There is an education gap between security administrators and virtualization administrators that must be filled. Security administrators do not always fully understand the virtual infrastructure. Virtualization administrators do not always fully understand security. This often leads to insecure virtualization server deployments: It's even more of an issue when virtual machines are placed within the network DMZ. Often there are hard and fast rules that tell IT what can be done within a DMZ —the exposed portion of a corporate network, which might contain Web, FTP, SMTP and other servers that need open access to the Internet. Typical of these is a rule banning systems with more than one network connection. Such multihomed systems are favorites of hackers for the easy access they provide to other potentially vulnerable machines. Typically only switches, firewalls or other networking devices are permitted multiple network connections. However, when this rule is applied to machines supporting virtual servers, you run into some serious concerns, and you could open your network up to further attack