VMware Solutions Discussions

Use of vFilers and VMware SRM in Secure Multi Tenancy environment

DAIRYMILK
2,515 Views

Hi there,

I've raised a question related to the same underlying problem here https://communities.netapp.com/message/80619 regarding the use of OnCommand where the OnCommand server cannot actually contact the vFilers.

I'm having a similar issue with configuring VMware Site Recovery Manager in the same environment as the SRM server cannot contact the vFilers hosting the datastores.

Basically, we use the enhanced secure multi tenancy framework and are hosting several vFilers for separate customers.  Each vFiler hosts virtual machines which we would like to manage from a central management network as we need to provide backup services.  However, things like OnCommand and SRM require direct access to the vFilers in order to make the necessary ZAPI calls to trigger actions related to backups.  Since these vFilers are not accessible to our management network, we cannot use these tools.

Has anyone else come across this problem and thought of a way round it?

2 REPLIES 2

scottgelb
2,515 Views

Is each vFiler is a separate iPspace? At some customers we add additional ip aliases on each vFiler to get an ip on the management network. It may not be allowed in hosted or secure environments though. But ip aliasing to multi home more than one ip on an interface does save having to use additional ports to get connectivity to the management network if feasible.

DAIRYMILK
2,515 Views

Hi Scott, thanks for your reply.

Yes, the vFilers are in separate ipspaces.  Adding another port wouldn't really be a problem apart from the security aspect and you're correct, we're not allowed to do that.  We can't have the vFilers directly on the management network which basically, as far as I can tell, means that I simply won't be able to do what I need to.

I've been banging my head against a wall (not literally) trying to think of a clever way round this but I can't.  It just seems that the toolset won't work in a multi-tenant environment.  I guess that's what vFilers are for though, so I shouldn't be surprised!  It's just frustrating when you're trying to manage them all.  I know a bad workman always blames his tools but SRM is a great tool and would do exactly what I need if it could only talk to the vFilers!

It would be great if you could initiate calls to the vFilers via vFiler0 but I don't believe that's possible.

Public