Solved: Migrating VM's

Sean_Kane · ‎06-19-2008

Forgive me for this Noob question, but here goes!

Current Setup:

DMZ ESX Hosts: 3.5 Update 1

Internal ESX Hosts: 3.0.2 Fully patched.

Clariion SAN

We just setup the DMZ ESX Hosts for our Internet facing web servers, etc. I am trying to migrate a VM from the internal host to the DMZ host without success.

Question: Do the DMZ ESX Hosts need to be zoned so that they can see the Internal ESX Hosts LUN's and vice versa for the migrations to occur properly?

Thanks in advance,

Sean

TomHowarth · ‎06-20-2008

Forgive me for this Noob question, but here goes!

There is no such thing as a noob question, just a desire to understand. we have all been there at one time or another.

Current Setup:
DMZ ESX Hosts: 3.5 Update 1
Internal ESX Hosts: 3.0.2 Fully patched.
Clariion SAN
We just setup the DMZ ESX Hosts for our Internet facing web servers, etc. I am trying to migrate a VM from the internal host to the DMZ host without success.
Question: Do the DMZ ESX Hosts need to be zoned so that they can see the Internal ESX Hosts LUN's and vice versa for the migrations to occur properly?

For vMotion to work all hosts need access to all LUNs, this however in your setup could be a security risk. personally I would run VMware converter and convert the machine to the new host. it would be much more secure

Tom Howarth

VMware Communities User Moderator

Tom Howarth VCP / VCAP / vExpert
VMware Communities User Moderator
Blog: http://www.planetvm.net
Contributing author on VMware vSphere and Virtual Infrastructure Security: Securing ESX and the Virtual Environment
Contributing author on VCP VMware Certified Professional on VSphere 4 Study Guide: Exam VCP-410

View solution in original post

oreeh · ‎06-19-2008

To migrate the VMs the DMZ ESX host has to see the LUNs.

But since this is a possible security issue I'd rather export the VMs / VMDKs and import them or use VMware Converter.

weinstein5 · ‎06-19-2008

As the other poster mentioned both hosts need to see the storage where the vm is stored - also both hosts must have vmkernel ports enabled for VMotion on the same network segment - it is through htis port that VMotion is accomplished

If you find this or any other answer useful please consider awarding points by marking the answer correct or helpful

Sean_Kane · ‎06-19-2008

Got it... so I need to be sure that each ESX host can see each other's LUN's and I need to be sure that port 8000 is punched open.

I don't want to regularly move stuff between these hosts, this is a "one-time" thing. Now to begin the internal debate on whether I want to do this for 15 minutes, then close everything back up.

Sean

Kahonu · ‎06-19-2008

If this is a one time dealy, I'd save yourself humbug and use Converter.

TomHowarth · ‎06-20-2008

Forgive me for this Noob question, but here goes!

There is no such thing as a noob question, just a desire to understand. we have all been there at one time or another.

Current Setup:
DMZ ESX Hosts: 3.5 Update 1
Internal ESX Hosts: 3.0.2 Fully patched.
Clariion SAN
We just setup the DMZ ESX Hosts for our Internet facing web servers, etc. I am trying to migrate a VM from the internal host to the DMZ host without success.
Question: Do the DMZ ESX Hosts need to be zoned so that they can see the Internal ESX Hosts LUN's and vice versa for the migrations to occur properly?

For vMotion to work all hosts need access to all LUNs, this however in your setup could be a security risk. personally I would run VMware converter and convert the machine to the new host. it would be much more secure

Tom Howarth

VMware Communities User Moderator

Tom Howarth VCP / VCAP / vExpert
VMware Communities User Moderator
Blog: http://www.planetvm.net
Contributing author on VMware vSphere and Virtual Infrastructure Security: Securing ESX and the Virtual Environment
Contributing author on VCP VMware Certified Professional on VSphere 4 Study Guide: Exam VCP-410

Sean_Kane · ‎06-20-2008

Excellent! Thanks for all the feedback everyone.

I think I'm going to give the convertor a try. I have never used it before and this seems like a great opportunity to give it a test shot.

Sean

Sean_Kane · ‎07-07-2008

Ok, I tried to use the VMware Convertor without any success. When it tries to do the copy process, it end up coming up with the following error (found in the vmware-convertor-0.log file)

NfcNewAuthdConnectionEx: Failed to connect to peer. Error: Cannot connect to host ESXHOSTNAME: A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond

NBD_ClientOpen: Couldn't connect to ESXHOSTNAME:902 Cannot connect to host ESXHOSTNAME: A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond

Since it is erroring-out on port 902, should I punch that open?

Thanks,

Sean

All

Migrating VM's