I have a host server in datacenter connected directly to Internet. I also can use up to 2 public IP addresses (3 or more is hard to obtain but possible). I have no firewall in front of this host, and I'd like to protect Management traffic from outside world if possible. The purpose of this server is to run test deployment of VMWare Horizon.
How I try to deploy ESXi on the host server and vSphere as a VM inside this host server. My plan was to assign first public IP to ESXi, then create virtual network inside the ESXi, and put some software router with DHCP server to that network, so all VMs will be in that network (will obtain private IPs via DHCP), and that router will supply internet to private network and I can do some dNAT on that router to reach specific VM ports from outside.
Ok, as I set up ESXi 7.0 with 1st public IP, I set up vSphere appliance as VM attached to private network. I added that ESXi to the vSphere.
But the problem is, I can not even do the upgrade on ESXi via vSphere update manager - since ESXi try to reach update manager and its IP is private one. vSphere also used to disconnect ESXi host (appears problem to be the same nature). I suspect this scheme won't be robust so I'd like to redo the project and implement this setup a bit differently.
Here is what I can do:
- Assign second of my public IP to vSphere so both ESXi and vSphere can "see" each other. I'll need to get 3rd IP to assign it to router, too.
- Can change ESXi IP to private one (taken from private subnet discussed above), so the only public IP will be the one assigned to router. Risky but may work (or not).
Please advise how to do that better way!
0 Answers