|
|
|
|
|
|
by tgragnato
3394 days ago
|
|
|
Yeah it makes a targeted attack easier.
But it prevents attacks across different customers.
Tradeoffs ... Maintaining a running pool of VMs per service in a sufficient number to serve the load of requests grouped by customer, and assigning the VM to a specific customer only at needs is different than running permanently a pool of (n).customers x (m).services VMs. This is why an efficient scheduler and the usage of disposable VMs is a need.
Still depending on the load and the variety of the traffic it may not be feasible,
you are absolutely right ! Another approach to ensure isolation is the usage of a MAC framework.
As I wrote "I bet they can develop even better solutions" ;) |
|
|