Our environment has recently changed in that we have relocated our virtual infrastructure to a new location.
We will be configuring vCenter Server 4.0 in a domain that we are not domain administrators.
The reason for connecting to this domain is it is the only way we can get access to our virtual infrastructure via a VPN connection.
We may be able to be assigned as an administrator, but that is not clear.
I was wondering if there is a way to have the below virtual configuration configured that would allow access to the infrastructure.
Note that we have a vSphere 4 Standard license.
VCenter Server 4.0 installed in a domain on 128.244.x.x.
The ESX 4.0 Servers are configured in a different network with the ip addresses of – 192.168.x.x.
Some of the VMs are in a 10.10.x.x network with their own VM as a domain.
In order to connect externally to the virtual infrastructure, we must use a VPN connection to 128.244.
We do have routers that are in place but I am not sure of the configuration – NAT, VLAN, etc.
Basically, we need to connect to vCenter via VPN and access the VMs that currently are on ESX Servers at 192.168.x.x.
An option may be to reconfigure the ESX Servers and put them on 128.244.x.x. but we would like to have them kept on our 192.168.x.x if possible.
Any ideas on this?
Anyone running vCenter on a separate network then the ESX Servers?
Thanks
Hi,
We do run VC and ESX in different subnets. Ensure you have the neccessary ports opened. Below are the list of ports for all vmware products
Hope this helps!
thanks
Is the configuration for the subnet accomplished at the VMware level (network configuration / vSwitch) or at the router level?
Again, since I am not on the network side of the house, can anyone provide an example or possibly a screen shot of the config withing vCenter / router?
thanks
- It should be done in network/vSwitch level.
- The Core switch port where the ESX is connected should be configured as trunk with the allowed vlan's ( In my case vlan 90, 53 & 40. I've erased the names off).
- on the vSwtich create virtual machine portgroups with individual vlan ID. Place the VM in it.
- I cant get you any snap on the switch/router.
Award points if useful!
thanks for this info..
I will forwad this to our network engineers
I assume that if we VPN into 128, we can access the VMs?
Hi,
Design looks good. Ensure you got all the required ports opened.
ok thanks
I will see what the network folks and security say.
Can the Distribued Virtual Switch be used in this set up?
If so, what would be the best setup and use?
also,
how does the drawing I posted fit in with your original post for using separate VLANs?
thanks
Hi,
I got VC, vmotion interface, VM's and my VI client are in differnent DMZ. All traffic will cross the firewall.
Hope this helps!