VMware Cloud Community
jamieorth
Expert
Expert
‎06-19-2008 06:35 AM
Jump to solution

Isolate vmkernel - how to get NTP?

We plan on putting the vmkernel traffic on a separate physical network. What is the best way to still get NTP? We didn't want to any trusted or external traffic on this segment, but we are thinking we will have to have the physical switch connected to a port on the firewall with just NTP outbound open.

Regards...

Jamie

Remember, if it's not one thing, it's your mother...

Tags (3)
0 Kudos
1 Solution

Accepted Solutions
weinstein5
Immortal
Immortal
‎06-19-2008 07:01 AM
Jump to solution

with 3i - all comunication is thorugh the vmkernel port as I understand since there is no service console - including NTP and VC -

If you find this or any other answer useful please consider awarding points by marking the answer correct or helpful

View solution in original post

0 Kudos
8 Replies
weinstein5
Immortal
Immortal
‎06-19-2008 06:42 AM
Jump to solution

It is actually the service console that needs to see the NTP source - are you isolating that as well and if so how will VC and your VI Client connect to th e SC?

If you find this or any other answer useful please consider awarding points by marking the answer correct or helpful
jamieorth
Expert
Expert
‎06-19-2008 06:54 AM
Jump to solution

Yes, I guess I should have stated the service console, but all the servers are 3i so I am getting away from saying that. So, if are Service Console traffic is isolated how do we account for NTP? And maybe a follow up question. Virtual Center talks to the host through??

Regards...

Jamie

Remember, if it's not one thing, it's your mother...

0 Kudos
weinstein5
Immortal
Immortal
‎06-19-2008 07:01 AM
Jump to solution

with 3i - all comunication is thorugh the vmkernel port as I understand since there is no service console - including NTP and VC -

If you find this or any other answer useful please consider awarding points by marking the answer correct or helpful
0 Kudos
jamieorth
Expert
Expert
‎06-19-2008 07:05 AM
Jump to solution

Yeah, thats what I thought also. So 1) If we isolate that traffic, it would have to still have some access (NTP outbound only) to get time. 2) If VirtualCenter is a VM, and it has a vNic attached to a vSwitch for the trusted network, would it also need to have a vNic attached to a vSwitch that has a VM port group AND the VMkernel port?

Regards...

Jamie

Remember, if it's not one thing, it's your mother...

0 Kudos
weinstein5
Immortal
Immortal
‎06-19-2008 07:11 AM
Jump to solution

no you would just need to connect the vm hosting VC to a virtual mashine port group on a vswitch connected to a pnic on the isolated network - the question still remains is how owuld your vi clients connect to the vc server if it is on an isolated network -

If you find this or any other answer useful please consider awarding points by marking the answer correct or helpful
0 Kudos
jamieorth
Expert
Expert
‎06-19-2008 07:17 AM
Jump to solution

I know, thought about that one also. Thats why we would add a 2nd vnic to VirtualCenter attached to the trusted network. The VI clients would point to that address.

Regards...

Jamie

Remember, if it's not one thing, it's your mother...

0 Kudos
weinstein5
Immortal
Immortal
‎06-19-2008 07:18 AM
Jump to solution

That should do it - and you then would be able to rdp into your vc server so if your ever needed to access you ESX hosts dorectly with the VI client -

If you find this or any other answer useful please consider awarding points by marking the answer correct or helpful
jamieorth
Expert
Expert
‎06-19-2008 07:24 AM
Jump to solution

Yep, thanks for the input......

Regards...

Jamie

Remember, if it's not one thing, it's your mother...

0 Kudos