Kermitdafwog
Contributor
Contributor
‎10-18-2012 02:13 AM

DvSwitch question

Hi

We run a private cloud which currently runs on ESXi4.1 on standard vSwitches.  We are about to add a new cluster which will run ESX5 and we hope to make the transition to dvSwitches.  The cloud is multi tenancy with a separate standard vswitch per customer with 2 vmnics per switch with the specific customer VLANs trunked down each vmnic.

I would be hugely grateful if someone could give me some pointers on the design of the dvswitches.  I've segregated VMs using dvSwitches in the past where there has been an obvious grouping of VMs such as Production, pre-Prod and Dev but this environment does really have that.

Our initial thoughts are to just create one large dvSwitch with separate dvport groups per customer with all cusotmer vLANs trrunked down all vmnics - what are the drawbacks of this design?  Is there any merit in splitting half our customers on to one dvswitch and the rest on another?

Thanks in advance

Kerms

Reply
0 Kudos
NuggetGTR
VMware Employee
VMware Employee
‎10-18-2012 02:58 AM

Really all depends on the security requirements of your tenants,

Your thinking is on the right track in most cases VLAN separation is sufficient and I personally would have 1 DvSwitch and a port group per tenant, easy to administer and neat. This is what I currently run with secure multitenancy cloud i recently stood up. this would also ultimately allow you to bring on more tenants as there is only so many pnics that can be jammed in the server. but you can have a heap more port groups.

same scenario as the production/test etc but this time you have tenant A/tenant B etc

The only draw back to this is that you could create a promiscuous port group and tap into all networks, I would see this as a risk and if administered correctly a very small one.

________________________________________ Blog: http://virtualiseme.net.au VCDX #201 Author of Mastering vRealize Operations Manager
Reply