Best Practices for VMWare, VCenter, SAN topology and configuration
Can someone let me know if this sounds like a normal VMWare deployment scenario?
We are having an outside consultant setup our virtual infrastructure and from what I've seen so far, I have some concerns.
1. The management network, VMotion network, and SAN network are all on the same IP subnet, but different VLANS and different physical ports. They are on separate virtual switches within VCenter, which I was told was the reason the overlap doesn't matter. I'm having a hard time wrapping my head around how the server even knows which port to send traffic out of. If I was to try and setup a router with overlapping subnets on different interfaces, it wouldn't even let me bring both of them online at the same time. I was told it was set up this way because VCenter had to have access to the SAN, but I've looked at more than a few network diagrams of VCenter deployments, and non of them show the VCenter server with a direct link to the storage VLAN. I've also never seen the management subnet overlapping the SAN or VMotion networks.
2. We are having some major problems just doing a P2V on a print server. If I'm reading the documentation correctly for the stand alone converter; once the agent is installed on the physical machine, it has to have access to the management network to setup and deliver the VM to the ESXi host, which requires routing since they are on a different subnet from the production LAN. The only device we have available for that task is already overworked, so we don't want to push that additional traffic through it.
When I suggested moving the management traffic to the production network until the conversions are finished, I was told that it wouldn't be a good idea because the SAN would need to be reconfigured for the production network as well.
Now, I'm not a storage expert by any stretch, but I believe I understand the theory and I've played around a bit with a couple ESXi hosts and OpenFiler as an iSCSI target.
As I understand it, the SAN traffic should be as isolated as possible from the production network. The only things that should be hooked up are the physical ESXi hosts and the device(s) serving as the iSCSI target itself.
The consultant seems to believe that when the physical server is converted, that the agent needs to deliver the data directly to the SAN and not to one of the ESXi hosts. One of us seems to have a fundamental misunderstanding about how a SAN works, and I actually hope it's me, because the alternative isn't pleasant to think about.
We are having an outside consultant setup our virtual infrastructure and from what I've seen so far, I have some concerns.
1. The management network, VMotion network, and SAN network are all on the same IP subnet, but different VLANS and different physical ports. They are on separate virtual switches within VCenter, which I was told was the reason the overlap doesn't matter. I'm having a hard time wrapping my head around how the server even knows which port to send traffic out of. If I was to try and setup a router with overlapping subnets on different interfaces, it wouldn't even let me bring both of them online at the same time. I was told it was set up this way because VCenter had to have access to the SAN, but I've looked at more than a few network diagrams of VCenter deployments, and non of them show the VCenter server with a direct link to the storage VLAN. I've also never seen the management subnet overlapping the SAN or VMotion networks.
2. We are having some major problems just doing a P2V on a print server. If I'm reading the documentation correctly for the stand alone converter; once the agent is installed on the physical machine, it has to have access to the management network to setup and deliver the VM to the ESXi host, which requires routing since they are on a different subnet from the production LAN. The only device we have available for that task is already overworked, so we don't want to push that additional traffic through it.
When I suggested moving the management traffic to the production network until the conversions are finished, I was told that it wouldn't be a good idea because the SAN would need to be reconfigured for the production network as well.
Now, I'm not a storage expert by any stretch, but I believe I understand the theory and I've played around a bit with a couple ESXi hosts and OpenFiler as an iSCSI target.
As I understand it, the SAN traffic should be as isolated as possible from the production network. The only things that should be hooked up are the physical ESXi hosts and the device(s) serving as the iSCSI target itself.
The consultant seems to believe that when the physical server is converted, that the agent needs to deliver the data directly to the SAN and not to one of the ESXi hosts. One of us seems to have a fundamental misunderstanding about how a SAN works, and I actually hope it's me, because the alternative isn't pleasant to think about.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
It does not copy direct to the SAN!
ASKER
Thanks a lot for your response, and I'll check out the links.