VMware Cloud Community
kingcap3
Contributor
Contributor
‎11-22-2010 01:35 AM

how many vSphere datacentres should I have

We are embarking on our first virtualization deployment and we are trying to figure out the pros and cons of whether we should split our Prod and Non Prod datacentres or combine them.

We were going to have 5 ESXi vSphere servers in our prod and 3 in our non prod, but the more we have though about it, we think we will combine prod and non prod into a single 8 Node Datacentre cluster so we get the most resources. Our architects are scared with security and having prod and non prod together they will see performance problems and possible malicious activity, but we see the ability to have more resources with 8 physical servers, plus the fact we are using ha as more of a compelling reason not to split prod and non prod. We will in the future be looking to deploy SRM and whatever we do we do not want to compromise any future solution.

Would like to get a feeling on what people in the field have done in similar scenarios

0 Kudos
3 Replies
amvmware
Expert
Expert
‎11-22-2010 02:30 AM

My preference would be to keep them separate. Unless you artificially separate the VM's using DRS groups in a single cluster (which then defeats a lot of the advantages you were looking for), you will have live and dev VM's on the same host. All it takes is a badly performing dev VM and you could have issues with resources.

You should have sized your live and dev environments to have the required capacity and redundancy.

I would go with a single datacenter and 2 x cluster - production and non-production.

You mention SRM - this is a better reason for having 2 clusters - you can provide DR for only the VM's you really need running - test and dev will not be such a priority as live VM's.

idle-jam
Immortal
Immortal
‎11-22-2010 02:30 AM

How do your Production and Non Production get defined in your environment? Different DataCenter Room all together or it's just a merely network segregation only. If it's network, then we could combined all the eight host together and have VLAN to separate the network or using a dedicated physical NIC to a Physical Vswitch for an environment.

All all boils down to the concerns of the security team, and addressing one by one. We did it many times, and high chances of success. If he is worried about hypervisor security check out that vsphere 4 is eal4+ ready. http://www.vmware.com/company/news/releases/common-criteria-certification-vsphere.html.

vSphere 4 security hardening guide will come useful too. http://communities.vmware.com/docs/DOC-12306


iDLE-jAM | VCP 2, VCP 3 & VCP 4

If you found this or any other answer useful please consider the use of the Helpful or correct buttons to award points

Texiwill
Leadership
Leadership
‎11-24-2010 11:14 AM

Hello,

Data center is a construct in VC that does not mean they have to be separate datacenters....

You could actually have 1 datacenter and 2 clusters. One for Prod and one for non-prod.

Try to determine their fears. If it is all networking then how the machines are used are not a real issue, it boils down to how you protect your physical and virtual networks.

If it is something like escape the VM then using separate clusters within the same datacenter construct maybe the best thing.

What Security issues are we discussing here?


Best regards,
Edward L. Haletky VMware Communities User Moderator, VMware vExpert 2009, 2010

Now Available: 'VMware vSphere(TM) and Virtual Infrastructure Security'[/url]

Also available 'VMWare ESX Server in the Enterprise'[/url]

Blogging: The Virtualization Practice[/url]|Blue Gears[/url]|TechTarget[/url]|Network World[/url]

Podcast: Virtualization Security Round Table Podcast[/url]|Twitter: Texiwll[/url]

--
Edward L. Haletky
vExpert XIV: 2009-2023,
VMTN Community Moderator
vSphere Upgrade Saga: https://www.astroarch.com/blogs
GitHub Repo: https://github.com/Texiwill
0 Kudos