Heh, I think I literally had a penny just drop on me. It's all down to the switches you use in ESXi, right?
For the Management, Storage and vMotion networks you connect them to the ESXi hosts as VMkernel ports and for the VM network you connect it as a port group. This way the hosts don't get IP's but provide the network to the VM's. Right?
How about using a NAT network for VM's, therefore there'll be no cross over between them and the AD server? They will be on a different subnet as well and I can even set up port forwarding in Workstation if needed.
I'm gonna give it a try.
In a production world you'd want your management network firewalled off, and your vMotion should be isolated as traffic sent across it isn't encrypted so a subnet and port group that only the vMotion NICs can access. As it's a home lab, NAT should suffice.
VMkernel ports are still a type of port group though (in fact all virtual network ports belong to port groups) - if your hosts didn't have IP addresses you'd not be able to manage them (either directly by host or through vCenter). Everything is IP based unless you have FC (which I'm guessing you don't for your lab, but may well have in a production environment.)
There are currently 1 users browsing this thread. (0 members and 1 guests)
Posting Permissions
LinkBack URL
About LinkBacks
Reply With Quote