The E.T.D.F. Series — Setting up the Network and Dedicated Remote Access (Part 1)

Wow!  I can’t believe it’s been almost two months since my last post!  Sorry for my extended absence.  I’ve been super busy with VMware events, customer presentations and meetings … oh yeah, and there was a nice ski trip to Vail too.  Time flies when you’re having fun 🙂

Over the past few weeks, with the little spare time I had, I actually completed my conversion to a virtual desktop.  So now, my corporate VMware desktop is 100% in a VM, always on and "lives" on the virtual infrastructure in my home lab.  And with my shiny new AT&T 3G wireless laptop card, I can access it anytime, anywhere (though admittedly, this is a last resort).

You might have guessed by the title, for this post I’ll focus on my network setup.  I stress the word “my” because when I first started to write this section almost a month ago, I had a lot of trouble trying to address all possible network configurations (or at least, a good majority of them).  Finally I gave up, realizing this was an impossible task.  There are just way too many options.  So, I’m simply going to document my network.  If you have VDI network configuration questions that aren’t answered in this section, email me directly (aaron at sweemer dot com) and I’ll be happy to help out.

I think the best place to start would be showing you a high level diagram of my network (click the graphic to see the full image). 



As you’re reviewing the diagram, here are a couple things to keep in mind:

  • All IP addresses have been changed and domain names have been removed for security purposes.  Hostnames, however, remain unchanged.
  • You do not need to have a similar setup.  In fact, you can have as little as a single physical server with local storage.  You might not be able to get the full benefits that a fully loaded virtual infrastructure can provide (e.g. VMotion, DRS, HA).  But if you’re just looking to test out virtual desktops with VMware View, you can certainly go with a slimmed down environment.  
  • The configuration of the physical servers (cincylab-esx1, 2 and 3) as well as the iSCSI SAN (cincylab-ts1) will be addressed in the next section.
  • The ISP router is a fairly unintelligent device which I’ve configured to simply forward all network traffic to cincylab-rtr1.  As such, I won’t address the configuration here.

I love Visio diagrams, they make everything look so pretty and shiny!  What does this actually look like?  Here’s a photo of my lab …



Notice the PC on the right (cincylab-rtr1)?  That’s an old Gateway I had lying around, which has a single 2.2GHz processor, 1Gig of RAM and a single 100Mbps NIC.  I installed Ubuntu server 8.04.1 (kernel 2.6.24-19-server) on it and made it the gateway between my lab and the DMZ (aka, my home network).  It’s on this PC that I route between VLANs, terminate external VPN connections and run my DHCP server.  Additionally, it’s where I run scripts that continually scan for changes to my public IP address and when necessary, automatically updates my dynamic DNS provider.

Since this post is getting long, I decided to break this section into two parts.  In part two, I’ll walk through the all the configurations of cincylab-rtr1 and cincylab-sw1.  And before you say anything … no, it won’t be another two months before I post part two 🙂