Simplify VMware vSphere* 4 Networking with Intel Ethernet 10 Gigabit Server Adapters

ManualsBrandsIntel ManualsOtherIntel 10 Gigabit CX4 Dual Port Server Adapter

The Foundation of Virtualization

WHITEPAPER

practice of immediately moving VMs to a new host in case of failure (and

lost redundancy) should be used. This conﬁguration can provide greater

bandwidthtotheVMsandtheVMKerneltractypesorphysicalsepara-

tion of trac types if required.

CusTomer ConCerns: seCuriTy, TraffiC

seGmenTaTion, and BandwidTh

Concerns reported by customers regarding consolidation of connec-

tions onto 10GbE include security and trac segregation with dedicated

bandwidth for critical networking functions.

When GbE server connections are consolidated, a way to isolate connec-

tions in the absence of dedicated physical connections is still necessary.

This requirement reﬂects the need for security between dierent types

and classes of trac, as well as the ability to ensure adequate bandwidth

for speciﬁc applications within the shared connection.

SECURITY CONSIDERATIONS: ISOLATING

DATA AMONG TRAFFIC STREAMS

In our 10GbE model, VLANS provide some of the basic security features

required in the installation. Security of VLANs has been debated, tested,

and written about extensively. A review of the documentation suggests

strongly that when properly implemented, VLANs provide a viable option

for network isolation. For further inquiry on this subject, see the VLAN

Security White Paper

from Cisco Systems or vSphere Hardening Guide:

ESX and Virtual Networking

from VMware. In particular, note the follow-

ing safeguards that help to protect data:

• Logical partitioning protects individual trac ﬂows. VMware

vSphere can control the eects from any individual VM on the trac

ﬂows of other VMs that share the same physical connection.

This approach provides redundancy, increases bandwidth because both

ports are being utilized, and can provide additional security through

physical isolation in a non-failed mode. While the use of two 10GbE

ports helps to reduce solution cost, some organizations may prefer

the use of four 10GbE ports to provide additional bandwidth, additional

redundancy, or simply to interface with existing network infrastructure.

BEST PRACTICE 5: PROACTIVELY VMOTION

VMS AWAY FROM NETWORK HARDWARE FAILURES

Install 10GbE ports in pairs so they can be conﬁgured in a redundant

manner to enhance reliability. If two 10GbE ports are used, then run VM

trac primarily on port 1 and all other trac on port 2. This design uses

the bandwidth of both 10GbE ports and can be conﬁgured in a redun-

dant manner for network failover.

Note that, in the event of a failover, all trac would be travelling over

the same wire. Because the duration of that status should be as short as

possible, the host and management software should be reconﬁgured

to migrate all VMs o the host with VMotion as quickly as possible, to

maintain redundancy and help ensure reliability.

Using live migration in conjunction with network monitoring software

helps to ensure uninterrupted operation of the VM(s) while minimizing

the amount of time that they operate on a physical host where redun-

dancy has been compromised.

To enhance redundancy further, a second option is to move to a four

10GbE port conﬁguration that provides the two primary ports a dedi-

cated backup or redundant port on separate adapters. The same

Using live migration in conjunction with network monitoring software

helps to ensure uninterrupted operation of the VM(s) while minimizing

the amount of time that they operate on a physical host where

redundancy has been compromised.