{"id":164,"date":"2006-09-18T21:06:37","date_gmt":"2006-09-19T07:06:37","guid":{"rendered":"https:\/\/anildesai.net\/?p=164"},"modified":"2009-09-03T20:06:30","modified_gmt":"2009-09-04T01:06:30","slug":"microsoft-virtual-server-from-the-ground-up-part-4-configuring-virtual-networks-in-virtual-server","status":"publish","type":"post","link":"https:\/\/anildesai.net\/index.php\/2006\/09\/microsoft-virtual-server-from-the-ground-up-part-4-configuring-virtual-networks-in-virtual-server\/","title":{"rendered":"Microsoft Virtual Server from the Ground Up, Part 4: Configuring Virtual Networks in Virtual Server"},"content":{"rendered":"

This article was first published on <\/em>SearchServerVirtualization.TechTarget.com<\/em><\/a>.<\/em><\/p>\n

While virtual machines working in isolation can be useful for some purposes, modern day applications and operating systems often rely on network connectivity to accomplish their tasks. The challenge is in finding the right balance between ease of communications and security. In this article, I\u2019ll cover details about virtual networking options in Microsoft Virtual Server 2005. Read on, so you\u2019ll be able to ensure that no VM is an island (unless, of course, you want it to be).<\/p>\n

Virtual Server\u2019s Networking Architecture<\/h2>\n

Let\u2019s start by taking a look at the architecture of how Virtual Server handles network access. Figure 1 provides a high-level view. Starting from the bottom, you have your physical network \u2013 the actual cables, switches, routers, and other devices to which the host computer is connected. Above that is the host\u2019s physical network interface card (NIC) and its associated driver. That\u2019s the standard stuff. Virtual Server adds a layer called the \u201cVirtual Machine Network Services Driver\u201d. It\u2019s the responsibility of this layer to allow virtual NICs (which are configured within the VM) the ability to access the physical network.<\/p>\n

\"clip_image002\"<\/a><\/p>\n

Figure 1: An overview of Virtual Server\u2019s network architecture<\/strong><\/p>\n

In the simplest configuration, you\u2019ll likely have only a single physical NIC and a single virtual NIC. However, Virtual Server supports as many host NICs as you can install on the host OS, and up to four virtual NICs within each VM.<\/p>\n

Understanding Virtual Networks<\/h2>\n

Virtual Networks are created within Virtual Server to simplify the administration of networking options. One option is not to attach the VM\u2019s NIC to any virtual network (or to not use a virtual NIC at all). In that case, the VM will not be able to communicate with other physical or virtual machines. If you do want to enable communications, there are two main types of virtual networks options.<\/p>\n

Guest-Only Networks<\/h3>\n

A good way to minimize network security risks is to create a virtual network that restricts virtual machines to talking only to each other. Figure 2 shows an example. You can create many different Guest-Only networks, simply by choosing not to bind them to any of the host\u2019s physical network adapters.<\/p>\n

\"clip_image004\"<\/a><\/p>\n

Figure 2: A logical overview of Guest-Only virtual networks.<\/strong><\/p>\n

External Networks<\/h3>\n

When you choose to connect a host network adapter to a virtual network, all VMs that are connected to that network will act as if they were physically connected to the host\u2019s LAN (see Figure 3). In fact, other computers on the same network will have a hard time distinguishing that these machines are VMs. While this offers the best connectivity, it comes at the risk of security (you must ensure that your VMs are properly patched and secured), and manageability (VMs must use compatible network addresses).<\/p>\n

\"clip_image006\"<\/a><\/p>\n

Figure 3: A logical overview of Guest-Only virtual networks.<\/strong><\/p>\n

Creating Virtual Networks<\/h2>\n

The good news is that, once you understand Virtual Server\u2019s networking architecture, creating and managing virtual networks is pretty simple. First, let\u2019s look at how you can place limits on which physical network connections can be used.<\/p>\n

Enabling Host Network Adapters<\/h2>\n

It\u2019s not uncommon for server-side computers to have multiple physical network adapters. This is often done to segment traffic (for example, in the case of a public web server), or for performance (for example, creating a separate network connection for performing backups). In these cases, it\u2019s likely that you\u2019ll want to tell Virtual Server that one or more network interfaces is \u201coff limits\u201d for VMs. You can do this by editing the properties of the appropriate network connection and unbinding the Virtual Machine Network Services item (see Figure 3). The rules are simple: If the box is checked, then virtual networks will be able to use the physical adapter. If not, the network connection will not be available.<\/p>\n

\"clip_image007\"<\/a><\/p>\n

Figure 4: Configuring the Virtual Machine Network Services item in the properties of a host network adapter.<\/strong><\/p>\n

Managing Virtual Networks<\/h2>\n

OK, now that we have all the pre-requisites out of the way, it\u2019s time to fire up the Virtual Server Administration Web Site. By clicking on the items in the \u201cVirtual Networks\u201d Section, you can create and configure virtual networks. Figure 5 shows the screen you\u2019ll see when creating a new virtual network. The name of the virtual network can be anything descriptive. Next, you can choose whether you want to bind the network to one of the host\u2019s physical network adapters, or if you want to create a guest-only network. Finally, this page will automatically list all virtual network adapters that are not currently connected to a virtual network and will allow you to connect them directly. Click OK, and your virtual network should be ready for use.<\/p>\n

\"clip_image009\"<\/a><\/p>\n

Figure 5: Create a new virtual network.<\/strong><\/p>\n

Configuring VM Network Adapters<\/h2>\n

You can connect virtual network adapters to virtual networks by editing the configuration of an existing VM. Figure 6 shows the configuration of a VM that has multiple virtual NICs. Note that you can specify a static MAC address, or you can have Virtual Server automatically create one that will avoid conflicts. The best news is that you can connect and disconnect virtual network attachments even while the VM is running (just be sure that your OS and applications are OK with this).<\/p>\n

\"clip_image011\"<\/a><\/p>\n

Figure 6: Modifying virtual network adapter properties for a VM<\/strong><\/p>\n

More Virtual Server Networking Features<\/h2>\n

In this article, I covered the basics of getting up and running with Virtual Server\u2019s networking options. But wait, there\u2019s more! Virtual Server includes a built-in DHCP server that can be used for each of your virtual networks. As with physical network environments, this can help to greatly simplify the management of network addresses (especially if you often copy or move VMs). Of course, if your VMs are participating on the host network, you can use DHCP and other network services that might already be available.<\/p>\n

Both Windows XP SP2 and the Windows Server 2003 platform offer built-in firewall functionality, and an Internet Connection Sharing (ICS) feature. Both of these are available for you to use with your VMs through an interesting application of the Microsoft Loopback Adapter (see Virtual Server Books Online for more details).<\/p>\n

Overall, Virtual Server\u2019s networking architecture is flexible and easy-to-manage, once you know how it all works. Keep this information in mind when you\u2019re trying to determine the best balance between communications and security for your VMs.<\/p>\n","protected":false},"excerpt":{"rendered":"

This article was first published on SearchServerVirtualization.TechTarget.com. While virtual machines working in isolation can be useful for some purposes, modern day applications and operating systems often rely on network connectivity to accomplish their tasks. The challenge is in finding the right balance between ease of communications and security. In this article, I\u2019ll cover details about […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[23,12],"tags":[],"class_list":["post-164","post","type-post","status-publish","format-standard","hentry","category-microsoft-virtual-server","category-virtualization"],"_links":{"self":[{"href":"https:\/\/anildesai.net\/index.php\/wp-json\/wp\/v2\/posts\/164","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/anildesai.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/anildesai.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/anildesai.net\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/anildesai.net\/index.php\/wp-json\/wp\/v2\/comments?post=164"}],"version-history":[{"count":1,"href":"https:\/\/anildesai.net\/index.php\/wp-json\/wp\/v2\/posts\/164\/revisions"}],"predecessor-version":[{"id":378,"href":"https:\/\/anildesai.net\/index.php\/wp-json\/wp\/v2\/posts\/164\/revisions\/378"}],"wp:attachment":[{"href":"https:\/\/anildesai.net\/index.php\/wp-json\/wp\/v2\/media?parent=164"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/anildesai.net\/index.php\/wp-json\/wp\/v2\/categories?post=164"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/anildesai.net\/index.php\/wp-json\/wp\/v2\/tags?post=164"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}