How can I create an isolated network in VMWare?

Hello Experts,
I have been asked to setup an isolated network in our VCenter, and I’m not sure how this is done.  Here is what I think has to happen:
1.      Setup a new VLAN on the VCenter virtual switch.
2.      The VCenter solution connects to two HP switches (for redundancy), so the new VLAN must be created on both the HP switches.  I’m guessing that the new VLAN will use the existing trunk ports between the virtual switch in VCenter and the HP switches.
3.      The two HP switches connect to a distribution level datacenter switch (Cisco , so the new VLAN must be created on the datacenter switch.  Again, I’m guessing that the new VLAN will use existing trunk ports.
4.      The datacenter switch connects to our core switch, so the new VLAN must be created on the core switch.  Again, I’m guessing that the new VLAN will use existing trunk ports.
5.      The core switch connects to our ASA.
6.      Our ASA connects to the internet.
Does this sound about right to all of you?
Thanks,
Nick
LVL 1
ndalmolin_13Asked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

coolsport00Commented:
If the VMs in this isolated network do not need Internet access, all you need to do is create a new vSwitch in vCenter & do NOT add a vmnic to the vSwitch. Create a VM Network Port Group, then add VMs using this VM Network Port Group to the VMs vNICs. The VMs will be able to communicate among themselves, but not external from the Host they're on (i.e. LAN) or the Internet.

~coolsport00
0
Andrew Hancock (VMware vExpert / EE MVE^2)VMware and Virtualization ConsultantCommented:
Just create a Virtual Machine Network Portgroup on a vSwitch with no physical network interfaces.
0
ndalmolin_13Author Commented:
I do need to connect to the Internet.
0
Newly released Acronis True Image 2019

In announcing the release of the 15th Anniversary Edition of Acronis True Image 2019, the company revealed that its artificial intelligence-based anti-ransomware technology – stopped more than 200,000 ransomware attacks on 150,000 customers last year.

Andrew Hancock (VMware vExpert / EE MVE^2)VMware and Virtualization ConsultantCommented:
That does not make it isolated?

you would need to connect another nic in the VM to the internet, or create and use a router, to isolate your network, but allow traffic to be routed to the internet.
0
coolsport00Commented:
Well, isolating from other LAN traffic, you can use VLANs. I would still create another vSwitch to moreso isolate traffic from other VMs. Attach a pNIC or 2 to the new vSwitch, create a VM Network Port Group & assign a VLAN to it. The pNIC on the Host will need to be connected to a trunk port on your phys switch which in turn will need to be routed externally to access the Internet.

~coolsport00
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
ndalmolin_13Author Commented:
Thanks all
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
VMware

From novice to tech pro — start learning today.