Hi Stelephan,
It all depends on your security design. I'd advise for having at least CHAP authentication on all machines to prevent any type of hacker on the virtual machine to gain access to other storage luns by merely the use of a forged IQN.
And if customer doesn't require you to have any network seperation between your ESX storage network and Virtual Machine storage network, then you can indeed just simply add two "Virtual Machine Network" on the same vSwitch you are already using for your current iSCSI storage network. (Portgroup is a name of the past if I recall correctly).
note: In case you're running heavilly consolidated machines with very high I/O generating VM's it could be wise to perhaps add two more physical NICs. This is all a matter of monitoring and calculation ofcourse.
Here's a sample picture by Patters98 in his other iSCSI thread:
Here's the link to his thread: http://communities.vmware.com/thread/259695 (I must say this thread is about something else then your issue, but the picture explains more then the words.) Also Patters98 gives some insight into how EqualLogic has set best practice for their iSCSI devices. (I must say this is sort of a general practice I see with different type of vendors)
Jelle
VMware VCP since 2006
If this thread has been any help, give the people some credit stars ![]()
Message was edited by: J.R. Kalf
redone the picture