Hi, I'm after some advice on best practice when configuring my LAN. All my servers are virtualised on ESX 4.1 including a sophos UTM appliance. All workstations are physical machines.
Currently I have a virtual switch with no physical adapters assigned using the subnet 192.168.44.0 which all the virtual servers communicate with. The sophos UTM has 2 internal interfaces - one of which is also assigned to this virtual switch.
The second interface on the Sophos UTM is assigned to a different virtual switch which DOES have a physical NIC assigned and is connected to the physical switch all the workstations are also connected to and using the subnet 192.168.16.0.
This works nicely and provides fast communication between the servers and control over workstation access to servers but it also means that all traffic between workstations and servers has to travel through the Sophos UTM and get translated / routed.
Would it be better practice to assign all virtual servers to the virtual switch that has a NIC assigned and operate all servers and workstations on the same subnet. This would mean that communication between workstations and servers would not have to be routed by the UTM ? Given it is a Windows Active Directory environment with file sharing (DFS), DNS, DHCP etc.. there is significant traffic between servers and workstations.
Another limitation I have encountered with current config is that apps like Dropbox that can 'Lan Sync' don't work in current config as the broadcast method doesn't traverse the different subnets via the UTM.
Thanks, David