Use NSX to build a private subnet

more and more users are beginning to understand and start using desktop virtualization, desktop Virtualization (VDI) A very important application scenario for virtualization is the development and testing environment. In the development and testing environment, users need to use hundreds of virtual desktops, users often do not have the desktop desktop of the virtual switch directly connected to the corporate network, or the company's network of IP Resources will soon be exhausted.

Vdi Desktop pool, this private subnet has its own ip segment, for example 192.168.1.* ( 24 Nsx Vlan ", you can find a lot of material in this area, if you have any questions, please fill in your own brain.

However, in a virtual environment, is there any other way to create a proprietary subnet without the need for a three-layer switch configuration? of course,NSX is the answer. vmwarensx Virtual Network is a fully functional network encapsulated in a software container, and its provisioning is independent of the underlying network hardware. With NSX Edges modules in NSX , users do not need to contact the enterprise's network administrator to configure VLANs on the company's switches ,Configure Routing and other complex operations, only through the NSX Management interface to do some simple configuration to create a proprietary subnet that belongs to you. Let's take a look at the specific implementation steps.

Installation Configuration NSX

See this document http://dailyhypervisor.com/vmware-nsx-for-vsphere-6-1-step-by-step-installation/ complete NSX Software Installation,VCenter connection Configuration, installation of Nsxcontroller Node, complete the hostpreparation step. Once these steps have been completed,NSX is basically ready to build its own private network.

Create a virtual machine switch

The user logs on to the VCenter management interface, such as https://, to create a standard switch (vspherestandard switch) or a distributed switch (vspheredistributed switch), in this example, we have created a standard switch vSwitch1. Note that we did not assign any physical NIC to this standard switch.

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M00/71/49/wKioL1XK256RGO2xAAEMUeFR2Fk763.jpg "title=" 6.png " alt= "Wkiol1xk256rgo2xaaemuefr2fk763.jpg"/>

Create NSX Edges–edge Servicesgateway

Edge Service s Gateway is similar to a router in the network World, which connects two subnets of different IP segments. Switch to the NSX management interface in the VCenter Management interface (networking& Security)

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M00/71/4D/wKiom1XK2czS417xAAIx5ZJGm9o082.jpg "title=" 1.png " alt= "Wkiom1xk2czs417xaaix5zjgm9o082.jpg"/>

See this document http://dailyhypervisor.com/vmware-nsx-6-1-for-vsphere-deploying-an-edge-gateway/, about detailed steps for edgeservices Gateway configuration.

in the During the installation of NSX Service s Gateway , you need to configure the network ports that connect the internal subnets and corporate networks. After the installation is complete, you can see the following network port information.

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M02/71/49/wKioL1XK292gucMtAAEKLNNvXNI106.jpg "title=" 2.png " alt= "Wkiol1xk292gucmtaaeklnnvxni106.jpg"/>

Configuration NSX Edges–firewall, Dhcp,nat

• After the NSX Services Gateway is configured, the default firewall rule is to disable all network traffic, and we need to manually add a rule that allows network traffic or temporarily shuts down the firewall to open the subnet communication.

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M02/71/4D/wKiom1XK2fHjDyKQAAHwbn4gW8c138.jpg "title=" 3.png " alt= "Wkiom1xk2fhjdykqaahwbn4gw8c138.jpg"/>

2) Configure the DHCP service on the management interface of the NSX service s Gateway . Once configured, the internal subnet can obtain an IP address from the Gateway .

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M00/71/49/wKioL1XK3AXzWFGLAAJZ8kRyCGU077.jpg "title=" 4.png " alt= "Wkiol1xk3axzwfglaajz8krycgu077.jpg"/>

3) Add a SNAT rule, after configuring NAT , the internal subnet can communicate with the computer of the company network.

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M02/71/49/wKioL1XK3Bnwgmi4AAC-S10JNnA144.jpg "title=" 5.png " alt= "Wkiol1xk3bnwgmi4aac-s10jnna144.jpg"/>

At this point, you have a belong to their own internal subnet, in their own three acres of land to toss it, your site you decide.

about theSam Zhao,EUCSolution Department Manager. In software development, testing, project management -yearsITexperience, published three patents and a co-author of the book.

This article is from the "VMware End User Computing" blog, reproduced please contact the author!

Use NSX to build a private subnet