Citrix Virtual Apps and Desktops 7 Assessment, Design and Advanced Configurations — Question 31

Scenario: A Citrix Architect is designing a new Citrix Virtual Apps and Desktops environment. The environment will run on 2 Citrix Hypervisor platforms, each consisting of 3 NICs. The company maintains strict security standards for all business data traffic, so the architect is designing and configuring hypervisor network traffic to limit infrastructure vulnerabilities.
How should the architect configure the hypervisor network traffic to provide the best security for the environment?

Answer options

• A. Use 1 physical NIC on the host for management, and a second NIC shared for storage and virtual machines (VMs). Create 2 subnets – 1 for management and the other for storage and VMs. Confirm that the storage and VMs use a NIC on the same network as the host NIC, and sort traffic between the host and storage/VM with a switch port.
• B. Use each physical NIC on the hosts – 1 for management, 1 for storage, and 1 for the virtual machines (VMs). Create 2 subnets – 1 for management and the other for storage. Confirm that the VMs use a NIC for guest traffic on a separate network, and connect all networks to separate network switches.
• C. Use each physical NIC on the hosts – 1 for management, 1 for storage, and 1 for the virtual machines (VMs). Keep all traffic on a single subnet. Confirm that the VMs use a NIC for guest traffic on the same network as the host NIC, and sort the traffic between the host and VMs with switch port.
• D. Use 1 physical NIC on the host for management, and a second NIC shared for storage and virtual machines (VMs). Keep all traffic on a single subnet. Confirm that the storage and VMs use a NIC on the same network as the host NIC, and sort the traffic between the host and storage/VM with a switch port.

Correct answer: B

Explanation

Option B is the correct choice as it effectively utilizes all physical NICs for dedicated purposes, enhancing security by isolating management, storage, and VM traffic on distinct subnets. The other options either consolidate traffic, which can create vulnerabilities, or do not utilize all NICs effectively, leading to potential security risks.