VMware Cloud Community
DSRSAS
Contributor
Contributor
‎12-29-2009 08:51 AM

Service Console Networking

Hello

I am planning to install 10 ESX hosts in dell blades each having 4 nic. The hosts will be having WEB server VM's which will be in DMZ network. For the purpose of managment, I am planning to connect all service console network in Management Vlan's and Vcenter also in same Vlan. The VM virtual switch will have remaining two nic's which will connect to the DMZ network.

So what ports will need to be opened for the communication of VM, VMkernal, Service console and Vcenter.

(Also would like to know can VMkernal and Vm portgroup be on same vswitch) in DMZ.

Regards

DSRSAS

0 Kudos
3 Replies
AnatolyVilchins
Expert
Expert
‎01-04-2010 04:19 AM

HERE is the best and most complete list of VMWare ports in use I've come across, hope this helps.

Edit - just spotted your second question - although your VMKernel

and VM traffic can be on the same port-group, and makes sense for some

configurations, I wouldn't do this for yours.

I would use;

  • two NICs for the 'internal' traffic, either one NIC to one internal
    switch and another to a second switch or two NICs to the same switch -
    both options cover you in case of NIC/cable/switch failure. Create a
    new dual-port vswitch and matching port-group for this carrying
    VMKernel traffic (SC/VMotion etc.)

  • the other two NICs for the 'DMZ' traffic, wired to either separate
    or the same external switch/es/load-balancers, again for protection
    and/or bandwidth improvements and again with a different dual-port
    VM-facing vswitch and port-group.

This is very common practice and I think will serve you well, come

back to us if you have any further questions. Oh and ESX will open it's

own FW ports as you switch on certain services (NTP etc) so don't worry

about the servers, just any ACLs/FWs in the way ok.

from http://serverfault.com/questions/99167/service-console-networking

Starwind Software Developer

www.starwindsoftware.com

Kind Regards, Anatoly Vilchinsky
0 Kudos
sabya1232003
Enthusiast
Enthusiast
‎01-04-2010 04:26 AM

Hi,

The VMkernal and Virtual machine portgroup can be placed on same vswitch but its not recommended by VMware.Again since you are building the infra for DMZ its better to have dedicated vSwitches for each purpose

0 Kudos
TobiasKracht
Expert
Expert
‎01-11-2010 02:13 AM


You can have the VMKernel\Service Console
ports and VM Port Groups on the same vSwitch but you should then
segregate the traffic using VLAN tagging at the port\port group level.


In your case with 4 Nic's the simplest way to do this while
retaining some level of redundancy and isolation is to use two Nic's as
uplinks for each vSwitch as you are planning to do.

StarWind Software R&D

StarWind Software R&D http://www.starwindsoftware.com
0 Kudos