Distinct VLANs for Management & Replication


Userlevel 4
Badge +21
As sugested elsewhere on the forum, I transfom my question as a suggestion:

I would very much like an option (as advanced configuration if not in the UI & Cluster init mode), to split the following traffic into separate VLANs:
- Nutanix Cluster administration
- Nutanix Cluster replication / AutoPath

And the very best would be to even have replication & AutoPath on different VLANs.

The rationale here is to comply with customer internal security policies (regarding DMZ virtualization in my case).
We are allowed to use VLANs and are not forced to use differents physical ports, but the security team (worldwide bank) is concerned about Nutanix administration (management) et replication (data) being on the same VLAN.

It would be nice to be able to keep data & management VLAN distinct.

Sylvain.

3 replies

Userlevel 4
Badge +20
I think thats a great suggestion. Today the only way I can think of to overcome this is use a product like vShield Edge and do some NATing. The usecase you mention probably has something like this in play.


Userlevel 4
Badge +21
As a matter of fact, we tried to use NSX, or at the very least vShield, but the security has to be handled by an external, physical, firewall in this particular case.

It's one of the reasons we need the ability to split traffic types so finely between VLANs.

Sylvain.
Userlevel 1
Badge +9
Good suggestion Sylvain. We will investigate this possibility

-Product Management Team

Reply