2

just setting up first small Hyper-V system (2012 R2). Will be a small box with two guests, one DC and one Exchange, for about 10 people. No cluster, all disks are local. There are two NICs that I plan to team, then create a vswitch and tie it to the team. Host and guests then will be connected to that one and only vswitch.

I read a lot about Hyper-V-subnetting, Vlan etc., but I'm still unsure: Is there any need for a separation of host and guests? What I plan to do is to give DC 192.168.10.1, Exc .2 and host .3. Will I run into trouble with this configuration??

Thanks a lot for help, Stefano

Stefano
  • 61
  • 2

2 Answers2

0

While is generally better to have dedicated management interface, I think that it is overkill for such a small setup. I would use the two interface combined (teaming), so that if one interface fails, the other will go up without (long) service interruption.

EDIT: ok, you are asking between using a single vswitch or using two of them. I reiterate that for such a small setup there is no significant differences; I would probably use a single vswitch, but that's all. I suggest you this interesting reading about using one vswitch vs multiple vswitches.

shodanshok
  • 47,711
  • 7
  • 111
  • 180
  • That's what I meant: Team both NICs, have one and only on external vSwitch and tie host and guests to it. – Stefano Nov 02 '15 at 19:08
  • @Stefano I've updated my answer – shodanshok Nov 02 '15 at 21:32
  • **"you are asking between using a single vswitch or using two of them."** --- No, I don't plan for two vswitches, only for one: Two pNICs, teamed together as one team and one vSwitch connected to this team (the pNICs are connected to a dumb L2-pSwitch). Then connect both vNICs and the one vmNIC to this vSwitch. Finally have every vNIC and vmNIC on its own VLAN. --- I followed your link. But it deals with the confusion of physical and virtual segregation - that's not my problem. But interesting is at least, that vSwitches are described as finally being not much more than VLANS. – Stefano Nov 04 '15 at 17:01
-1

First of all, it would be better if you clearly stated which product do you use - "Windows Server 2012 R2" (which is not free product) with Hyper-V role installed or "Hyper-V Server 2012 R2" (which is free).

But anyway, what your configuration seems to lack, is the concept of so-called "management network". Because you have not stated this explicitly, I suppose that the administrator's workstation is placed in the same network segment as the users' machines. In that case, it wouldn't make much sense to 'separate' the host from the rest of the community. If you want to isolate them properly, you need in the first place to separate the administrator's workstation(s) into a dedicated IP subnet, then create one more subnet for the Hyper-V host, then another one for your virtualized server(s); if the Exchange is accessible from the Internet - yet another subnet for it (DMZ actually), and finally, a distinct subnet for the users. Then configure access lists - or, better, a firewall - on your network equipment. Obviously, you need a L3 switch/router/firewall to do all this.

As you can see, the small scale of your setup does not free you from complying with basic security principles. So if you still eventually run into troubles (chances are) this will be because of not adhering to the best security practices, and not because of configuring some feature one or another way.

Sergio
  • 174
  • 9