December 01, 2008, 9:49 PM —
Recently, as I was perusing the latest postings to one of the many listservs to which I'm subscribed, I came across a comment that I found interesting.Â In it, the poster â€“ a database administrator â€“ was asking a question related to how a virtual machine handles network connectivity.Â In his message, the poster indicated that his understanding of VMware leads him to believe that a virtual machine running under VMware uses a different IP address than the rest of the network and, as a result, he was questioning how he should go about poking an appropriate hole in his firewall to allow outside traffic to this VM.
His query made me realize that, although virtualization has become a hot topic in many places, the ins and outs of the technology are not always well understood.Â A few years ago, when I was an IT Director at a different college than the one at which I now work, I introduced virtualization to the network team at the time and was met with a multitude of questions.Â Among the questions were concerns about how the virtual machines would be managed, how they would communicate on the network, and so forth.Â
There are certainly some differences between managing physical vs. virtual machines, but the overall concept is identical â€“ you attach to the console and manage the machine.Â Want to add RAM?Â Bring down the machine and add the RAM.Â For a physical machine, this means tearing off the cover and adding RAM modules.Â For a virtual machine, this means opening the VM properties and assigning more RAM.
On the network communications front, most virtualization software provides two modes of network communication: Bridged or NAT.Â When using bridged mode, which is the most common, the virtual machine gets an address based on the VLAN assignment, if any, for the VM's virtual network connection.Â The virtual machine communicates directly with the network and traffic does not need to be routed by the virtual host, except to pass it through the host NIC.Â Under NAT mode, the VM is assigned an address from a virtual network created by the virtual host.Â The VM communicates with the outside world by routing its traffic through the host.
In answer to the poster's question regarding firewall holes, he would have to do nothing more than assign a static IP address to the VM and handle the firewall side as he would with any other machine.Â In short, he should just look at the VM as another server on his networskâ€¦ no more, no less.Â Once that abstraction leap is made, it's very easy to think about virtualization.Â With virtualization, things don't have to get more complex.