0

I am currently setting up a Windows Server 2012 machine that will be colocated. It will have around 10 VM's on it that allow various users to connect in and run them from home. Most of the VM's will be Windows 8 unless they are for basic testing purposes. I do have access to creating a second Windows Sever 2012 machine as a VM if needed.

The physical machine will be connected directly to the colocation service so I will have a specific static IP that I will need to use for the physical machine. I am new to networking like this and I'm having trouble figuring out how to setup either a) the physical machine with routing capability or b) setting up a VM to act as the router. In both cases I will not have the ability to put my own physical router in the location and thus need to be able to route traffic to the VM's using a virtual router.

Since I have the one public static IP I am assuming that will need to go to the physical machine and then through something like RRAS I would somehow create the equivalent of a router that could either a) assign IP's to the VM's through DHCP or b) route to static IP's that have been assigned to each VM. All the VM's will need to be able to access the internet.

I guess my question is through what I have described is it possible for me to use something that is built in to Windows Server 2012 to achieve what I want with 1 physical NIC, 1 public static IP, 1 physical server, and multiple VM's on Hyper-V? If so does anyone know of any good information on how to set this up because I keep finding information out there but in most cases there is some physical router being assumed in what I have read and thus I am stuck at the moment.

UPDATE: I'm told by my boss that he wants to keep everything in a windows environment for various reasons of his own. I have read about using a loopback adapter with RRAS as a possible way to solve this? Does anyone know if that might work and if so how?

Thank you for any help you may provide.

esire
  • 3
  • 3
  • vpn from the host to your network? – Joel Coel Mar 26 '13 at 19:22
  • I can VPN to the host but then how do I set up the rest of the network? I have one public static IP that will connect directly from the colocation company. Then the VM's will need to get their IP's from somewhere. My question I guess is how to set up those VMs' IP settings? In a physical router the router either handles that or defines the static IP range to handle that. – esire Mar 26 '13 at 19:41
  • What connectivity options do the individual VMs need? Will they be listening for requests from outside traffic, e.g. acting as a web server or are these strictly to remote into and test something on the private intra-VM network? A mix? Something else? – Goyuix Mar 26 '13 at 20:05
  • Some VM's will be explicitly for people remoting in and testing. Others will be for remoting in and doing development work. Two will be for remoting in and doing clerical work. And a few will have our company users remoting into them and then using a third party program the clients who use our software can request assistance that will allow our company VM's to see their screens. So for the most part all the machines will need internet access and have RDP access. With the current physical router we can use port forwarding on the router to RDP into specific VM's. – esire Mar 26 '13 at 20:17

2 Answers2

0

I would suggest you run pfSense in a VM as your router. It's fairly easy to work with, and free.

Essentially though, your setup will look like this:

                      Physical box with one NIC
                  +------------------------------------------------------+
+------------+    |                                                      |
|  Internet  |{--}| {Lan Bridge} [ROUTER] {-VMLAN-} [ Virtual Machines]  |
+------------+    |                                                      |
                  +------------------------------------------------------+

Using this, all your virtual machines have a private subnet(say, 192.168.34.0/24), Your router is bridged to the World on the physical interface. and has a virtual link to the VM LAN network. Your physical system then has no direct connection using it's physical interface, and an a private address on a virtual link to the VM LAN as well.

Richard June
  • 728
  • 4
  • 7
  • I am definitely going to look at pfSense. But I thought that this was something that was built into Windows Server 2012 through something like RRAS? I may be totally incorrect. My only worry is that I am less experienced with Linux than I am with networking and my boss also is trying to keep this all in the Windows Server 2012 family. If that isn't possible then I am definitely open to using pfSense. Thank you very much for this idea. – esire Mar 26 '13 at 20:39
0

I would also use pfSense on Linux VM but as you stated in your update you want this on a Windows box, then this is also possible, detailed two way below. First on Running RRAS on the host and one running RRAS on a VM.

RRAS on the Host

Create a single virtual switch Internal type so they host has a virtual adaptor to this switch. Your other VM's will also connect to this switch to use the NAT Router.

Set the physical NIC for your external IP and set your virtual adaptor as a static internal IP Address for example 10.0.0.1, you other VM's can then be allocated IP Address in the same range or may want to use DHCP.

Install Routing and Remote access as a windows feature

Use the wizard to configure, as theses servers are remote You going to need VPN and NAT.

The wizard will ask you which adaptor you want to use for a NAT internet connection, select your physical NIC.

RRAS on Virtual Machine

First off create your virtual switches.

  1. External Switch - External Type - attached is to your physical NIC, but do not allow the host machine access to this switch.
  2. Internal Switch - Your other VM's will connect to this switch as well as your host machine to access internet via the NAT router.

On the VM you using as your Router etc, I usually run DHCP, DNS on this machine as well. Attached two virtual adaptors, one to each switch.

Set the IP on the adaptor connected to the external switch to your public address.

Set a static internal IP Address for example 10.0.0.1, you other VM's can then be allocated IP Address in the same range or you may want to use DHCP.

Install Routing and Remote access as a windows feature

Use the wizard to configure, as theses servers are remote You going to need VPN and NAT.

The wizard will ask you which adaptor you want to use for a NAT internet connection, select your external adaptor.

Windows 10 and Windows Server 2016 lets you configure a NAT using powershell, i would not recommend this in a production environment though. https://docs.microsoft.com/en-us/virtualization/hyper-v-on-windows/user-guide/setup-nat-network

RickWeb
  • 285
  • 2
  • 13