Solved

Port binding in vmware

Posted on 2014-01-19
7
317 Views
Last Modified: 2014-02-03
I have done some reading about ports binding in vmware : Static,Dynamic,ephemeral, but since I have never had to use them in the past, I do not know what they mean, and when they come into play.



Any help on clearing this up, will be very much appreciated

Thanks
0
Comment
Question by:jskfan
  • 3
  • 3
7 Comments
 
LVL 25

Assisted Solution

by:Zephyr ICT
Zephyr ICT earned 125 total points
ID: 39793482
Hi,

This KB explains them better than I can write down: http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=1022312

What is it exactly that is not clear to you?
0
 
LVL 13

Assisted Solution

by:Abhilash
Abhilash earned 375 total points
ID: 39793523
Static is used for a secure environment. Where a switch reserves a port for a VM.
Dynamic is for an environment where over provisioning is okay. Imagine if you have 10 ports with you and you have 15 machines(of course you know only 10 will be powered on at any given time), then you can go with dynamic as the port association is removed when the machine is powered off.
Ephemeral port groups should be used only for recovery purposes when you want to provision ports directly on host bypassing vCenter Server, not for any other case.
0
 

Author Comment

by:jskfan
ID: 39794227
is port binding related to Virtual switches or Physical switches .?
I believe that Virtual switches can provide a huge number of ports, so I do not see where the port binding factors in.
I still can not understand where the concern about  the ports is, to the extent of implementing port binding.

Thanks
0
Use Case: Protecting a Hybrid Cloud Infrastructure

Microsoft Azure is rapidly becoming the norm in dynamic IT environments. This document describes the challenges that organizations face when protecting data in a hybrid cloud IT environment and presents a use case to demonstrate how Acronis Backup protects all data.

 
LVL 13

Assisted Solution

by:Abhilash
Abhilash earned 375 total points
ID: 39794247
Its on virtual switches. Yes they can provide around 4k ports. Imagine about a service provider or a big organization.
Ports are you main concern. Its about security. you cannot have a random unused ports in your network which can allow people from outside and create a VM on the hos and cause damage. For that issue you cannot have just Static binding as you will run out of ports. And if you don't have ephemeral when the vcenter is down then you will be in trouble.
The VMware hardening guide says you cannot have more number of unused ports on your switch as its a security concern. So you cannot create a switch with 4k odd ports and keep them open. You will need to create them when needed.
There are more use cases which all of us are not aware of. They would not have done it without a reason.
0
 

Author Comment

by:jskfan
ID: 39794263
they explain it here:
http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=2038869

to my understanding if all Vmkernel interfaces (for iSCI) are in the same subnet, you should use port binding…else do not…
I cannot remember we had to configure port binding, when we configured vmkernel ports to use a different NIC than VM port group
0
 
LVL 13

Accepted Solution

by:
Abhilash earned 375 total points
ID: 39794281
Not just that. When you have a cloud environment and have no control over the network layer(per port) you will need these kind of bindings. Till 1.5 vCloud director used to create dv portgroups using ephemeral binding and now it creates it with static binding. You will need bindings as a measure of security when the ports are being bound to machines automatically when they are created.
0
 

Author Closing Comment

by:jskfan
ID: 39831172
Thank you
0

Featured Post

Ransomware-A Revenue Bonanza for Service Providers

Ransomware – malware that gets on your customers’ computers, encrypts their data, and extorts a hefty ransom for the decryption keys – is a surging new threat.  The purpose of this eBook is to educate the reader about ransomware attacks.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

In this step by step tutorial with screenshots, we will show you HOW TO: Enable SSH Remote Access on a VMware vSphere Hypervisor 6.5 (ESXi 6.5). This is important if you need to enable SSH remote access for additional troubleshooting of the ESXi hos…
In this article, I will show you HOW TO: Perform a Physical to Virtual (P2V) Conversion the easy way from a computer backup (image).
Teach the user how to configure vSphere clusters to support the VMware FT feature Open vSphere Web Client: Verify vSphere HA is enabled: Verify netowrking for vMotion and FT Logging is in place or create it: Turn On FT for a virtual machine: Verify …
This Micro Tutorial steps you through the configuration steps to configure your ESXi host Management Network settings and test the management network, ensure the host is recognized by the DNS Server, configure a new password, and the troubleshooting…

777 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question