What processes / techniques are people using to secure their vCenter / PSC / SQL servers?
We have a vSphere 6.0 environment where all the above servers are virtual, and the network design is highly segregated, with vSphere management and vMotion networks on standard vswitch and user networks on a dvswitch. In normal operation, the servers communicate on a user network.
The issue we have run into is the serious complexity of the restore process in the scenario where the you wish to do a full restore of one or more of the servers.
The complexity is caused by the following issues:
The ESXi hosts are managed by VCS
All management server network connectivity is provisioned by a dvSwitch
It is not possible to edit (i.e. add a server to) a dvSwitch if VCS is not available
It is not possible for netbackup to restore directly to an ESXi host while it is managed by VCS
This leads to a restore process which looks something like this:
Choose an ESXi host and remove from the cluster
Use netbackup to restore the necessary VMs to that host
Configure the VMs to temporarily use the vSphere Management network (which is hosted on a standard vswitch)
Connect the three management VMs to the temp network and ensure they work
Reconfigure the VMs to use the distributed vSwitch
Rejoin the ESXi host to the cluster
Which is obviously a complete PITA to implement. Anyone else come across this issue? Any ideas for substantially optimising the process?