While building my lab environment, I ran into a situation where I wanted to have a completely sealed off networking segment that had no outside access.
This is a trivial task on it`s own, just create a vSwitch with no physical NICs attached to it, and then connect the VMs to it. The VMs will then have interconnectivity, but no outside network access at all.
In this particular case, I was setting up a couple of nested ESXi servers that I wanted to connect to the “outside” vCenter Appliance (VCSA). This VCSA instance was not connected to the internal-only vSwitch, but rather to the existing vSwitch that as local network access.
Naturally, the solution would be to add a secondary NIC to the VCSA, and connect that to the internal-only vSwitch.
It turns out that adding a secondary NIC to a VCSA instance, isn`t as straight-forward as you might think. Sure, adding a new NIC is no problem through either the vSphere Client, or the vSphere Web Client, but getting the NIC configured inside of VCSA is another matter.
If you add a secondary NIC, it will turn up in the VCSA management web page, but you will not be able to save the configuration since the required configuration files for eth1 is missing.
In order to rectify this, I performed the following steps:
- Connect to the VCSA via SSH (default username and password is root/vmware)
- Copy /etc/sysconfig/networking/devices/ifcfg-eth0 to /etc/sysconfig/networking/devices/ifcfg-eth1
- Edit ifcfg-eth1 and replace the networking information with your values, here is how mine looks:
- Create a symlink for this file in /etc/sysconfig/network
ln -s /etc/sysconfig/networking/devices/ifcfg-eth1 /etc/sysconfig/network/ifcfg-eth1
- Restart the networking service to activate the new setup:
service network restart
Check the VCSA web management interface to verify that the new settings are active
By adding a secondary NIC, configuring it and connecting it to the isolated vSwitch I was now able to add my sequestered nested ESXi hosts to my existing VCSA installation.
There may be several reasons for a setup like this, perhaps you want your VCSA to be available on a management VLAN but reach ESXi hosts on another VLAN without having routing in place between the segmented networks, or you just want to play around with it like I am in this lab environment.
Is this supported by VMware? Probably not, but I simply don`t know. Caveat emptor, and all that jazz.
Latest posts by Christian Mohn (see all)
- Importing SSL Certificates to Raspberry Pi Thin Client - December 5, 2013
- Nordic VMUG Conference – My Thoughts - December 5, 2013
- Sometimes You Simply Get What You Pay For - December 1, 2013
- VMware VCAP-DCD Boot Camp - November 27, 2013
- Can Microsoft really be Fair and Balanced? - October 30, 2013