From what I can tell, it seems the best place for a vCenter server is on firewalled vlan along with all the ESX prod, test, dev, and DMZ management nics. something like:
internet <firewall> production lan <firewall> vmware mangement & vcenter
Can anyone tell me what ports I will need to have open from production to vmware management?
I'm thinking 88, 902, 903 TCP/UDP and 25, 80, 443, 8080, 8443, 10443 TCP, and 53 UDP
kb 1012382 has the info you need, and also check out http://www.vreference.com/2009/09/22/firewall-diagram-updated-to-version-3/.
Thanks for posting those, i've looked over them before, I think I'm looking for anyone who has implemented vCenter like this and who can share any quirks or issues they ran into along with a list of ports and protocols (which can be open to vcenter, which can be open to the whole vlan). Currently our vCenter resides on the production lan, so this implementation will be creating complication.
It depends how you configure your environment.
I like to put the vCenter server into the same subnet that ESX management networking is in. For me this will always be a different subnet and VLAN then the production, dmz, dev/test and uat servers. Therefore I don't really need to enable network firewall rules between vCenter and ESX, but will need to enable rules for communication between vCenter and the production subnet.
Going forward into vSphere 6 vCenter will only come as an appliance, ergo vCenter and ESXi hosts shouldn't be considered servers, rather we should think of them as infrastructure appliances and treat them accordingly.
Thanks, yes, my enviornment will also be similar but for the time being vcetner and update manager will reside on a windows 2008 r2 box so i just need to make sure that the proper ports are open from the production vlan to the vmware management vlan to allow clients to function properly