VMware Cloud Community
amishel
Contributor
Contributor
‎03-16-2009 08:41 AM

SHARED FOLDERS ON ESXi ESX 3.5

HI ,

I have multiple virtual machines ( Windows XP) used for remote connectivity with variety of VPN clients with predefined custom configurations

Some VPN clients implement a firewall SW denying virtual machine's connection to any network resource inside my network .

I need to transfer files from/to VM's to my servers in my LAN.

On Microsoft Virtual PC or Vmware Workstation I have a nice , but insecure option SHARED FOLDERS.

I wonder what could be a possible solution for the following scenario . VM's are used by users unfamiliar with systems administration so mounting an ISO of floppy could not be considered as an option .

I have a Netapp filer available on-site with volumes accessed via NFS/CIFS .

Best Regards .

0 Kudos
5 Replies
Lightbulb
Virtuoso
Virtuoso
‎03-16-2009 12:12 PM

You could create a dual homed CIFS share file server VM that your virtuals could access and systems on you LAN could access. There are a couple of ways you could set this up using virtual routing/firewall devices (Vyatta IPCOP etc) and internal vswitchs.

0 Kudos
amishel
Contributor
Contributor
‎03-16-2009 12:27 PM

Nice option unfortunately Large Telcos we are working with customise their VPN client ( mostly CISCO and Checkpoint ) to cut any Network connection from client OS to anywhere except to remote VPN site.

The only option to transfer files is through physical device emulation . Currently we are working on MS Virtual PC ( SUCKS !!!!!!!!!!!!) that has sharing folder option .

I wonder if you could hack ESX the way it will support Sharing folders the way VMware fusion and VMWare Workstation does .

Thanks .

0 Kudos
Texiwill
Leadership
Leadership
‎03-17-2009 06:36 AM

Hello,

No, it is not possible to hack ESX to allow this. Nor would you really want to do this. The Security implications are staggering.


Best regards,
Edward L. Haletky
VMware Communities User Moderator, VMware vExpert 2009
====
Author of the book 'VMWare ESX Server in the Enterprise: Planning and Securing Virtualization Servers', Copyright 2008 Pearson Education.
Blue Gears and SearchVMware Pro Blogs -- Top Virtualization Security Links -- Virtualization Security Round Table Podcast

--
Edward L. Haletky
vExpert XIV: 2009-2023,
VMTN Community Moderator
vSphere Upgrade Saga: https://www.astroarch.com/blogs
GitHub Repo: https://github.com/Texiwill
0 Kudos
amishel
Contributor
Contributor
‎03-17-2009 07:28 AM

The Security is not an issue at all in this case .

The idea is getting rid of a bulk of PC's doing nothing but running Microsoft VPC and consolidating them into one ESXi server while saving HW and Licensing costs .

Thanks .

0 Kudos
Texiwill
Leadership
Leadership
‎03-18-2009 12:04 PM

Hello,

Because it is a security issue it IS not possible.

It is better to setup a VM and use that as a way to share files within the same vSwitch, but the problem is unrelated to this. I had the same problem with my VPN service, there was no solution other than to use things like tunneling to the file server using SSH. I used to do NFS over SSH tunnel. It works.


Best regards,
Edward L. Haletky
VMware Communities User Moderator, VMware vExpert 2009
====
Author of the book 'VMWare ESX Server in the Enterprise: Planning and Securing Virtualization Servers', Copyright 2008 Pearson Education.
Blue Gears and SearchVMware Pro Blogs -- Top Virtualization Security Links -- Virtualization Security Round Table Podcast

--
Edward L. Haletky
vExpert XIV: 2009-2023,
VMTN Community Moderator
vSphere Upgrade Saga: https://www.astroarch.com/blogs
GitHub Repo: https://github.com/Texiwill
0 Kudos