design of network of vSphere - thoughts?

Similar Questions

• Install the components of the network on vSphere host via API NSX virtualization

  I want to install the components of the network on vSphere host via API NSX virtualization, can anyone help me?

  Hello

  What SDK NSX are you referring?

  I can confirm, that the next REST call will work to prepare the cluster hosts.

  POSTER https://nsx-mgr-ip/api/2.0/nwfabric/configure

  field-c11

  You will receive the in the http response.

  The job status can be asked here:

  https://NSX-Mgr-IP/api/2.0/services/taskservice/job/

  field - c11-> MoRef of the cluster you want to prepare. I guess you know how to get the MoRef in a Cluster.

  Don't forget basic authentication and the Content-Type: application / xml header

  I hope this helps

  Fab

• Design of new environment VSphere, VMotion, Storage, NIC issues

  I have a new environment I design. The plan is to have two host 5.1 running VSphere. Each host will have multiple servers requiring HA. I intend to have an additional Buffalo storage server. Here are my questions.

  So that HA using Vmotion, will it store the data store of the virtual machine on the storage server? Or the data store would be on the host where the virtual machine, and then if this host fails it copies on?

  NIC how would I need per server for HA? I count at least 3. One for the network traffic, management and SAN. All I'm missing?

  OK, so if I put my two hosts in a HA cluster and I have my VM installed on a separate storage server and one of my crashes VSPhere hosts will be able to restart my virtual computer on the other host?

  Yes, assuming that both hosts have access to the storage and HA is configured correctly.

  And VMotion is just for a scheduled maintenance?

  Not only for maintenance, but also for example load management/distribution.

  André

• Design of authentication to vSphere

  If the authentication for the company is currently managed by an authentication mechanism for the organization other than active directory, is it possible for the company's existing authentication mechanism to manage authentication to vSphere allow?

  If Yes, what is the best way to handle this?

  for example, does:

  -Use active directory for authentication and configure active directory for outsource the authentication requests to the existing enterprise authentication mechanism

  -Use another option

  What are the options to make this happen?

  Your contribution is appreciated.

  Thank you!

  Hello

  Moved to the security forum.

  There are several places "authentication and authorization" to worry...

  (1) A & A vCenter

  (2) ESX/ESXi A & A

  (3) A & A vMA

  (4) vSphere SDK has & one that is really vCenter or ESX/ESXi A & A

  (5) webAccess has one that is really vCenter or ESX/ESXi & A

  For vCenter that authentication is based entirely on some mechanism supports Windows Server running vCenter. So if your current windows mechanism supports that you can use for authentication.

  For authentication of ESX, you are limited to what is supported by the Linux RHEL5 with WHAT is already installed in the service console. Including NIS, LDAP, Kerberos, same AD (which needs a bit of improvement) and other such things. If you install the agents service console to manage authentication then you may need to uninstall when you ask VMware support... Not the best way to go IMHO, but is certainly possible, as long as you crush all "existing" packages to make your job of authentication... Install in a different root.

  For authentication of ESXi, you are limited to the standard * NIX authentication and authentication AD similarly.

  For the vMA of authentication, you are limited to just that Linux uses normally but once again does not replace all existing packages and I suggest you only install in a different root, as it that everything is 'supported '.

  I found that most 3rd party security tools and other things for VMware only integrate with AD, if you're fairly limited if you have 3rd party tools.

  You need to look at the entire image during the design of authentication and not only vCenter or ESX.

  Best regards
  Edward L. Haletky VMware communities user moderator, VMware vExpert 2009, 2010

  Now available: url = http://www.astroarch.com/wiki/index.php/VMware_Virtual_Infrastructure_Security'VMware vSphere (TM) and Virtual Infrastructure Security' [/ URL]

  Also available url = http://www.astroarch.com/wiki/index.php/VMWare_ESX_Server_in_the_Enterprise"VMWare ESX Server in the enterprise" [url]

  Blogs: url = http://www.virtualizationpractice.comvirtualization practice [/ URL] | URL = http://www.astroarch.com/blog Blue Gears [url] | URL = http://itknowledgeexchange.techtarget.com/virtualization-pro/ TechTarget [url] | URL = http://www.networkworld.com/community/haletky Global network [url]

  Podcast: url = http://www.astroarch.com/wiki/index.php/Virtualization_Security_Round_Table_Podcastvirtualization security Table round Podcast [url] | Twitter: url = http://www.twitter.com/TexiwillTexiwll [/ URL]

• Design of network for a shared Business Center

  Hello

  I was asked to design a new shared business center network, but I need help.

  The scope is:

  -a building, access Internet 1

  -15 private offices

  -each Board can have up to 4 LAN connections

  -each office can have its own local network VIRTUAL (with Internet access)-max of VLAN 15 online

  -some offices can be merged (1 VLAN for many offices)

  -VLAN only have access to the Internet, but must be strictly isolated from others

  -DHCP must be available for each VIRTUAL local area network

  -WiFi must be available everywhere, but each user can connect only to its own LAN VIRTUAL (ID and PW) provided

  -management of connectivity and VLAN must be as simple as possible (GUI)

  What do I need put implement this configuration?

  Thanks in advance for your help.

  Hello

  A high level, you might want to switch support VLAN to connect and separate all individual offices. You could master this (3750/3560) switch to a Cisco ASA firewall, which, in turn, you may have interfaces on the trunk, a link on the side of the ASA. 1 for each VLAN configured. ACL security could be applied to each Sub Interface as well as a DHCP server for each VLAN can be configured on the SAA also. I would be not actually laid the present and let tenants handle their own LAN 'each office can have its own VIRTUAL LAN. " This would add unnecessary complexity.

  Wireless, can be as sophisticated as the installation of a wireless LAN Controller and several APs for centralized management of the APs. You can assign identifiers VLAN to different BSSIDs. Or you can use 1-2 Points of access and manage them individually. Cisco Aironet 2600 has GUI and allow VLAN tags by SSID. A site for the wireless range would be necessary.

  Haven install some of these types of networks, the above is all very high-level and depend on specific reuqirements, but should be a good starting point for you.

  Concerning

  Stephen

  ==========================
  http://www.rConfig.com

  A free, open-source network device configuration management tool customizable for your needs!

• Design of network for VMware/iSCSI SAN

  I am currently reshaping our business network to take account of the variation between stand-alone servers and an Equallogic/VMware environment. We will use iSCSI to connect to the virtual machine to the San.

  My question is this. How a proper network design should seek this kind of deployment? I've specified my current hardware less than what I have to work with. Given that I can't pay by port / vlan database MTU value on the 3750/2960 should I dedicate a switch for iSCSI?

  Equipment available:

  Core switch/router:

  WS-C37560G-24TS-1U

  Stacked switches:

  WS-C2960S-48TS-L access switch

  WS-C2960S-48TS-L access switch

  WS-C2960S-48LPS-L voice changer

  WS-C2960S-24TS-L Server switch (dedicated iSCSI Possible)

  Unused stacked switches:

  Dell Powerconnect 6224 x 2 reference

  Servers:

  Reference Dell R710 Quad NIC

  Reference Dell R610 Quad NIC

  Storage:

  EqualLogic PS4100 with two 2 x 1 GbE controllers = 4 GbE for iSCSI

  Best regards

  Markus

  given that the same logic has two controllers that you will have to use a pair of switches to cross connect for redundancy. You are going to need some maps as well. 1 sc, 1 for vmotion, 2 for iscsi (cross connected) and probably 2 for the production traffic.

  Sent by Cisco Support technique iPad App

• Need help to understand the network of vSphere environment

  Hello

  I need your help in understanding the network environment in vSphere. Please see the diagram and the text below:

  

  NIC #1 - Management Port (access from client vsphere, vCenter server)

  NIC #2 - Port of VMkernal (for iSCSI, vMotion, etc.)

  NIC #3 -?

  #4 – CARTE NETWORK INTERFACE?

  Q1 how allow external users to access services over the ESX host? (for example, IIS, FTP, Exchange, NFS)

  Q2, what will be the role of the other two network cards? Is it connected to the physical switch?

  * Ask you all to please help me by sharing your knowledge / experience on the network portion, you have made in your environment as NIC how, what to do with that. *

  I really need to understand the networking of concepts in vSphere, hope that your help!

  
  

  Best regards: Yash

  With an additional NIC with 2 port a general configuration might look like this:

  vSwitch0 - vmnic0, vmnic1 (connected to different physical switches)

  Network VMkernel management

  VMotion VMkernel network (own IP network, own VLAN)

  Better if they is configured as active / standby.

  vSwitch1 - vmnic2, vmnic3 (connected to different physical switches)

  Trade VM

  vSwitch2 - vmnic4, vmnic5 (connected to different physical switches)

  VMkernel iSCSI (own IP network, own VLAN)

  Ideal if it is added to the component Multipath iSCSI, which is quite easy to vSphere 5.

• New here - problem with the network on vSphere, ESXi

  Not sure if this is the right place to post this, please direct me properly if it is not.

  I use an eval of vSphere ESXi on a HP workstation. I built 2 Windows 2 k 8 VM 32 bits on the first data store. They can ping and DNS seems to be resolved, but they cannot access Internet/WWW.

  I accepted the default when installing ESXi and vSphere, so the configuration of the network is all that is by default (using the switch vNetwork, I think?)

  The 2 servers are on a different area of our production area. For this case, we'll call it consigment and Lab.com. "PDC" server is the domain controller, 'Exch8' is the exchange server in the lab. Exch8 has its pointed DNS, PDC and PDC has its DNS indicated on our DNS server in the environment of consigment. They are all on the same subnet 172.1.1.x

  I can ping PDC and Exch8 of my workstation (which is in consigment) by IP, but not name (pdc or pdc.lab.com, or work).

  Can someone at - it facilitate troubleshooting?

  Thank you

  OK finally try this out... It must be something to deal with the configuraiton of windows rather than dealing with VMware.I belive

  1. on the server you can navigate on the internet - see the proxy setting.

  See how proxy setting - open internet explore - switch to the option internet tool - connection tab click lan setting and get the configuraiton of proxy and put it in the PDC. Lab.com server and see if it works...

  2. also if you have installed antivirus tools on the server that you are not able to browse internet but able to ping... Uninstall AV and try...

• Design of Network\VLAN question

  I have a network completely flat and Im not a networking guy, but I have two ESX host, I need to build with a Lefthand SAN

  and I want to create a VLAN for vmotion traffic segmentation. Anyone know where I could find instructions to create the VLAN?

  I have 6 NETWORK adapters per ESX host and plan on using iSCSI software. I have also dedicated physical switches for my iSCSI traffic.

  How you prefer to use the 6-port network card?

  Awared points to answers.

  Hello

  You can assign a VLAN on each port group. VSphere Client, click on ESX / I have server you want to configure > click on the Configuration tab > then click on link networking in the hardware Section. Then click on the properties link in one of the vSwitch > select one port group, and then click on edit. Finally, you can assign a VLAN in the VLAN ID properties.

  The best way to use the NIC ports available, I think that there depends on your preferred configuration. For example, what kind of features you need to activate, the requirement for a network for each virtual computer speed, etc. But, basically, I have the same perception with the previous suggestion. You can allocate one or two ports for specific traffic.

• Networking in Vsphere

  Hello

  I need some basic tips and would be gratful for any help.

  I want to install a test on the same host network and have three different subnets on the host that can communicate with each other and do not know how to proceed.

  would appreciate any help

  ESXi does not routing features. So what you need is a router to allow 3 subnets to communicate with each other. A possible configuration could be three vSwitches (one for each subnet) and a virtual router (see http://www.vmware.com/appliances/) connected to all of these three vSwitches.

  André

• reconfiguration of network management vSphere

  Hi all

  I have 5 guests VMware ESXi 4.1 + vCenter.

  Now I intend to expand the DC, but current subnet for management and vmotion is too small.

  All current servers use cSwitch0 for all (vmotion, management, etc.)

  I have instaled the new EXS, in different subnet host and want to add to the HA cluster.

  vSwitch0 - management

  vSwitch1 - only vmotion

  I got the error:

  Host vth-01 has additional networks not used by other hosts for HA communication: 192.168.21.194. Consider using HA advanced option
  das.allowNetwork to control the use of network

  Host vth-01 does not have the networks used by other hosts for HA communication: 192.168.17.244. Consider using HA advanced option das.
  allowNetwork to control the use of network

  If in HA advanced options I put "das. AllowVmotionNetworks True"and "das. Console Service AllowNetworks0"

  I always get the error:

  The host vth-01 (new host ESXi) currently has no network available for ha comunication. Networks are currently used by HA: Managmetn Console

  What should I have to do, to put this host to the HA cluster?

  Thank you.

  VT - 02 (former ESXi host) the host currently has no available networks forHA comunication. Networks are currently used by HA: Managment Console

  Hmm

  so you have ESXi, I think that rather than use the Service Console (which is located in ESX) you should try with the network management setting (simply you have not named network configuration Service Console port group)

  das.allowNetwork Management Network

  PS advance option called das.allowNetwork nos das.allowNetwork

  See you soon
  Artur
  

  Please, do not forget the points of call of the "useful" or "correct" answers

  Post edited by: arturka
  P.S. added

• Best practices for the redundancy of the network in vSphere 4

  I'm running a cluster of production with 3 3850 m2 running at this time around 70 machines virtual, with more to come in the future.

  I have 6 CARDS each to use for networking.

  I'm not sure which is the best award of the NICs process.

  The redundancy for the VMKernel can I?

  Team for the Service Console NIC?

  I currently have the following:

  vswif0 Console of Service vmnic0

  vswif1 network of the VM vmnic3, 4, 5

  vswif2 VMotion vmnic1, 2 (different subnet)

  I have need of 3 NICs for the virtual machine or should I team the Service Console?

  It would be better to put a second Service Console on the Virtual Network machine's power switch, or do I have to put it on the switch of VMotion?

  My prefereence is for VMotion switch, but I'm ready to hear the recommendations of those wiser than me!

  I have 8 currently

  2 > SC (1 active, 1 standby on separate physical switches)

  3 > VMotion, FT, customer iSCSI PG (Etherchannel) MTU = 9000

  3 > VM PG VLAN (Etherchannel)

  previous to this, I had 4 I did:

  2 > SC, (2 active) VMotion, VST (vSwitch VLan Tagging)

  2 > VM (2 active) VLAN, VST (vSwitch VLan Tagging)

  Saw some problems with STP so separated back SC.

  6 as you do it sounds like a very good Setup.

  (2) SC, VMotion (active on each, Eve for each)

  (4) networking VM

  Don't forget that just them having active only effects not inbound traffic coming out unless you have all these ports in an Etherchannel configuration.  There is an example in the kB for this.  But depends on the amount of traffic all VM networks have if they network traffic a lot you could get by with less ports there.

  The SC definatally you want some kind of uplink port intelligence network as with ESX SC with HA ports check insulation network through these ports, so if this one is down which could lead to problems of isolation.  It's not like you'll do any FT? so it's something else to think about with the installation program.

• How to design the network monitoring in crio-9012

  
  
  

• Network with vSphere 5.5 and Windows 2012 problems

  Hello

  A few weeks ago, I have updated a server to a client of 4.0 to version 5.5. There was a mistake in any way, but that's another topic...

  Did the update because we run a machine Win2012 on this subject.
  Soon, I recognized that I have trouble, access to the machine, freshly installed by RDP. Some times it works, but mostly it doesn't. It simply expires. All the other virtual machines on the host (Win2008) seem to work very well (haven't heard anything else among users).

  From another VM on the same host, I started to ping the machine of W2012:

  Ping as 172.30.50.135 ausgeführt wird mit 32 bytes of data:

  Antwort von 172.30.50.135: bytes = 32 time < 1 ms TTL = 128

  Zeituberschreitung der Anforderung.

  Antwort von 172.30.50.135: bytes = 32 time = 1ms TTL = 254

  Antwort von 172.30.50.135: bytes = 32 time = 1ms TTL = 254

  Antwort von 172.30.50.135: bytes = 32 time = 1ms TTL = 254

  Huh? A ping with TTL 128, it has expired, then all the wider with TTL 254, cannot access the machine...

  After about three minutes the TTL to 128 jumps and I am able to access the machine again.

  If I disconnect and wait a few minutes, the same thing happens again... Very strange...

  Have not tried to use an adapter E1000 instead of vmxnet3 yet, but here to warn that if possible.

  Any ideas I could try?

  Thank you
  URS

  Oh... Shame on me... What a rookie mistake... Ha ha ha...

  Well... There was a point of access that are configured with the same IP address * facepalm *. I probably did it on the first installation and always used the same wrong IP address on and on. (Don't tell my colleagues!)

• Validate the design of the network 2 x 10 GbE - NAS only 4 x 1 GB (jumbo frame)

  Dear Sir

  I have a few questions about the design of our new vSphere environment network.

  Detail:

  -Enterprise license

  -vSphere 5 servers (HP DL360p) with each:

  128 GB memory

  2 x Intel E5-2665 (8 cores)

  2 x 10 GbE (HP FlexFabric 554FLR-SFP +)

  -Environment NAS is connected via a LACP of 4 x 1 GB (no dedicated storage network)

  -Network environment is built on Juniper EX4200 is (virtual stack)

  Should / can use frames? :-)

  (a) servers, VMware will have 10 GbE and the storage network is only 4 x 1 GB?

  (b) this will give no problem for end-user connections that connect to the server VM

  running on the infrastructure as the file servers...

  Everything will not use frames but the will of the end user of PC, or is this not a problem?

  Is the picture below to go to the best?

  GRZ,

  Geert

  Honestly, there are a lot of discussions on when to activate the frames.  In my opinion I do not activate initially jumbo frames and watch the traffic.  If the backen was totally 10 GbE or FC, I would definietly enable Jumbo.  If necessary, then I would allow him.  Frames Jumbo will not affect the user who connects to the virtual computer, remember that they need to connect to the ESXi and not the current storage unit.