?
Solved

Vmware network fencing

Posted on 2011-04-22
11
Medium Priority
?
1,165 Views
Last Modified: 2012-06-27
I am running lab Manager 3x version. I cannot find any documentation about 'network fencing" that answers my question. I need to know if a workspace that had VM'S WITH A dhcp SERVER RUNNING that are fenced will stop systems from outside of the fence from recieving dhcp LEASE? I do not want to accidently cause issues with the corporate network but want access from it to the vm without using lab manager.
0
Comment
Question by:GCarleton
  • 5
  • 4
  • 2
11 Comments
 
LVL 124
ID: 35450932
I need to know if a workspace that had VM'S WITH A dhcp SERVER RUNNING that are fenced will stop systems from outside of the fence from recieving dhcp LEASE?

Yes

I do not want to accidently cause issues with the corporate network but want access from it to the vm without using lab manager.

You will still be available to access it, from your corporate network.

We use Lab Manager in this way for testing, and staging. Here's an explaination for you to consider, please let me know, if you have questions

Fencing Virtual Machines

When you deploy a configuration that includes a physical network, you can choose to isolate the configuration virtual machines from other machines on the network. This prevents IP and MAC address conflicts that could exist if multiple copies of the same machine are deployed at the same time.

Fencing a configuration isolates the virtual machines that are defined to be connected to the physical network from the datacenter network using a virtual router (VR) and bidirectional network address translation (NAT).

Typically, you want to enable network fencing under these circumstances:

You have a configuration with one or more servers, and you anticipate cloning the configuration numerous times.

You have a configuration involving a difficult and complex setup, and cloning the configuration is an easier route than repeating the setup.

From a performance perspective, network fencing impacts the traffic flow between modules. Fencing requires a slightly higher number of resources on the host, such as memory, CPU, and networking. If you enable fencing but never use it, these resources are not consumed.
Virtual machines in a configuration have preconfigured (internal) IP addresses. When you deploy virtual machines in fenced mode, Lab Manager assigns a unique external IP address to each of these machines. Through these external addresses, virtual machines both inside and outside the fence can communicate with each other. Lab Manager uses a virtual machine called a virtual router (VR) to route packets between these virtual machines. Lab Manager configures the virtual router when you deploy a fenced configuration and deletes it when you undeploy the configuration.

0
 
LVL 16

Expert Comment

by:Danny McDaniel
ID: 35450942
0
 
LVL 16

Expert Comment

by:Danny McDaniel
ID: 35450950
or if you are saying that you don't want the production systems from getting confused by the DHCP server within your configuration, then you'd want either of the other two types.
0
Get your Conversational Ransomware Defense e‑book

This e-book gives you an insight into the ransomware threat and reviews the fundamentals of top-notch ransomware preparedness and recovery. To help you protect yourself and your organization. The initial infection may be inevitable, so the best protection is to be fully prepared.

 
LVL 124
ID: 35450992
Well if you want to know how to configure, there are pages of configuration examples in the User Guides from Page 65 Configuration Networking of the User Guide.
0
 
LVL 1

Author Comment

by:GCarleton
ID: 35451343
I do not want dhcp broadcasts to be seen by the systems on the outside of the fence correct.  Does the fence block broadcast domains? it appears browsiong is blocked.
0
 
LVL 1

Author Comment

by:GCarleton
ID: 35451344
I know how to configure it thats simple but thank you
0
 
LVL 1

Author Comment

by:GCarleton
ID: 35451362
I want to run a DHCP server behind the fence. I cant turn it on until I am sure this wont get past the fence. Nothing I read talks to that issue one way or another.
0
 
LVL 124

Accepted Solution

by:
Andrew Hancock (VMware vExpert / EE MVE^2) earned 1000 total points
ID: 35451397
Yes, it will not pass through the fence (Virtual Router), because the Virtual Router, performs NAT, DHCP does not pass though NATed routers.

Broadcasts Domains are also blocked, as it peforms NAT, e.g. Netbios will not pass etc
0
 
LVL 124
ID: 35451404
the only way DHCP can transverse a NATed routers, is if you add rules for DHCP helper.
0
 
LVL 1

Author Comment

by:GCarleton
ID: 35459637
Ok so this does function just like a router. Thanks for the update.
0
 
LVL 124
ID: 35459650
Yes - VR Router.
0

Featured Post

Upgrade your Question Security!

Add Premium security features to your question to ensure its privacy or anonymity. Learn more about your ability to control Question Security today.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In this article, I show you step by step with screenshots to assist you - HOW TO: Deploy and Install the VMware vCenter Server Appliance 6.5 (VCSA 6.5), with some helpful tips along the way.
In this article we will learn how to backup a VMware farm using Nakivo Backup & Replication. In this tutorial we will install the software on a Windows 2012 R2 Server.
Teach the user how to install ESXi 5.5 and configure the management network System Requirements: ESXi Installation:  Management Network Configuration: Management Network Testing:
This video shows you how to use a vSphere client to connect to your ESX host as the root user. Demonstrates the basic connection of bypassing certification set up. Demonstrates how to access the traditional view to begin managing your virtual mac…
Suggested Courses

862 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question