I have been tasked with redesigning my companys virtual infrastructure (vSphere 5.5 Ent Plus). This redesign will involve the consolidation of two physically air gapped Dev and Production environments into one IT Service, logically separated environments.
I have been looking at design guides utilising VMware vShield Edge product to simplify the segmentation via PGI (port group isolation). However, from what I understand, the PGI capability has been removed post v4.1 and is no longer available in vShield 5. The design I was looking to emulate was:
A few questions I have for anyone with experiance in this field:
- Why was PGI functionality removed, it looks to be a great method for segmenting environments
- does VXLAN supercede PGI or are there other functionalities vShield can provide to give the same functionaliy
- How does you segment your vEnvironment. My company is ultimately looking to migrate to a converged CIAB solution wtih DEV, Test, Prod and DMZ all located within the same physical infrastructure but yet securely separated logically.