VMware Cloud Community
andrej770
Contributor
Contributor
‎02-12-2010 02:40 PM
Jump to solution

Segregated Network Access

We are an ESX 3 shop and I want to test ESX 4. I want to test to see if the following is doable.

We are setting this new server up in a lab and don't want to connect the ESX 4 Host server directly to the internet (too much paperwork to complete :-). We have installed it on a test PE2950 III. We initially added it to the test internet network so it can get the updates, but now that all that is done, we want to cut the ESX 4 host off to the internet completely (we do want it to be able reach other local network systems - but not the internet). We do, however, want the test VM's, that will be a part of the test domain (to be created in a VM), to have access to the internet. Is this possible? If so and we get that configured, once we purchase the licenses for ESX 4, will we have to undo this setup in order to activiate the server (meaning will we have to make internet connectivity available to the ESX 4 host in order to activate). As is normal, our ESX 3 Hosts are connected to a server that manages the licenses. I already installed ESX 4 and it currently has 35 days left which are plenty for our test.

What are your thoughts on this?

Thanks in advance

andrej770

Tags (2)
0 Kudos
1 Solution

Accepted Solutions
Kasraeian
Expert
Expert
‎02-12-2010 03:27 PM
Jump to solution

For configuring GW and DNS, you can use vSphere client to access your host.

Then select your host from inventory, select configuration on right window and then select *DNS and Routing"

AFAIK, VMware ESX/ESXi host are like other host and machines/systems, as long as they don't have GW address and DNS, they can't reach Internet. Smiley Wink



-= If you found this note/reply useful, please consider awarding points for "Correct" or "Helpful" =-

-= If there's any mistake in my notes, please correct me! =-

-= Thanks =-

!http://www.kasraeian.com/wp-content/uploads/2010/02/VCP4-Logo-Small.jpg!

!http://www.kasraeian.com/wp-content/uploads/2010/02/MCTS-Logo-Small.jpg!

If you found this note/reply useful, please consider awarding points for "Correct" or "Helpful" If there's any mistake in my notes, please correct me! Sohrab Kasraeianfard | http://www.kasraeian.com | @Kasraeian

View solution in original post

0 Kudos
3 Replies
Kasraeian
Expert
Expert
‎02-12-2010 03:00 PM
Jump to solution

Hi,

If you buy vSphere package ((ESX or ESXi) + vCenter), for adding your license to vCenter you don't need any internet access, just install your vCenter, add your host and then add your license to vCenter, that all.

In vCenter 4.0 you didn't have license server anymore, the license checking and activation is built into the vCenter.

Sorry, but I didn't get what you mean by this, do you want your host to access internet or not?

we want to cut the ESX 4 host off to the internet completely (we do want it to be able reach other local network systems - but not the internet)

Your host can have other range of IP which is not permitted to connect to internet by your Co/Org/....

So only your VM inside those hosts can access the internet.



-= If you found this note/reply useful, please consider awarding points for "Correct" or "Helpful" =-

-= If there's any mistake in my notes, please correct me! =-

-= Thanks =-

!http://www.kasraeian.com/wp-content/uploads/2010/02/VCP4-Logo-Small.jpg!

!http://www.kasraeian.com/wp-content/uploads/2010/02/MCTS-Logo-Small.jpg!

If you found this note/reply useful, please consider awarding points for "Correct" or "Helpful" If there's any mistake in my notes, please correct me! Sohrab Kasraeianfard | http://www.kasraeian.com | @Kasraeian
0 Kudos
andrej770
Contributor
Contributor
‎02-12-2010 03:13 PM
Jump to solution

Thanks. I want the Host and VM's on the same network, but I just don't want the Host to have access to the internet. Where is the setting in ESX 4 that allows me to set the Gateway and DNS? If I remove those two from the config, the host should not be able to connect to the internet right? The reason I have concerns is that we have a network scanning tool that sees any time any un"registered" (undocumented and unapproved) network device tries to get to the internet (then the CISO asks questions) :-). I don't want or need that. I didn't know if ESX 4 called home or needed to call home at activation.

0 Kudos
Kasraeian
Expert
Expert
‎02-12-2010 03:27 PM
Jump to solution

For configuring GW and DNS, you can use vSphere client to access your host.

Then select your host from inventory, select configuration on right window and then select *DNS and Routing"

AFAIK, VMware ESX/ESXi host are like other host and machines/systems, as long as they don't have GW address and DNS, they can't reach Internet. Smiley Wink



-= If you found this note/reply useful, please consider awarding points for "Correct" or "Helpful" =-

-= If there's any mistake in my notes, please correct me! =-

-= Thanks =-

!http://www.kasraeian.com/wp-content/uploads/2010/02/VCP4-Logo-Small.jpg!

!http://www.kasraeian.com/wp-content/uploads/2010/02/MCTS-Logo-Small.jpg!

If you found this note/reply useful, please consider awarding points for "Correct" or "Helpful" If there's any mistake in my notes, please correct me! Sohrab Kasraeianfard | http://www.kasraeian.com | @Kasraeian
0 Kudos