While building my lab environment, I ran into a situation where I wanted to have a completely sealed off networking segment that had no outside access.
This is a trivial task on it`s own, just create a vSwitch with no physical NICs attached to it, and then connect the VMs to it. The VMs will then have interconnectivity, but no outside network access at all.
In this particular case, I was setting up a couple of nested ESXi servers that I wanted to connect to the «outside» vCenter Appliance (VCSA). This VCSA instance was not connected to the internal-only vSwitch, but rather to the existing vSwitch that as local network access.
Naturally, the solution would be to add a secondary NIC to the VCSA, and connect that to the internal-only vSwitch.
It turns out that adding a secondary NIC to a VCSA instance, isn`t as straight-forward as you might think. Sure, adding a new NIC is no problem through either the vSphere Client, or the vSphere Web Client, but getting the NIC configured inside of VCSA is another matter.
If you add a secondary NIC, it will turn up in the VCSA management web page, but you will not be able to save the configuration since the required configuration files for eth1 is missing.
In order to rectify this, I performed the following steps:
Connect to the VCSA via SSH (default username and password is root/vmware)
Copy /etc/sysconfig/networking/devices/ifcfg-eth0 to /etc/sysconfig/networking/devices/ifcfg-eth1
Edit _ifcfg-eth1 _and replace the networking information with your values, here is how mine looks:
DEVICE=eth1 BOOTPROTO='static' STARTMODE='auto' TYPE=Ethernet USERCONTROL='no' IPADDR='172.16.1.52' NETMASK='255.255.255.0' BROADCAST='172.16.1.255'
Create a symlink for this file in /etc/sysconfig/network[cc lang=«bash» width=«100%» theme=«blackboard» nowrap=«0»] ln -s /etc/sysconfig/networking/devices/ifcfg-eth1 /etc/sysconfig/network/ifcfg-eth1[/cc]
Restart the networking service to activate the new setup:[cc lang=«bash» width=«100%» theme=«blackboard» nowrap=«0»] service network restart[/cc]Check the VCSA web management interface to verify that the new settings are active
By adding a secondary NIC, configuring it and connecting it to the isolated vSwitch I was now able to add my sequestered nested ESXi hosts to my existing VCSA installation.
There may be several reasons for a setup like this, perhaps you want your VCSA to be available on a management VLAN but reach ESXi hosts on another VLAN without having routing in place between the segmented networks, or you just want to play around with it like I am in this lab environment.
Is this supported by VMware? Probably not, but I simply don`t know. Caveat emptor, and all that jazz.
Update February 2016:
This post is written with VCSA5.x in mind, and is not tested on VCSA 6.x. William Lam has posted Caveats when multi-homing the vCenter Server Appliance 6.x w/multiple vNICs with information on what caveats exist if you are looking to do this with the newer v6.x infrastructure.