VMware vSphere

My company is currently leasing dedicated servers running ESXi from a number of hosting providers. These servers each have a number of VMs running on them. There is a VPN connection between our office location and a VM running on each of the different ESXi servers. This connection provides sort of an "in-band" connection to the VMs running on the server. All the server having private IP addressing and are not directly reachable from the Internet (only reachable from the corporate LAN via the VPN). The physical servers (not the VMs) have a management interface with a public IP address so that the vSphere client can connect to the server over the Internet to manage the server. My question is, if I want to manage the physical server (connect via vSphere client, patch the system, collect logs, etc.) over the VPN connection from the corporate LAN in addition to via the Public IP address over the Internet is this possible? If so, what would I need to do to configure it? Do I need vCenter? Can I still use the ESXi free version?

Thanks for the help.

Sure, you should be able to connect to the ESXi host (doesn't matter if it's free or not) via the private IP address using your VPN. What's important if that there is connectivity between vSphere client and the hosts. Also, there is a number of ports that need to be open:

http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=1012382#ESX%204.x

I imagine your hosts have a public and a private IP.

No need for vCenter if you don't mind managing your hosts separately, and if you don't need features like vMotion, HA, etc.

If this post has been helpful/solved your issue, please mark the thread and award points as you see fit. Thanks!

The problem I am running into is that it seems like for ESXi there is only able to be one management network (with address, mask, and gateway). Right now for the servers this is the public IP address and gateway given to me by the hosting provider. I have tried to set-up a 2nd vmkernal management interface on the private network, but this just broke the public management connection. Ideally, I'd like to be able to access the server using the vSphere client over the public interface and over the private network just have a way to provide real-time management of the server via syslog, snmp and to just generally monitor the hardware status.

hi vmnub, i have a setup working with two mgmt networks, just created another vswitch with a vmkernel interface for management traffic, im able to access from my 192.168.3.x subnet and my 172.16.250.x subnet:

can you give us more details? you have to able too access from two subnets without any problem.

regards.

If you find this information useful, please award points for "correct" / "helpful".

My blog virtualización en tu idioma

As far as I've been able to tell, when you go to the local console of the ESXi server you only have the option of defining a single management network. After creating this first management interface during the install process, I accessed the server via the vSphere client and created a second vmkernel interface with an IP address on a different network, but the value I entered for the default gateway for this interface overwrote the value that had been defined on the console, thus causing me to lose access to the server over the first vmkernel interface.

One difference I have with the configuration you have in your diagram is that my second vmkernel interface is on an internal vswitch with no physical NIC directly tied to it. The idea is that I have an external vswitch with a physical NIC associated with it that has the first vmkernel port and also has a Vyatta VM acting as the firewall/VPN. This Vyatta VM then has an internal interface on the internal private network that also has the 2nd vmkernel interface. I was hoping to connect from my office PC over the VPN through the Vyatta VM to the internal vmkernel interface on the private internal network rather than accessing the external vmkernel via the Internet directly. I hope that is clear.

ok vmnub i understand now, thats happening because you can have just one default gateway for esx(i), the only thing you can try is to add static routes for your second mgmt network:

EXAMPLE:

Add a route to 192.168.2.0 network through 192.168.0.1

esxcfg-route -a 192.168.2.0 255.255.255.0 192.168.0.1

regards.

If you find this information useful, please award points for "correct" / "helpful".

My blog virtualización en tu idioma

Thanks for the assistance amalanco8. I was able to add the static route for the second management interface and I'm now able to hit both interfaces as desired.

I'm trying to do something similar - I've got local access to the management interface via 192.168.1.0/24 and a VPN termination to a second vSwitch at 10.162.232.0/24.

What static route do I need to add to allow access to the management interface? It is configured to use 192.168.1.240 (vmk0) and 10.162.232.240 (vmk1).

VMkernel Routes:
Network          Netmask          Gateway          Interface     
10.162.232.0     255.255.255.0    Local Subnet     vmk1          
192.168.1.0      255.255.255.0    Local Subnet     vmk0          
default          0.0.0.0          192.168.1.1      vmk0

Thanks!