0

I recently purchased a RAID array to store my VM's and segregate the storage from the host machine.

Since my needs are pretty simple I've configured the VM's to bridge with the host network (I think they call this "VM network").

My array is also assigned an address on the host network.

I am almost positive the best practice would be to seperate the host network from the storage network, but just as a curiosity, how "bad" is it to have the storage on the same subnet as the hypervisor and its VM's?

What kinds of problems might it cause if a VM tried to access its own HD files on the array? For instance, what would happen if I logged into a VM, mounted the VM's own NFS share, and tried to delete the OS files?

tacos_tacos_tacos
  • 3,250
  • 18
  • 63
  • 100

1 Answers1

0

Well some of this is hypervisor specific. On the assumption that you are using esxi (because of the tag) and your storage protocol this is not HORRIBLE but it's not great.

Kind of like installing your apps to C:.

There are a few drawbacks:

  1. Scalability (routing\switching) - You either have more than one subnet on your adapters (so you are either routing inside the hypervisor (not too bad) or go off the hypervisor to your network to route packets (bad)
  2. Scalability (management) - Configurations are going to get crazy. Keep in mind that VMs don't have access to their files over NFS, only* the hypervisor should! It's nice (from a human readable standpoint) to give each type of connection their own subnet (administrative, storage, VM to production LAN etc).
  3. Security - What can't be reached can't be hacked. Having a back end network for storage/backup/administration can be a godsend if you are a school or big name site.

  4. Performance - 10 1 gig NICs in a etherchannel/trunked != 1 10gig nic in bandwidth. TCP only uses one NIC per session. So if your ESXi box has 10.0.0.1 and the NFS server is 10.1.1.1 & you have a zillion bonded 1 gig cards you still max out at 1 gig between those two IPs. Not good if you are also sharing that NIC with your VM to LAN traffic, administrative traffic etc.

    • and backup & replication & administrative systems

Finally, For instance, what would happen if I logged into a VM, mounted the VM's own NFS share, and tried to delete the OS files? You should not be able to do this for most of your VMs. With ESX(i) your NFS storage contains VMDK files which are essentially binary copies of the contents of the hard disk. You COULD do some nasty (or really cool things here) but you may want to get more familiar with some of the basic stuff first. One of the things we do here a lot is snapshot our VMs and then copy the snapshots to another storage device. If a user needs a file level restore it's actually possible to mount the .VMDK file from a Linux box and copy the file out but you ALWAYS want to do this read only.

TheFiddlerWins
  • 2,999
  • 1
  • 15
  • 22