We plan on putting the vmkernel traffic on a separate physical network. What is the best way to still get NTP? We didn't want to any trusted or external traffic on this segment, but we are thinking we will have to have the physical switch connected to a port on the firewall with just NTP outbound open.
Regards...
Jamie
Remember, if it's not one thing, it's your mother...
with 3i - all comunication is thorugh the vmkernel port as I understand since there is no service console - including NTP and VC -
It is actually the service console that needs to see the NTP source - are you isolating that as well and if so how will VC and your VI Client connect to th e SC?
Yes, I guess I should have stated the service console, but all the servers are 3i so I am getting away from saying that. So, if are Service Console traffic is isolated how do we account for NTP? And maybe a follow up question. Virtual Center talks to the host through??
Regards...
Jamie
Remember, if it's not one thing, it's your mother...
with 3i - all comunication is thorugh the vmkernel port as I understand since there is no service console - including NTP and VC -
Yeah, thats what I thought also. So 1) If we isolate that traffic, it would have to still have some access (NTP outbound only) to get time. 2) If VirtualCenter is a VM, and it has a vNic attached to a vSwitch for the trusted network, would it also need to have a vNic attached to a vSwitch that has a VM port group AND the VMkernel port?
Regards...
Jamie
Remember, if it's not one thing, it's your mother...
no you would just need to connect the vm hosting VC to a virtual mashine port group on a vswitch connected to a pnic on the isolated network - the question still remains is how owuld your vi clients connect to the vc server if it is on an isolated network -
I know, thought about that one also. Thats why we would add a 2nd vnic to VirtualCenter attached to the trusted network. The VI clients would point to that address.
Regards...
Jamie
Remember, if it's not one thing, it's your mother...
That should do it - and you then would be able to rdp into your vc server so if your ever needed to access you ESX hosts dorectly with the VI client -
Yep, thanks for the input......
Regards...
Jamie
Remember, if it's not one thing, it's your mother...