+ Post New Thread
Page 1 of 3 123 LastLast
Results 1 to 15 of 38
Thin Client and Virtual Machines Thread, VLANs in Virtualisation in Technical; Evening all, We are now in possession of our two servers ready for virtualising our older pieces of hardware. My ...
  1. #1

    garethedmondson's Avatar
    Join Date
    Oct 2008
    Location
    Gowerton, Swansea
    Posts
    2,309
    Thank Post
    973
    Thanked 326 Times in 194 Posts
    Blog Entries
    11
    Rep Power
    170

    VLANs in Virtualisation

    Evening all,

    We are now in possession of our two servers ready for virtualising our older pieces of hardware. My funding was cut in half during the project and the funds I had for a SAN are now gone. Gutted - but there is nothing I can do at the moment.

    I am moving forward with virtualising some of the smaller servers and they will be stored on the servers (which have large hard drives mirrored).

    I've read somewhere that you should keep your host servers in a seperate VLAN with a different IP range yet can keep your virtualised servers on them with the 'main' ip range. Can anyone advise me why this is so?

    Currently, all servers are on 10.180.8.xxx/255.255.248.0 - I want to keep this for them when they are virtualised. Can I put my two host servers on something different that doesn't confilict wich anything the LEA has in place (for example 192.168.0.xxx) - why would I do this? Have I read it right?

    Many thanks

    Gareth

  2. #2

    Join Date
    Mar 2012
    Location
    Shrewsbury
    Posts
    23
    Thank Post
    0
    Thanked 4 Times in 4 Posts
    Rep Power
    6
    How many NICS are there in each server and what hypervisor are you going with?

  3. Thanks to geezersoft from:

    garethedmondson (30th March 2013)

  4. #3

    Join Date
    Sep 2008
    Posts
    192
    Thank Post
    6
    Thanked 72 Times in 29 Posts
    Blog Entries
    3
    Rep Power
    27
    Quote Originally Posted by garethedmondson View Post
    Evening all,

    We are now in possession of our two servers ready for virtualising our older pieces of hardware. My funding was cut in half during the project and the funds I had for a SAN are now gone. Gutted - but there is nothing I can do at the moment.

    I am moving forward with virtualising some of the smaller servers and they will be stored on the servers (which have large hard drives mirrored).

    I've read somewhere that you should keep your host servers in a seperate VLAN with a different IP range yet can keep your virtualised servers on them with the 'main' ip range. Can anyone advise me why this is so?

    Currently, all servers are on 10.180.8.xxx/255.255.248.0 - I want to keep this for them when they are virtualised. Can I put my two host servers on something different that doesn't confilict wich anything the LEA has in place (for example 192.168.0.xxx) - why would I do this? Have I read it right?

    Many thanks

    Gareth
    It's for security reason. So Tommy User can't go scanning around your curriculum ip range and chance upon your VI and also so V motion and management traffic stay separate from the normal network traffic. I know one or two implementations that use the same range and have never had any problems. These are schools were talking about, not high security implementations. Up to you, if you're anal about security then use a different ip range (you don't actually need a separate vlan for that to be fair). If is fear about the amount of traffic then with two hosts in this environment as long as you have Gb connectivity, you won't have a problem
    Last edited by TheScarfedOne; 30th March 2013 at 11:26 AM.

  5. Thanks to Dave_O from:

    garethedmondson (30th March 2013)

  6. #4

    Join Date
    Mar 2013
    Location
    west sussex
    Posts
    519
    Thank Post
    74
    Thanked 26 Times in 26 Posts
    Rep Power
    15
    The only reason not to VLAN it is if you can't. ie. the hardware doesn't support it.

  7. #5

    Join Date
    Sep 2008
    Posts
    192
    Thank Post
    6
    Thanked 72 Times in 29 Posts
    Blog Entries
    3
    Rep Power
    27
    Quote Originally Posted by ConradJones View Post
    The only reason not to VLAN it is if you can't. ie. the hardware doesn't support it.
    Blimey! It would have to be really old kit not to support vlans. I remember back in the 80s we had non-layer 2 device. Not seen one since the though.

  8. #6

    Join Date
    Mar 2013
    Location
    west sussex
    Posts
    519
    Thank Post
    74
    Thanked 26 Times in 26 Posts
    Rep Power
    15
    Quote Originally Posted by Dave_O View Post
    It would have to be really old kit not to support vlans.
    or cheap

  9. #7

    Join Date
    Sep 2008
    Posts
    192
    Thank Post
    6
    Thanked 72 Times in 29 Posts
    Blog Entries
    3
    Rep Power
    27
    Quote Originally Posted by ConradJones View Post
    or cheap
    I'm not sure anyone actually sells non-layer 2 switches when you can pick an 8 port L2 for less than £50 and if you're talking cheaper than that, then you're in the wrong job.

  10. #8

    Join Date
    Mar 2013
    Location
    west sussex
    Posts
    519
    Thank Post
    74
    Thanked 26 Times in 26 Posts
    Rep Power
    15
    I'm not in the wrong job mate. Plenty of people who are though. I wouldn't entertain buying something that cheap, plenty of people who would though as they can't see past the next 5 minutes.
    Last edited by ConradJones; 30th March 2013 at 11:49 AM.

  11. #9

    localzuk's Avatar
    Join Date
    Dec 2006
    Location
    Minehead
    Posts
    18,529
    Thank Post
    527
    Thanked 2,648 Times in 2,049 Posts
    Blog Entries
    24
    Rep Power
    925
    To the OP - as mentioned, its a security issue. Putting them in their own VLAN, which is segregated from the rest of the network isolates them from prying eyes. However, in most school setups, I'd say its a bit overkill - the infrastructure doesn't face that sort of threat in a school, or at least it shouldn't, due to all the other security precautions in place (locked down clients etc...).

    However, there is another issue with giving it different IPs etc... And that is one of availability. In an ideal world, you would have a separate management interface to your client interface (the one the guest machines use). This way, if the client interface is 100% utilised for whatever reason, you can still connect and manage the machines. Whether this is on a separate VLAN or not is up to you.

    In a further ideal world, you'd have 3 interfaces per box, with your SAN in place too. 1 would be the management interface, 1 the client, and 1 for iSCSI (which according to best practice, should be on a separate switch entirely). That way, everything is split up, nothing can overload each other etc... However, you'd then want to go to 6 such interfaces, (on at least 2 different controllers, 3 on each), to allow for failure...

    The numbers could increase and increase though, as you might also want 2 switches to add redundancy etc...

  12. #10

    glennda's Avatar
    Join Date
    Jun 2009
    Location
    Sussex
    Posts
    7,821
    Thank Post
    272
    Thanked 1,140 Times in 1,036 Posts
    Rep Power
    351
    Basicly what @localzuk said - although to be honest I recommend a lot more than 1 interface for client traffic. I tend to have 2 x ISCSI, 2 x management 2 x VMotion and 4 x client traffic split across the main board and a PCI cards.

  13. #11

    localzuk's Avatar
    Join Date
    Dec 2006
    Location
    Minehead
    Posts
    18,529
    Thank Post
    527
    Thanked 2,648 Times in 2,049 Posts
    Blog Entries
    24
    Rep Power
    925
    Quote Originally Posted by glennda View Post
    Basicly what @localzuk said - although to be honest I recommend a lot more than 1 interface for client traffic. I tend to have 2 x ISCSI, 2 x management and VMotion and 4 x client traffic split across the main board and a PCI card.
    It all depends on cost and what sort of interface though. We have a single interface for traffic on our servers, but it is 10Gbps so works great.

  14. #12

    glennda's Avatar
    Join Date
    Jun 2009
    Location
    Sussex
    Posts
    7,821
    Thank Post
    272
    Thanked 1,140 Times in 1,036 Posts
    Rep Power
    351
    Quote Originally Posted by localzuk View Post
    It all depends on cost and what sort of interface though. We have a single interface for traffic on our servers, but it is 10Gbps so works great.
    Yup but even then you ideally need 2 for redundancy

  15. #13

    Join Date
    Mar 2013
    Location
    west sussex
    Posts
    519
    Thank Post
    74
    Thanked 26 Times in 26 Posts
    Rep Power
    15
    Quote Originally Posted by localzuk View Post
    It all depends on cost and what sort of interface though. We have a single interface for traffic on our servers, but it is 10Gbps so works great.
    dual 10gbe here. management / vmotion is still on the 1gb for no other reason than we haven't moved it yet. will get removed this easter.

  16. #14

    localzuk's Avatar
    Join Date
    Dec 2006
    Location
    Minehead
    Posts
    18,529
    Thank Post
    527
    Thanked 2,648 Times in 2,049 Posts
    Blog Entries
    24
    Rep Power
    925
    Quote Originally Posted by glennda View Post
    Yup but even then you ideally need 2 for redundancy
    Indeed, but ideally you'd also need 2 switches for them to plug into as well... So basically, you're just drawing a line at a different point with your cost-benefit analysis.

  17. #15

    glennda's Avatar
    Join Date
    Jun 2009
    Location
    Sussex
    Posts
    7,821
    Thank Post
    272
    Thanked 1,140 Times in 1,036 Posts
    Rep Power
    351
    Quote Originally Posted by localzuk View Post
    Indeed, but ideally you'd also need 2 switches for them to plug into as well... So basically, you're just drawing a line at a different point with your cost-benefit analysis.
    oh yes completly i'm going with an ideal scenario and also dual links between those switches.



SHARE:
+ Post New Thread
Page 1 of 3 123 LastLast

Similar Threads

  1. pls help in configuring vlan in procurve
    By kumar in forum Wired Networks
    Replies: 5
    Last Post: 11th June 2012, 01:39 PM
  2. Replies: 9
    Last Post: 24th February 2010, 11:54 PM
  3. virtualisation in 2008
    By KK20 in forum Windows Server 2008
    Replies: 13
    Last Post: 4th February 2010, 11:36 AM
  4. Replies: 11
    Last Post: 27th January 2009, 08:24 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •