Dell EMC Technical White Paper Deploying and configuring OMIVV in a dual-NIC environment Isolating vSphere management and out-of-band networks for enhanced security. Abstract Starting from version 5.0, OMIVV supports dual-NIC environment. This document outlines the scenarios where dual-NIC capabilities of OMIVV can be used, and how to configure it.
Revisions Date Description April 2020 Initial release Acknowledgments This paper was produced by the following members of Servers and Infrastructure Solutions Group Authors: Vikram KV – Test Senior Engineer, Servers and Infrastructure Solutions Naveen Dhanaraju – Software Senior Engineer, Servers and Infrastructure Solutions Support: Swapna M, Technical Content Developer 2, Information Development The information in this publication is provided “as is.” Dell Inc.
Contents Revisions............................................................................................................................................................................. 2 Acknowledgments ............................................................................................................................................................... 2 Contents ...................................................................................................................................
Terminology The following table lists the terminology and acronyms that are used in this document: Term Description OMIVV OpenManage Integration for VMware vCenter iDRAC Integrated Dell Remote Access Controller VM Virtual Machine CMC Chassis Management Controller OME-M OpenManage Enterprise–Modular NIC Network Interface Card LAN Local Area Network VLAN Virtual Local Area Network DNS Domain Name System DHCP Dynamic Host Configuration Protocol OOB Out-of-Band MAC Address Media Access
Executive summary In the current scenario, vSphere management network and out-of-band networks are expected to have interconnectivity. As security threats are increasing every day, there is a raising risk of somebody using these exploits to gain unauthorized access. To reduce impact to businesses because of such cyberattacks, starting from version 5.
1 Introduction The OMIVV is designed to streamline the management processes in data center environment by allowing you to use VMware vCenter server to manage full server infrastructure—both physical and virtual. From monitoring system level information, showing system alerts for action in vCenter, updating firmware for an ESXi or vSAN cluster without impacting the workload to bare-metal deployment, the OMIVV will expand and enrich VMware management experience with Dell EMC PowerEdge servers.
1.3 Possible Multi-NIC configuration The following are the different ways to configure dual-NIC in data center environment: 1. Two isolated sets of vCenter and associated hosts, each having separate vSphere management and out-of-band networks with network accessibility internally, and OMIVV has common access to both the setups.
2. Two different isolated vSphere networks and one common out-of-band private network to manage the servers and chassis. OMIVV has access to all three different isolated networks.
3. One common vSphere network and different out-of-band private networks to manage the servers and chassis. OMIVV has access to all three different isolated networks. Figure 4: One common vSphere network and different out-of-band private networks 4. One common vSphere and out-of-band private networks to manage the servers and chassis and another network explicitly to have access to Internet.
2 Configure dual-NIC in OMIVV This section describes how to configure dual-NIC in OMIVV, along with the steps for configuring DNS forwarding as needed. Ensure that the OMIVV appliance is imported, deployed, and not powered on for new installation. Note: Any network configuration is done to the OMIVV appliance when the appliance is up and running will not be reflected in the application until the VM is rebooted. 1. Edit the VM settings using the vSphere Client (HTML-5) and add the additional NIC.
Figure 7: Select network and adapter type 3. Click OK to save the configuration. 4. Power on the VM. Log in as admin and provide the password for Administration console. 5. On the Open Manage Integration for VMware vCenter Virtual Appliance Setup utility, click Network Configuration. The Network Connections page displays two NICs. Figure 8: Available network connections 6. Select the NIC that you want to configure and click.
7. To identify the correct NIC, use the MAC ID displayed on the Ethernet tab, and then compare it against the MAC ID displayed in the vSphere Client. Ensure that you do not change the default MAC address that is listed in the Ethernet tab. 8. Go to General tab and ensure that the check box against Automatically connect to this network when it is available is selected. 9. Click the IPv4 Settings tab, and do the following: a. Select Manual or Automatic (DHCP) from the Method drop-down list. b.
e. You must restrict the appliance to have only one default gateway. If the network interface you are configuring is out-of-band network, click Routes, and then select the Use this connection only for resources on its network check box. Note: Adding multiple networks as default gateways may result in network issues, and OMIVV functionalities may get affected. f.
The status of NICs can be viewed by logging in as readonly user and running the following commands: ifconfig, ping, and route -n or by logging in to admin portal of the appliance as shown below.
2.1 Configure dual-NIC with multiple subnets The following section describes the dual-NIC with Multi-Subnets configuration. The following image is an example where the OMIVV appliance is connected with two different isolated networks with multiple subnets for out-of-band network. The vSphere network is configured with DHCP server where the IP and DNS information are provided by the DHCP server whereas the out-of-band network is configured with static IP, which also has multiple subnetworks.
Figure 14: Configure routes Figure 15: Configure routes Any data from OMIVV to subnet 192.168.50.x and 192.168.11.x will be sent via gateway 192.168.11.1 [shown in the following image].
Figure 16: Routing table 2.2 Configure dual-NIC managed with FQDN on both the network with different DNS This section describes the dual-NIC configuration, where both vSphere and out-of-band are managed by FQDN using IP. However, CentOS allows you to configure maximum three DNS server primary, secondary, and ternary. The CentOS reaches the second DNS server, only when the first DNS server is down or and not reachable and the same applies to third DNS server.
2.2.1 Configure DNS forwarder 1. Right-click DNS server and click Properties. Figure 18 Configure DNS forwarders 2. In Properties, Click Forwarders.
3. Enter the IP address. Figure 20 Configure DNS forwarders Figure 21 Configure DNS forwarders Now the common DNS configured with forwarders will resolve the FQDN from both the DNS namespace.
3 Change in area in OMIVV due to dual-NIC configuration 3.1.1 OS Deployment While initiating OS deployment task, ensure that you select the NIC or interface which belongs to vSphere network. Figure 22 Configure host network settings in deployment wizard 3.1.2 SNMP Trap setting If the OMIVV is configured with dual-NIC configuration with vSphere and out-of-band network, the SNMP trap destination set at iDRAC, or CMC, or OME-M will be appliance IP which belongs to out-of-band network.
4 Network Port information 4.1 OMIVV to in-band network 21 Port Number Protocol Port Type 53 DNS TCP Maximum Encryption Level None 68 DHCP UDP None In 123 NTP UDP None In UDP None Direction Destination Usage Description Out OMIVV appliance to DNS server DHCP sever to OMIVV appliance DNS client Connectivity to the DNS server or resolving the host names To get the network details such as IP, gateway, Netmask and DNS To sync with specific time zone.
run the statd, quotd, lockd, and mountd services by the V2 and V3 protocols of the NFS server. User defined Any UDP/ TCP None Out OMIVV appliance to proxy server Proxy To communicate with the proxy server Note: Dell EMC recommends configuring DNS to the in-band network. Note: Ports related to CIFS or NFS share to be configured according to where the network share is in datacenter environment.
4.
4.3 OMIVV to Internet Port Number Protocols Port Type 443 HTTPS TCP Maximum Encryption Level None User defined Any UDP/TCP None Direction Destination Usage Description Out OMIVV appliance to internet Dell Online Data Access Out OMIVV appliance to proxy server Proxy Connectivity to the online (internet) warranty, firmware, and latest RPM information To communicate with the proxy server Note: Dell EMC recommends configuring in-band network for internet connectivity.
5 25 Conclusion Dell EMC provides products that simplify and streamline their IT processes, freeing administrator’s time to focus on activities that help grow the business. This technical white paper provides comprehensive information about the dual network support capabilities of OMIVV, environments where this capability can be employed, and steps to configure, and verify.
6 Technical support and resources Dell.
