Securing Network Interfaces with VMware Server 2.0/Windows 2

[AvayaRedDude]

I am using a VMware Server 2.0 on top of Windows Server 2003 (not using ESXi) and I have 3 LAN ports on my server. I like to set up the ports because its set up insecurely (from what I know about VM networking.) I have a 100mb that I want to use for management, 2 gigabits (that I don't teamed) 1 for a intranet, and 1 intended to be used for WAN (I have a virtual NT '03 server running as a NAT firewall) and I like to know how I can set up this logical network to ensure the virtual side will be as secure as possible (since nothing is fully "secure"!)

TIA

Steven

 

[Provogeek]

If you're serious about wanting a secure virtual environment, then don't use VMWare Server. The product is no longer supported. You should be using the free ESXi Hypervisor.

If you really need to use VMWare Server 2.0, then look at this KB article.

http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=1042

GSX = VMWare Server. There was a name change shortly before ESXi was made free and they killed the product all together. If you run into any of the VMWare Server bugs and you are looking for a fix, then VMWare Workstation would be the answer. Pretty much has all the features Server had, including a web based VM console. But Server, Workstation .. those are for labs and development, not production. You want to do this in production, be smart about it and get the free ESXi hypervisor.

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
Brent Schmidt Senior Network Engineer
Keep IT Simple[/color red]

http://www.kiscc.com

Novell Platinum Partner Microsoft Gold Partner
VMWare Enterprise Partner Citrix Gold Partner

 

[AvayaRedDude]

Sir,

You didn't answer my question. You deflected me to an ilrelevent resource and then to insult my intelligence of my decisions to not go to ESXi or a later VMwW.

 

[Provogeek]

My apologies for insulting you with my reply trying to help you.

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
Brent Schmidt Senior Network Engineer
Keep IT Simple[/color red]

http://www.kiscc.com

Novell Platinum Partner Microsoft Gold Partner
VMWare Enterprise Partner Citrix Gold Partner

 

[cabraun]

Well good luck getting anyone to reply to your query now. I know I certainly wont.

 

[AvayaRedDude]

Update: due to our ignorance of the quality of VMwS, we decided to look at implementing VMware Workstation 10 as a transition (back) to ESXI. For our purposes ESXI was incompatible with a lot of hardware and it can't run on desktops if we took the timely flip and covert process. I axed the NAT firewall as that was a mistake on our part. Our budget is tight because we are a non profit organization, and yes we take security seriously.

 

[Provogeek]

For ESXi compatibility, you just need to worry about the NIC and the Storage Controller mostly. If what you have in your hardware is on the compatibility list, then you don't need to worry too much if the unit as a whole is not. Even if the unit is a desktop, just give it a whirl. ESXi would be the best choice, and if drivers load, you'll be good to go. You would most likely have success if your machine is capable of booting from a USB stick. Most system I see beyond Pentium D have the ability to boot from USB. You can even install ESXi into USB so you can try it out before blowing away the local disk. I would even suggest installing and just running ESXi from USB full time. Lets you use all of the disk space for your guest machines.

I would only expect problems if you needed to call VMWare for support. It's about $800 last I looked to get support for the free ESXi Hypervisor, and support is limited (they kinda want folks to buy the full product). Once it is known that your hardware is not supported (if a support call gets to that), then you would only get best effort support (meaning they will try, but will ultimately give up if no solution can be found).

In going the Workstation route, it also has a cost that goes with it, though not very high. Do note, they only offer install and usage support. They do not offer production support for the Workstation product. A way to save some money; Build your guest machine in Workstation while it is in eval mode (you get 60days I think). Then you can just us Player to run the machine for free. Still no support from VMware, but you can also purchase Player Plus for $99 and get support. With all the bells as whistles they have been putting into Workstation, you also have the ability to build a guest in Player now as well.

So I would suggest trying ESXi if you can since it would give you the best performance for your guest machine at the lowest cost. Player would give you the low cost but will sacrifice performance to give you compatibility.

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
Brent Schmidt Senior Network Engineer
Keep IT Simple[/color red]

http://www.kiscc.com

Novell Platinum Partner Microsoft Gold Partner
VMWare Enterprise Partner Citrix Gold Partner

 

[AvayaRedDude]

^

thanks for responding. The reason why I was on a Windows/VMware platform is because the hardware (such as generic PCI drivers) wouldn't be able to work on ESXi. There is a lot of advantages (as you have explained) but simple things like a lack of USB support for UPS, and specific VMs to use a certain on board PCI card that makes it deal breaking. I was able to run 5.1 on an HP server, despite the 3x max support from HP.

Anyways I'm going to see if we can swap out the servers so it can take ESXi full force. This setup has been used since 2010, and didn't realize the security issues.

Thanks for answering.