Hello,

Everyone says to separate the service console from the VMnetwork. If I can separate the service console traffic with a vlan why separate it physically? If something happens that the service console link gets disconnected but my machines are still communicating then I would have trouble. Why not make sure that if the network paths are up for the machines that I can control the VM server?

Your VMNetwork is one of the most hostile networking environments within the vNetwork as its arbitrary and an attack point if some one breaks into a VM. If you have the Virtualization Management Network attached to the one your VMNetwork is on, then there is a VERY good chance that the hacked VM will now be used to launch an attack against the virtualization management network. Given the current set of attacks there is a VERY good chance of this succeeding. For Security reasons you want your Virtualization Management Network to be segregated and firewalled from any other physical and virtual network. Ideally on its own switches with out physical switch VLANs in use. However if you do use physical switch VLANs then you are placing your trust in these switch configurations, so you want to increase your monitoring of these switches.

From the original post I have combined the iSCSI traffic because it is an emergency failover only in case my FiberChannel hardware has a problem. The iSCSI link will seldom to never get used and I didn't want to dedicate 2 physical NICs to something that would almost never be used.

You want to dedicate 2 links to iSCSI, if you ever do have a failover you will want the bandwidth and redundancy. Redundancy should be considered for all storage links.

Let me know what you think on the service console.

When you use VLANs in the vNetwork you are automatically protected from most known Layer-2 attacks, but within the pNetwork you are trusting that your switch configurations will protect you. These configurations have been known to change and not necessarily for the better. Some say, you have to break so much to make this happen, but 1 misconfiguration and your SC is now under attack. Remember, once the virtualization management networks can be attacked they most likely can be broken. I know one pen-tester that can do this in very little time and they will own your virtual environment.

Protect the service console/management appliance, vSphere Client, vCenter servers as if they were gold, access to them implies access to nearly everything. This is why VMware strongly recommends that you create a separate Virtualization Management Network firewalled from all other networks on your system. That within this firewall you place jump machines which run all vSphere SDK and vSphere clients and that you use something like RDP to access these tools without running them through your firewall. Doing this one thing increases your overall virtual environment security by leaps and bounds protecting your investment from the current batch of management network attacks. VLANs are not a security tool, they are a network separation tool that relies on the pNetwork being properly configured, maintained, and audited. VLAN Security is based on trust in your pSwitches not something authoritative.

Best regards,
Edward L. Haletky VMware Communities User Moderator, VMware vExpert 2009, 2010

Now Available: 'VMware vSphere(TM) and Virtual Infrastructure Security'[/url]

Also available 'VMWare ESX Server in the Enterprise'[/url]

Blogging: The Virtualization Practice[/url]|Blue Gears[/url]|TechTarget[/url]|Network World[/url]

Podcast: Virtualization Security Round Table Podcast[/url]|Twitter: Texiwll[/url]