VMware Cloud Community
Kinahan
Contributor
Contributor

Your thoughts on a design...

Hopotetical:

4 Virtual Machines + 1 SC

4 Physical NIC's (3X1000 & 1X100 Mbps)

2 Physical Switches (Switch 1 for Test, Producton & IP Storage LAN's) (Switch 2 for Management LAN)

-


VM1 & VM2: Web Servers & NAT Clients of VM3

VM3 front end for web servers (acts as a NAT router for the backend VM's)

VM4 is a test box used for IPS & Virus detection amongst other things

-


NAS - IP Storage holds all running VM's for TEST ONLY -- all other VM's are on a seperate SAN

2 Physical Switchs & 4 external LAN's

1 physical switch will handle traffic for 3 of the networks which are all VLAN's

1 physical switch will handle all management traffic (this switch will also be used by vCenter Server)

How would you lay this out as far as mappings to the switches etc?

Reply
0 Kudos
3 Replies
athlon_crazy
Virtuoso
Virtuoso

I'll make 2x physical switch for redudancy setup from ESX to SAN but not for your NAS since it's running only test VMs.

vcbMC-1.0.6 Beta

vcbMC-1.0.7 Lite

http://www.no-x.org
Reply
0 Kudos
znet98
Enthusiast
Enthusiast

plan1:

sw1: vm1, vm2, and vm3, uses 1000 nic ports (1 on 1 on switch side)

sw2: vm4, and testing server

since u have only 4 physical ports, need truncking in sw2

plan2:

trunck sw1, use nic1 and 2 as teaming, nic3 as stanby, depends on your web traffic, plug vm1, vm2 and vm3 on it;

trunck sw2, use single nic for vm4 and management

Above 2 plans based on you dont want use 2 switches as redudant.

Reply
0 Kudos
Texiwill
Leadership
Leadership

Hello,

You need to break this down into networks NOT virtual machines. You have apparently 3 networks.....

SC (management)

IP Storage

Virtual Machines

With only 4 pNICS the best layout is:

SC + IP Storage on vSwitch0 using pNIC0 (primary for SC) + pNIC1 (primary for IP Storage)

VMs on vSwitch1 using pNIC2 + pNIC3

If you want to be less secure you could use:

SC + VMs on vSwitch0 using pNIC0 (primary for SC) + pNIC1 (primary for VMs)

IP Storage on vSwitch1 using pNIC2 + pNIC3

With only 4 pNICs you will overlap your security zones somewhat. Check out the Specific Blogs that go into this in quite a bit of detail.


Best regards,

Edward L. Haletky VMware Communities User Moderator, VMware vExpert 2009, Virtualization Practice Analyst[/url]
Now Available: 'VMware vSphere(TM) and Virtual Infrastructure Security: Securing the Virtual Environment'[/url]
Also available 'VMWare ESX Server in the Enterprise'[/url]
[url=http://www.astroarch.com/wiki/index.php/Blog_Roll]SearchVMware Pro[/url]|Blue Gears[/url]|Top Virtualization Security Links[/url]|Virtualization Security Round Table Podcast[/url]

--
Edward L. Haletky
vExpert XIV: 2009-2023,
VMTN Community Moderator
vSphere Upgrade Saga: https://www.astroarch.com/blogs
GitHub Repo: https://github.com/Texiwill
Reply
0 Kudos