OleWeel
Enthusiast
Enthusiast

vCenter and management network

Jump to solution

Hi,

Should i put the vCenter on the same network as the management of the ESXi host ?

Now I have standard vSwitch0 configured with vmkernel port=vMotion, vmkernel port=Management Network.... so im wondering if I also should create v vmnetwork for example named Mgmt Network as seen on the picture.

netowke.jpg

Regards Andreas
Tags (3)
0 Kudos
1 Solution

Accepted Solutions
markdjones82
Expert
Expert


I've never had any issues there, but I suppose from a security perspective there is more routed traffic if not on that subnet.  I've been doing this a long time and never considered it to be essential.  Either way is ok, but I've never ran it on the management network and personally don't feel the need to put it on there.

What happens if you have multiple management subnets? IE in my case we have different management networks for some of our clusters and therefore VCenter could not be on both.  I am surprised they put that in the documentation.

http://www.twitter.com/markdjones82 | http://nutzandbolts.wordpress.com

View solution in original post

0 Kudos
5 Replies
AramAvetisyan
Enthusiast
Enthusiast

Hi,

vCenter and ESXi hosts do not have to be on same network.

Just make sure that all the required network ports are accessible.

Remember, not only vCenter server should access ESXi, but also ESXi should be able to access vCenter.

If you are using DNS, vCenter should be able to resolve ESXi names, and ESXi host should be able to resolve DNS name of vCenter.

Regards,

Aram

markdjones82
Expert
Expert

Yes to reiterate Aram, you can put vcenter on any VM network as long as they are able to talk to each other.

http://www.twitter.com/markdjones82 | http://nutzandbolts.wordpress.com
0 Kudos
OleWeel
Enthusiast
Enthusiast

Hi,

Thanks for answers.

Ok I see, but is it best practice to put the vCenter on the same network as management ? I looked at the vSphere 5.1 (know its old) documentation, and there it said "Avoid putting vCenter Server on any network other than the management network. By limiting network connectivity, you limit certain types of attack."

Regards Andreas
0 Kudos
markdjones82
Expert
Expert


I've never had any issues there, but I suppose from a security perspective there is more routed traffic if not on that subnet.  I've been doing this a long time and never considered it to be essential.  Either way is ok, but I've never ran it on the management network and personally don't feel the need to put it on there.

What happens if you have multiple management subnets? IE in my case we have different management networks for some of our clusters and therefore VCenter could not be on both.  I am surprised they put that in the documentation.

http://www.twitter.com/markdjones82 | http://nutzandbolts.wordpress.com

View solution in original post

0 Kudos
AramAvetisyan
Enthusiast
Enthusiast

Here is a quote from VMware KB 2052334: Installing vCenter Server 5.5 best practices

Install vCenter Server, similar to any other network server, on a machine with a fixed IP address and well known DNS name, so that clients can reliably access the service. Assign a static IP address and host name to the Windows server that hosts the vCenter Server system. This IP address must have a valid (internal) domain name system (DNS) registration. Ensure that the ESXi host management interface has a valid DNS resolution from the vCenter Server and all vSphere Web Clients. Ensure that the vCenter Server has a valid DNS resolution from all ESXi hosts and all vSphere Web Clients. If you use DHCP instead of a static IP address for vCenter Server, ensure that the vCenter Server computer name is updated in the domain name service (DNS). Ping the computer name to test this connection. For example, if the computer name is host-1.company.com, run this command in the Windows command prompt:

In some cases It may make sense to keep vCenter and ESXi hosts on same network( to minimize the latency of operations between vCenter Server and ESXi host)(. But this is architectural decision which very much depends on your environment.

0 Kudos