<

Setting up a Multi-Site AD Lab on a single Hyper-V host

Published on
5,018 Points
1,918 Views
1 Endorsement
Last Modified:
In this article, I am going to show you how to simulate a multi-site Lab environment on a single Hyper-V host. I use this method successfully in my own lab to simulate three fully routed global AD Sites on a Windows 10 Hyper-V host.
Most IT Professionals would have access to some form of a lab environment as part of their job.  These often tend to be a handful of VMs/hosts running in an isolated vlan.  It is also likely that your lab is just your workstation or a dedicated machine running a hypervisor.
 
Regardless of your arrangement, most labs are simplistic in their design and it is not always possible to simulate a multi-site WAN infrastructure there.  In this article, I am going to show you a way to do just that with a simple lab running on a single Hyper-V host.  I use this method to simulate a three site global AD infrastructure on a Windows 10 Hyper-V host and it works quite well.

I am not going to cover the installation of Hyper-V role here as it is beyond the scope of the article.  I am also going to assume you know the basics of Hyper-V and PowerShell command line.  Understanding networking principles is also a plus though I will try and keep it simple as much as possible.

 

Network Topology

MultiSite-LAB.png

The diagram above shows the network topology of the WAN infrastructure we are going to simulate in our lab.  We have three regional sites - London, New York, and Singapore each with a distinct subnet.  There is also a Virtual Router VM which will be connecting the networks between each other and to the internet via the host computer.  The router VM is the key component of our setup and much of this article will be covering its configuration.
 

Setting up the Virtual Switches in Hyper-V

Open PowerShell as administrator and enter the below to setup the three Private Virtual Switches required for our sites in Hyper-V.


”London”,"New York",”Singapore” | % {New-VMSwitch -Name $_ -SwitchType Private}


You should already have at least one External Virtual Switch bound to the local network adaptor as part of your initial Hyper-V configuration.  If not, create one now.  This is the one named “Host Network” in my example below.


VM-Switch.PNG 

Setting up the Router VM

We are going to use t1n1wall (http://t1n1wall.com) open source router as our Virtual Router VM.  After testing quite a few virtual routers, I found this to be the most reliable and easiest to work with.


1. Download the most recent generic-pc-installer image (.img file) from http://t1n1wall.com

2. Download physdiskwrite image writer from http://m0n0.ch/wall/physdiskwrite.php

3. Create a 128MB Fixed Size VHD using Disk Management MMC as below; initialise and bring it online VirtualDisk.PNG4. Open Command prompt as administrator and run the command below to burn the image file to the newly created VHD

syntax: physdiskwrite.exe <imagefilename>
e.g.: physdiskwrite.exe generic-pc-installer-2.11.1b126.img

Select the correct PhysicalDrive id when prompted. It is PhysicalDrive2 in this case so I entered 2.  There is a real risk of data loss if you select the incorrect drive here so be extra careful!  CommandLine.PNG5. Detach the VHD in Disk Management

6. Create and configure the router VM from PowerShell with the below commands (use correct external SwitchName and VHDPath values for your environment)

New-VM -Name "RouterVM" -SwitchName "Host Network" -VHDPath D:\VMLab\RouterVM.vhd -Generation 1 -MemoryStartupBytes 512MB -BootDevice VHD | Set-VM -StaticMemory

7. Now connect the VM to the virtual switches we created earlier


“London”,“New York”,”Singapore” | % {Add-VMNetworkAdapter -VMName “RouterVM” -SwitchName $_}

8. Remove unnecessary devices like the SCSI Controller and DVD-ROM from RouterVM and power it on

RouterVM-firstboot.PNG9. Run the following from a PowerShell console and note down the SwitchName and MacAddresses for each interface

Get-VMNetworkAdapter -VMName "RouterVM"

NIC_Mapping.PNG10. Go back to the RouterVM console and select option 1 (Interfaces: assign network ports). Match the interface names to our Virtual Switches using the Mac Address

Interface_Selection.PNGEnter n when prompted for VLAN setup and continue...

Interface_Assignment.PNG11. Enter the correct LAN (interface connected to London site in my example), WAN (interface connect to Host Network), OPT1 (New York) and OPT2 (Singapore) interfaces and complete the wizard

12. Once rebooted, select option 2 (Set up LAN IP address) and change the LAN IP to 10.10.10.254 with a bit mask of 24 LAN_IP_Assignment.PNG


Configuring the Router OS


  1. Spin up three Windows VMs and connect one each to the three Virtual Switches (See VM connected to London below) LondonVM.PNG
  2. Logon to the London VM and change the IP address to 10.10.10.1 with netmask 255.255.255.0 and default gateway 10.10.10.254. You can use 8.8.8.8 as primary DNS for testing internet traffic.
  3. Launch a browser window inside the VM and goto http://10.10.10.254
  4. Enter the username admin and password t1n1 to logon to T1n1wall admin console Router_Config_insideVM.PNG
  5. Select WAN interface from the menu on your left and configure the interface.  (Assign a static IP address in case your host network doesn't have a DHCP server or leave it at DHCP).  It is also a good idea to uncheck Block private networks option at the bottom of WAN interface settings as your host network is likely be in a private range
  6. Select interface OPT2, enable and assign it an IP of 10.10.20.254/24 (renamed to NYC in screenshot above)
  7. Select interface OPT3, enable and assign it an IP of 10.10.30.254/24 (renamed to SNG in screenshot above)
  8. Select Rules from under Firewalls and copy the default rule under LAN interface (see screenshot below).  Firewall_Rule.PNG
  9. Change the interface to OPT2 (or NYC) and source to OPT2 Subnet (NYC Subnet) and save.
  10. Copy the rule again and do the same for OPT3 (or SNG)  and apply the changesFirewall_Rule2.PNG 
  11. Assign an IP in the 10.10.20.0 range for your New York VM and 10.10.30.0 range for your Singapore VM (with a netmask of 255.255.255.0 and gateway of 10.10.20.254 and 10.10.30.254 respectively) and you should be able to ping between the VMs from the sites (Once you have disable Windows Firewall in the VMs that is!) Success.PNG
  12. That is it. You now have your very own Multi-site AD lab.


Simulating a WAN link with Traffic shaper


In case you want to push your lab further and wish to simulate a real WAN link, you can do that too with our router.

  1. Go to Traffic shaper under Firewall menu
  2. Create a Pipe with the settings you require (see the example settings for a 100Mbit link with 25ms latency below)Traffic-Shaping.PNG
  3. Check Enable traffic shaper under Firewall : Traffic shaper : Rules and create a new rule using the Pipe we created earlier between the sites of your choosing (see the example below)TrafficShaping-in-action.PNG
  4. You can actually see the point when the rules kicked-in in the ping output above


I hope you enjoyed reading my little article and find it useful. Please vote if you want to see more articles from me and also check out some of my other articles on the site.

1
Comment
Author:Raj-GT
1 Comment
 

Expert Comment

by:PriteshW
Good Article, setup on my lab and works well.
0

Featured Post

Put Machine Learning to Work--Protect Your Clients

Machine learning means Smarter Cybersecurity™ Solutions.
As technology continues to advance, managing and analyzing massive data sets just can’t be accomplished by humans alone. It requires huge amounts of memory and storage, as well as high-speed processing of the cloud.

Join & Write a Comment

This course is ideal for IT System Administrators working with VMware vSphere and its associated products in their company infrastructure. This course teaches you how to install and maintain this virtualization technology to store data, prevent vuln…
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …

Keep in touch with Experts Exchange

Tech news and trends delivered to your inbox every month