Hi

What processes / techniques are people using to secure their vCenter / PSC / SQL servers?

We have a vSphere 6.0 environment where all the above servers are virtual, and the network design is highly segregated, with vSphere management and vMotion networks on standard vswitch and user networks on a dvswitch. In normal operation, the servers communicate on a user network.

The issue we have run into is the serious complexity of the restore process in the scenario where the you wish to do a full restore of one or more of the servers.

The complexity is caused by the following issues:

• The ESXi hosts are managed by VCS
• All management server network connectivity is provisioned by a dvSwitch
• It is not possible to edit (i.e. add a server to) a dvSwitch if VCS is not available
• It is not possible for netbackup to restore directly to an ESXi host while it is managed by VCS

This leads to a restore process which looks something like this:

• Choose an ESXi host and remove from the cluster
• Use netbackup to restore the necessary VMs to that host
• Configure the VMs to temporarily use the vSphere Management network (which is hosted on a standard vswitch)
• Connect the three management VMs to the temp network and ensure they work
• Reconfigure the VMs to use the distributed vSwitch
• Rejoin the ESXi host to the cluster

Which is obviously a complete PITA to implement. Anyone else come across this issue? Any ideas for substantially optimising the process?

Cheers

Tim