Today, my boss asked me when we run virtual desktop on the ESX how do we prevent vdestop A from snooping vdesktop B since they are running on the same hypervisor? Does each virtual desktop has it own VLAN?
Is there some document that I can read up on this? (I am sure there will be but being new to this I am hoping someone can give me some pointer so that I can get to the answer quickly).
Thanks and have a nice day,
anthony.
.. how do we prevent vdestop A from snooping vdesktop B since they are running on the same hypervisor
What are you currently doing to prevent from this in your physical LAN? Does every desktop run in a separate VLAN?
In ESXi the virtual machines are connected to a virtual switch, so there's not much difference between virtual and physical systems.
You may want to take a look at http://www.vmware.com/files/pdf/virtual_networking_concepts.pdf to see how the virtual network works and what can be configured.
André
By default the virtual switch will not show the other vm's traffic. It is just like a hardware switch but in software. You however can configure it otherwise, but you would have to actually set it up that way.
In addition, (for your boss assurance
) may be you can use Private VLAN in isolatead state for each desktop vm.
Isolated – A node attached to a port in an isolated secondary PVLAN may only send to and receive packets from the promiscuous PVLAN.
Thanks everyone for your pointers.
Have a nice day.
