VMware Cloud Community
SCC
Contributor
Contributor
‎06-05-2009 06:47 AM
Jump to solution

Private/Public vm admin setup

I have been searching and reading articles and posts regarding vms in DMZ and have not found an answer to our (soon to be) environment that we are planning. I understand about segregating DMZ vms to a seperate virtual switch and making sure the SC is on a different virtual switch attached to the private management network. But what about the vCenter server? We need admin users to be able to access the vms in the dmz from both inside the private network and from outside via the Internet.

If you could enlighten?

Thanks

Don

Reply
0 Kudos
1 Solution

Accepted Solutions
AndreTheGiant
Immortal
Immortal
‎06-07-2009 01:42 AM
Jump to solution

Usually VC is in the same network of the ESX SC.

To access VC without have direct access to management network you can use: NAT, VPN, dual-homed VC, reverse proxy, ...

IMHO I prefer VPN solutions.

Andre

**if you found this or any other answer useful please consider allocating points for helpful or correct answers

Andrew | http://about.me/amauro | http://vinfrastructure.it/ | @Andrea_Mauro

View solution in original post

Reply
0 Kudos
4 Replies
AndreTheGiant
Immortal
Immortal
‎06-07-2009 01:42 AM
Jump to solution

Usually VC is in the same network of the ESX SC.

To access VC without have direct access to management network you can use: NAT, VPN, dual-homed VC, reverse proxy, ...

IMHO I prefer VPN solutions.

Andre

**if you found this or any other answer useful please consider allocating points for helpful or correct answers

Andrew | http://about.me/amauro | http://vinfrastructure.it/ | @Andrea_Mauro
Reply
0 Kudos
VladN
Hot Shot
Hot Shot
‎06-08-2009 12:35 AM
Jump to solution

I agree with Andre - VPN is the way to go.

Reply
SCC
Contributor
Contributor
‎06-08-2009 06:47 AM
Jump to solution

Wow, does this blow. This is exactly how I proposed and had a test setup (with openvpn) and the decision makers said no that would be too insecure. They wanted to use MS-TS until the cost figures for licenses started getting thrown aroud. Go figure.

Thanks for your input, Andre

Don

Reply
0 Kudos
AndreTheGiant
Immortal
Immortal
‎06-08-2009 06:53 AM
Jump to solution

This is exactly how I proposed and had a test setup (with openvpn) and the decision makers said no that would be too insecure.

OpenVPN could be a very good solution. Only one port, firewall aware, NAT aware.

(to be honest also other SSL tunnel solution could be fine as well).

Andre

**if you found this or any other answer useful please consider allocating points for helpful or correct answers

Andrew | http://about.me/amauro | http://vinfrastructure.it/ | @Andrea_Mauro
Reply