Then i need to use one of VM machines as gateway, but there is very much traffic from about 100 machines on several hosts. Gateway`s channel will be 100 Mb/s because the host is also 100 Mb/s but that is not enough for 3 more hosts traffic. And to use DHCP without making it gateway - no sense. User can put IP`s anyway manually.

You can always lock down those permissions.

-KjB

don`t understand, lock down what?

Remove admin permissions from the users of those vm's.

-KjB

You could lock down that access through Active Directory group policy settings.

espi3030

What do you mean? i`m not talking about any permissions for VM machine, my users don`t have any permissions for it. They can change manually IP in there VM machine. That is the problem. How to block the IP if user changes it manually (i mean that only 1 IP address was assigned for 1 VM machine ) without using DHCP server on another VM machine putting it as gateway (because there is too much traffic) ?

No Active directory, i have linux servers

The question was: Can ESX control IP addresses that VM machines use?

I have not tested it yet, but at the Datacenter level in your vSphere client there is an "IP Pool" tab, have you tried using that? I may run some tests in there soon and post my sesults here.

Hope this helps.

Sure i have tried.

I`ve made a VM network, created IP pool, added and associated VMnetwork, enabled IP pool with several IPs, then i created VM machine, install Debian OS, install VMware tools, changed IP and it works though this IP is not listed in IP pool

I don`t understand the use of IP pool.

The question is up

OK, first the fact that you are using IP static is a problem, since you have to assign IP's to users, and you are evidently allowing users to set their OWN IP.

so if they make a mistake you are relying on them to do it correctly.

DHCP should be used, IP would be assigned automatically, and you can track the MAC address to see which machines are using which IP very easily from one place. The fact that you don't have a gateway makes ZERO difference on using DHCP, it just means you can assign IP address automatically not HOW traffic is routed.

You can't lock down a VM to keep from someone using an IP, that is an OS function, not VM. So take away root if you don't want to assign IP's if you are using Linux instead of Windows.

Otherwise you will have more problems in the future if you allow users to set their own IP's and apparently they can't be trusted.... DHCP would eliminate any re-work or extra work by users, management and documentation would be easier since it would ALSO mean you could see the machines names used as well.

I understand that i can assign automatically by DCHP IP, but the user can change it to another static and it will work, and that is the problem

It`s sad that ESX doesn`t have that function... and IP pool is useless function

I understand that i can assign automatically by DCHP IP

I doubt it. Users just want to connect, they could care less what IP they have to do so. If they have a valid connection, they won't bother with "changing" the IP.

and you CAN assign by DHCP but you DIDN'T did you? Thus the problem you have now.. you have NO idea which machine has the offending IP.

That's the problem!

It`s sad that ESX doesn`t have that function...

No it's not sad.. you apparently are missing the point of a VM host server. ESX job is to MANAGE VM's, which it does.

IP is a function of the OS NOT ESX, so that function belongs with the operating system, not the VM host. What you do INSIDE a VM is a function of the administrator and OS. We can't help that you want everything to work by magic, some things actually need knowledge to be understood.

I don`t have that problem now, i have DHCP server in my network and IP addresses are assigned automatically, i can monitor which IP has VM by dhcp and by VMware (if vmware tools are installed). I can make much work so that it could block the network of VM, but the matter is to assign for VMmachine only 1 exact ip address by means of ESX.

One more time i will say that i thought , i hoped IPpool can do that, but i`s useless, i`m very mad.

Did you try calling VM Ware? Maybe there is some configuration that isn't set correctly.

If users have the ability to CHANGE IP at the OS level, how can you expect ESX to manage or control that? ESX deploys a VM, that VM get's assigned an IP from the pool, but some user comes along and decides they want to change it, they have root, they can do it. ESX isn't a administrator for the OS, only to allow Virtual Machines to get CPU, memory and disk allocation, that's pretty much it. I think you expect too much.

Viruses, errors, and problems 90% of ALL of those are because people make stupid mistakes, that's why we have tools that monitor what people do, because people cannot be trusted, the tools work great.. until somebody misuses them. You can't blame VM Ware for that!

So you want to get mad, start with those users that didn't follow instructions, not with ESX.

Ok, i see you position.

Then, tell me please, what for is IP pool function? As i think it should have function, that monitors IP on VM machine (of course if VMware tools installed) and use only that ip , which are listed in IP pool.

Again, there is no way for ESX to influence a user's decision to change the IP address of his VM.

IP Pools are pools of IP addresses that can be used by VMs inside a vApp and that's not what you are looking for.

Say, how often does it happen in your network that users change their IP addresses? Is it really THAT much of a problem?