Are there any guidelines describing the best practice on how to add a management network on a physical card connected to the public internet, without any firewalls inbetween?
I have a mgmt network on the private nic, where I can use the VPN to get to it, but if my VPN goes down, I cannot do any management.
How do people cope with this?
- Make sure the VPN always works?
- MGMT on public side, but with firewalling device (inserting another point of failure)?
- MGMT on public side, but with the ESXi software firewall (is this possible?)
- Just open up the mgmt network on the public nic, it should be safe...