needs needs
asked on
DMZ on ESXI Servers
Hi Guys,
Firewall->HP Switch Layer 3 -> esxi servers 1,2
I'm a vmware vsphere 6 newbie.
I have 2 physical ESXI servers(ESXI v6) that host 30 virtual servers. vmWare vCenter 6 is set up properly. Desperatly looking for some help/advice on this.
Every physical server has 5 gigabit ethernet connections.
Connected NICs:
Management Network x1 (vmnic0)
LAN x3 ( vmnic 1,vmnic2) (30x Vms)
ISCSI x2 (vmnic3,vmnic4)
Now I need to connect these physical servers to DMZ since there are some vm's that should run on that part of our network.
How should I do that?
What are you guys doing out there?
How about vLANS? Can it be set up and span multiple subnets so I can keep all servers connected to internal LAN?
Thanks in advance.
Firewall->HP Switch Layer 3 -> esxi servers 1,2
I'm a vmware vsphere 6 newbie.
I have 2 physical ESXI servers(ESXI v6) that host 30 virtual servers. vmWare vCenter 6 is set up properly. Desperatly looking for some help/advice on this.
Every physical server has 5 gigabit ethernet connections.
Connected NICs:
Management Network x1 (vmnic0)
LAN x3 ( vmnic 1,vmnic2) (30x Vms)
ISCSI x2 (vmnic3,vmnic4)
Everything is up and running smoothly on our production Network.
Now I need to connect these physical servers to DMZ since there are some vm's that should run on that part of our network.
How should I do that?
What are you guys doing out there?
How about vLANS? Can it be set up and span multiple subnets so I can keep all servers connected to internal LAN?
Thanks in advance.
You can either dedicate two DMZ physical network interfaces and connect these to your DMZ
make sure you connect these two network ports on your switch to each ESXi host.
Or you could use VLANS.
make sure you connect these two network ports on your switch to each ESXi host.
Or you could use VLANS.
You losred LAN x3 but only show 2 nNICs so I suspect you mean LAN x
2.
I would run a second VLAN over the LAN adapters and use that for DMZ.
That would be the easiest setup and depending on your HP switches configuration, if they are already set up astrunks with allowed and default vlans
If they aren't already set up that way both are about equal in terms of work, and have similar caveats in doing the chamge without disruption.
However once VLans are in place you will be able to add more networks on additional Clans with very little effort and no chance of dissruption
2.
I would run a second VLAN over the LAN adapters and use that for DMZ.
That would be the easiest setup and depending on your HP switches configuration, if they are already set up astrunks with allowed and default vlans
If they aren't already set up that way both are about equal in terms of work, and have similar caveats in doing the chamge without disruption.
However once VLans are in place you will be able to add more networks on additional Clans with very little effort and no chance of dissruption
ASKER
Thank you so much for the Infos
@Ben can u please Little bit more info give? sorry LAN (2 x physical Nics connected.Name is only LAN.)
I would run a second VLAN over the LAN adapters and use that for DMZ. I think this is very interesting if i can achive it.
Thanks in advance
@Ben can u please Little bit more info give? sorry LAN (2 x physical Nics connected.Name is only LAN.)
I would run a second VLAN over the LAN adapters and use that for DMZ. I think this is very interesting if i can achive it.
Thanks in advance
ASKER
By the way ,There is no VLAN configured on any HP Switches .
So you will have to complete some network re-design, and create a trunk using two physical network ports (a static trunk), and create VLANS for LAN and DMZ.
A bit puzzled because we discussed VLANS with you in this question?
https://www.experts-exchange.com/questions/29083986/vmware-trunk-NIC.html
A bit puzzled because we discussed VLANS with you in this question?
https://www.experts-exchange.com/questions/29083986/vmware-trunk-NIC.html
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thank you all ,
Glad to help :)
Refer :
https://pubs.vmware.com/vsphere-4-esx-vcenter/index.jsp?topic=/com.vmware.vsphere.server_configclassic.doc_41/esx_server_config/security_for_esx_systems/c_example_creating_a_network_dmz_on_a_single_esx_host.html