Hello,
We are trying to consolidate two different vsphere clusters into one in order to get better utilization of our compute resources. Each cluster has its own set of networks within. In order to consolidate the two clusters, we would need to present both set of networks to the same cluster. Cluster A has a single network and Cluster B has 4 networks that are behind a firewall for non-production use.
Our network security team has a concern of someone creating a VM with two vNICs on it, one vNIC connecting to the network originally in Cluster A and another vNIC connecting to a network in Cluster B that's behind the firewall creating a bridge between the two networks that could bypass the firewall.
Is there a way to deny the ability to have network from Cluster A and network from cluster B be on the same VM? Almost like an affinity rule where you don't allow the two different networks on the same VM? I couldn't find anything on this and not sure if it's even a supported feature but I figured I would see if anyone else knew.
We are currently running vSphere 5.0 U3 and are looking to move to vSphere 6 shortly. We are also using Cisco Nexus 1000v switch for both clusters.
Thanks in advance!
-Michael