Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

VMWare Data Centre Design Question

Hi,

I have a question regarding VMWare in the data centre.

We currently have a two-site data centre configured as ne logical DC.

Within that DC, we run multiple VRF's to allow different companies to utilise the network infrastructure.

The VRF's are separated by firewalls (both FWSM and Checkpoint).

I am being pressed by our server guys who want to host a guest server from different companies (different VRF's) on the same VM Host server.

This approach bridges firewall DMZ interfaces and I do not want to do this.

However, VMWare claim that there virtual switch product provides an "air gap" between servers so there is no security risk.

Has anyone got an opinion on this?

Cheers

2 REPLIES
New Member

Re: VMWare Data Centre Design Question

That is correct, your physical ports are mapped as uplink ports to different virtual switches. There can be multiple virtual switches as needed and each virtual switch uses separate uplink ports. Since there is no IP forwarding that goes on in the host operating system, I wouldn't think twice about doing it.

Scott

www.xpresslearn.com

Silver

Re: VMWare Data Centre Design Question

No problem. This is a very common deployment. As you know VLANs are associated to VRF's and hosting multiple VMs each on different VLANs within a single ESX Server is no problem at all.

Read the section about Virtual Switch Tagging (VST) in this document as that will be the configuration that will support this kind of deployment:

http://www.cisco.com/application/pdf/en/us/guest/netsol/ns304/c649/ccmigration_09186a00807a15d0.pdf

Hope this helps. Please rate this post if helpful.

Thanks,

Brad

138
Views
0
Helpful
2
Replies
CreatePlease to create content