I am in the process of deploying vShield Manager in our test and dev environment (before we implement in production).
I have been reading the documentation "vShield Installation and Upgrade Guide - vShield Manager 5.1". On page 20 the following statement is made:
NOTE Do not place the management interface of the vShield Manager in the same port group as the Service Console and VMkernel.
Question:
Is it OK for the vShield Manager to be in the same subnet and VLAN as the Service Console and VMkernel, using a dedicated port group?
For example I create another port group that has the same VLAN as the Service Console and VMkernel and the vShield Manager uses this?
Let me elaborate with an example.
On page 19 the following statement is made:
With vShield 5.0 and later, you can install the vShield Manager in a different vCenter than the one that the vShield Manager will be interoperating with. A single vShield Manager serves a single vCenter Server environment.
vCenter1
vShield Manager
vCenter2
So my question again:
Is it OK for the vShield Manager to be in the same subnet and VLAN as the Service Console and VMkernel, using a dedicated port group?
Yes, it is fine to have the Manager on the same VLAN as the vmkernel interfaces. Based on your description below you will be just fine and are actually following the practice properly.
Not sure why the docs say not to put it in the same portgroup as the vmkernel or service console as those are special portgroups and you cannot put a VM (the Manager) in a vmkernel or service console portgroup. I'll have our docs people check on that.
Yes, it is fine to have the Manager on the same VLAN as the vmkernel interfaces. Based on your description below you will be just fine and are actually following the practice properly.
Not sure why the docs say not to put it in the same portgroup as the vmkernel or service console as those are special portgroups and you cannot put a VM (the Manager) in a vmkernel or service console portgroup. I'll have our docs people check on that.
Thanks very much for your quick response rrandell.
I was pretty sure I was going down the right path, just wanted to be 100% sure.
rrandell,
Any word on why this is in the documentation? It seems to go all the way back to vShield 1.0 documentation. It is actually possible to put the vShield manager interface in the same portgroup if you are using a distributed switch. The whole phrasing of that statement doesn't make sense however, It seems to be an artifact that no one knows what it means or why it is there. It has even made it in to the vCNS 5.1 training materials.