Expanding my VM infrustructure

Current Infrastructure

vSphere 4.1 Essential Plus
2 x R710, 72 GB RAM – SAU-Cluster []
EqualLogic 6 TB [] iscsi
We have an ISA 2006 for routing traffic and internal firewalling.


1 x R720 72 GB RAM
PowerVault 24 TB NAS – [] [Windows Server 2012] iscsi
Juniper Switch to ISP and R720 DMZ  – then some routing to our internal network.

Plan is to host 30 Windows 7 VMs to be accessed remotely – these PCs will access in house application. I thought I could use Terminal Services, but the application does not run on 64 bit OS.
So if I put 32 Bit, it will only see 4 GB, thus I ended up with 30 Windows 7 VMs.

This new host will be in the DMZ, I need to be able to add it to my vCenter Server, and Create a new Cluster called  [SIL-Cluster]. Would like to know if I can add it to HA on SAU-Cluster; It should also be able to see the EqualLogic.

Then I need to add the PowerVault NAS to the clusters and then move some of the VMs from the EqualLogic to  the new NAS to make room for the 30 VMs.

I cannot upgrade to vSphere 5 yet, so I need ideas around my current version of VMWare.

….you are allowed to scrap the idea down and post a new idea or approach  – I am still at planning stages.
LVL 17
Sikhumbuzo NtsadaSenior IT TechnicianAsked:
Who is Participating?
Neil RussellConnect With a Mentor Technical Development LeadCommented:
My first comment would be DMZ? Its hardly a DMZ if you are goint to start opening ALL the ports that you will need for this setup.
The 30 VM's will be accessing an inhouse application? More holes in the DMZ firewall..

AD Authentication on these machines? AD In the DMZ? More holes in the firewall?

Equalogic accessible accros the DMZ Firewall? .....

Need I go on?

Personally I would go with having the host internal and have better F/W / VPN rules to bring your external connections inside.
Andrew Hancock (VMware vExpert / EE MVE^2)Connect With a Mentor VMware and Virtualization ConsultantCommented:
Why would you put the Host in the DMZ?

You just need to  add a network to the host which is in the DMZ foir your VMs, which can be done with creating a vSwitch in the DMZ.
Sikhumbuzo NtsadaSenior IT TechnicianAuthor Commented:
@Neilsr; this setup came from the manager, and the client does not want to use VPN.
That would have solved my problem.

@hanccoka; I  already have this setup for another server actually, I suggested the same thing to the manager, he did not budge.

Hence I thought I should post here to see if this would work or not.

Anyway I kind of feared the response would be like this, I guess I wanted confirmation.

Thanks, time to go back to the drawing board - I will update you how things turn.
Easily Design & Build Your Next Website

Squarespace’s all-in-one platform gives you everything you need to express yourself creatively online, whether it is with a domain, website, or online store. Get started with your free trial today, and when ready, take 10% off your first purchase with offer code 'EXPERTS'.

Andrew Hancock (VMware vExpert / EE MVE^2)VMware and Virtualization ConsultantCommented:
Okay, put the Host in the DMZ more exposure and complicated because of firewalls required between vCenter and Hosts, but it is possible.
TO help with secure I would suggest to place a Windows 2012 RDS Gateway server in the DMZ to proxy connections into your internal network. ALso, regarding you Windows 7 VM's are you hosting 30 Windows 7 VM's or are you using some type of VDI solution?
Sikhumbuzo NtsadaSenior IT TechnicianAuthor Commented:
Still waiting for D*ll to deliver the new toys.

Will update you all soon.
Sikhumbuzo NtsadaSenior IT TechnicianAuthor Commented:
I left the host internally, got a Cisco switch and set up NAT to the VMs.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.