Hello, I''m looking for some opinions and insights on a particular subject; How to position a couple of physical servers with virtual Xen servers in a network. I have a hardware firewall (which has 3 interfaces) and two physical servers (which both have 2 interfaces) with a couple of Xen domains. Domu3 and domu4 should only be accessible by the inside network, domu5 and domu6 need to be accessible from the internet. Domu1 and domu2 should only be accessible from the inside PLUS domu5 and domu6 need to be able to access them (So they are not directly accessible from the internet). I''ve attached a diagram with my (first) attempt to solve this little dilemma. Couldn''t find anywhere if attachments are allowed on this mailing list, if they aren''t, apologies in advance. The hardware firewall (connected to the border router and the internet) divides the network in 3 zones. Each server has a firewall domain which handles and inspects all the outgoing en incoming traffic of the domains off the server. This firewall domain should ideally be an other OS then the domains are using, making it less vulnerable for "domino" exploit effects (ie. If the domains are Debian Linux, the firewall domain could be OpenBSD or something). The reason why I connected the two physical servers directly in the diagram is performance. When they are connected directly with each other they have a 1Gbit link. When linked via the firewall they only have a 100mbit link. I''m looking for some insights/opinions on this matter, so fire at will :-) Thanks in advance, Jasper _______________________________________________ Xen-users mailing list Xen-users@lists.xensource.com http://lists.xensource.com/xen-users