VMware Networking Community
poulinda
Contributor
Contributor
‎03-15-2018 05:46 AM
Jump to solution

NSX Manager with 2 nics ?

Hello, I installed NSX 6.2.7 for mcafee agentless purpose. Our DNS is not on the same network then our ESXi. Can we configure 2 nics on NSX manager ? Or can we manage host file on NSX manager ? thank you

0 Kudos
1 Solution

Accepted Solutions
bayupw
Leadership
Leadership
‎03-15-2018 02:40 PM
Jump to solution

Understand your gateway is a firewall so I assume NSX Manager default gateway is your firewall.

You can add a rule in the firewall to allow NSX Manager to access DNS server.

Editing the host file in NSX Manager means you would need to drop down to the Engineering Mode in NSX which requires VMware support, not sure if that's supported.

Another option would be to create a dedicated small DNS server for this that is reachable by NSX Manager and all NSX + vSphere components.

You would want to make sure that all NSX and vSphere components are resolvable via DNS, else some of the NSX installation may not work as they may rely on DNS to resolve each other

Bayu Wibowo | VCIX6-DCV/NV
Author of VMware NSX Cookbook http://bit.ly/NSXCookbook
https://github.com/bayupw/PowerNSX-Scripts
https://nz.linkedin.com/in/bayupw | twitter @bayupw

View solution in original post

0 Kudos
7 Replies
cnrz
Expert
Expert
‎03-15-2018 06:12 AM
Jump to solution

Dns doesn’t need to be on the same subnet with ESX host, it may use default gateway. Why needed to be on the same subnet?

0 Kudos
poulinda
Contributor
Contributor
‎03-15-2018 06:19 AM
Jump to solution

We are not using our gateway for cross networking, it's against our rules for this specific network. Our gateway it's a firewall.

0 Kudos
poulinda
Contributor
Contributor
‎03-15-2018 07:08 AM
Jump to solution

I found then we can use Tech Support Access and change the NSX hosts file ... not supported  ....I will test it

0 Kudos
bayupw
Leadership
Leadership
‎03-15-2018 02:40 PM
Jump to solution

Understand your gateway is a firewall so I assume NSX Manager default gateway is your firewall.

You can add a rule in the firewall to allow NSX Manager to access DNS server.

Editing the host file in NSX Manager means you would need to drop down to the Engineering Mode in NSX which requires VMware support, not sure if that's supported.

Another option would be to create a dedicated small DNS server for this that is reachable by NSX Manager and all NSX + vSphere components.

You would want to make sure that all NSX and vSphere components are resolvable via DNS, else some of the NSX installation may not work as they may rely on DNS to resolve each other

Bayu Wibowo | VCIX6-DCV/NV
Author of VMware NSX Cookbook http://bit.ly/NSXCookbook
https://github.com/bayupw/PowerNSX-Scripts
https://nz.linkedin.com/in/bayupw | twitter @bayupw
0 Kudos
poulinda
Contributor
Contributor
‎03-16-2018 05:16 AM
Jump to solution

Hi Bayu, yes your right my gw it's a firewall and we are not allowed to cross connect network (mgmt and data).

I'm waiting an answer from VMware support about adding a second nic or modifying host file if it's supported...

Adding a second read only dual home DNS server it's a good idea, our security department need to approve this solution.

Thank you for your help.

0 Kudos
rutgerblommah
Enthusiast
Enthusiast
‎03-16-2018 03:45 PM
Jump to solution

How is using multiple NICs connected to different VLANs in a VM better or more secure than using L3 routing to get to the resource you need? I strongly advice you reconsider 

//Rutger
0 Kudos
poulinda
Contributor
Contributor
‎03-19-2018 05:46 AM
Jump to solution

NSX can't manage dual home. Second DNS will be the way to solve our issue.

0 Kudos