What a complete mess! I’m researching Zero-Trust, SDN, Containers and VMs and frankly it’s a mess of marketing spaghetti. Everything seems to have it’s pros and cons and there simply are no winners. Just choices.

• built-in firewalls can be tricked because they are just IPs
• walled gardens mean the systems in the garden laet everyting pass
• SDN is difficult to get right and does not scale it’s even worse when you mix and match VMs and bare metal
• VMs require a complete stack providing multiple vectors
• Containers while they support scratch or simple app jails typically have a complete stack therefore larger surface area
• and then they ALL share the admin backplane.

The benefit of a true lights out operation is that there is no admin backplane or that access is disabled by default.