-
- Enthusiast
- Posts: 27
- Liked: 1 time
- Joined: Apr 27, 2012 6:55 pm
- Full Name: John T
- Contact:
Accessing Production from Virtual Lab
Hi Folks,
I am sure this has been asked quite a few times but I cannot find it anywhere in the forums. I need to be able to access a specific server on my production network from a VLAB. Thanks for any help.
J
I am sure this has been asked quite a few times but I cannot find it anywhere in the forums. I need to be able to access a specific server on my production network from a VLAB. Thanks for any help.
J
-
- Product Manager
- Posts: 20285
- Liked: 2258 times
- Joined: Oct 26, 2012 3:28 pm
- Full Name: Vladimir Eremin
- Contact:
Re: Accessing Production from Virtual Lab
Just out of curiosity – for what purpose do you need access from you backed up machine running in isolated environment to your production?
In this case, isn’t it a little bit easy to put into use instant vm recovery?
Thanks.
In this case, isn’t it a little bit easy to put into use instant vm recovery?
Thanks.
-
- Enthusiast
- Posts: 27
- Liked: 1 time
- Joined: Apr 27, 2012 6:55 pm
- Full Name: John T
- Contact:
Re: Accessing Production from Virtual Lab
I need to get to an AS400.
-
- Product Manager
- Posts: 20285
- Liked: 2258 times
- Joined: Oct 26, 2012 3:28 pm
- Full Name: Vladimir Eremin
- Contact:
Re: Accessing Production from Virtual Lab
I’m still wondering for what specific purposes VMs executed in isolated environment need to have an access to production. Can you elaborate on it a little bit more?I need to get to an AS400.
My point was that if you need to get an access from backed VM to machine in your production environment, wouldn’t be it easier to put into use Instant VM Recovery functionality, instead of SureBackup?
Thanks.
-
- Enthusiast
- Posts: 27
- Liked: 1 time
- Joined: Apr 27, 2012 6:55 pm
- Full Name: John T
- Contact:
Re: Accessing Production from Virtual Lab
It is not a production system, but it is on the production network. We have some applications that need to access the AS400 to provide feeds into the system.
-
- Veeam Software
- Posts: 21075
- Liked: 2116 times
- Joined: Jul 11, 2011 10:22 am
- Full Name: Alexander Fogelson
- Contact:
Re: Accessing Production from Virtual Lab
John, could you please describe your scenario in more detail? Are you trying to verify the backup of some VM in a virtual lab and need also to run tests against AS400? What other VMs do you have in the lab?
-
- Enthusiast
- Posts: 27
- Liked: 1 time
- Joined: Apr 27, 2012 6:55 pm
- Full Name: John T
- Contact:
Re: Accessing Production from Virtual Lab
Exactly, the app also needs to push data to the AS400.
-
- Product Manager
- Posts: 20285
- Liked: 2258 times
- Joined: Oct 26, 2012 3:28 pm
- Full Name: Vladimir Eremin
- Contact:
Re: Accessing Production from Virtual Lab
Then, I’ve to admit that it’s not possible – the whole idea of the isolated environment is that you can’t get an access from there to your production environment.
Thanks.
Thanks.
-
- VP, Product Management
- Posts: 6015
- Liked: 2843 times
- Joined: Jun 05, 2009 12:57 pm
- Full Name: Tom Sightler
- Contact:
Re: Accessing Production from Virtual Lab
It's not possible with the default Veeam setup and proxy appliance, but there are methods to make this happen. Here are a couple of options:
1. If this is a one-time event, or at least something not very common, you can add a second NIC to the VM after it is powered on in the lab. Attach this NIC to the production network, give it a temporary IP, and there you go. Of course, if it's Windows, you need to take special care that it doesn't conflict with the production system names or you'll run into problems with two systems having the same name so make sure you understand exactly what you are doing.
2. Use a virtual routing appliance such as Vyatta or any of the good free firewall virtual appliances, connect one leg to the isolated network, and another to the production network, and configure it to allow access specifically to the resource you want. Then add a static route to the VM in the isolated network to access the production device via the virtual appliance. This method is quite safe but requires a little more setup, although done once, it becomes pretty easy.
There are actually a couple more ways based on exactly what you want to do, but option #2 is usually the best if it's something that you'll want to do more than once. Once it's configured the first time it's just a matter of manually adding a route to the VM in the isolated lab, which is pretty simple.
1. If this is a one-time event, or at least something not very common, you can add a second NIC to the VM after it is powered on in the lab. Attach this NIC to the production network, give it a temporary IP, and there you go. Of course, if it's Windows, you need to take special care that it doesn't conflict with the production system names or you'll run into problems with two systems having the same name so make sure you understand exactly what you are doing.
2. Use a virtual routing appliance such as Vyatta or any of the good free firewall virtual appliances, connect one leg to the isolated network, and another to the production network, and configure it to allow access specifically to the resource you want. Then add a static route to the VM in the isolated network to access the production device via the virtual appliance. This method is quite safe but requires a little more setup, although done once, it becomes pretty easy.
There are actually a couple more ways based on exactly what you want to do, but option #2 is usually the best if it's something that you'll want to do more than once. Once it's configured the first time it's just a matter of manually adding a route to the VM in the isolated lab, which is pretty simple.
-
- Enthusiast
- Posts: 27
- Liked: 1 time
- Joined: Apr 27, 2012 6:55 pm
- Full Name: John T
- Contact:
Re: Accessing Production from Virtual Lab
Tom,
thanks for the information, i ended up using option one last night to get it working, worked like a charm till i got to the Windows 2003 servers. I will have a look at suggestion 2 as it makes the most sense. Thanks once again.
thanks for the information, i ended up using option one last night to get it working, worked like a charm till i got to the Windows 2003 servers. I will have a look at suggestion 2 as it makes the most sense. Thanks once again.
-
- Novice
- Posts: 3
- Liked: 1 time
- Joined: Mar 05, 2015 4:09 pm
- Full Name: John Ley
[MERGED] Virtual Lab access to specific IP on Production net
I have what appears to be an unusual request. I have searched and not found much on this, apologies if my google fu is weak on this subject.
User wants to clone a physical server into the virtual lab to test several new patches/upgrades. So far, this seems like exactly what the VL is for. However, part of what he wants to test requires access to a couple new IPs. The server runs the buildings HVAC, and they have some new equipment they want to configure. So the LAB machine requires a way to get from a VM to the physical hardware.
I did find one thread that said to just add an entry under static mapping. Perhaps I am just not understanding what exactly needs entered. I've tried a few combinations with no success.
Any thoughts?
Thanks!
User wants to clone a physical server into the virtual lab to test several new patches/upgrades. So far, this seems like exactly what the VL is for. However, part of what he wants to test requires access to a couple new IPs. The server runs the buildings HVAC, and they have some new equipment they want to configure. So the LAB machine requires a way to get from a VM to the physical hardware.
I did find one thread that said to just add an entry under static mapping. Perhaps I am just not understanding what exactly needs entered. I've tried a few combinations with no success.
Any thoughts?
Thanks!
-
- Novice
- Posts: 3
- Liked: 1 time
- Joined: Mar 05, 2015 4:09 pm
- Full Name: John Ley
Re: Virtual Lab access to specific IP on Production network
Hmm, could I put the lab on it's own VLAN using the Nexus 1000v in vSphere instead of using the standard vSwitch? I could put the equipment on that VLAN as well, and still have it isolated. It still seems like the New Virtual Lab wizard wants to create it's own vSwitch though. Am I missing a setting?
-
- VP, Product Management
- Posts: 27138
- Liked: 2727 times
- Joined: Mar 30, 2009 9:13 am
- Full Name: Vitaliy Safarov
- Contact:
Re: Accessing Production from Virtual Lab
Hi John, it is not possible to access production network from the isolated lab, however you may want to follow one of the tricks Tom has posted above. Thanks!
-
- Novice
- Posts: 3
- Liked: 1 time
- Joined: Mar 05, 2015 4:09 pm
- Full Name: John Ley
Re: Accessing Production from Virtual Lab
I was able to get this to work. I spun up a pfSense VM, with one NIC on the virtual switch that Virtual Lab created, and one on the production network. I gave the Lab NIC the IP 192.168.2.1, and a real IP on PROD. I added a second NIC to the VM in the LAB, and used 192.168.2.1 as the gateway. Then I had to manually add a route statement in the VM since the IP was the same subnet as the VM primary NIC:
route add 192.168.1.47 192.168.2.1
Then I wrote a firewall rule in pfsense to allow traffic from the Lab to Prod and filtered it to only 192.168.1.47. So that is the only PROD IP the VM can access.
route add 192.168.1.47 192.168.2.1
Then I wrote a firewall rule in pfsense to allow traffic from the Lab to Prod and filtered it to only 192.168.1.47. So that is the only PROD IP the VM can access.
-
- Expert
- Posts: 199
- Liked: 14 times
- Joined: Jul 23, 2013 9:14 am
- Full Name: Dazza
- Contact:
[MERGED] Sandbox Gateways for Physical Resources
There are certain workloads that cannot be virtualised like IBM iSeries/AS400. So, it begs the question as to whether there are any ways to run VM DR tests into sandboxes where the VMs can connect to an external physical resource like this for end to end application testing whilst still be isolated form the production domain?
-
- Product Manager
- Posts: 6442
- Liked: 730 times
- Joined: May 19, 2015 1:46 pm
- Contact:
Re: Accessing Production from Virtual Lab
Hi,
It's not possible out of the box, however there is a workaround - please take a look at Tom's post.
Thank you
It's not possible out of the box, however there is a workaround - please take a look at Tom's post.
Thank you
Who is online
Users browsing this forum: Semrush [Bot] and 33 guests