    • On regular basis and under life cycle management:
      • Have the host/guests been properly hardened?
      • Are the guests patched to the latest?
  • Typically, Intrusion detection systems do not detect any thing between guests on the same host.
    • ​What is your overall security posture e.g how should an implementation to virtual be policed?
    • How should the AppGate protect and be monitored in your infrastructure in relation to:
      • Intrusion detection systems
      • Data recovery
      • Network Segmentation / Host intrusion protection systems
  • Cryptzone does not support every possible version, hw version and vendor of hypervisors. Limited support applies.

We highly advise you to read the SANS article: Top Virtualization Security Mistakes (and how to avoid them)
If you are considering going virtual for production or having questions please contact client services at cryptzone.com.

 
Related File 
Additional Files 

Feedback

 

Was this article helpful?


   

Feedback

Please tell us how we can make this article more useful.

Characters Remaining: 255