Link to home
Start Free TrialLog in
Avatar of ryanrupert
ryanrupertFlag for United States of America

asked on

VMWare ESX and VPN appliance

I can setup and administer my VMWare ESX 3.5 boxes when local on my LAN but I need some help with this implementation, I need to have a single ESX host at a remote co-host location, they will give me a single public IP address, I like the idea of using a VPN appliance and have my eye on the arrowdot OpenVPN VM appliance, but I need this basic understanding, will I setup the ESX 3.5 host with the public IP address (open up SSH and other for remote admin) and then setup my VPN guest OS appliance and configure for VPN (which will then get me to my "internal" private subnet)  how is this type of VMWare implementation most often designed, I will have limited physical access to this box once put into production at the co-host
Avatar of mds-cos
mds-cos
Flag of United States of America image

I would drop a firewall in front of your server (Juniper's Netscreen is my current "1st choice" for many reasons).  This gives you the VPN access that you are after along with added benefit of good security for the host server as well as the virtual servers.
ASKER CERTIFIED SOLUTION
Avatar of robocat
robocat

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of 3kl
3kl

I agree with the previous postings.  Placing your esx server publicly with an IP address available on the internet would be asking for trouble.  My design would be a firewall/vpn of some type first (Cisco ASA, Juniper NetScreen, or whatever VPN you prefer) as the border firewall.  The firewall VPN gives you the security that your ESX server would not be prone to being compromised.  Then I would suggest installing the ESX server on a server with good remote control features.  (My personal favorites presently are Sun and Dell, but HP is an excellent system as well.)  Having a remote control on the server will allow you to recover the ESX server from the console without requiring physical access to the server.  Then provide your ESX server with an IP that is available to the firewall.  You can install a DHCP server on a virtual host on ESX or on the firewall.  This will allow you to route/NAT servers to the public through the firewall.  It will also leave open the option for a VPN tunnel between your office and the ESX host at a later date.