Welcome to the Community,
My vSwitch gas one uplink connected to physical NIC, has 3 portgroups one of them connected to physical adapter another to esxi host and one to vm
I'm not sure whether I understand your setup correctly. What you basically need (security / direct Internet access disregarded) is a single vSwitch, which has an uplink to the physical network. On that vSwitch you will have a VMKernel Port Group for the "Management Network" with its dedicated IP address, and a second "Virtual Machine" port group. The required IP configuration for the VMs is done within the guest OS itself.
I can connect to internet from VM, but cannot connect to VM from the internet. This is my problem, can you explain how to setup my network correctly to do this.
I have 10 white IPs so this must work as a VPS servers.
Does your server sit behind a firewall? Can you confirm that the required ports are open for ingress traffic?
I assume that you've configured the guest to allow ICMP (ping), and RDP, which is not enabled by default in current Windows versions.
No my server is not behind firewall everything is open.
Guest can be pinged and can RDP is allowed.
So as I see my server has default configuration.
A few things:
1) Never put your hypervisor's management ports (vmkernel ports) on the Internet.
2) Please provide a network diagram of all devices between the VM and the Internet (firewalls, switches, routers, modems, etc.)
IP reachability is dependent on many things unrelated to the VM. The most important part is usually what is upstream of the hypervisor.
For Example you can state something like the following:
DMZ VMs <-> DMZ vSwitch <-> vFW <-> External vSwitch <-> External pNIC <-> External pSwitch <-> ISP Gear
VM <-> VM vSwitch <-> vFW <-> DMZ VMs <-> DMZ vSwitch <-> DMZ pNIC <-> FW <-> External/ISP Gear
It all depends on placement and what is in the netowrk path. In both the above cases, the FW is blocking external access while allowing internal to internet access.
In both cases there is another network just for Management:
Mgmt VMs <-> Mgmt vSwitch <-> Mgmt pNIC <-> Mgmt pSwitch
When you virtualize a DMZ it is best to use different pNIC/vSwitch combinations with physical segmentation in the networking layers.