Windows Server 2012 - Two NIC - Two VLAN - Test enviroment and Production best practice?

Question

Tips and best practice on having a test enviorments with Hyper-v.

We got a Windows Server 2012 Datacenter server with Hyper-V (testserver) set up in our domain.

This server is used to create virtual machines for testing purposes. Currently we have all the test VMs on the same domain as our production. But we would like to change this.

The idea is. Set up a new VLAN with a different IP-range in our firewall. Connect the VLAN to NIC2 on the testserver (still have it connected to our production network on NIC1). Then create a new virtual switch in hyper-v which we then assign to all the VM's. Create a new VM-DC with a new testdomain which we also uses as a DNS server. Assign static IP to all new VMs and add all VMs to the new domain.

Best practice would be to keep these enviroments totally seperated. But we want to be able to connect through remote desktop from our local computers to the VMs and also to the host server.

So my question is. Is this a solution that could lead to security issues with having the host connected to both IP-ranges.

Answer 1

Best practice would be to keep these enviroments totally seperated. But we want to be able to connect through remote desktop

The requirement is these VMs are totally separated but can be accessed ?

I'd suggest you just use different subnet (assume it is subnet2 ) for these VMs not using VLAN .

Then configure additional subnet2 IPs for local computers to connect VMs running in subnet2 .

If you want only some computers (Local computers) to connect VMs ( assume Local computers and VMs are in different VLAN ) , you may need a 3 level switch or router for VLAN routing .