VMware vSphere

Hi all,

Debating this in the office and interested to gague other professionals take on this:

Is it better to have vCenter and the ESXi hosts all on the same management VLAN or would it be more secure to have vCenter on a VLAN of it's own with a firewall allowing specific ports betweeen the VLANs.

Say the hosts would be on a 10.52.0.x network VLAN 500 and the vCenter server (VM) on 10.52.240.x on VLAN 600

Then users of vCenter woudl connect to vCenter via the client which runs off a terminal/RDS server in the same VLAN as vCenter

Any thoughts?

Our vCenter Server runs on the same VLAN as all our other production Servers.  I think what's important is you keep your vMotion and Managment Network (ESXi) on private VLANs

We do this as you say. But this was specifically how/where we sit vCenter only.

I guess it comes down to should it be on the same lan as hosts or shoudl there be a firewall in the way?

Our vCenter server is on our server VLAN as well.  And as stated by Troy, important thing is to keep your management and vMotion networks separated.

I think the common theme that you will find is that vCenter and vSphere host are on the same VLAN and then management, vmotion, and then storage networks are isolated on their own VLANS too.

Is it better to have vCenter and the ESXi hosts all on the same  management VLAN or would it be more secure to have vCenter on a VLAN of  it's own with a firewall allowing specific ports betweeen the VLANs.

Dear addinuff ,

Welcome to vmware forum,

as per me if you will maintain VLAN on its own with firwall and specific port insted of default port is better .

Yours, Abbie