Link to home
Start Free TrialLog in
Avatar of B Carlsen
B Carlsen

asked on

Separating Management Network

Hi,

I would like to separate the Management Network from the VM Network on my ESXi hosts. The idea is that the hosts can only be managed from clients connected on the separated Management Network.

The problem is that when I place vCSA onto the Management Network, it is no longer able to communicate to my Domain Controllers (on the VM Network), and I will lose Active Directory integration. Furthermore, I cannot time synchronize my ESXi hosts, as the Management Network is isolated from any NTP servers.

How do I resolve the issue of separating the Management Network, whilst still ensuring time synchronization, and communication of vCSA with the Domain Controllers?

Thanks in advance,
Avatar of Luciano Patrão
Luciano Patrão
Flag of Portugal image

Hi,

First how many Network interfaces you have in the ESXi hosts?
Secondly, the management network is nothing related to your VM Network.
Third, all interfaces need to have phisical connection between ports/switches (or routed between subnets) and use the same gateway.

As long as management network and VM Network (DC network) runs in the same network (subnet or routed) all will have connection between them.

What is the subnet of your management network? And what is the subnet of your DCs / NTP servers?
Avatar of B Carlsen
B Carlsen

ASKER

Hi Luciano,

I have 3 ESXi hosts in a VSAN cluster. Each host has the VMkernel ports:
- vMotion VMkernel VLAN10
- vSAN VMkernel VLAN20
- Management VMkernel VLAN30

Furthermore, each host has the port groups:
- Management VM Network VLAN30 (VLAN which contains VCSA) 192.168.3.0/24
- VM Network 1 VLAN40 (VLAN which contains DCs / NTP) 172.17.3.0/16
- VM Network 2 VLAN50

Each server has a cable (teamed) for the management network (VLAN30), the VSAN network (VLAN20), and the remaining networks (VLAN10, 40, and 50).

Questions:
1) Do each of the VMkernel networks need to be routed for connection between them?
2) Should the Management VM Network (contains VCSA and later will contain other Management Servers) be on a separate VLAN to the Management VMkernel traffic? Maybe I should have the Management VM Network VLAN on a separate VLAN which can route to the Management VMkernel traffic?

Thanks for the patience, I don't have much experience here.
SOLUTION
Avatar of Andrew Hancock (VMware vExpert PRO / EE Fellow/British Beekeeper)
Andrew Hancock (VMware vExpert PRO / EE Fellow/British Beekeeper)
Flag of United Kingdom of Great Britain and Northern Ireland image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Hi,

Yes we have ESXi hosts with O&M in a different VLANs. What we do is to add the O&M VLAN in to our VM Network, When we need them to be reachable by both.

So if you need to reach DCs / NTP Servers from host, then you need to add VLAN40 into your ESXI hosts management network.
Hi Luciano,

Just to confirm, I need to configure inter-VLAN routing between VLAN40 and VLAN30? What do you mean by "add VLAN40 into ESXi hosts"?

Regards,
ASKER CERTIFIED SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial