What a complete mess! I’m researching Zero-Trust, SDN, Containers and VMs and frankly it’s a mess of marketing
spaghetti. Everything seems to have it’s pros and cons and there simply are no winners. Just choices.
- built-in firewalls can be tricked because they are just IPs
- walled gardens mean the systems in the garden laet everyting pass
- SDN is difficult to get right and does not scale it’s even worse when you mix and match VMs and bare metal
- VMs require a complete stack providing multiple vectors
- Containers while they support scratch or simple app jails typically have a complete stack therefore larger surface area
- and then they ALL share the admin backplane.
The benefit of a true lights out operation is that there is no admin backplane or that access is disabled by default.