Вы находитесь на странице: 1из 6

Creating a Hybrid Cloud with vCHS

David Davis
VirtualizationSoftware.com
@DavidMDavis
Understanding Requirements

To create two infrastructures working together, you need


networking and infrastructure services that work together
Interconnected resources
Most common design is:
Network planning
Site to site VPN connection
Your vSphere infrastructure
vSphere and vCenter
DNS / AD / DHCP
Internet with VPN connectivity
vCloud Hybrid Service
DNS / AD / DHCP as part of your AD in a new site
Edge gateway configured with VPN
Applications that need interconnected resources
Considering site-to-site VPN options for vCHS

Hardware
Any IPSec VPN-capable firewall/router/VPN hardware device
Pros: dedicated, offloaded
Cons: cost, configuration complexity
Examples: Cisco, Fortinet, Sonicwall, and others

Software
Any IPSec VPN-capable virtual firewall/router/VPN software solution
Pros: ease of configuration, low cost
Cons: dependent on virtual infrastructure, shared resources
Examples: vCloud Networking and Security (vCNS, formerly vShield), pfSense, and others
Network Diagram

Your vSphere vCHS VDC


Infrastructure
Router / VPN

Internet

Net 10.0.1.0/24
GW 10.0.1.1
Public IP 2.2.2.2
VM net config IPSec Tunnel Passes Net 10.0.0.0/24
IP 10.0.1.20 /24 IPSec Tunnel Passes Allow 10.0.1.0/24 to GW 10.0.0.1
DG 10.0.1.1 Allow 10.0.0.0/24 to 10.0.0.0/24 Public IP 1.1.1.1
DNS 10.0.1.254 10.0.1.0/24
VM net config
IP 10.0.0.20 /24
DG 10.0.0.1
DNS 10.0.0.254
Creating a site-to-site VPN between vSphere and vCHS

The VPN solution you chose shouldnt change the end result

That is a secure hybrid cloud between vSphere and vCHS Interconnected resources
with interconnected resources

What youll need:


Your network plan and diagram
Matching IPSec VPN configurations on each site
Firewall rules that allow traffic between sites
Routes on servers that will communicate
Local firewalls on each server that allow communication

Be prepared to troubleshoot!
Summary

Understanding requirements

Considering site-to-site VPN options for vCHS

Creating a site-to-site VPN between vSphere and vCHS