?
Solved

is it safe to virtualize my DMZ network on an ESXi 5.0 host, with internal networks also virtualized on the host?

Posted on 2012-04-03
9
Medium Priority
?
1,160 Views
Last Modified: 2012-05-01
currently i have 3 ESXi hosts
2 have management IPs that are in my internal network
1 has management IPs that are in my DMZ network

currently the 2 ESXi hosts on the internal network only host VMs that have internal network IPs, and the 1 ESXi host that are in my DMZ network only host VMs that lay in the DMZ

i want to enable HA or FT on the servers, so i need to put all 3 servers in the same cluster,
i would like to manage the 3 ESXi hosts with internal IPs,

in the event that i need to fail a VM over, the DMZ guest machines might need to run on a host that has internal network VMs running on it.
would this be OK from a security standpoint, if i have guest VMs running on both my DMZ and my internal network?
0
Comment
Question by:jsctechy
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 2
  • 2
  • +1
9 Comments
 
LVL 123

Assisted Solution

by:Andrew Hancock (VMware vExpert / EE MVE^2)
Andrew Hancock (VMware vExpert / EE MVE^2) earned 1000 total points
ID: 37802835
Yes, we do and our clients do, the virtual switches are not connected.
0
 
LVL 35

Accepted Solution

by:
Joseph Daly earned 1000 total points
ID: 37802836
Yes this can be done. You would need to configure a seperate network in VMware on all three of your hosts. This way you can specify which network each of your hosts will run on, either internal or DMZ.

I would suggest removing the management IP from the DMZ and only have the management go through internal.

As long as all three of your hosts can access both the internal and DMZ LAN you should be able to run HA failover without issue. The maps feature will help you determine if you have connections to these networks.
0
 
LVL 35

Expert Comment

by:Joseph Daly
ID: 37802840
The first sentence should read.

"Yes this can be done. You would need to configure a seperate network in VMware on all three of your hosts. This way you can specify which network each of your VIRTUAL MACHINES will run on, either internal or DMZ. "
0
Get your Conversational Ransomware Defense e‑book

This e-book gives you an insight into the ransomware threat and reviews the fundamentals of top-notch ransomware preparedness and recovery. To help you protect yourself and your organization. The initial infection may be inevitable, so the best protection is to be fully prepared.

 
LVL 123
ID: 37802846
perfectly safe, there is no communicatin between virtual switches.
0
 
LVL 1

Author Comment

by:jsctechy
ID: 37803106
what if we only had 2 NICs per ESXi host?
all the servers are part of a HP c-class blade chassis, and the chassis has 2 switches in it, which is the equivalent of 2 physical NICs when presented to the blade servers
would vlans create the same security when dealing with the 10gb uplinks?
0
 
LVL 123
ID: 37803111
Use VLANs and Trunk network to host server
0
 
LVL 1

Author Comment

by:jsctechy
ID: 37803121
would vlans provide the same security as the vswitches?
0
 
LVL 123
ID: 37803129
Yes, only VMs connected in the portgroup will be able to communicate with DMZ, this is what we do here, and on client sites, to reduce physical networking.
0
 
LVL 19

Expert Comment

by:vmwarun - Arun
ID: 37803982
As long as the hosts see the same IP subnets, internal or DMZ would be easy to host. Make sure that you consider case sensitivity for port groups if you are going for Standard vSwitches.
0

Featured Post

Get your Disaster Recovery as a Service basics

Disaster Recovery as a Service is one go-to solution that revolutionizes DR planning. Implementing DRaaS could be an efficient process, easily accessible to non-DR experts. Learn about monitoring, testing, executing failovers and failbacks to ensure a "healthy" DR environment.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If we need to check who deleted a Virtual Machine from our vCenter. Looking this task in logs can be painful and spend lot of time, so the best way to check this is in the vCenter DB. Just connect to vCenter DB(default DB should be VCDB and using…
After seeing many questions for JRNL_WRAP_ERROR for replication failure, I thought it would be useful to write this article.
This tutorial will walk an individual through the steps necessary to enable the VMware\Hyper-V licensed feature of Backup Exec 2012. In addition, how to add a VMware server and configure a backup job. The first step is to acquire the necessary licen…
This tutorial will walk an individual through the steps necessary to install and configure the Windows Server Backup Utility. Directly connect an external storage device such as a USB drive, or CD\DVD burner: If the device is a USB drive, ensure i…

649 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question