Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium


Seperate management network for System Center Virtual Machine Manager in a virtual network?

Posted on 2010-01-04
Medium Priority
Last Modified: 2013-11-08
I was looking through one of Dell's whitepapers on Hyper-v and saw a diagram that showed a seperate Poweredge server being used as a management server which was on a completely seperate network.  Basically how we will be setting up our network is:

2 Host machines connected through 2 Dell switches to our Equallogic PS6000E SAN - 1st network for IOPS.

Also those 2 host machines will be connected to our LAN through 2 other NIC's. - 2nd network for connectivity to our clients and other servers.

In Dell's article they have a third network setup that looks like it hooks up to the 2 Dell switches working with the SAN and the host machines.  Is this best practice to have a third network setup for the management software?  Also what are the advantages of having it setup this way?  If you don't setup a third network, would you then just setup the management server to the LAN?  Or how do you connect using a SCVMM server.  I have attached an image of the network layout I am talking about looks like, the management network is what I am curious about.

Thanks in advance!
Question by:SuperRhino
  • 2
LVL 37

Expert Comment

by:Jian An Lim
ID: 26179519
this picture looks interesting especially the AD DNS and DHCP is set in the management station.

does this means you need 2 AD structure? 1 for management and 1 for physical network?

it is very hard to say whether you want to put your VMM in the phsyical network.
the benefit is to easy manage but you are tradeoff with security .

but is the security worth to take care off? will is easier for user to rdp into your vmm and start playing it?

is it a requirement for the company?
we can have a lot of discussion but end of the day, it is reallya business decision to put them together or not.

IN Vmware, it is easier to put them seperate as they are not requirement for putting a AD structure to support it.

I might not answer any of your question, but just trying to do some brain storm and get some clearer picture

LVL 17

Accepted Solution

James Haywood earned 1000 total points
ID: 26180700
This is based on the microsoft best practices for SCVMM. In a large enviroment it is useful to have a management network to connect the hosts and scvmm server to allow configuration tasks to be completed without affecting the production network/s. This is not mandatory and uses seperate nics etc (or VLANs). It is better for security as users on the production networks cannot connect to the hosts or scvmm and internet access is not required.

If you do not have the equipment/licenses etc for this then you can install SCVMM onto any physical or virtual machine and use firewalls to limit access to specific machines/ip addresses. With multiple VM's on a host separating the network traffic helps (management, normal data, iscsi etc)

Hope this helps

Assisted Solution

rparsons1000 earned 1000 total points
ID: 26187219
The idea behind a management NIC is to offload VMM traffic for the most part. It is also helpfull for security in some cases but that depends on your infrastructure (VLAN's, firewalls, etc..). I suppose someone could get access to VMM on the same LAN but if they can access that, I'd be more concerned about what else thye can access.

Assume you are migrating a VM from one HV server to another or deploying a new VM from a library, you're going to use a majority of the NIC's capabilities transferring the data. If you are using one NIC it could get saturated reducing throughput for the VM's. I've seen this happen especially on a SATA 7.5K SAN, it's not pretty.

I don't think that diagram is very good. It really looks like they put the management connections on the wrong switches but maybe they had a reason for this.

I'd put the management station/VMM on the LAN but use a seperate NIC by unchecking the box to share the NIC for management when setting up the Hyper-V network settings.


Expert Comment

ID: 26187254
Just to add, after looking at the diagram more, it does look usefull for an extremely large environment of many Hyper-V servers, IScsi SANs, backups, etc.

In a smaller environment with no severe security requirements, I personally would stick with a dedicated management NIC in the LAN.

Featured Post

NEW Veeam Backup for Microsoft Office 365 1.5

With Office 365, it’s your data and your responsibility to protect it. NEW Veeam Backup for Microsoft Office 365 eliminates the risk of losing access to your Office 365 data.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Possible fixes for Windows 7 and Windows Server 2008 updating problem. Solutions mentioned are from Microsoft themselves. I started a case with them from our Microsoft Silver Partner option to open a case and get direct support from Microsoft. If s…
A procedure for exporting installed hotfix details of remote computers using powershell
This tutorial will walk an individual through locating and launching the BEUtility application and how to execute it on the appropriate database. Log onto the server running the Backup Exec database. In a larger environment, this would generally be …
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …
Suggested Courses

581 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question