Thursday, July 16, 2009

Using VMWare ESXi to create two networks, one on the edge and one on the LAN

At my last postion I needed to create a test network that was totally isolated from the production LAN, yet I still wanted to be able to manage it from the LAN, but the Test Network could not in any way send any traffic over to the production LAN. My solution was to use VMWare ESXi with three NICs. Two nics connected to the internal LAN switch, and one nic connected to a totally different LAN with it's own router and internet connection.

Internally, I configured the Guest OSes to only communicate within the virtual environment. I set up the domain controller up with two virtual nics. One nic on the virtual LAN communicating with the other Guest OSes and one virtual nic connected to the isolated LAN with it's own router. This gave the test lan access to the internet as the domain controller provided routing services.

This setup gave the following capabilities:
1. A totally isolated test network. No traffic can pass over to the Production LAN.
2. I had access to the whole thing because I could manage it with the VI Client.
3. The test network was for all purposes a fully working LAN with access to the Internet.

The only down side, or better said extra cost was that I needed a second Internet connection; but a cheap DSL worked just fine for this purpose. This was an extemely cost effective test LAN. What a change from the bad old days where Virtualization was not possible. So essentially with the cost of a medium cost high end pc with plenty of Storage (all SATA drives), and a cheap DSL connection, voila, job done.

No comments: