Lab 22

(Optional) Designing a Network

Configuration :

22
Objective: Design a network configuration for an ESXi
host, based on a set of requirements
In this lab, you will perform the following tasks:

1. Analyze the Requirements

2. Design Virtual Switches and Physical Connections

Based on a scenario, you design the network configuration for a VMware ESXi™ host, specifying
the following requirements:
• Virtual switches
• Ports and port groups
• Port group policies
• Physical connections
A set of network requirements is provided. The requirements are not complete and they leave a good
deal of detail to the imagination. Use your assumptions to complete those details (stating your
assumptions when appropriate).
This lab can be done separately by each member in the ESXi team.

Task 1: Analyze the Requirements

In this task, you analyze the requirements for a network configuration for an ESXI host.

Lab 22 (Optional) Designing a Network Configuration 123

You are the administrator in charge of configuring an ESXi host in your company’s production
environment. This ESXi host is one of several hosts that must be configured identically in your
production environment.
Plan for configuring the ESXi host so that it can be one node in a VMware vSphere® Distributed
Resource Scheduler™ or VMware vSphere® High Availability cluster.
Do not configure the cluster at this time, but have all the necessary networking details in place so
that the cluster can be configured later.
1. Use the following networking requirements to inform your analysis of the configuration.

2. Add details to the requirements in the table.

Component Networking Requirements

Virtual machines and Web-based applications that are implemented by using four virtual
applications machines arranged as follows:
• VM1 and VM2: Web servers, and network address translation (NAT)
clients of VM3
• VM3: front end for the Web servers. Acts as a NAT router for the back-
end virtual machines
• VM4: a test box, used to test intrusion detection systems and virus-
protection software, among other applications.
An intrusion detection system (IDS) is a device or application that
monitors a network for malicious activities or policy violations and
produces reports to a management system.

IP-based storage A NAS, used to hold running virtual machines for the test virtual machines
only (storage for the production virtual machines is provided by a SAN)

Physical NICs Four physical network adapters: one 1 GigE and three 10 GigE

External networks Two physical switches and four external LANs, each named to indicate its
purpose. A single physical switch is configured to handle traffic for three
networks, which are implemented as VLANs. One physical switch is
dedicated to the management LAN, which, by company policy, must be
physically separate from all other networks. The management LAN is used
by VMware® vCenter Server™ for monitoring vSphere HA heartbeat,
among other uses.

124 Lab 22 (Optional) Designing a Network Configuration

Task 2: Design Virtual Switches and Physical Connections
In this task, you use the information in task 1 and the diagram to draw a network configuration.
No single answer is correct. In fact, many reasonable solutions are possible. The point of this lab is
not to find the single correct answer. Rather, this lab encourages a discussion of the advantages and
disadvantages of different solutions.
• Using the information in task 1 and the following diagram, draw a network configuration.
• Show all virtual switches, their ports, and their port groups.
• Indicate the policies to be applied to each [switch, port, and port group?] (NIC teaming,
VLANs, security, traffic shaping).
• Show the connections from the virtual machines to the virtual switches.
• Show the connections from the physical NICs to the physical switches.

22

Lab 22 (Optional) Designing a Network Configuration 125

126 Lab 22 (Optional) Designing a Network Configuration