Host-based backup of VMware vSphere VMs.
Post Reply
johntnavi
Enthusiast
Posts: 27
Liked: 1 time
Joined: Apr 27, 2012 6:55 pm
Full Name: John T
Contact:

Accessing Production from Virtual Lab

Post by johntnavi »

Hi Folks,

I am sure this has been asked quite a few times but I cannot find it anywhere in the forums. I need to be able to access a specific server on my production network from a VLAB. Thanks for any help.

J
veremin
Product Manager
Posts: 20270
Liked: 2252 times
Joined: Oct 26, 2012 3:28 pm
Full Name: Vladimir Eremin
Contact:

Re: Accessing Production from Virtual Lab

Post by veremin »

Just out of curiosity – for what purpose do you need access from you backed up machine running in isolated environment to your production?

In this case, isn’t it a little bit easy to put into use instant vm recovery?

Thanks.
johntnavi
Enthusiast
Posts: 27
Liked: 1 time
Joined: Apr 27, 2012 6:55 pm
Full Name: John T
Contact:

Re: Accessing Production from Virtual Lab

Post by johntnavi »

I need to get to an AS400.
veremin
Product Manager
Posts: 20270
Liked: 2252 times
Joined: Oct 26, 2012 3:28 pm
Full Name: Vladimir Eremin
Contact:

Re: Accessing Production from Virtual Lab

Post by veremin »

I need to get to an AS400.
I’m still wondering for what specific purposes VMs executed in isolated environment need to have an access to production. Can you elaborate on it a little bit more?

My point was that if you need to get an access from backed VM to machine in your production environment, wouldn’t be it easier to put into use Instant VM Recovery functionality, instead of SureBackup?

Thanks.
johntnavi
Enthusiast
Posts: 27
Liked: 1 time
Joined: Apr 27, 2012 6:55 pm
Full Name: John T
Contact:

Re: Accessing Production from Virtual Lab

Post by johntnavi »

It is not a production system, but it is on the production network. We have some applications that need to access the AS400 to provide feeds into the system.
foggy
Veeam Software
Posts: 21069
Liked: 2115 times
Joined: Jul 11, 2011 10:22 am
Full Name: Alexander Fogelson
Contact:

Re: Accessing Production from Virtual Lab

Post by foggy »

John, could you please describe your scenario in more detail? Are you trying to verify the backup of some VM in a virtual lab and need also to run tests against AS400? What other VMs do you have in the lab?
johntnavi
Enthusiast
Posts: 27
Liked: 1 time
Joined: Apr 27, 2012 6:55 pm
Full Name: John T
Contact:

Re: Accessing Production from Virtual Lab

Post by johntnavi »

Exactly, the app also needs to push data to the AS400.
veremin
Product Manager
Posts: 20270
Liked: 2252 times
Joined: Oct 26, 2012 3:28 pm
Full Name: Vladimir Eremin
Contact:

Re: Accessing Production from Virtual Lab

Post by veremin »

Then, I’ve to admit that it’s not possible – the whole idea of the isolated environment is that you can’t get an access from there to your production environment.

Thanks.
tsightler
VP, Product Management
Posts: 6009
Liked: 2843 times
Joined: Jun 05, 2009 12:57 pm
Full Name: Tom Sightler
Contact:

Re: Accessing Production from Virtual Lab

Post by tsightler » 2 people like this post

It's not possible with the default Veeam setup and proxy appliance, but there are methods to make this happen. Here are a couple of options:

1. If this is a one-time event, or at least something not very common, you can add a second NIC to the VM after it is powered on in the lab. Attach this NIC to the production network, give it a temporary IP, and there you go. Of course, if it's Windows, you need to take special care that it doesn't conflict with the production system names or you'll run into problems with two systems having the same name so make sure you understand exactly what you are doing.

2. Use a virtual routing appliance such as Vyatta or any of the good free firewall virtual appliances, connect one leg to the isolated network, and another to the production network, and configure it to allow access specifically to the resource you want. Then add a static route to the VM in the isolated network to access the production device via the virtual appliance. This method is quite safe but requires a little more setup, although done once, it becomes pretty easy.

There are actually a couple more ways based on exactly what you want to do, but option #2 is usually the best if it's something that you'll want to do more than once. Once it's configured the first time it's just a matter of manually adding a route to the VM in the isolated lab, which is pretty simple.
johntnavi
Enthusiast
Posts: 27
Liked: 1 time
Joined: Apr 27, 2012 6:55 pm
Full Name: John T
Contact:

Re: Accessing Production from Virtual Lab

Post by johntnavi »

Tom,

thanks for the information, i ended up using option one last night to get it working, worked like a charm till i got to the Windows 2003 servers. I will have a look at suggestion 2 as it makes the most sense. Thanks once again.
J.R.
Novice
Posts: 3
Liked: 1 time
Joined: Mar 05, 2015 4:09 pm
Full Name: John Ley

[MERGED] Virtual Lab access to specific IP on Production net

Post by J.R. »

I have what appears to be an unusual request. I have searched and not found much on this, apologies if my google fu is weak on this subject.

User wants to clone a physical server into the virtual lab to test several new patches/upgrades. So far, this seems like exactly what the VL is for. However, part of what he wants to test requires access to a couple new IPs. The server runs the buildings HVAC, and they have some new equipment they want to configure. So the LAB machine requires a way to get from a VM to the physical hardware.

I did find one thread that said to just add an entry under static mapping. Perhaps I am just not understanding what exactly needs entered. I've tried a few combinations with no success.

Any thoughts?
Thanks!
J.R.
Novice
Posts: 3
Liked: 1 time
Joined: Mar 05, 2015 4:09 pm
Full Name: John Ley

Re: Virtual Lab access to specific IP on Production network

Post by J.R. »

Hmm, could I put the lab on it's own VLAN using the Nexus 1000v in vSphere instead of using the standard vSwitch? I could put the equipment on that VLAN as well, and still have it isolated. It still seems like the New Virtual Lab wizard wants to create it's own vSwitch though. Am I missing a setting?
Vitaliy S.
VP, Product Management
Posts: 27055
Liked: 2710 times
Joined: Mar 30, 2009 9:13 am
Full Name: Vitaliy Safarov
Contact:

Re: Accessing Production from Virtual Lab

Post by Vitaliy S. »

Hi John, it is not possible to access production network from the isolated lab, however you may want to follow one of the tricks Tom has posted above. Thanks!
J.R.
Novice
Posts: 3
Liked: 1 time
Joined: Mar 05, 2015 4:09 pm
Full Name: John Ley

Re: Accessing Production from Virtual Lab

Post by J.R. » 1 person likes this post

I was able to get this to work. I spun up a pfSense VM, with one NIC on the virtual switch that Virtual Lab created, and one on the production network. I gave the Lab NIC the IP 192.168.2.1, and a real IP on PROD. I added a second NIC to the VM in the LAB, and used 192.168.2.1 as the gateway. Then I had to manually add a route statement in the VM since the IP was the same subnet as the VM primary NIC:
route add 192.168.1.47 192.168.2.1
Then I wrote a firewall rule in pfsense to allow traffic from the Lab to Prod and filtered it to only 192.168.1.47. So that is the only PROD IP the VM can access.
gingerdazza
Expert
Posts: 191
Liked: 14 times
Joined: Jul 23, 2013 9:14 am
Full Name: Dazza
Contact:

[MERGED] Sandbox Gateways for Physical Resources

Post by gingerdazza »

There are certain workloads that cannot be virtualised like IBM iSeries/AS400. So, it begs the question as to whether there are any ways to run VM DR tests into sandboxes where the VMs can connect to an external physical resource like this for end to end application testing whilst still be isolated form the production domain?
PTide
Product Manager
Posts: 6408
Liked: 724 times
Joined: May 19, 2015 1:46 pm
Contact:

Re: Accessing Production from Virtual Lab

Post by PTide »

Hi,

It's not possible out of the box, however there is a workaround - please take a look at Tom's post.

Thank you
Post Reply

Who is online

Users browsing this forum: No registered users and 79 guests