DMZ Configuration

Testdrive2009 · ‎07-27-2010

Hello everybody,

i want to establish a DMZ for my company. I read many how tos and best practise but couldnt find anything which is possible for me to introduce.

Ok my configuration now:

I have an IBM BladeCenter H with 14 Blades. Every Blade has only 2NIC ( so the Best Practise VMWare considered will fail ) and the NICS are connected to 2 different Layer3 Switches in the BladeCenter.Every Switch has 6 Portswhich are trunked to the next physical Switch and then to the physical Firewall.

In the VirtualCenter i have set up an dvSwitch which 20 different VLANs.Both NICs from the ESX-Hosts are connected to this dvSwitch for Redundancy Purposes.

Up2now i have seperated all machines which should reside in the DMZ in different VLANs. These VLANs are configured from the dvSwitch overall physical devices up to the Firewall. The Firewall untags the pakets and them them over an router to the Internet. That the different VLANs see each other is blocked by ACLs in the Firewalls.

All VMs resides on the same Blades.

Has anyone some experience how to mange to implement a DMZ in this configuration with only 2 NICs per Blade ?

rsaha · ‎07-27-2010

Using 2 NIC...how will u manage the service console?

Do u need any vmotion setup.

Its difficult one

Testdrive2009 · ‎07-27-2010

hm dont understand where is the problem.. :smileyshocked:

the virtualcenter is on the same subnet than the service console so i can manage everything..

and at least i can go through the management console off the bladecenter if the network of the blade is down.

VMotion: is active works and works fine