08-28-2015 01:50 AM
I have a question for my ESXi server networking and hopefully someone can assist to confirm. I need a server with two vNICs where first vNIC will connect to Nexus 1000v port-profile, BUT the second interface MUST connect to standard vSwitch. I saw the available options from drop down menu of server's network adapter which include both switches however I am now sure if I can apply it to work in production environment. Has anyone deployed this kind of server in production and works fine?
thanks
08-28-2015 11:44 AM
Many customers actually do the following:
2 vnics connected to vswitch, for management interface, vmotion
2 vnic's connected to N1k, or DVS, for data traffic
Therefore if there is a problem with N1k or DVS, you still have your management connectivity.
08-28-2015 07:36 PM
thanks but my question is referring to a single VM say a windows 2012 server with two NICs, one connect to Nexus 1000v port and the second NIC connect to VMware standard vSwitch.
From ESXi networking perspective this means a single/same virtual server will be shown connected under BOTH ESXi standard vSwitch and also Nexus vDS.
This is not common as far as I know or at least in my past 5 years UCS experience and I have new requirement to setup this now. Any thought?
08-29-2015 11:01 AM
Ok, I understand ? can you please explain us, why you would like to implement such a implementation ? Why should a VM care about the underlying infrastructure ?
08-30-2015 05:16 PM
Hi, one vNIC will connect to DMZ and another one to internal. I am not concerning why a VM care about underlying infra, as it should not. However due to unusual/new network connection setup in my case, I just not 100% sure if this can cause issue in production. I have tested in lab that I can set this kind of connections (config was accepted). I think I need to ensure the routing on my two NICs must be secure enough.
08-31-2015 02:03 PM
Hi
I have seen many installations, where some of the blades are in the DMZ, others are internal to the datacenter, therefore it's based per hardware blade, not VM.
The design also makes use of disjoint vlan's; from the security point of view, this is for sure a better isolation.
I worked with Security Officers in the Finance Industries, who accepted this design as compliant with their security guidelines.
I don't think that your design would be be compliant !
09-15-2015 05:00 PM
Thanks Walter. At the moment my client will not dedicate a DMZ host and would like to max utilize the resources but I see your points from greater security view. So far my host is working well in production.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide