Isolating Virtual Desktops for Enhanced Security
Question
A vSphere administrator has been tasked with ensuring that 500 virtual desktops are unable to communicate with one another, but can communicate with required services.
Which two solutions does VMware recommend? (Choose two.)
Answers
Explanations
Click on the arrows to vote for the correct answer
A. B. C. D.BC.
To ensure that 500 virtual desktops are unable to communicate with each other, but can communicate with required services, VMware recommends two solutions: Private VLAN and VMware NSX Distributed Firewall.
Private VLAN (PVLAN): A Private VLAN allows isolation between virtual machines on the same VLAN. A Private VLAN has two types of ports: a primary port and a secondary port. The primary port can communicate with all the secondary ports, but the secondary ports cannot communicate with each other. Therefore, by configuring the virtual desktops as secondary ports on a Private VLAN, you can ensure that the virtual desktops cannot communicate with each other, but can communicate with required services.
VMware NSX Distributed Firewall: The VMware NSX Distributed Firewall provides a distributed firewall service for virtual machines. It allows you to create security policies based on the virtual machine attributes, such as the IP address, MAC address, and operating system. With the VMware NSX Distributed Firewall, you can create security policies to block the virtual desktops from communicating with each other, but allow them to communicate with required services.
While vSphere Host Firewall and Port Filtering are also security solutions that can help isolate virtual machines, they do not provide the same level of isolation and control as Private VLAN and VMware NSX Distributed Firewall. Therefore, they are not the recommended solutions for this specific task.
