How can I isolate traffic between vSphere hosts, for a test environment, while maintaining the same IP address configuration as the current guest OS's?
I have two ESXi 5.0 hosts on my LAN. Each hosts several guest OS's — Windows/Linux. Our shop is using Samba AD on Fedora. Two domain controllers and a FileServer. Windows boxes run SQL. We have Cisco switches 2960, 3560 version 12.4.
DC1 — 192.168.200.20
DC2 — 192.168.200.21
FS1 — 192.168.200.22
We want to upgrade our Samba domain controller to the latest version, to take advantage of GPO goodness. Current plan is to clone the existing linux servers, and bring them up on the isolated network.
Two servers, DC1 & FS1, run on ESX1. DC2 and the new, from scratch DC will run on ESX2. The plan is to join the domain with the new DC, then upgrade to PDC, and spin down DC1. We want to test this beforehand. My boss would like to keep everything identical, including IP addresses.
How can I isolate the test network across the ESXi hosts? Both vSphere hosts have an isolated network. If I connect the physical NICs on the isolated network to the Cisco 3560, on a separate VLAN, will this be enough? The 3560 currently performs InterVLAN routing. Would PVLAN do this?
EDIT: The two vSphere hosts will each have two test guests.
ESX1 — 192.168.200.11
ESX2 — 192.168.200.12
Best Answer
Here's one way to do it:
Create an isolated vSwitch on the new host. If you don't bind this vSwitch to a physical adapter then the VM's connected to this vSwitch will be able to communicate with each other but not with the physical network or with other hosts and VM's.
Clone or copy your existing VM's.
Move the VM clones/copies to the new host.
Connect each VM to the isolated vSwitch.
Test.
Once you've confirmed that your upgrades, etc. are successful with the cloned VM's you can proceed to implement it in production.