Hi
What processes / techniques are people using to secure their vCenter / PSC / SQL servers?
We have a vSphere 6.0 environment where all the above servers are virtual, and the network design is highly segregated, with vSphere management and vMotion networks on standard vswitch and user networks on a dvswitch. In normal operation, the servers communicate on a user network.
The issue we have run into is the serious complexity of the restore process in the scenario where the you wish to do a full restore of one or more of the servers.
The complexity is caused by the following issues:
- The ESXi hosts are managed by VCS
- All management server network connectivity is provisioned by a dvSwitch
- It is not possible to edit (i.e. add a server to) a dvSwitch if VCS is not available
- It is not possible for netbackup to restore directly to an ESXi host while it is managed by VCS
This leads to a restore process which looks something like this:
- Choose an ESXi host and remove from the cluster
- Use netbackup to restore the necessary VMs to that host
- Configure the VMs to temporarily use the vSphere Management network (which is hosted on a standard vswitch)
- Connect the three management VMs to the temp network and ensure they work
- Reconfigure the VMs to use the distributed vSwitch
- Rejoin the ESXi host to the cluster
Which is obviously a complete PITA to implement. Anyone else come across this issue? Any ideas for substantially optimising the process?
Cheers
Tim