VMware Cloud Community
vishwa123
Contributor
Contributor
‎07-28-2010 11:40 PM

host disconnects from the vCenter server after 3 minutes if we power on or off VM

Hi all...

As per the vmware documentation we should not use the NAT between the vCenter server and the hosts it manages. But they have also given some of the ports information which needs to be opened for communication between vCenter server and ESX hosts.

I have a requirement such that the ESX hosts and vCenter server are at remote locations. I have opened the required ports 443, 80, 902, 903 and 902 UDP for redirection on our firewalls. The problem I am facing is whenever I power on OR power off the VM the host is disconnecting and displays the error as " Error while communicating" and disconects. This is same in the case of VM cloning. If I dont do any tasks then the host is not disconnecting and even I can see the performance graphs updating. I am using vsphere 4.0 version.

Pls help me with valuable solutions.... ?:|

Reply
0 Kudos
3 Replies
FranckRookie
Leadership
Leadership
‎07-29-2010 12:24 AM

Hi Vishwa,

Do not mix up firewalling and nating.

Protecting your ESX by a firewall is supported (even integrated in ESX) and you have to open corresponding ports.

Nating between hosts and the vCenter is not supported. But I think I have read some article about creating a dummy system console port on the host with its public IP address...

Regards

Franck

Reply
0 Kudos
vishwa123
Contributor
Contributor
‎07-29-2010 06:15 AM

Dear Frank,

I have the Juniper SSG5 firewall between the vCenter and ESX so how can I manage the hosts. My question is if the vCenter server is at one datacenter and the ESX is at another datacenter, cant we add the remote ESX host to the vCenter server using the NAT.

Waiting for ur reply......

Regards,

Vishwa

Reply
0 Kudos
FranckRookie
Leadership
Leadership
‎07-29-2010 07:20 AM

Hi Vishwa,

Configure the firewall with necessary ports opened, according to the tools you will use in your environment. Have a look at this kb to identify what you need.

Regarding the NAT, configure your Juniper to translate the ESX private IP to a public one, so you can access your host from the vCenter using its public address. Try to create a second service console in the ESX with this public address, even if it can't reach this network. Maybe you can have to play with routes inside the console. Ask your network team for advices.

As I told you, it is not a supported configuration. So do not complain if you have some issues...

Good luck

Franck

Reply