- NAKIVO Backup & Replication v10: vSphere, Linux support, P2V, Wasabi - Thu, Aug 6 2020
- Azure Arc: Manage multi-cloud, on-premises, and edge environments - Tue, Aug 4 2020
- Automate Windows without network connectivity with Ansible - Tue, Jul 28 2020
VMware vSphere 7 offers many great updates and features that will provide organizations with even more powerful options in their data centers. VMware has baked in Kubernetes support with this release. So, businesses have Kubernetes natively inside vSphere.
There are other subtle changes and improvements with vSphere 7 that will help to provide your environment with the flexibility it needs. One notable addition is that vCenter Server 7 supports adding multiple network cards to your VCSA appliance.
This adds a tremendous amount of flexibility when it comes to carving out network traffic to/from vCenter Server for management and other use cases. Let's look at adding multiple network cards to vCenter Server 7 and see how this is accomplished.
VMware vCenter Server 7 multiple network card support ^
You may be wondering why you would want to add multiple network cards to your vCenter Server. There are many use cases this new capability can support based on an organization's network configuration and needs. It can certainly include the following:
- Network segmentation
With most compliance regulations, various types of traffic must be secured from other types of traffic. When an environment "touches" another "in-scope" environment, the system touching the environment can also be considered to be in-scope.
Since vCenter Server is the management plane to multiple workloads that may be in-scope, organizations may need to add a network connection to vCenter to support accessing the network through a jump host or another secure means. Adding a network card to your VCSA 7 appliance allows accessing your vSphere environment easily via this secure network.
For some time now, beginning prior to vSphere 7, vCenter Server has included a native backup solution in the VAMI interface to the appliance. This allows regular copies of the vCenter Server configuration to a dedicated backup server for disaster recovery purposes.
Many organizations may have a dedicated backup network that is used for all types of backup traffic, including vCenter Server. The supported ability to add a network card to your vCenter Server 7 appliance enables easily carving out this traffic and sending it over the backup network.
Your organization may have a dedicated monitoring network that uses a different network range to obtain key performance metrics from various endpoints, servers, devices, appliances, etc. The VMware vCenter Server is the centralized management and API point to gather information about virtual workloads.
With the ability to add a network connection dedicated to monitoring, you can connect your vCenter Server to your dedicated monitoring network for integration with your monitoring solution of choice.
4. Network segmentation
Network segmentation, outside of the abovementioned use cases, is one of the basic security strategies to help minimize the risk of compromise. By compartmentalizing your network, you reduce the "blast radius" of a cybersecurity event and what an attacker has access to.
Having the ability to add network connections to vCenter Server 7 allows easily supporting your network segmentation needs and providing access to vCenter over the desired networks.
What are the requirements and caveats for adding network cards to vCenter Server 7?
- Must be VCSA 7 appliance
- First additional adapter is reserved for vCenter HA
- You must add another adapter
- Limit of 4 network adapters total in VCSA 7
One quirk with the new functionality is that the first adapter that is added is reserved for vCenter Server HA, which allows pairing another standby appliance for failover purposes. So, in reality, you get two additional networks as you bring the appliance up with the default adapter, and the next additional adapter is reserved for HA.
Configuring vCenter Server 7 multiple network cards ^
Let's now take a look at how you actually configure the new functionality within vCenter Server 7. The first thing you will need to do is add network adapters to your VCSA 7 appliance. This will be done on the vSphere management cluster that houses your VCSA 7 appliance.
Below is a screenshot of the VAMI interface from a VCSA 7 appliance before any additional network adapters are added.
After shutting down the VCSA appliance, add a network card to the VCSA 7 VM.
Once the appliance is booted, we will see what happens when only one additional adapter is added. The NIC 1 network adapter is Reserved for VCHA. So, in order to have an additional network to add to your VCSA 7 appliance, you will need to add another adapter.
Since NIC 1 is reserved for VCHA, let's add another adapter. After adding another network card to the vCenter Server VCSA 7 appliance, we now have an additional network that can be configured as needed in the VAMI interface.
Once you have the additional network adapter added for the VCSA appliance, you can edit your settings and begin to configure the additional network adapter for connecting to an additional network.
Thoughts and wrapping up ^
The new ability to add multiple network adapters in vCenter Server 7 is a welcome feature that supports many different use cases requiring network connectivity to multiple networks. This can be for compliance, security, or any number of other business-driven use cases.
The process for adding the additional network to vCenter Server is straightforward. However, you do get penalized with the new feature since the first additional network adapter is earmarked for VCHA. VMware may give further guidance or offer additional configuration options for this feature in future releases.
It would be nice to see the option to designate a network adapter for VCHA instead of this being hard-coded to use NIC 1. This would allow even greater flexibility for environments not making use of VCHA.