We help IT Professionals succeed at work.

Check out our new AWS podcast with Certified Expert, Phil Phillips! Listen to "How to Execute a Seamless AWS Migration" on EE or on your favorite podcast platform. Listen Now

x

Vmware network fencing

GCarleton
GCarleton asked
on
Medium Priority
1,224 Views
Last Modified: 2012-06-27
I am running lab Manager 3x version. I cannot find any documentation about 'network fencing" that answers my question. I need to know if a workspace that had VM'S WITH A dhcp SERVER RUNNING that are fenced will stop systems from outside of the fence from recieving dhcp LEASE? I do not want to accidently cause issues with the corporate network but want access from it to the vm without using lab manager.
Comment
Watch Question

Andrew Hancock (VMware vExpert PRO / EE Fellow)VMware and Virtualization Consultant
CERTIFIED EXPERT
Fellow
Expert of the Year 2017

Commented:
I need to know if a workspace that had VM'S WITH A dhcp SERVER RUNNING that are fenced will stop systems from outside of the fence from recieving dhcp LEASE?

Yes

I do not want to accidently cause issues with the corporate network but want access from it to the vm without using lab manager.

You will still be available to access it, from your corporate network.

We use Lab Manager in this way for testing, and staging. Here's an explaination for you to consider, please let me know, if you have questions

Fencing Virtual Machines

When you deploy a configuration that includes a physical network, you can choose to isolate the configuration virtual machines from other machines on the network. This prevents IP and MAC address conflicts that could exist if multiple copies of the same machine are deployed at the same time.

Fencing a configuration isolates the virtual machines that are defined to be connected to the physical network from the datacenter network using a virtual router (VR) and bidirectional network address translation (NAT).

Typically, you want to enable network fencing under these circumstances:

You have a configuration with one or more servers, and you anticipate cloning the configuration numerous times.

You have a configuration involving a difficult and complex setup, and cloning the configuration is an easier route than repeating the setup.

From a performance perspective, network fencing impacts the traffic flow between modules. Fencing requires a slightly higher number of resources on the host, such as memory, CPU, and networking. If you enable fencing but never use it, these resources are not consumed.
Virtual machines in a configuration have preconfigured (internal) IP addresses. When you deploy virtual machines in fenced mode, Lab Manager assigns a unique external IP address to each of these machines. Through these external addresses, virtual machines both inside and outside the fence can communicate with each other. Lab Manager uses a virtual machine called a virtual router (VR) to route packets between these virtual machines. Lab Manager configures the virtual router when you deploy a fenced configuration and deletes it when you undeploy the configuration.

Danny McDanielClinical Systems Analyst

Commented:
or if you are saying that you don't want the production systems from getting confused by the DHCP server within your configuration, then you'd want either of the other two types.
Andrew Hancock (VMware vExpert PRO / EE Fellow)VMware and Virtualization Consultant
CERTIFIED EXPERT
Fellow
Expert of the Year 2017

Commented:
Well if you want to know how to configure, there are pages of configuration examples in the User Guides from Page 65 Configuration Networking of the User Guide.

Author

Commented:
I do not want dhcp broadcasts to be seen by the systems on the outside of the fence correct.  Does the fence block broadcast domains? it appears browsiong is blocked.

Author

Commented:
I know how to configure it thats simple but thank you

Author

Commented:
I want to run a DHCP server behind the fence. I cant turn it on until I am sure this wont get past the fence. Nothing I read talks to that issue one way or another.
VMware and Virtualization Consultant
CERTIFIED EXPERT
Fellow
Expert of the Year 2017
Commented:
Unlock this solution and get a sample of our free trial.
(No credit card required)
UNLOCK SOLUTION
Andrew Hancock (VMware vExpert PRO / EE Fellow)VMware and Virtualization Consultant
CERTIFIED EXPERT
Fellow
Expert of the Year 2017

Commented:
the only way DHCP can transverse a NATed routers, is if you add rules for DHCP helper.

Author

Commented:
Ok so this does function just like a router. Thanks for the update.
Andrew Hancock (VMware vExpert PRO / EE Fellow)VMware and Virtualization Consultant
CERTIFIED EXPERT
Fellow
Expert of the Year 2017

Commented:
Yes - VR Router.
Unlock the solution to this question.
Thanks for using Experts Exchange.

Please provide your email to receive a sample view!

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

OR

Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.