Subscribe: Comments on: The Secret of Ephemeral Port Groups
http://www.vcritical.com/2011/05/the-secret-of-ephemeral-port-groups/feed/
Preview: Comments on: The Secret of Ephemeral Port Groups

Comments on: The Secret of Ephemeral Port Groups



Virtualization and Cloud Infrastructure



Last Build Date: Sat, 11 Oct 2014 06:33:41 +0000

 



By: visual anatomy & physiology martini

Wed, 18 Jan 2012 19:31:07 +0000

visual anatomy & physiology martini... [...]VMware vSphere Distributed Switch allows management of ephemeral ports while vCenter is offline | VCritical[...]...



By: Bob

Tue, 06 Dec 2011 04:20:13 +0000

Phillip, we have been having this discussion lately as well with our new vSphere 5 environment. Found this from VMware that talks about the potential downsides to ephemeral port binding: http://kb.vmware.com/kb/1022312 Seems it is recommend for View environments however due to linked clone issues: http://kb.vmware.com/kb/1021193



By: Jason Boche

Sat, 26 Nov 2011 15:17:45 +0000

Phillip, I ran into an issue using Ephemeral - no binding in conjunction with cloning VMs & Guest Customization which you can read about on my blog using the Pingback link in this comment section.



By: Cloning VMs, Guest Customization, & vDS Ephemeral Port Binding » boche.net – VMware vEvangelist

Sat, 26 Nov 2011 05:48:50 +0000

[...] The majority of my work involved networking in which I decommissioned all legacy vSwitches in the vSphere 5 cluster and converted all remaining VMkernel port groups to the existing vNetwork Distributed Switch (vDS) where I was already running the majority of the VMs on Static binding port groups.  In the process, some critical infrastructure VMs were also moved to the vDS including the vCenter, SQL, and Active Directory domain controller servers.  Because of this, I elected to implement Ephemeral – no binding for the port binding configuration of the VM port group which all VMs were connected to, including some powered off VMs I used for cloning to new virtual machines.  This decision was made in case there was a complete outage in the lab.  Static binding presents issues where in some circumstances, VMs can’t power on when the vCenter Server (Control Plane of the vDS) is down or unavailable.  Configuring the port group for Ephemeral – no binding works around this issue by allowing VMs to power on and claim their vDS ports when the vCenter Server is down.  There’s a good blog article on this subject by Eric Gray which you can find here. [...]



By: Tomas Fojta

Wed, 01 Jun 2011 12:54:19 +0000

Phillip: The disadvantage is that if you configure ephemeral port binding your network will be less secure. Anybody who will gain host access can create rogue virtual machine and place it on the network or to move VMs between networks. The security hardening guide even recommends to lower the number of ports for each distributed portgroup so there are none unused.



By: Phillip

Tue, 31 May 2011 14:59:13 +0000

What are the disadvantages or limitations by using ephemeral port binding. Are there any? I would like to know from a design perspective on why i wouldn't use these vs the other options.