Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1029
Views
10
Helpful
3
Replies

vMotion and Migrating VM Policies

visitor68
Level 5
Level 5

‎01-14-2011 04:11 PM - edited ‎03-01-2019 09:47 AM

The Cisco 1000v vDS virtual  switch, which acts as a plugin to the VMware vDS, allows stateless  computing by simplfying policy migration during a vMotion event. In the  1000v, a port profile that includes security and QoS policies is created. The port  profile is automatically translated into a port-group in vCenter.  Therefore, when a VM is moved to another ESX host, the policy follows  it.

What policy configurations can one configure for a VM if the VMware VDS is used instead of the Cisco 1000v?

Does the VMware vDS switch allow policy migration when doing a vMotion?

Thanks

0 Helpful
3 Replies 3

Manish Tandon
Cisco Employee
Cisco Employee

‎01-14-2011 10:30 PM

If you look at the feature comparison VMware DVS vs the Nexus 1000v at

http://www.vmware.com/products/vnetwork-distributed-switch/features.html

you will see that the Nexus 1000v is a lot more feature rich (esp when it comes to security policies like ACL's, ports security etc). These features move as a VM moves between hosts as you correctly mentioned.

For DVS too, the features they support move as the VM VMotions. For example with the DVS if a VM belongs to a PVLAN (a security feature supported by the DVS) the VM is part of the same PVLAN on the new ESX host.

Thanks

--Manish

visitor68
Level 5
Level 5
In response to Manish Tandon

‎01-15-2011 04:50 AM

Manish, so we meet again. :-)

I like the comparison chart. Besides the added security, QoS and monitoring features, I think the biggest asset of the 1000v is the ability for a networking person to telnet to it and configure it, like any other Cisco switch. Is that correct - that the network admin could telnet to the 1000v? If not, how is it accessed, especially initiially when the ESX is first brought up?

The 1000v allows the network group visibility into what VLANs are configured, what policies are attached to them, etc, which is something they should know since they are the ones managing the network and its policies. Otherwise, the WMware vDS would be controlled through a GUI by the server admin. You cant telnet to the vDS switch, can you?

Thanks again

0 Helpful

abbharga
Level 4
Level 4
In response to visitor68

‎01-15-2011 08:50 AM

Hi ex-engineer,

Yes that is correct you can telnet to the Nexus1000v switch the same way you do to any of the other cisco switches. You can even enable SSH access if you so desire too.

You can also check out the following deployment guide for some more details:

http://www.cisco.com/en/US/prod/collateral/switches/ps9441/ps9902/guide_c07-556626.html

The way it works is you have a central control unit (VSM) and one each ESX host a module (VEM) is installed which connects to the VSM for the configuration. This VSM can run as a VM on either of the ESX servers or as a VSB on the Nexus1010 physical device. Once you bring up the VSM and assign it a management IP you can telent/SSH to it remotely.

The Vmware vDS can be manged by the GUI only.

Hope that helps!

./Abhinav

Customers Also Viewed These Support Documents

Review Cisco Networking for a $25 gift card

Review Cisco Networking for a $25 gift card