gopher_49
asked on
ESXi v5 VSA cluster network layout
I'm about to deploy a 2 node VSA cluster. I'm still a little confused on the network layout. Does the VSA Cluster Management IP, Cluster Service IP, front end management IP, and front end NFS server IP address all have to be on the same subnet? My goal is to assign all of these static IP's so I can manage remotely… But.. I only have 6 static IP's.. I also plan to use a virtual firewall for my VM's.. So.. I need full access to manage the entire VSA cluster via static public IP's..
ASKER
In regards to setting up a VM.. Don't I need a public assigned to the management network to be able to turn that VM on after powering up the ESXi host?
Public IP Address needs to be assigned to VM, or use NAT to Port Forward from Public IP Address to VM. (internal IP address).
You can use the Auto-Start feature to power-on a VM at Host Startup.
You can use the Auto-Start feature to power-on a VM at Host Startup.
ASKER
I thought about the auto-start feature.. I guess worse case scenario we have a satellite connection that we can assign a public IP to and we can always remote in that way also... I'm trying to make the decision to either use an Endian VM firewall or just purchase 2 x Ubiquity EdgeMax firewalls.. We want a spare firewall or a auto fail over.. Since it will be a VSA cluster the Endian would be auto fail over but the EdgeMax would be manual fail over.. He's my only concern. If I assign a public IP to a VM I have no way to control what external IP's can access the VM for it will be plugged directly into the ISP's router.. So, that's a little sketchy. All ports would be open.. So.. I guess I could enable a software firewall and use LogMein to broadcast outbound to allow remote access...
LogMeIn has it uses.
ASKER
Is there a way to have my vcenter / VSA manager server have a public IP/gateway and a private range(s) without gateways? My goal is to void having a dedicated VM just for remote access and have it shared with the vCenter / VSA manager. So... We would access the vcenter/VSA manager via public IP / gateway through logmein. Then.. The second nic would have the private IP range that my cluster network is on without a gateway.. So, it would just manage that network and void dealing with multiple gateway issues.. Does this sound okay or would I be better off with a dedicated VM just for remote management that doesn't have vcenter/VSA manager on it?
Unfortunately no,
You will need to investigate other options to manage remotely.
You will need to investigate other options to manage remotely.
ASKER
Okay. So, a dedicated VM with a public IP to it. And... Private IP with no gateway so I can access management network when I remote in, correct?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
e.g. the default gateways have to be the same as vCenter Server, the wizard detects the default gateway from vCenter Server.
I think you will need more IP Addresses, do not use public IP Addresses, and setup a VM, so you can connect to the VM, and then manage from that VM internally.