Monday, July 27, 2009

Using VMWare ESXi to create a sort of DMZ

Back on July 16 I wrote about how I used ESXi to create a totally safe and isolated test network. I used this principle when I wanted to create my web server.

I wanted it to be:
1. Virtual
2. Isolated from the rest of the network
3. Having only one static ip, I needed to Nat ports, some to my production, some to the web server which would be isolated in it's own LAN.
4. Behind my firewall
5. Accessible from the production LAN to administer.

The solution was to create my Web server in ESXi and again on a dual homed Box. Each Nic on it's own virtual switch on different LANs.

Between the firewall and my router lies another private lan. One Nic, the one for web server was on that LAN. On the other side of my router was the second LAN where the other NIC of ESXi was attached to through the other virtual switch.

In this scenario, I can have isolation, and also I can point different ports going from the one IP to different locations. Worked pretty good.

