0

In the near future, my firm will begin hosting Terminal Services systems for a few business customers. The Terminal Services Servers will be VM's on one of two large VM hosts.

To provide secure access, we will be setting up a site-to-site VPN between our network and the customer. However, the client should only be able to access their virtual machines, not the machines on our LAN.

The best idea I've had so far is setting up a physical switch for each customer. Our VPN router will put each customer's traffic onto a different port, and that port will then be connected to their switch. That switch will be connected to physical NIC's on each VM host. Each virtual machine will be bridged with the physical NIC associated with the customer using the VM.

Although I think this would work, it seems overly complex and difficult to scale. Can anybody propose a better solution?

I asked a similar (but different) question before, it can be found here: Is it possible to link discrete VPN networks?

Community
  • 1
Nic
  • 13,425
  • 17
  • 61
  • 104

2 Answers2

4

It doesn't sound too complicated to me and although I don't do much work with virtualization, I suspect that your plan is a fairly common scenario for companies that host IT infrastucture for independent, disparate customers. I would recommend using VLAN's on a single switch instead of using dedicated switches in order to reduce your infrastructure costs.

joeqwerty
  • 109,901
  • 6
  • 81
  • 172
0

You might want to consider running a virtual router & virtual switches on your vm host. Take a look at this Vyatta virtualization demo to get an idea how you could do it.

Joe Internet
  • 1,449
  • 8
  • 6