03-25-2014 06:37 AM - edited 03-07-2019 06:51 PM
Hi,
We currently have Nexus 1000v and some ESX hosts deployed on our internal private network.
We currently have a single ESX host deployed in our DMZ. Is it possible to manage the ESX Host in the DMZ with the Nexus implementation in our internal private network?
I can’t seem to find any good documentation on how this can be accomplished. Can someone guide me in the right direction, or refer any good documentation on the subject?
Thanks
04-17-2014 07:15 AM
Hi,
I don't think you can achieve this config.
The ESXi host can have a Host Mgmt VMkernel in the DMZ which would allow for Host to vCenter communication. This is how you would be accessing the host.
The ESXi host can have a Nexus 1000v L3 Control VMkernel in the Internal Private Network. This would allow the host to talk to VSM that resides on the internal network.
However, VSM requires a connection to vCenter to push port-profiles and other information. That information is then pushed from the vCenter to the host.
Because the VSM is in the private network, it can't talk to the vCenter in the DMZ network. Hence, it won't work without routing between DMZ network and Private network in place.
Additionally, a host can only be managed by one vCenter. So you can't spin up a new vCenter in the private network and have it connected to both.
I drew up a quick diagram, maybe it helps.
HTH,
Joe
04-22-2014 11:05 AM
Joe,
Thanks for your reply. To elaborate on the the setup I want to accomplish....Presently I have vCenter and VSM in my private network. I have a single ESX host in my DMZ. I want to manage this single ESX host from my VSM/vCenter which are in my private network. And I'm currently using L2 for my VSM to VEM communication.
So do you think I could manage my ESX host from my DMZ, with my current vCenter/VSM setup in my private network without to much risk?
04-29-2014 05:56 AM
Hi,
If the host IP is on the DMZ network but the vCenter IP is on the private network, the two won't be able to communicate, given that the private network and DMZ network can't talk to each other.
HTH,
Joe
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide