> For the complete documentation index, see [llms.txt](https://docs.glesys.com/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://docs.glesys.com/products/compute/vmware-virtual-machines/how-tos/manage-private-networks.md). # Manage private networks *** It is possible to create private networks between VMware servers. This allows them to communicate directly with each other without sending traffic over the public internet, thereby enhancing the security of the information exchanged between the servers. Private networks are also divided into segments. When you create a private network, you must also create one or more segments within that network. Each segment is a unified entity that encompasses resources belonging to the same platform and data center. Private networks are the recommended way to connect VMs. If you also need to connect physical hardware to your VMs, consider using [**VLAN networks**](/products/compute/vmware-virtual-machines/how-tos/manage-vlan-networks.md) instead. ## **Create private networks using the control panel** You find private networks under **Networking** in the left-hand menu. Click **Private networks**, and then click **Create** to create a new private network.

In the next step, name the network, for instance, `test-net`.

Once the private network is created, the segments within the network are displayed. No segments exist initially in a new private network—you need to create them yourself. A segment is a subdivision of the private network that allows you to partition it into smaller sections. Here, click **+ Create segment**.

In the next dialog box, configure the settings for the segment. In this example, we name the segment `lab` and change the platform to `VMware`. In the dropdown menu for the data center, select the data center where your VMware servers are located; in this case, `Falkenberg`. Under *IP addresses*, specify the network segment—the network and subnet mask—that you wish to use. In this example, we choose `192.168.0.0/24`. This setup provides 251 usable IPv4 addresses for servers (256 addresses minus the addresses `.0`, `.1`, `.2`, `.3`, and `.255`). The first three addresses, `.1`, `.2`, and `.3`, are reserved for routing traffic between segments in the private network.

The network is complete, and you can see it in the overview of **Private networks**.

### Connect VMs to a private network To connect your virtual machines to the private network, you first need to create a new network adapter on each VM that will communicate with the others. The newly created network adapter on each VM is then connected to the private network, and we assign it an IP address within the same network as the one specified in the segment. To create a new network adapter on a VM, first select the VM under **Compute** → **Virtual machines**. Here, click on the server where we want to create the network adapter. Next, select the **Network adapters** tab and click **+ Create Network Adapter**. The network adapter already visible in the list is used for internet connectivity.

In the dialog box that opens, select the type of adapter (**VMXNET 3** is good for most situations), the connection type (**Private network**), and which network segment it should be connected to. Also, select the speed of the network adapter. Finally, click **Create**.

Once the adapter is created, it appears in the overview of all adapters for the VM. The standard adapter for internet connectivity and the new adapter for the private network are now shown.

#### Assign an IP address to the adapter in the VM's operating system Before using the private network, you must assign an IP address within the segment you specified when creating the network to the new network adapter on each VM's operating system. The method for doing this varies between different systems. {% tabs %} {% tab title="Ubuntu" %} After adding the adapter to the VM, you need to determine the adapter's name in Ubuntu. The easiest way to do this is by checking `dmesg`. Enter the following command: {% code title="Command" %} ``` sudo dmesg ``` {% endcode %} The line you are looking for should resemble something like this: {% code title="Output" %} ``` vmxnet3 0000:13:00.0 ens224: renamed from eth0 ``` {% endcode %} This means the new adapter has been assigned the name `ens224` in the system. If, for some reason, the adapter cannot be found in the output from `dmesg`, it is also possible to list all adapters using the command `ip addr`. The adapter without an IP address is most likely the new one. Once you know the adapter's name, add it to the file `/etc/netplan/50-cloud-init.yaml`. We must add the configuration for the new adapter `ens224`, and keep the configuration for `ens192` as is. Here, we assign `ens224` the IP address `192.168.0.6` with the subnet mask /24 (`255.255.255.0`). Since this is a private network, assigning a gateway or DNS to the adapter is unnecessary. The file should look like this (note that `ens224` must be indented with the same amount of spaces as `ens192`): {% code title="/etc/netplan/50-cloud-init.yaml" %} ```yaml network: version: 2 ethernets: ens192: addresses: - "203.0.113.71/23" - "2001:db8:18::d5/48" nameservers: addresses: - 79.99.4.100 - 79.99.4.101 - 2a02:751:aaaa::1 - 2a02:751:aaaa::2 gateway4: 203.0.113.1 gateway6: 2001:db8:18::1 ens224: addresses: - "192.168.0.6/24" ``` {% endcode %} Save the file and test the configuration with `sudo netplan try`. If you see the countdown timer, the file is likely correct; in this case, press the Enter key to confirm. {% code title="Command" %} ``` sudo netplan try ``` {% endcode %} {% code title="Prompt from netplan" %} ``` Do you want to keep these settings? Press ENTER before the timeout to accept the new configuration Changes will revert in 117 seconds Configuration accepted. ``` {% endcode %} Next, we make sure the adapter has been assigned an IP address: {% code title="Command" %} ``` ip addr show dev ens224 ``` {% endcode %} {% code title="Output" %} ``` 3: ens224: mtu 1500 qdisc pfifo_fast state UP group default qlen 1000 link/ether 12:06:33:70:96:02 brd ff:ff:ff:ff:ff:ff altname enp19s0 inet 192.168.0.6/24 brd 192.168.0.255 scope global enp9s0 valid_lft forever preferred_lft forever inet6 fe80::1006:33ff:fe70:9602/64 scope link valid_lft forever preferred_lft forever ``` {% endcode %} Finally, to prevent the settings from being overwritten by cloud-init, you must also execute the following command: {% code title="Command" %} ``` sudo sh -c 'echo "network: {config: disabled}" > /etc/cloud/cloud.cfg.d/99-disable-network-config.cfg' ``` {% endcode %} {% endtab %} {% tab title="Debian" %} After adding the adapter to the VM, you need to determine the adapter's name in Debian. The easiest way to do this is by checking `dmesg`. Enter the following command: {% code title="Command" %} ``` sudo dmesg ``` {% endcode %} The line to look for should resemble something like this: {% code title="Output" %} ``` vmxnet3 0000:13:00.0 ens224: renamed from eth0 ``` {% endcode %} This means that the new adapter has been assigned the name `ens224` in the system. If, for some reason, the adapter cannot be found in the output from `dmesg`, it is also possible to list all adapters using the command `ip addr`. The adapter without an IP address is most likely the new one. Once you know the adapter's name, add it to the file `/etc/network/interfaces.d/50-cloud-init` and assign it an IP address. We leave the existing lines in the file as they are. Here, we assign it the IP address `192.168.0.7` with the subnet mask /24 (`255.255.255.0`). The entire file will then look something like this, depending on its prior content: {% code title="/etc/network/interfaces.d/50-cloud-init" %} ``` auto lo iface lo inet loopback auto ens192 iface ens192 inet static address 203.0.113.12/24 dns-nameservers 79.99.4.100 79.99.4.101 2a02:751:aaaa::1 2a02:751:aaaa::2 gateway 46.21.103.1 dns {'nameservers': ['79.99.4.100', '79.99.4.101', '2a02:751:aaaa::1', '2a02:751:aaaa::2'], 'search': []} # control-alias ens192 iface ens192 inet6 static address 2001:db8:18::9e/48 gateway 2a02:750:20::1 auto ens224 iface ens224 inet static address 192.168.0.7/24 ``` {% endcode %} Next, you need to restart the network for the changes to take effect. This can be done with the following command: {% code title="Command" %} ``` sudo systemctl restart networking ``` {% endcode %} We make sure everything worked out: {% code title="Command" %} ``` ip addr show dev ens224 ``` {% endcode %} {% code title="Output" %} ``` 3: ens224: mtu 1500 qdisc fq_codel state UP group default qlen 1000 link/ether 12:08:0b:9b:f7:02 brd ff:ff:ff:ff:ff:ff altname enp19s0 altname enx020116497402 inet 192.168.0.7/24 brd 192.168.0.255 scope global ens2 valid_lft forever preferred_lft forever inet6 fe80::1008:bff:fe9b:f702/64 scope link valid_lft forever preferred_lft forever ``` {% endcode %} Finally, you need to disable automatic network configuration through `cloud-init` to prevent it from overwriting your settings. This is accomplished with the following command: {% code title="Command" %} ``` sudo sh -c 'echo "network: {config: disabled}" > /etc/cloud/cloud.cfg.d/99-disable-network-config.cfg' ``` {% endcode %} {% endtab %} {% tab title="AlmaLinux" %} Begin by identifying the name of the new adapter using either `dmesg` or `ip addr`. {% code title="Command" %} ``` sudo dmesg ``` {% endcode %} The line you are looking for should resemble something like this: {% code title="Command" %} ``` vmxnet3 0000:13:00.0 ens224: renamed from eth0 ``` {% endcode %} The name of the new adapter is `eth1`. If, for some reason, the adapter cannot be found in the output from `dmesg`, it is also possible to list all adapters using the command `ip addr`. The adapter without an IP address is most likely the new one. Once you know the adapter's name, assign it an IP address. The easiest way to do this is with the `nmcli` command. Start by confirming that the adapter appears in the list using `nmcli connection`. {% code title="Command" %} ``` nmcli connection ``` {% endcode %} {% code title="Output" %} ``` NAME UUID TYPE DEVICE cloud-init ens192 dfaf916e-1ddf-5437-bf6d-d2dbb171f650 ethernet ens192 Wired connection 1 7a007834-dbbf-3152-a9f7-8437f0f52951 ethernet ens224 lo 960d1fd7-5f76-4fcc-b978-0cb904b04afc loopback lo ``` {% endcode %} The adapter `ens224` is likely highlighted in yellow because it lacks an address. Now, assign the adapter an IP address. In this example, we choose `192.168.0.8` with the subnet mask /24 (`255.255.255.0`). Use the full name from the list, `Wired connection 1`, which corresponds to `ens224`. Next, you also need to set the adapter to manual (static) mode: {% code title="Commands" %} ``` sudo nmcli connection modify "Wired connection 1" ipv4.address "192.168.0.8/24" sudo nmcli connection modify "Wired connection 1" ipv4.method manual ``` {% endcode %} Now, let's activate the adapter using the new settings: {% code title="Command" %} ``` sudo nmcli connection up "Wired connection 1" ``` {% endcode %} Finally, make sure the adapter has the correct IP address: {% code title="Command" %} ``` ip addr show dev ens224 ``` {% endcode %} {% code title="Output" %} ``` 3: ens224: mtu 1500 qdisc mq state UP group default qlen 1000 link/ether 02:01:14:93:97:02 brd ff:ff:ff:ff:ff:ff altname enp19s0 altname enx020114939702 inet 192.168.0.8/24 brd 192.168.0.255 scope global noprefixroute ens224 valid_lft forever preferred_lft forever inet6 fe80::1:14ff:fe93:9702/64 scope link noprefixroute valid_lft forever preferred_lft forever ``` {% endcode %} {% endtab %} {% tab title="Win Server 2022" %} Start by right-clicking on the network icon in the taskbar. Then, select **Open Network & Internet settings**.

In the dialog window that opens, select **Change adapter options**.

A list of all the server's network adapters is now displayed. The one with the highest number is most likely the new adapter; in this case, it is Ethernet 1. Right-click on it and select **Properties**.

In the next dialog box, select **Internet Protocol Version 4 (TCP/IPv4)** and click on **Properties**.

Next, assign an IP address to the adapter. Here, we select the IP address `192.168.0.9` with the subnet mask `255.255.255.0` (/24). When you're finished, click **OK** to save the settings.

{% endtab %} {% tab title="Win Server 2025" %} Start by right-clicking on the network icon in the taskbar. Then, select **Open Network & Internet settings**.

In the window that opens, select **Advanced network settings**.

A list of all the server's network adapters is now displayed. The one with the highest number is most likely the new adapter; in this case, it is *Ethernet1*. Click on it to expand the settings for the adapter, and select **Edit**.

In the next dialog box, select **Internet Protocol Version 4 (TCP/IPv4)** and click on **Properties**.

Next, assign an IP address to the adapter. Here, we select the IP address `192.168.0.9` with the subnet mask `255.255.255.0` (/24). When you're finished, click **OK** to save the settings.

{% endtab %} {% endtabs %} Finally, after all the servers have been assigned an IP address, you can ping them: {% code title="Command" %} ``` ping 192.168.0.6 ``` {% endcode %} {% code title="Output (abort ping with Ctrl-c)" %} ``` PING 192.168.0.6 (192.168.0.6) 56(84) bytes of data. 64 bytes from 192.168.0.6: icmp_seq=1 ttl=64 time=0.183 ms 64 bytes from 192.168.0.6: icmp_seq=2 ttl=64 time=0.206 ms 64 bytes from 192.168.0.6: icmp_seq=3 ttl=64 time=0.158 ms --- 192.168.0.6 ping statistics --- 3 packets transmitted, 3 received, 0% packet loss, time 2086ms rtt min/avg/max/mdev = 0.158/0.182/0.206/0.019 ms ``` {% endcode %} ## Delete a private network To delete a private network, you must first delete all the network adapters that are connected to it. Then, you must delete the segments within the network. Finally, you can delete the network. Start by deleting the network adapter from each VM that is connected to the private network. Click on the virtual machine in the overview, select the **Network adapters** tab, click the three dots next to the adapter connected to the private network's segment, and click **Delete**.

A dialog window will open where you need to confirm the deletion by typing the name of the adapter and clicking **Delete.** Next, delete the segment within the network. Click **Private networks** in the left-hand menu to open an overview of all your private networks. Click on the network for which you want to delete the segment. Delete the segment by clicking the three dots next to the segment name and selecting **Delete**.

In the next dialog box, confirm the deletion of the segment by typing the segment's name in the text field and clicking **Delete**. Finally, delete the entire private network by clicking the three dots at the top of the network overview and selecting **Delete**.

In the next dialog box, confirm the deletion by typing the network's name in the text field and selecting **Delete**. ## Create a private network using the API To create a private network using the [API](/platform/control-panel/api.md), follow the same pattern as when creating a private network using the control panel. 1. Create a new private network using the [privatenetwork/create](https://github.com/GleSYS/API-docs/wiki/API-Documentation#privatenetworkcreate) endpoint. 2. Create a new segment within the private network, using the [privatenetwork/createsegment](https://github.com/GleSYS/API-docs/wiki/API-Documentation#privatenetworkcreatesegment) endpoint. 3. List the segments within the private network using [privatenetwork/listsegments](https://github.com/GleSYS/API-docs/wiki/API-Documentation#privatenetworklistsegments) endpoint to get the ID of the segment. 4. Create a new network adapter for the VM, using the [networkadapter/create](https://github.com/GleSYS/API-docs/wiki/API-Documentation#networkadaptercreate) endpoint. For the network ID, use the segment ID from point 3 above. ### Manage private networks using the API * To edit a private network, use the [privatenetwork/edit](https://github.com/GleSYS/API-docs/wiki/API-Documentation#privatenetworkedit) endpoint. * To edit a segment within a private network, use the [privatenetwork/editsegment](https://github.com/GleSYS/API-docs/wiki/API-Documentation#privatenetworkedit) endpoint. * To list your private networks and segments, use the [privatenetwork/list](https://github.com/GleSYS/API-docs/wiki/API-Documentation#privatenetworklist) and [privatenetwork/listsegment](https://github.com/GleSYS/API-docs/wiki/API-Documentation#privatenetworklistsegments), respectively. * To delete a segment within a private network, use the [privatenetwork/deletesegment](https://github.com/GleSYS/API-docs/wiki/API-Documentation#privatenetworkdeletesegment) endpoint. * To delete a private network, use the [privatenetwork/delete](https://github.com/GleSYS/API-docs/wiki/API-Documentation#privatenetworkdelete) endpoint. * To retrieve an estimated cost of a private network, use the [privatenetwork/estimatedcost](https://github.com/GleSYS/API-docs/wiki/API-Documentation#privatenetworkestimatedcost) endpoint. --- # Agent Instructions This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com. ## Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter, and the optional `goal` query parameter: ``` GET https://docs.glesys.com/products/compute/vmware-virtual-machines/how-tos/manage-private-networks.md?ask=&goal= ``` `ask` is the immediate question: it should be specific, self-contained, and written in natural language. `goal` is optional and describes the broader end goal you are ultimately trying to accomplish on behalf of the user. GitBook uses it to tailor the answer towards what is most useful for that goal. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.