First, thanks so much for all the helpful posts. The information has been invaluable. A few more questions have come up.
Situation: I will be running a ESX server from a Colo which will give me static IPs. I plan on offering a web-based SaaS (software as a service). Based on previous comments:
http://www.vmware.com/community/thread.jspa?threadID=81430&tstart=0
I will be using a utility firewall in front of the host-machine.
QUESTION: Any recommendations on a firewall?
So, also, I was planning on having 4 servers on this host:
Domain Controller: Active Directory 2003
Database Server: SQL Server 2005
Web Server: SharePoint Services 2007
Web Server: SharePoint Server 2007
Boundary Server: ISA 2006
QUESTION: I assume that there is a way for me to have each of the servers be part of an internal or private network, and have the boundary server have 2 network interfaces, 1-public and 1-private. This is possible right? and if so, what do I need to do to setup this up?
QUESTION: If I plug a USB device, like an external hard drive, will I be able to see that from the guest OS's?
QUESTION: Is there good documentation on backup and recovery of the server images?
QUESTION: Ok, this one is pretty dumb, but I am going to ask it anyway. If this server is in a colo and receives a static address, am I also going to be able to assign other static IPs to the host os's? For example, if I want the host to be http://host.company.com and I want one of the guest web servers to be http://wss.company.com, this should work right? I guess I just have a hard time wrapping my head around how the network knows how to resolve since there is only one physical NIC.
Again, thanks so much to all the helpful people on this board, I hope some day I will be able to return the favor. If anyone is in need of SharePoint or Exchange experts let me know.
Look at the attached picture...see if it helps.
Good job with the picture.
The only thing I would change is I would put four physical NIC's in the host and implement NIC teaming on both the preferred and alternate paths.
Jason
Yep...I would like to put more NICs, too; however, since he's going into a co-lo, I was assuming he was going to get one, maybe two physical switch ports (basic low-end 1-2 U allocation).
If there is only one port assigned, then you'd use the "Alternate" configuration with everything on one vSwitch.
If there are two pSwitch ports assigned, then I'd put the COS on one and the VMs on the other. In this case, the "Alternate" connection would be optional, but not a bad idea to provide a second path into the system (the COS would consume two IP addresses).
In all cases, he will need at least two public IP addresses - one for the COS and one for the ISA box. In all cases I would also encourage the provisioning of an out of band management interface (iLO, DRAC, Director, etc.) - as well as a physical firewall to front the whole she-bang.
Ken, thanks for taking the time to put the diagram together. Really helped me to visualize the solution. Can you point me in the right direction of how to tactically do this?
Do I need to purchase a second network card for the server?
How do I setup a vswitch?
And what is a "out of band management interface"?
Yes you should purchase a second nic.
Nic 1 cos referred to as vswf
Nic2 VM's
The out of band would require a 3rd static address. HP uses ILO for lights out management Dell uses a DRAC
what they provide is the ability to manage the server from this usually built in dedicated nic. Say the system lost power or was powered down, you can boot the server or upgrade firmware via the out of band management. You can telnet ssh or use a browser with the HP ilo.
To create vswitches you connect to the COS using the VI client go to configuration and network. The first switch that uses the COS is created at install using the address you supply at install.
Thanks so much for the help, you guys ROCK!