Avatar of B Carlsen
B Carlsen
 asked on

Separating Management Network

Hi,

I would like to separate the Management Network from the VM Network on my ESXi hosts. The idea is that the hosts can only be managed from clients connected on the separated Management Network.

The problem is that when I place vCSA onto the Management Network, it is no longer able to communicate to my Domain Controllers (on the VM Network), and I will lose Active Directory integration. Furthermore, I cannot time synchronize my ESXi hosts, as the Management Network is isolated from any NTP servers.

How do I resolve the issue of separating the Management Network, whilst still ensuring time synchronization, and communication of vCSA with the Domain Controllers?

Thanks in advance,
vSphere* vsphere 6.5VMware

Avatar of undefined
Last Comment
Luciano Patrão

8/22/2022 - Mon
Luciano Patrão

Hi,

First how many Network interfaces you have in the ESXi hosts?
Secondly, the management network is nothing related to your VM Network.
Third, all interfaces need to have phisical connection between ports/switches (or routed between subnets) and use the same gateway.

As long as management network and VM Network (DC network) runs in the same network (subnet or routed) all will have connection between them.

What is the subnet of your management network? And what is the subnet of your DCs / NTP servers?
B Carlsen

ASKER
Hi Luciano,

I have 3 ESXi hosts in a VSAN cluster. Each host has the VMkernel ports:
- vMotion VMkernel VLAN10
- vSAN VMkernel VLAN20
- Management VMkernel VLAN30

Furthermore, each host has the port groups:
- Management VM Network VLAN30 (VLAN which contains VCSA) 192.168.3.0/24
- VM Network 1 VLAN40 (VLAN which contains DCs / NTP) 172.17.3.0/16
- VM Network 2 VLAN50

Each server has a cable (teamed) for the management network (VLAN30), the VSAN network (VLAN20), and the remaining networks (VLAN10, 40, and 50).

Questions:
1) Do each of the VMkernel networks need to be routed for connection between them?
2) Should the Management VM Network (contains VCSA and later will contain other Management Servers) be on a separate VLAN to the Management VMkernel traffic? Maybe I should have the Management VM Network VLAN on a separate VLAN which can route to the Management VMkernel traffic?

Thanks for the patience, I don't have much experience here.
SOLUTION
Andrew Hancock (VMware vExpert PRO / EE Fellow/British Beekeeper)

Log in or sign up to see answer
Become an EE member today7-DAY FREE TRIAL
Members can start a 7-Day Free trial then enjoy unlimited access to the platform
Sign up - Free for 7 days
or
Learn why we charge membership fees
We get it - no one likes a content blocker. Take one extra minute and find out why we block content.
Not exactly the question you had in mind?
Sign up for an EE membership and get your own personalized solution. With an EE membership, you can ask unlimited troubleshooting, research, or opinion questions.
ask a question
Luciano Patrão

Hi,

Yes we have ESXi hosts with O&M in a different VLANs. What we do is to add the O&M VLAN in to our VM Network, When we need them to be reachable by both.

So if you need to reach DCs / NTP Servers from host, then you need to add VLAN40 into your ESXI hosts management network.
Experts Exchange has (a) saved my job multiple times, (b) saved me hours, days, and even weeks of work, and often (c) makes me look like a superhero! This place is MAGIC!
Walt Forbes
B Carlsen

ASKER
Hi Luciano,

Just to confirm, I need to configure inter-VLAN routing between VLAN40 and VLAN30? What do you mean by "add VLAN40 into ESXi hosts"?

Regards,
ASKER CERTIFIED SOLUTION
Log in to continue reading
Log In
Sign up - Free for 7 days
Get an unlimited membership to EE for less than $4 a week.
Unlimited question asking, solutions, articles and more.