VMware Cloud Community
cknic
Contributor
Contributor
‎07-21-2014 07:39 AM

Creating a lab environment

I'm looking for some help.  An internal group is developing some cool labs and they want to use vSphere.  The issue is they want to not have multiple versions of the lab book.  The lab book calls out particular VLAN #'s.   The issue is everybody can't all use the same VLAN numbers or bad things happen.   W/O using vCloud, what is the best way to design the vsphere environment to allow for this to happen.    I need to Isolate each lab "pod" from the network.

The issue is they need to be able to get into the VMs from the outside, and some of the "isolated" VMs need to be able to communicate out to the real world as well.   I was thinking a vShield/NAT at the "top" of each POD. 

Also they are ok if each "pod" is restricted to a single host, they don't need any pod redundancy.  This is for lab purposes only.

Tags (2)
0 Kudos
1 Reply
JPM300
Commander
Commander
‎07-21-2014 10:12 AM

Hey Chris Nickl,

Well the first question I guess I have is the users that will use the Lab and need to get to these isolated networks, would they be allowed to use the VI client or the Web Client?  You could lock them down to the individual VM's or folders for permission purposes if need be.

Well you have a few options available to you:

1.)  You can keep each host isolated and use your phsyical hardware.  So each host would run x number of labs with x number of port groups with different VLAN's to isolate.  So say you have 6 nics in a host, you could put 2 nics to management, 2 nics to vswitch1 portgroup lab1 - VLAN 100, and 2 nics to vswitch2, portgroup lab2 - VLAN 200.  You could also just put all the nics into vswitch 1 and just seperate everything by VLAN's.  Then do your VLAN trunking at your physical switches.

2.)  Another option is you can use Private VLAN's if your physical switches have the capabillity.  So you would create your Private VLAN on the network that would run to your firewall or route, then create secondary PVLAN's for each lab.  You could create a community PVLAN port group if you want other systems in isolation to talk to each other, or you can createa a isolated secondary that can only talk to the Private VLAN and its self.  If you want more information on this let me know.

3.)  You could use vShield manager and create "Silo's" this way as well

Its all a matter of choice.  Personally I like to use my physical hardware as much as possible and VLAN it our or PVLAN it out when needed, as the investment has already been made on that hardware.  If its a new build or the physical hardware cant' do what I want, then I look at vShield Manager and other software optinos to do it, however again its all a matter of choice.

If you have any quetions please let me know,

0 Kudos