Hi All,
What we have is a VLAN in our network which consists of the gateway and a selection of VM's connected to it. What I would like to do is to stop the VM's from being able to communicate with each other short of putting each one its own dedicated VLAN?
Does anyone else have any better ideas?
Thanks,
I.
What we have is a VLAN in our network which consists of the gateway and a selection of VM's connected to it. What I would like to do is to stop the VM's from being able to communicate with each other short of putting each one its own dedicated VLAN?
Must you use standard vSwitch or do you have license for Distributed Switch? If having a dSwitch you could use the Private VLAN feature and do what you wish, i.e. having one larger VLAN and yet not allow the VMs to communicate. They would be on a "isolated private vlan" I belive.
A bit of a strange request. - You could look at vShield as an option.
If you don't then not sure how else you can do it without using vLANs or multiple vswitches and NIC's
A bit of a strange request. - You could look at vShield as an option.
If you don't then not sure how else you can do it without using vLANs or multiple vswitches and NIC's
Using VLANs is the only way to stop VMs from communication with each other on vSwitch.
vShield is a firewall that protects from external traffic, but doesn't do anything with VM-to-VM communication.
---
MCSA, MCTS Hyper-V, VCP 3/4, VMware vExpert
What we have is a VLAN in our network which consists of the gateway and a selection of VM's connected to it. What I would like to do is to stop the VM's from being able to communicate with each other short of putting each one its own dedicated VLAN?
Must you use standard vSwitch or do you have license for Distributed Switch? If having a dSwitch you could use the Private VLAN feature and do what you wish, i.e. having one larger VLAN and yet not allow the VMs to communicate. They would be on a "isolated private vlan" I belive.
You could use host based firewalling? If they are windows boxes it's pretty simple to stop them communicationg with each other on whichever ports/services you are worried about?
Dan
Hi Ricnob,
That sounds like what I'm going to need but we're only running enterprise.
I'll have to see what the options are to upgrading to enterprise plus and to getting a isolated vlan going.
Thanks to everyone for their suggestions!
Here is a quite good picture that describes the Private VLAN feature on the Distributed Switch:
All VMs in the pictures are on the same general VLAN and ip range, but could be put into different "zones", where for example the isolated ones can not communicate with each other, that is, all frames are blocked by the virtual switch at Layer 2.