Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 336
  • Last Modified:

Disadvantage of having VMware hosts and guests on same Subnet (vLAN)

What are the disadvantage(s) of having VMware hosts and guests (VMs) on the same vLAN?

(I had them on different vLANs but then there were communication issues between vCenter VM and the hosts, probably due to some UDP port.) Thanks.

AK
0
Akulsh
Asked:
Akulsh
  • 2
2 Solutions
 
Andrew Hancock (VMware vExpert / EE MVE^2)VMware and Virtualization ConsultantCommented:
You could suffer security attacks, if your hosts are exposed to your guest network. In the same way if your Management Network for your physical switches was also on the same vLAN as your guests.

A completely seperate vLAN for management, reduces the security risk to recent OpenSSL Heartbleed and Shellshock payloads.

If you had Servers and Guest on different vLANs, you would need to route, or have Inter vLAN routing between Hosts and Guests, for them to communicate.
0
 
AkulshAuthor Commented:
Andrew,

The inter-vLAN routing was supposedly in place but heartbeat (UDP on 902 port) was often missed. (I did use VMKB# 1002719.)

About security, since vCenter server itself is normally on a VM and it manages the hosts, can't attack on VM subnet reach the hosts' subnet thru vCenter? Thanks.

AK
0
 
Andrew Hancock (VMware vExpert / EE MVE^2)VMware and Virtualization ConsultantCommented:
Yes, if vCenter Server was compromised, it could attack hosts.
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now