VMware Cloud Community
Ilene
Enthusiast
Enthusiast
‎02-07-2014 09:39 AM

Test Domain server

We are in the middle of trying to virtualize our domain controller with Windows 2012. We have a host running Esxi 5.0. We have other guest running that are production and in our domain.  We want to bring this new 2012 server as a domain controller but in a test environment. If I give it a separate nic and vSwitch, it should be isolated from our production environment. Our windows admin wants to mimic as much as possible the productions to test probable pitfalls. In this scenario,  is there a chance of this test server interfering with our production? Is the separate vSwitch enough to keep it isolated?

Thank you

Edsel   

Reply
0 Kudos
3 Replies
weinstein5
Immortal
Immortal
‎02-07-2014 09:45 AM

You can even further isolate by creating an internal only network using a  vswitch with 0 physical NICs - this will you to create a network completely isolated - downside is the Windows Admin will have to access the test environment through the vSphere client - with this configuration there is no way it will interact with your production configuration.

If you find this or any other answer useful please consider awarding points by marking the answer correct or helpful
Reply
0 Kudos
f10
Expert
Expert
‎02-07-2014 09:46 AM

Hi Edsel,

yes, you can isolate the VM network traffic either at physical network level or virtual (using VLAN). If you are using the physical method you would end up dedicating a physical network only for DC VM traffic which may not be the optimized way. Today isolation for most of the traffic can be done using VLANs unless you are dealing with some high security data.

Again, if you have ample of physical nics like 6-8 or you are not using iSCSI or NFS and dont need dedicated traffic for IP storage then you may chose isolating network at physical layer however if you dont have sufficient nics then you may suggest using VLANs for DC traffic.

-f10

http://highoncloud.blogspot.in/

About VMware Virtualization on NetApp

Regards, Arun Pandey VCP 3,4,5 | VCAP-DCA | NCDA | HPUX-CSA | http://highoncloud.blogspot.in/ If you found this or other information useful, please consider awarding points for "Correct" or "Helpful".
Reply
0 Kudos
VirtuallyMikeB
Expert
Expert
‎02-08-2014 10:17 PM

Be careful with just adding another VLAN to your environment.  If you don't have control over inter-VLAN traffic, enabling every VLAN to talk to every other VLAN, you'll be creating the very problem you're trying to avoid.  One solution is to get with your Network Admins and create at least one but possibly a set of VLANs that can only talk to each other and are protected from the production environment by a firewall.  That way, your test environment can exist on all your hosts, have "normal" network access, but be isolated.

Firewall rules could be allowed for administrator access, RDP, and Internet access.

All the best,

Mike

-----------------------------------------

Please consider marking this answer "correct" or "helpful" if you found it useful.

Mike Brown

VMware, Cisco Data Center, and NetApp dude

Consulting Engineer

michael.b.brown3@gmail.com

Twitter: @VirtuallyMikeB

Blog: http://VirtuallyMikeBrown.com

LinkedIn: http://LinkedIn.com/in/michaelbbrown

Message was edited by: Mike Brown

----------------------------------------- Please consider marking this answer "correct" or "helpful" if you found it useful (you'll get points too). Mike Brown VMware, Cisco Data Center, and NetApp dude Sr. Systems Engineer michael.b.brown3@gmail.com Twitter: @VirtuallyMikeB Blog: http://VirtuallyMikeBrown.com LinkedIn: http://LinkedIn.com/in/michaelbbrown
Reply
0 Kudos