Starquest321
asked on
ESX on DMZ
I want to host several centos boxes each with their own domain setup on an ESX box. My thinking is to do the following:
1. Put the ESX on a DMZ
2. Have the vmware ESX process by inspection all incoming packets and router based on the domain to the appropriate box.
So for example:
abc.com and xyz.com
user does abc.com .... based on header it will route to the correct machine on the esx. Is that possible?
1. Put the ESX on a DMZ
2. Have the vmware ESX process by inspection all incoming packets and router based on the domain to the appropriate box.
So for example:
abc.com and xyz.com
user does abc.com .... based on header it will route to the correct machine on the esx. Is that possible?
Andrew Hancock (VMware vExpert PRO / EE Fellow/British Beekeeper)
You do not have to connect the ESXi host server to the DMZ, you just need to build a vSwitch, and connect that to the DMZ, via VLANs or physical network interfaces.
ASKER
Making progress. But need some more detail: So the vSwitch will have it's "own" vIP address. And that will connect to the DMZ. When a request comes in the vSwitch will inspect the header and route to the proper box. How do I setup a vSwitch? Any detailed examples of something like that?
vSwitchs do not have IP Addresses.
Just like a physical switch, traffic is just passed, switched to ports, which a device is connected to.
Device End Points e.g. VMs have IP Addresses.
see my EE Article
Part 14: HOW TO: Configure basic networking on a VMware vSphere Hypervisor 5.1 (ESXi 5.1) Host Server
So you just create a new vSwitch, connect to networking which is your physical DMZ, and then create a Virtual Machine Portgroup called DMZ... connect Network Portgroup DMZ to VMs...
Just like a physical switch, traffic is just passed, switched to ports, which a device is connected to.
Device End Points e.g. VMs have IP Addresses.
see my EE Article
Part 14: HOW TO: Configure basic networking on a VMware vSphere Hypervisor 5.1 (ESXi 5.1) Host Server
So you just create a new vSwitch, connect to networking which is your physical DMZ, and then create a Virtual Machine Portgroup called DMZ... connect Network Portgroup DMZ to VMs...
ASKER
But I want to understand. I have one routable IP. Now for each domain I have a VM. For example:
abc.com on VM1 and has a website on port 80
xyz.com on VM2 and has a website on port 80
Both are connected on the vSwitch.
Now I type abc.com ... which is on port 80.... how will the switch know to route on vm1?
Same example on vm2?
abc.com on VM1 and has a website on port 80
xyz.com on VM2 and has a website on port 80
Both are connected on the vSwitch.
Now I type abc.com ... which is on port 80.... how will the switch know to route on vm1?
Same example on vm2?
Now I type abc.com ... which is on port 80.... how will the switch know to route on vm1?
Same example on vm2?
It does not, and it will not.
This will need to be done in the VM and DNS.
This is nothing to do with ESXi.
ASKER
I am able to accomplish this on the single VM with the DNS as suggested. But on the router port 80 goes to that single VM. But now I want to additional VM and have traffic routed based on HOST
ASKER
Meaning based on domain name. . .
So traffic for abc.com goes to vm1 ... which has its own vm and dns
and traffic for xyz.com goes to vm2 ... which has it own vm and dns.
So traffic for abc.com goes to vm1 ... which has its own vm and dns
and traffic for xyz.com goes to vm2 ... which has it own vm and dns.
This can be done with a VM, with multiple IP Addresses, host headers, and a Website....
or different IP Addresses, and different VMs.
Again, this is not a virtual question....nothing really to do with how the servers are hosted.
Do you have more than one public IP Address ?
or you have a single public IP Address, and what to use port 80 - twice ?
or different IP Addresses, and different VMs.
Again, this is not a virtual question....nothing really to do with how the servers are hosted.
Do you have more than one public IP Address ?
or you have a single public IP Address, and what to use port 80 - twice ?
ASKER
What I am really thinking about is this:
Can vmware ESX handle what a Cisco box typically does:
Assigning Multiple IP Addresses to Network Interfaces
So that I connect the network cable coming from the providor straight into the esx and use some interface to assign all the IP recieved. Is that possible?
Can vmware ESX handle what a Cisco box typically does:
Assigning Multiple IP Addresses to Network Interfaces
So that I connect the network cable coming from the providor straight into the esx and use some interface to assign all the IP recieved. Is that possible?
ASKER
And if that is possible what I mean is that I put the whole ESX on a DMZ . . and let the vmware firewall :: router :: switch handle traffic coming from all 5 IP addresses.
There is no router or firewall in ESXi, which will handle this, you will need to use a virtual router product.
If you have 5 public IP Addresses, - no issue.
Traffic flows through a vSwitch in ESXi, just like it flows through a physical switch.
If you need to do routing or firewall, that needs to be done with another product inside or outside of ESXi.
If you have 5 public IP Addresses, - no issue.
Traffic flows through a vSwitch in ESXi, just like it flows through a physical switch.
If you need to do routing or firewall, that needs to be done with another product inside or outside of ESXi.
ASKER
I have 5 public IP addresses ... but do I need 5 physical network cards ... or do I configure all 5 on the vswitch?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
I am not as good with CentOS but in Windows you can assign multiple IP to a host and have it respond to those IP's and in IIS (Web Server) bind the site to the IP it should listen on.