VMware vSphere

 View Only

  • 1.  Best ways to separate environments on vsphere

    Posted Mar 02, 2020 05:25 PM

    Hello

    After some help for the best way to combine environments but to maintain security.  Currently have DEV and PROD env on 2 separate ESXi hosts (essentials license), but share the same SAN.  The ESXi/SAN connections have different CHAPs passwords for DEV & PROD, so storage cannot be seen/used by other host.

    We are looking to simplify and refresh the hosts and would like to forward a suggestion and see is this is a sensible approach or if there is a better way to do things.

    Suggestion is to upgrade the license to essentials plus and replace the 2 separate hosts with a 3 node cluster with connection to the same SAN.  This will allow vMotion and sharing the load more evenly across the 3 hosts.

    However, we need to maintain environmental boundaries between DEV and PROD - thinking here is to use storage and network policies.  Can storage policies ensure that only DEV VMs can see DEV datastores and only PROD VMs see PROD datastores?  Likewise, can network policies ensure only DEV VMs can connect to DEV port groups and PROD VMs can only connect to PROD port groups?

    Is this the best way to do this?  Any other suggestions?

    Thanks in advance.



  • 2.  RE: Best ways to separate environments on vsphere

    Posted Mar 02, 2020 05:33 PM

    Its how safe do you want to be, if your need stability above all else, everything should be separate. The things that aren't separate, how big of an impact would they have on production. The comprimse the environment I'm in now, the prod datacenter is nothing but production, but the dr datacenter we have is both for prod, dr, dev, and test. That way if someone breaks something anything critical in the primary datacenter isn't effected. In the end its one of those, "it depends" answers



  • 3.  RE: Best ways to separate environments on vsphere

    Posted Mar 02, 2020 07:06 PM

    I would create a three-node cluster so I can move VMs around using vMotion and have HA as a hardware DR solution.

    To separate the network traffic you can use port groups with different VLANs. And you can use Storage Policies to make sure DEV VMs can only use DEV datastores. But then you must connect every datastore to every host.



  • 4.  RE: Best ways to separate environments on vsphere

    Posted Aug 04, 2020 08:29 PM

    I would be interested in how best to architect this.  Currently 2x servers running physically separate networks and switches.  BUT could the clusters with port groups / virtual switches / etc be able to be stable enough / reliable enough that if a server failed the vm / storage etc would be moved over (I believe this is the HA part..). 

    Any suggestions welcome....  right now availability is the primary concern.  That was the reason for the physical separation.

    Cheers!



  • 5.  RE: Best ways to separate environments on vsphere

    Broadcom Employee
    Posted Aug 04, 2020 08:52 PM

    I doubt any of the opinion or advice has changed since you last asked: vCenter / vSphere home lab design