I am working on a project where we want customers to be be able to access websites hosted on our ESX server(s). For security reasons i want to keep traffic from the internet from ever getting to our main network, but I will need to be able to update content from programmers desktops to the Virtual environment. The ESX server has 4 Physical NICs installed in it.
Try implementing VLAN's on ESX server......this should certainly take care of what you looking for...
Anil Gupta
Don’t fear changes, its constant in life, reduce your ecological footprint……………………..Go Green
if you found my answer to be useful, feel free to mark it as Helpful or Correct.
Looking for a Virtualization Solution, look here.....
When you say implementing vlan's are you talking about on the virtual switch or on the physical NIC on the server. I would like for NIC 1 to be connected to the internet and NIC 2 will be connected to our main network.
Hello,
First I assume you are talking about using vSphere ESX or are currently using ESX.
When you say implementing vlan's are you talking about on the virtual switch or on the physical NIC on the server. I would like for NIC 1 to be connected to the internet and NIC 2 will be connected to our main network.
You have at least 6 networks to worry about here....
1) Service Console
2) VMotion
3) IP Storage
4) Internet
5) Main Network
6) Client Networks
You will most likely need at least 1 pNIC for each network. Some can be joined together some can not be.... Check out http://kensvirtualreality.wordpress.org vSwitch Debate blog or my Topology Blogs to get an idea of some concepts and best practices for setting up virtual networking.
What I would do is to use virtual firewalls to govern what each customer can reach. You do not customer A to reach customer B's data. I would also add more than 2 pNICs to do your task.
Draw out what you want on paper. YOu have the following basic building blocks.... physical switches, physical NICS, virtual switches, virtual NICS and virtual firewalls (which are just VMs sitting between multiple vSwitches).
Since we are assuming you have only 2 pNIC, you can not safely or securely do what you desire to do as you actually have at least 6 security zones within your environment (maybe 5 if you do not use IP Storage).
So please provide some more information.
Best regards,
Edward L. Haletky
VMware Communities User Moderator, VMware vExpert 2009
====
Author of the book 'VMWare ESX Server in the Enterprise: Planning and Securing Virtualization Servers', Copyright 2008 Pearson Education.
Blue Gears and SearchVMware Pro Blogs -- Top Virtualization Security Links -- Virtualization Security Round Table Podcast
Yes so u can created different virtual switches and add the different nics as per your choice. Also you can implement VLAN's withing the vswitch for different port groups to help you to get the desired results.
Anil Gupta
Don’t fear changes, its constant in life, reduce your ecological footprint……………………..Go Green
if you found my answer to be useful, feel free to mark it as Helpful or Correct.
Looking for a Virtualization Solution, look here.....
Just for clarification this is website (Test/Beta) for customers to test their methods (webservices) for accessing our production system without impacting their users. It will have low volume and will not be a part of SLA. It will be on one ESX server with 8 mirrored drives (local) for redundancy. I have attached a design document please forgive the crudeness.
Hello,
With vSphere you can also use vShield Zones to in effect implement a firewall within the distributed virtual switch.... That can help with this.
However, in general you will want:
pNIC1 <-> vSwitch <-> vFW <-> vSwitchA <-> Company A's VMs
pNIC1 <-> vSwitch <-> vFW <-> vSwitchB <-> Company B's VMs
etc.
Note the vFW could be vShield Zones which would be better to use as with a vFW you are limited in vNICs you can use for each company.... Once you go over 3 on ESX or 7 on vSphere you need another vFW.
Best regards,
Edward L. Haletky
VMware Communities User Moderator, VMware vExpert 2009, DABCC Analyst
====
Author of the books 'VMware vSphere(TM) and Virtual Infrastructure Security: Securing ESX and the Virtual Environment' available for pre-order now
'VMWare ESX Server in the Enterprise: Planning and Securing Virtualization Servers', Copyright 2008 Pearson Education.
SearchVMware Pro|Blue Gears|Top Virtualization Security Links|Virtualization Security Round Table Podcast
I have done the research and will be implementing the Vsphere.