I also have three dual port Intel NIC cards for six ports in total, from which I use three separate vSwitches. One is for layer three routed guests, one is for some guests that are on separate physical switching infrastructure, and the third is for our layer two network stretched from our Prod to DR sites. I have patched these to our various pSwitches in such a way that I have switch redundancy (all pSwitches are paired) and NIC redundancy.

I have separate HP BL25p's for DMZ guests and I use the built in NIC's again for the SC and VMK, with the other two add-in NIC's for DMZ guests. Unfortunately, 25p's only allow up to four pNIC's, so this is all these are capable of.

I have found no performance issues in relation to having the SC and VMK on the same vSwitch using the same pNIC's and there are no security risks as they are on separate VLAN's.

Cheers, Pete

In my case i will be using HP Blades BL460c G1, the new model. These servers by default comes with 2 pNICs, no HBA's. I will buy the Mezzanien Cards to give me more 4 pNICs and Mezzanies Card for 2 HBA's. Total pNICs will be 6, where each pair will be teamed for Redanduncy and HA.

pNICs (For Service Console, and VMKernal, Spreate VLAN01)

pNICs (For VMs in Production, Spreate VLAN02)

pNICs (For VMs in DMZ and mixed with VMS in Production such as MS-ISA Server, Spreate VLAN03)

for VMotion/ HA and DRS, is it possible to contorl this via the HBAs?

BR,

Habibalby

pnic1&2 trunk for Service Console and VMotion networks. These are 2 dedicated VLANs for only SC and VMotion. vSwitch has all security set to "reject". Follow other best practices for Service Console security and I would say this is secure enough for most companies, of course you need to decide this for yourself. You absolutely want Service Console redundancy for HA to work properly.

One additional thing, pNic1 is Primary for SC and Standby for Vmotion, and pNic2 is Primary for VMotion and Standby for SC.

pnic 3&4 trunk for Internal network(s)

pnic 5&6 trunk for DMZ network

Don Pomeroy
VMTN Communities User Moderator

I've just resigned from the company I was working for, but there, every single VLAN is firewalled and yes, this includes all internal VLAN's. So my SC can't talk to my VMK unless it is explicitly allowed by firewall rules. It's very ugly on initial setup, but doesn't cause me grief.

Anyway, best practise would say separate vSwitches for these, but in a lot of cases, when your onboard pNIC's are different brands to your add-in pNIC's and you need to use all the add-in pNIC's for VM's, then there's not a lot of choice.

Anyway, to address the original question, fibre HBA's only provide paths to the SAN for your hosts, they have no abilities to provide DRS/Vmotion/HA other than ensuring all your hosts see the same Datastores.

And aleph0, yes, that's what we did with the DL585's... one pNIC from one dual port card is teamed with a pNIC from one of the other dual port cards. This way all three VM vSwitches have card, cable, and switch redundancy.

Cheers, Pete

agree with Mork: want to see the publication!!!!

cheers:D

\aleph0
____________________________
http://virtualaleph.blogspot.com/

###############
If you found this information useful, please consider awarding points for "Correct" or "Helpful". Thanks!!!