I'm looking to build a private network for training and development. I will be virtualizing my environment as much as possible and designing it for HA, FT, and best practices on all aspects as much as possible. I have included a network diagram to help put things into perspective on what I'm trying to accomplish. The diagram is not complete nor is it final.
My biggest problem is IP Addressing. I have a hard time wrapping my head around it. I've been able to plan out how I want to setup my ESXi Host boxes in terms of VLANS, my problem is the rest of the network.
This is what I have come up with so far:
VLAN 50 (native) - 145.21.1.x /16
ESXi Host Management
VLAN 2933 - 145.21.10.x /16
VLAN 2934 - 145.21.11.x /16
VLAN 2935 - 145.21.12.x /16
Fault Tolerance in vSphere 4
VLAN 2936 - 145.21.13.x /16
VM Server Traffic
VLAN 2937 - 145.21.14.x /16
VLAN 2938 - 145.21.15.x /16 (When needed)
VM Server Traffic
VLAN 2939 - 145.21.16.x /16 (When needed)
This VLAN configuration is based off a white paper I found for DR procedure in VMWare. It was suggested that I may have multiple VLANs and address ranges for my VM Servers which will depend on my server needs.
I want to prevent any regular user from changing or accessing anything directly on the network (telnet into a switch, remote console into a server, etc)...they can only log into a workstation to do work.
I want to logically separate my "management" servers from "production" servers from my "storage" server. Before I go further, here is what I think are management servers and production servers:
- vCenter Server
- DNS/DHCP/Active Directory
- HP OpenView
- HP SIM
- MS System Center
- ISA Server
- Exchange 2010
- Sharepoint 2007
- Office Project Server 2007
- SQL Server 2008
So to me, my management servers will go on VLAN 50, and production servers on VLAN 2937. I would then configure Private VLANS, Inter-VLAN Routing, ACLs, etc to shape the traffic accordingly. I would use my 8300 switch as my core, set all the vlans and set the default gateway for each vlan there. So VLAN 50 will have a default gateway of 220.127.116.11, and VLAN 2938 would have a default gateway of 18.104.22.168.
The user workstation would be 145.21.14.x /16 DNS: 145.21.1.x GW: 22.214.171.124
Does any of this sound right? Am I on the right track? I know design is based on the requirements on the network, I'm just trying to use "best practices" and be as secure as possible...regardless any suggestions, tips, thoughts are greatly appreciated!