My vApp design - is there a better way?

Hello All,

the following is an example of the vapps I am hosting:




  • x.x.160.x is my "external" network.
  • 172.30.10.x is just another internal network to allow access to other labs.
  • I have pfsense router in every vapp
  • all vapps are fenced [large catalog....]
  • the reason for pfense is so my users can ssh or rdp to the same external interface of the pfsense and access the environment inside the vApp


  • 000_pfsense = rotuer
  • 001_dc01 = domain controller  (full internet access)
  • 002_LJUMP = Centos Jump    (full internet access)
  • LAB-01-x = nested ESXi nodes / VC cluster on isolated network (172.168.10.x)


the design works very well, been using it for years now, but I am curious  - is there a better way to do this?

Every vApp will have its own external IP address [not shared], custom ports are not allowed, I so I only use 22 & 3389 when accessing the x.x.160.x address.

0 Kudos
0 Replies