sajal1
VMware Employee
VMware Employee

Hello ndmuser,

Yes I forgot that part. If you want your DB VM to be connected to APP VM only then a simple solution do exist Smiley Happy . Create two Separate vSwitch or vDS. Do not attach any physical NIC to the first switch (no uplinks). Create a portgroup on this vSwitch (say by the name secured). Attach physical NICs (uplinks) to the second vSwitch and create one or more port groups (say Internal). Now your DB VM should have only one NIC and connected to the portgroup "secured". In your APP VM  create two vNICs and attach them to "secured" and "internal". So in that way the vSwitch which does not have any uplinks will not be connected to any internal or external network.

In fact you need to place DB and APP VM on the same host and then the traffic between DB and APP never goes out of the host. Whereas traffic from APP vm goes out to the appropriate location.

But one shortcoming of this process is you need to vMotion both the VMs together and they always need to be in the same host (well you can create VM-VM affinity rule for that Smiley Happy ).

View solution in original post

Reply
0 Kudos