Connection a vmWare Server Host to both DMZ and Internal LAN

Posted on 2011-10-20
Last Modified: 2012-05-12
Hi Guys,

I'm a vmware vsphere 5 newbie. But have been working with vmware workstation and server for a while.

I have four physical servers that host 50 virtual servers. Everything is licensed on vmware 5 Enterprise Plus Edition.

vmWare vCenter 5 is set up properly. Advanced features such as DRS, vMotion and so on have not been enabled yet.

For now I just need some help with basic configuration.

Vmware network is configured with a single virtual switch, the one that comes out of the box. I don't have much experience with vmware virtual networking. Every physical server has 6 gigabit ethernet connections.

Physical servers are running ESXi 5.

Everything is up and running smoothly.

Now I need to connect these physical servers to DMZ since there are some vm's that should run on that part of our network.

How should I do that?

Should I connect one nic from each server to the DMZ swtich, since we shall have virtual machines from any of these servers running on DMZ? Besides that, how should I set up vmware networking? Should I create a new virtual switch? How do i do that? What are you guys doing out there?

How about vLANS? Can it be set up and span multiple subnets so I can keep all servers connected to internal LAN?

What about the security questions that will be raised when connecting the server both to internal LAN and DMZ? Can't it be explore by a hacker to bypass all security polices enforced at the firewall box?

Thanks in advance.

Rodrigo Garcone
Question by:garconer
    LVL 116

    Accepted Solution

    The quickest and easiest, way, is for you to create a new vSwitch1, add a physical network card in the host to vSwitch1, create a Virtual Machine Portgroup called e.g. DMZ, and then  the virtual machines that need to use the DMZ, you select this network label, in the VM settings, and edit the Network Intwrface Card and select DMZ.

    To create the vSwitch, you select the Host, Configuration, Networking, Add Networking, and Follow the Wizard, to create new Virtual Switch for Virtual Machines.

    If you follow the above, this will allow you to create, a DMZ Network on your vSwitch1.

    Think of vSwitches, virtual switches as "separate physical switches inside the ESXi server", traffic CANNOT pass between these vSwitches. So Internal LAN on vSwitch0, DMZ on vSwitch1, traffic cannot pass between the two.

    VLANs can be used, but you would have to create a network trunk to your ESXi servers, and create VLAN Tags for your Virtual Machine Portgroups, and configure the physical network to support Trunk Ports and VLAN tags.

    If you want to read more on networking in VMware ESX/ESXi, then I recommend the following:-

    I would also recommend reading through the Networking Sections of the following guides to gain a better understanding of Networking in VMware ESX/ESXi.

    Pages 13 - 73 Discuss Networking in Detail, including trunks, VLANs, switches, and load balancing

    ESXi Configuration Guide ESXi 4.1

    Virtual Networking

    Virtual Networking Concepts

    VLANs Have a look here

    Pages 13 - 73 Discuss Networking in Detail, iuncluding trunks, VLANs, switches, and load balancing

    ESXi Configuration Guide ESXi 4.1

    Virtual Networking

    Virtual Networking Concepts
    Sample configuration of virtual switch VLAN tagging (VST Mode)

    How to Setup VLANs

    VMware ESX Server 3: 802.1Q VLAN Solutions

    Any issues, or are unsure, please just ask

    Author Closing Comment

    wouldnt have a better answer somewhere else. That's the answer from someone that wants really to help others.

    Thanks very much!
    LVL 116

    Expert Comment

    by:Andrew Hancock (VMware vExpert / EE MVE)
    Thanks for your kinds words, if you get issues, on the Question asked, please post, back, I usually "watch all questions"!

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    Top 6 Sources for Identifying Threat Actor TTPs

    Understanding your enemy is essential. These six sources will help you identify the most popular threat actor tactics, techniques, and procedures (TTPs).

    Suggested Solutions

    Title # Comments Views Activity
    vCenter data center shut down. 3 55
    storage motion network 7 48
    powershell script on Vcenter VLAN 1 16
    Firewall Appliance 3 9
    Beacon probing is a configurable network failure detection mechanism used by ESX to identify downstream network failures. The purpose of this article is to explain some of the mystery and clarify a commonly misunderstood subject. The information in …
    I have installed vmware Esxi 5 , it was all working fine. But one day I faced a problem when loading modules of vsphere 5 , Vmware ESxi 5 hung on loading with the message “cnic_Register Loaded Sucessfully” I read too many articles but found no ar…
    Teach the user how to install ESXi 5.5 and configure the management network System Requirements: ESXi Installation:  Management Network Configuration: Management Network Testing:
    This video shows you how to use a vSphere client to connect to your ESX host as the root user. Demonstrates the basic connection of bypassing certification set up. Demonstrates how to access the traditional view to begin managing your virtual mac…

    760 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    7 Experts available now in Live!

    Get 1:1 Help Now