VMware Cloud Community
vSohill
Expert
Expert
‎02-28-2017 02:27 AM
Jump to solution

vCD External Network

Hi,

If I have Org1 and Org2 and Org3 as best practices and from security perspective to map each org to external network ?

1 Solution

Accepted Solutions
Sreec
VMware Employee
VMware Employee
‎02-28-2017 09:09 AM
Jump to solution

As you know external networks can be shared with multiple tenants,from a SP perspective it is recommended to have unique ext network for each tenant with different VLAN ID(Virtual Switch Tagging) ,configure 802.1q trunking on switches and finally allocate pool of IP's to each tenant external pool is what i would suggest.

Cheers,
Sree | VCIX-5X| VCAP-5X| VExpert 7x|Cisco Certified Specialist
Please KUDO helpful posts and mark the thread as solved if answered

View solution in original post

0 Kudos
6 Replies
Sreec
VMware Employee
VMware Employee
‎02-28-2017 05:01 AM
Jump to solution

May i know what security you are looking for each org and external network ? Based on that i can give you suggestions.

Cheers,
Sree | VCIX-5X| VCAP-5X| VExpert 7x|Cisco Certified Specialist
Please KUDO helpful posts and mark the thread as solved if answered
0 Kudos
vSohill
Expert
Expert
‎02-28-2017 05:50 AM
Jump to solution

Thank you SreecSreec


I will put the question in other way Smiley Happy If you are SP and  have 3 diff Org for 3 diff companies  would you use one external Network or 3 external networks?

0 Kudos
Sreec
VMware Employee
VMware Employee
‎02-28-2017 09:09 AM
Jump to solution

As you know external networks can be shared with multiple tenants,from a SP perspective it is recommended to have unique ext network for each tenant with different VLAN ID(Virtual Switch Tagging) ,configure 802.1q trunking on switches and finally allocate pool of IP's to each tenant external pool is what i would suggest.

Cheers,
Sree | VCIX-5X| VCAP-5X| VExpert 7x|Cisco Certified Specialist
Please KUDO helpful posts and mark the thread as solved if answered
0 Kudos
vSohill
Expert
Expert
‎03-01-2017 12:30 AM
Jump to solution

Thank you

0 Kudos
vSohill
Expert
Expert
‎03-16-2017 01:59 AM
Jump to solution

SreecSreec

Back again the question, as you said "it is recommended to have unique ext network for each tenant"  those unique ext networks will be linked to one PortGroup or unique Portgrops in VDS ? I would like to know what is the most common with SP in regards to VDS?

0 Kudos
Sreec
VMware Employee
VMware Employee
‎03-16-2017 11:21 PM
Jump to solution

Unique port-groups in DVS is a better approach,rather than putting all the external traffic in pipe. How you isolate in physical layer is your choice,same l2/l3 domain etc with additional security.

Cheers,
Sree | VCIX-5X| VCAP-5X| VExpert 7x|Cisco Certified Specialist
Please KUDO helpful posts and mark the thread as solved if answered