kamoranesi
asked on
ESXi management lock
I've got remote server at data center, It has 1 physical NIC with 2 external IPs
1st IP is for host management ESXi 3.5
2nd IP is for virtual machines network
The trouble is ESXi has no iptables, just nothing to define required set of IPs. It even has no option to disable it's "welcome page" at port 80.
There is no option of hardware firewall at this data center, so I've stuck. The only option I see to rent another 1U slot, and put some hardware firewall by myself. But it's expensive.
Is there any other option to solve the issue?
If no, then what kind of hardware will be less expensive?
Keep in mind I've got only 1 physical cable from provider.
1st IP is for host management ESXi 3.5
2nd IP is for virtual machines network
The trouble is ESXi has no iptables, just nothing to define required set of IPs. It even has no option to disable it's "welcome page" at port 80.
There is no option of hardware firewall at this data center, so I've stuck. The only option I see to rent another 1U slot, and put some hardware firewall by myself. But it's expensive.
Is there any other option to solve the issue?
If no, then what kind of hardware will be less expensive?
Keep in mind I've got only 1 physical cable from provider.
ASKER
Actually I do know it's not recommended, but it's all about money, now we have only 1 cable from provider, so we don't have options. As we want to try ESXi we don't want to go back to ESX, just to have these iptables. Maybe there is a hardware solution around, but need to figure out if it's expensive or not.
ASKER
it's hp proliant dl160
If I am not wrong, are you looking to allow specific TCP/UDP Port traffic using iptables/firewall to the ESXi Host ?
The best way I can suggest is to add a Intel VT Quad Port Adapter (NIC) - http://www.intel.com/support/network/adapter/1000vtquad/sb/CS-029502.htm
Procure a second cable from the provider to the ESXi Host and then create a separate vSwitch so that you can isolate VM and Service Console traffic.
In this way, you can install a Linux VM which can act as your Software Firewall thereby providing you with the solution you need,
Procure a second cable from the provider to the ESXi Host and then create a separate vSwitch so that you can isolate VM and Service Console traffic.
In this way, you can install a Linux VM which can act as your Software Firewall thereby providing you with the solution you need,
ASKER
kumarnirmal, this is actually the same as having ESX installation instead of ESXi.
I am looking more for some hardware solutions...
I am looking more for some hardware solutions...
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
VMware specifically disagrees with this option when it comes to Production Environments (using them in testing environments is ok)
Please update you Host Hardware Specifications.