Hello-
I am going to be spinning up a two host esxi 4.1 cluster in our DMZ utilizing a small iSCSI SAN and had a few "real world" questions. I have looked around the white papers and studied up a bit on the topic but was hoping I could get a feel for what people are actually implementing? Are people using the Nexus 1000v to help lock down their environment or are there other better/cheaper/out of box options out there?
Appreciate your responses...
Erik
The 1000v requires Enterprise Plus licensing so it's not always an option to use with customers. What sort of DMZ needs do you have? If you need to isolate VMs and you're running Advanced licensing then you might find vShield Zones helpful. In most cases a VM or physical firewall is sufficient for a DMZ and the vSwitch can be connected to an isolated switch or segmented from other traffic with a VLAN.
have a look at vshield products, it it's able to create secured zones .. http://www.vmware.com/products/vshield/overview.html
It depends how you mean 'secure'
you can of course manage access to VMs etc using normal Firewalls and so on.
Have a look at the Whitepaper form VMWare on the 3 different DMZ models.
My preference is to actually have management / storage etc on the inside of the network and only present the NICs used for VM access into the DMZ.
I then simply let networks take care of Firewalls etc as they do for all of our physical Servers in the DMZ.
http://www.vmware.com/files/pdf/dmz_virtualization_vmware_infra_wp.pdf