Re: using VirtualCenter Server in DMZ environment

mure79it · ‎09-23-2009

Hi,

I have 2 esx host in my lan.

esx1 = 192.168.0.1 (service console 1)

esx2 = 192.168.0.11 (service console 1)

I have VirtualCenter server in dmz (172.18.13.1) with dedicated phisical switch.

To this switch i connect esx1 and esx2 with dedicated network adapter. At this point i have another service console port per server with 172.18.13.x addressing.

esx1 = 172.18.13.2 (service console 2)

esx2 = 172.18.13.3 (service console 2)

With vSphere client i connect without problems to VirtualCenter and I can manage two esx host, but when i try to open the console of VMs running on two host i get this error message: "Unable to connect to the MKS: Failed to connect to the server 172.18.13.2:902

Many suggestions?

Thanks in advance.

mure79it · ‎09-23-2009

default gateway of both esx host is 192.168.0.254

rt7500 · ‎09-28-2009

Service Console 2 is used to prevent fault isolation during an HA failure. So it's just a heartbeat interface. You can not use to manage your ESX hosts.

You have 2 options.

Option 1

Configure your firewall between the vCenter Server and vSphere hosts with a NAT'd IP for the vSphere host. On your vCenter network you will configure DNS to use the NAT IP. On your vSphere host you will need to configure it to use NAT. I can't remember the exact configuration and which file needs to be changed. But the forums have many posts on it. I think there is also a KB.

Option 2

Service Console 1 goes to the same network as your vCenter server. Then the NICS used for your vSwitch and Virtual Machine Port group then go to your DMZ switch. This allows you to have management access to your vSphere hosts and segment off your VMs.

Hope this helps

All

using VirtualCenter Server in DMZ environment