VMware Cloud Community
pieterjanheyse
Enthusiast
Enthusiast
‎03-06-2012 05:41 AM

Running the management interface on the internet

Are there any guidelines describing the best practice on how to add a management network on a physical card connected to the public internet, without any firewalls inbetween?

I have a mgmt network on the private nic, where I can use the VPN to get to it, but if my VPN goes down, I cannot do any management.

How do people cope with this?

  • Make sure the VPN always works?
  • MGMT on public side, but with firewalling device (inserting another point of failure)?
  • MGMT on public side, but with the ESXi software firewall (is this possible?)
  • Just open up the mgmt network on the public nic, it should be safe...
0 Kudos
1 Reply
schepp
Leadership
Leadership
‎03-06-2012 05:50 AM

I'd definitely prefer a few hours of not managing the the ESXi servers in case of VPN error instead of presenting the management console to the world.

What's the matter if VPN is down? The VMs will run, HA in that site will work... not big of a deal

If you're worried better get some VPN redundancy Smiley Wink

Regards

0 Kudos