Home > Blogs > VMware vSphere Blog > Monthly Archives: July 2008

Monthly Archives: July 2008

DMZ Virtualization

In his Virtualization Blog this week, David Marshall from Infoworld mentioned a couple of recently published documents should make your reading lists. I have already talked about one of these in a previous post"VI3 in a Cisco Network Environment."

The other document David mentions is, "DMZ Virtualization with VMware Infrastructure." This paper discusses the pros and cons and best practices associated with three different approaches to virtualized DMZs, right down to a fully collapsed model. It’s only six pages of text with liberal use of diagrams. I highly recommend giving it a read.   

Using VLANs with ESX

Most folks are aware that extending 802.1Q VLAN trunks into the ESX host is a best practice recommendation. It enables logical separation and scale of the various traffic types (management, IP storage, VM applications, etc) without being constrained by the number of physical NIC ports. We call this Virtual Switch Trunking (VST). As the name implies, we are extending the VLAN trunk into the virtual switch from the adjacent physical switch. In this mode, the vswitch is the VLAN termination point, so the virtual links to the guest VM vnics, vmkernel, and service console are access ports. The Port Group definitions denote VLAN membership for these ports. The .1Q VLAN tag is stripped on ingress and applied on egress.   

Note that while VST is the usual and best practice recommendation, it is just one of three modes available of using VLANs with ESX. Virtual Guest Trunking (VGT) and Externel Switch Tagging (EST) are the others. With VGT, the VLAN trunk is extended all the way to the guest VM. The VM then has access to all the trunked VLANs through the vnic. VGT is configured by selecting VLAN 4095 in the Port Group definition for the VM(s). With EST mode, the physical nics (vmnics) are connected to "access" ports on the physical switch with no VLAN tagged traffic reaching the ESX host and no VLANs configured through the port groups on the vswitch.      

Observations from Cisco Networkers Live in Orlando

Apart from my Outlook email files being completely cactus for the week, Cisco Networkers in Orlando was an outstanding success. We saw an enormous amount of traffic through the VMware booth with many stopping to ask questions of our engineering staff and look at remote demonstrations of VDI, ThinApp, HA and VMotion. VMotion never fails to raise some oohs, aahs, and wows as it migrates live VMs between physical machines without dropping sessions!

A few miscellaneous observations:
– The network folks are showing way more interest and expertise wrt virtualization compared with the last Networkers event I attended just five months ago.
– Only one person asked me, "What does VMware do?"
– Many attendees were interested in the joint Cisco/VMware paper just published (and mentioned in the previous post). In fact, I could have answered most questions by just pointing folks at that paper. Cisco has also now published the paper on their website and announced via a blog post.
– Network management, monitoring and troubleshooting companies seemed to account for most of the booths

A few unrelated observations:
Guitar Hero 3 seemed the most popular gimmick in drawing a crowd. It was featured in a number of booths and also at the Kiwanis Club convention operating in another part of the convention center (go figure)
Segways seem to be standard issue for security guards in Orlando