Hi All,
How do i setup secure and reliable DMZ zone to run few web servers, i got 2 x ESXi 5 Ent with 1 x Vcentre
AS
Hi Cosy,
with the configuration you have we can adapt any of the following DMZ configurations which are supported in vSphere infrastructure. This is based on the standard switches.
Partially Collapsed DMZ with Separate Physical Trust Zones
Fully Collapsed DMZ
Ref : http://www.vmware.com/files/pdf/dmz_virtualization_vmware_infra_wp.pdf
we can have advance DMZ features with the help of vDS like Nexus 1000v.
Please refer http://www.vmware.com/files/pdf/dmz-vsphere-nexus-wp.pdf
Hi All,
As you can see in my diagram below, this is my plan; Create a completely isolated vSwitch with dedicated NICs for my DMZ portgroup, which is separated from the vSwitchs that contains my Service Console, VMKernel and other Virtual Machine portgroup.
But could this cross talk to the other portgroups on other vSwitches in this system?
How wuold shared storage be utilized between trusted/internal VMs on switch 0-3 and DMZ VMs on switch 4?
Do i need a firewall?
Can this Vmotion and DRS ?
AS
But could this cross talk to the other portgroups on other vSwitches in this system?
If it is restricted from the physical network layer with a firewall, then its not possible to communicated with other portgroups on other vswitches.
based on the rules in the physical firewall, required port may be open to required vms for DMZ server to other server in other portgroups.
or based on the network configuration in switch like layer2 can communicated only internally with in vlan etc.. discuss with your network expert,, its more in network side than in virtual side for network isolation.
Do i need a firewall?
Depending on the physical network architecture and segregation made for DMZ, hardware or software firewall will be required, discuss with your network expert or you can go for vcloud network and security to use vshield edge as internal vmware firewall.
Can this Vmotion and DRS ?
yes its possible, required ports for motion has to be open that is 8000 between source and destination esxi hosts, refer link
How would shared storage be utilized between trusted/internal VMs on switch 0-3 and DMZ VMs on switch 4?
Storage utilization is common to all vms regardless to vms in any vswitch\port group.
Thanks,
To setup DRS and Vmotion need extra vswitch?
AS
Not required, as already vmotion network is configured.