ESXi management lock

I've got remote server at data center, It has 1 physical NIC with 2 external IPs
1st IP is for host management ESXi 3.5
2nd IP is for virtual machines network

The trouble is ESXi has no iptables, just nothing to define required set of IPs. It even has no option to disable it's  "welcome page" at port 80.

There is no option of hardware firewall at this data center, so I've stuck. The only option I see to rent another 1U slot, and put some hardware firewall by myself. But it's expensive.

Is there any other option to solve the issue?
If no, then what kind of hardware will be less expensive?

Keep in mind I've got only 1 physical cable from provider.
kamoranesiAsked:
Who is Participating?
 
kumarnirmalConnect With a Mentor Commented:
I suggest you take a look at these options then

Juniper NetScreen Series -  http://www.juniper.net/us/en/products-services/security/netscreen/

Microsoft ISA Server 2006 should also be a viable alternative since its a relatively cost effective solution.

0
 
kumarnirmalCommented:
When you take the security aspect into consideration, its not a good practice to use a single NIC for ESXi Management and VM Traffic.
VMware specifically disagrees with this option when it comes to Production Environments (using them in testing environments is ok)

Please update you Host Hardware Specifications.
0
 
kamoranesiAuthor Commented:
Actually I do know it's not recommended, but it's all about money, now we have only 1 cable from  provider, so we don't have options. As we want to try ESXi we don't want to go back to ESX, just to have these iptables. Maybe there is a hardware solution around, but need to figure out if it's expensive or not.
0
Firewall Management 201 with Professor Wool

In this whiteboard video, Professor Wool highlights the challenges, benefits and trade-offs of utilizing zero-touch automation for security policy change management. Watch and Learn!

 
kamoranesiAuthor Commented:
it's hp proliant dl160
0
 
kumarnirmalCommented:
If I am not wrong, are you looking to allow specific TCP/UDP Port traffic using iptables/firewall to the ESXi Host ?
0
 
kumarnirmalCommented:
The best way I can suggest is to add a Intel VT Quad Port Adapter (NIC) - http://www.intel.com/support/network/adapter/1000vtquad/sb/CS-029502.htm

Procure a second cable from the provider to the ESXi Host and then create a separate vSwitch so that you can isolate VM and Service Console traffic.

In this way, you can install a Linux VM which can act as your Software Firewall thereby providing you with the solution you need,
0
 
kamoranesiAuthor Commented:
kumarnirmal, this is actually the same as having ESX installation instead of ESXi.
I am looking more for some hardware solutions...

0
 
markzzConnect With a Mentor Commented:
I'd suggest a Juniper or Cisco PIX firewall would be an option.
Of course doing this may not be any cheaper than using ESX3.5 so maybe just go the ESX route.
Maybe you could look at running a Vyatta instance on the Host and routing all data via it.
You could have to setup vSwitches with no physical NIC associated.
In theory this would work but if Vyatta failed your server would be isolated..
OH does the DL160 have ILO ??
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.