iSCSI Data Services IP Address - Can use different IP subnet than the CVM's subnet?

Hi Ravi, 

Yes that is mandatory. But if the virtual machine is in the same cluster as where the volume group comes from then you can directly attach the volume group and you don't have to configure the iSCSI in the virtual machine. 

Steps to do so:

1. Create a volume group with the required disks and sizes. 
2. Save the volume group
3. Update the volume group and attach VM(s) to it.

Hello ​@JeroenTielen,

Thank you for your quick response. 

The use case for the Nutanix Volume Group is for Veritas InfoSclae cluster requirement - which needs a shared storage presented to both cluster VMs. 

I forgot to mention - This is not Nutanix AHV setup but this is Nutanix ESXi setup, is this option still valid?

If it is valid, the volume group traffic with contain within the cluster and wont be going outside cluster I believe (customer’s firewall). 

I dont have a Nutanix ESX environment up and running at the moment (they are getting more and more being replaced by AHV). But I suspect it is possible. But it is an easy test. Create the volume group and attach the vm to it. 

​@Ravi Kumar 

You should read “Securing Traffic Through Network Segmentation” and especially “Service-Specific Traffic Isolation” chapter
https://portal.nutanix.com/page/documents/details?targetId=Nutanix-Security-Guide-v7_0:wc-network-segmentation-intro-wc-c.html
 

You can split MGMT and ISCSI traffic (ESX or AHV) :
 

Thank you ​@JeroenTielen  & ​@marcrousseau !

We are planning to go with two options as of now.

Option 1: Use direct attachments of VM to Volume Group

Option 2: We can have secondary NICs assigned to the VMs in the same range of iSCSI IP, so the communication doesn’t have to go through the firewall.

Yet to implement the action, will keep this thread updated with the results.