?
Solved

Isolate virtual machines (domains) on one physical network

Posted on 2011-10-14
10
Medium Priority
?
301 Views
Last Modified: 2012-05-12
Hi,
I would like to add a second domain to my network that will consist entirely of virtual machines running on either VMware or Hyper V.  The virtual guests from Domain1 and the virtual guests from Domain2 can be on two differnet hosts or on one host.  Is there a way to isolate the traffic using VLans or something similar so that Domain1 servers can't see each other.  The goal is to be able to put guests from either domain on any host and isolate them from the second domain.

thanks
Jason
0
Comment
Question by:jlingg
10 Comments
 
LVL 1

Author Comment

by:jlingg
ID: 36969832
Clarification -
This sentence:
Is there a way to isolate the traffic using VLans or something similar so that Domain1 servers can't see each other.
Should be:
Is there a way to isolate the traffic using VLans or something similar so that Domain1 servers can't see Domain2 servers.
0
 
LVL 13

Expert Comment

by:Govvy
ID: 36969882
You could create a separate vSwitch for your each domain's VMs. If you don't want it to have any contact don't have any physical nics connected to these new vSwitches. You will not have any connectivity to anything outside the domain.

An alternative would be to add permanent routes via Windows CMD to blackhole the traffic going to the other domains IP range
0
 
LVL 99

Expert Comment

by:John Hurst
ID: 36969901
If you use Bridged Networking with one Network Card in the host computer, the machines are not much isolated. If you use NAT Networking, the machines will be on different subnets, so you can easily isolate with Firewalls.

... Thinkpads_User
0
Configuration Guide and Best Practices

Read the guide to learn how to orchestrate Data ONTAP, create application-consistent backups and enable fast recovery from NetApp storage snapshots. Version 9.5 also contains performance and scalability enhancements to meet the needs of the largest enterprise environments.

 
LVL 1

Author Comment

by:jlingg
ID: 36969955
If I implemented a vSwitch for each domain on each host and connected them to a switch, would i then need a vlan on the switch to isolate the traffic or would it not be necessary?  
0
 
LVL 13

Expert Comment

by:Govvy
ID: 36969991
No vlan required
0
 
LVL 1

Author Comment

by:jlingg
ID: 36970013
If someone added an IP to ther VM NIC from the other subnet, would they then be able to send traffic to the other subnet?
0
 
LVL 13

Expert Comment

by:Govvy
ID: 36970032
Not possible since no physical adapters to route over
0
 
LVL 1

Author Comment

by:jlingg
ID: 36970222
I must be missing something.  Are you adding something to the vSwitch to limit the traffic to that particular subnet?
0
 
LVL 13

Accepted Solution

by:
Govvy earned 2000 total points
ID: 36970257
Don't have any physical nics connected to these new vSwitches if you only want communication within each domain. If you need to communicate outside of these two domains but not to each other you could then implement routing rules via VLAN's
0
 
LVL 10

Expert Comment

by:ddiazp
ID: 36970568
Create a new VLAN on your switch and if you don't have it, configure inter-vlan router if it's a layer3 switch or on your router
Create a new portgroup on your existing virtual switch for this new VLAN
Create access-list to block traffic from your original VLAN and the new one
Assign the new VMs to this new portgroup
0

Featured Post

Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Make the most of your online learning experience.
In this article I will be showing you how to subnet the easiest way possible for IPv4 (Internet Protocol version 4). This article does not cover IPv6. Keep in mind that subnetting requires lots of practice and time.
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…

850 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question