Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
?
Solved

VMWare Networking

Posted on 2006-05-19
24
Medium Priority
?
3,017 Views
Last Modified: 2013-11-15
I currently have a windows 2003 server on our LAN, it is hosting 3 virtual machines, 1 of which is another 2003 server and the other 2 are windows xp pro machines.
The 3 VM's are networked together but cannot see the LAN which the host machine is part of. This is clump 1.
 
Is there a way to add a second clump of virtual machines (which is an identical copy of the first clump) to the host machine? The clumps should obviously have no knowledge of each other.
My attempts so far have been unsuccessful as VMWare will not allow me to have 2 network adapters with the same IP address.
 
Any help is much appreciated.
0
Comment
Question by:visualfilesis
  • 8
  • 7
  • 6
  • +1
24 Comments
 
LVL 16

Expert Comment

by:gurutc
ID: 16717195
How is networking set up on the VMs?  is it NAT (default) or Bridged?  Do the VMs have IP addresses on the same subnet as the VM hosting machine?  If not, assign same subnet as host machine IPs (unique IPs, one for each VM) to VMs and try setting each VM's networking settings to bridging.

- gurutc
0
 

Author Comment

by:visualfilesis
ID: 16717522
Thanks for your reply.
The server VM has 2 virtual adapters, one of which uses NAT and the other is part of a private subnet shared between the other 2 VMs. These other VMs cannot see the host machine, they can only see each other and the server VM.
I would like this private subnet to remain private, i.e. not be part of the same subnet as the host machine. :-)

Thanks
0
 
LVL 16

Expert Comment

by:gurutc
ID: 16717678
Here's four possible 'NAT'ural workarounds.  

1. Add another IP address to the VM Host Server Adapter and configure the second 'clump' to NAT to this additional and different 'real' IP.

or if it's picky about network layers,

2. Add another hardware network adapter card to the VM Host Server which would obviously get it's own IP address and map the second clump to it.

or, just thought of this,

3. Configure the first 'clump' to map to the actual non-loopback IP of the VM Host Server adapter, and configure the second 'clump' to map to the loopback address, 127.0.0.1, of the VM Host Server.

4. Configure the 'servers' in each 'clump' to bridge and the workstations in each clump to be fully private.  Then configure a fully private subnet on the VM Host Server and the 'clump' servers.  Be sure to not set a default gateway on the 'clump' servers so they can't find there way to the real subnet.  Then setup routing and remote access on the 'clump' servers and the VM Host Server.  Configure incoming VPN on the VM Host Server.  Configure the 'clump' servers to connect to the VM Host Server with a VPN connection.  Then configure the 'clump' servers to offer NAT to the 'clump' workstations.  This is very convoluted, but it keeps the clumps off the real net.

Hope one of these works for you,
-gurutc

0
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 22

Expert Comment

by:cj_1969
ID: 16717685
I'm not clear on what you want to do.
Are you trying to install another Win2k3 Vm server and 2 more XP clients on the same physical machine as the other 3 that are already installed?  If so, yes, it is possible.  If you want to use the same IP addresses then No.  You should be able to create them on a different IP subnet though and emulate the same functionality of the original three.

Next question ... do you want the VM instances to be able to talk to other machines that are not in the VM environment?  This is possible but I'm not clear on if this is a problem or not.  If you have a NAT interface this should allow you to set up the vm instances to talk off the server.

Now I would have to look into this to know if you need a new network interface card in the server to set up the additional subnet or if you can just add an additional IP address to the host virtual adapter (which you can do in a native Win2k3 server) for the additional "clump"/subnet ... but you SHOULD be able to do this.

Let us know exactly what it is you are trying to set up and we'll get you the answers you need ... I have a Win2k3 VM host sitting here next to me that I can test this with once I know exactly what you are trying to do.
0
 
LVL 16

Expert Comment

by:gurutc
ID: 16717711
Aaah, great minds thinkin!

- gurutc
0
 

Author Comment

by:visualfilesis
ID: 16718608
My apologies for the confusion. At the moment I have the 2003 server VM set up to allow VPN access. We can connect to this VPN and then we have access to the private subnet.
I am trying to install another win2k3 vm server and 2 more clients on the same physical machine yes. I thought it may be possible for them to be exactly the same as the first 3 (including IP addresses) if they were somehow seperated from the original 3. At the moment we have this second 'clump' on a seperate physical machine but would like them on the same machine. Perhaps there is someway I could connect to the second 3 with another VPN connection?
The VMs do not need to talk to any machines that are not in the VM environment.

Thanks
0
 
LVL 22

Expert Comment

by:cj_1969
ID: 16719770
Since the client machine's (VM instances) have to correspond to a network configured on the VM host you will not be able to completely clone the vm clients and have the same IP addresses as the other 3 vm clients ... the host is not going to allow you to configure the same IP address to the virtual interface.

If they don't need to communicate off the server, only amoungst the 3 client machines ... then there might be a way ... if you create a new VM Network interface on the server and assign it any arbitrary IP address and subnet range, you should still be able to install your client machines and have them talk to each other ... assuming that the server is not acting as a bridge of any kind and actualy emulating a real broadcast then the fact that it has a different IP address from the other clients should not matter ... the client machines should still be able to talk to each other.

I think this will accomplish what you are wanting to do.
0
 
LVL 16

Expert Comment

by:gurutc
ID: 16720318
I just have to say, this is a darn cool question!  Good job, asker.  I am setting up the situation environment now on a beefy box cuz I just want to see a WAN running on a single VM Host box for myself.  When you get this working, you need to post the machines to VMWare and what the final solution was.

- gurutc
0
 
LVL 22

Expert Comment

by:cj_1969
ID: 16722754
If you multi-home the Win2k3 VM instance so that it has an IP on the subnet of the VM server interface for the "LAN" that it is on and bridge or NAT that to an actual network interface on the host VM serveryou might actaully be able to get them all talking if you NAT through the VM 2k3 server ... this COULD work!  I might just have to try this myself next week  :)
0
 
LVL 44

Expert Comment

by:scrathcyboy
ID: 16723041
Network traffic cannot go "in" the same device as it goes "out" when it is originating from that device.  The only way is to use windows "loopback" adapter.  So since all VMs are using the same NIC, they can't send the data out to the other VM to get it.  You can try the MS loopback adapter, that might work, else, nix.
0
 

Author Comment

by:visualfilesis
ID: 16733093
Thanks for your replies chaps, this has been most inspiring. The VM technology, i think, is set to explode, so its good that its getting people interested.

What we want to achieve with this setup is basically so that we can have multiple copies of a "clump" running, which can be copied quickly to a physical host server from a NAS drive and then booted up with the minimal amount of re-configuration. Ideally none. This is possible on separate physical hosts at the moment, but for the numbers of clumps which may be involved, this is not really viable. We have only 3 VM host boxes at the moment, all capable of running AT LEAST 3 clumps each. So it would be great if all we had to do was to just set each of the subsequent clump vm's to use a separate Virtual Network Adaptor. Instead of having to boot it up, change the IP, maybe change it's netbios hostname, edit the host file(s), adjust the application parameters for whichever flavor of server is running in a particular clump.. this would almost defeat the object of using VM's!!!
I've had a go at adding the next virtual adaptors & setting them to have the same subnet, but to no avail, VMWare is too clever! Surely if it's a completely private subnet, you should be able to assign whatever IP address you like to it. I wonder if VMWare just hasn't come accross the need for this yet, hence did not think to add this functionality?
So, I am resigning myself to the fact that there is going to have to be slightly more administration when a new clump comes online, but I'm not sure exactly how to go about this the fastest \ simplest \ best way & would apprieciate your opinions.

Cheers in anticipation!
0
 
LVL 22

Expert Comment

by:cj_1969
ID: 16734128
On the VM network interface you HAVE to assign different IP addresses ... this should not affect the IP addresses of the machines that are running in the "clump" though ... that is the key to setting this up and getting it to work.
When you create the virtual machines environments for each machine in the clump, set each machine to use the same VM interface as the other machines that it needs to talk to ... this should keep all the machines in the clump on the same "VLAN".  Since the machines do not need to talk to the machines in the other clumps, do not enalble bridging on the VM network interface ... if you do want them to talk outside the VM host then you could enable NAT on it.  Since the machines in the clump won't be on the same subnet (although they will be on the same VLAN) they will not be able to talk to or through the host adapter.  This is the key to having the clumps running on the same server.  If you want the machines to talk outside of the clump you will have to set up some routing to NAT the addresses from the clump subnet through an address on the same subnet to translate to an address on the same subnet as the host address for that VLAN.   This will then NAT from the host VLAN out to the "shared" network segment, there-by allowing the machines to talk to other machines out there.
0
 

Author Comment

by:visualfilesis
ID: 16734977
Yes, I think you are onto something there. The problem is going to come with the VPN server which must exist for each clump. This enables any client on our real LAN to be able to VPN in to a particular clump and be given an IP address on the VLAN's subnet, thus allowing a client to be configured on the real LAN which can act as a client on each of the clumps - up to a point, as; if we have to use different subnet values for each clump, then the real client, when connected to each of the vlan's, through the vm vpn server, will pick up a virtual ip address, but then the client software, will have to be configured to look for the vm server, within that clump's, netbios name, rather than ip address.

Man, this is getting complicated!!! It'd be much easier to buy a physical server for each clump!!! ;O) I'm confusing myself now!!
0
 
LVL 44

Expert Comment

by:scrathcyboy
ID: 16737254
SOme of the frustration you are seeing is windows limitations itself, not being able to multihome a single adapter, not being able to setup multiple simultaneous TCP/IP configurations and switch between them, and so forth, some of which is imposed by the nature of TCP/IP, but not all of it.  I was hoping that Vista would totally extend the "monolithic" NIC to IP model of the current windows code, but alas, Microsoft STILL after all these years STILL does not understand the concept of virtualizing the IP interface of windows.  
0
 
LVL 22

Expert Comment

by:cj_1969
ID: 16737408
Wouldn't you have the same problem on physical servers?  If the clumps do not talk off the VM host then how is any other machine going to interact with them?

As an alternative ... do the clumps all have to be able to run at the same time?  If not then you could have them all in the same server and just start machines in the same clump up so that they are the only ones running.  Just an idea ... until I'm a little clearer on what it is you need to do.

What is the VPN connecton connection to?  The host machine for the VM environments or the VM instance of 2k3?
0
 

Author Comment

by:visualfilesis
ID: 16741360
To CJ - We dont have the same problem with physical servers. I will try to explain further...
The VM's are configured with 1 per clump being bridged to the physical server's NIC on the REAL LAN. This is a windows 2003 server with VPN server configured to route traffic from the VLAN to the LAN. This currently enables us to have exact copies of the clumps on physical servers, each with the same IP subnet. Then when a user, who is linked to the real LAN, wants to work on a particular clump, they use the windows VPN client to connect to the VM VPN server in that clump and are given a virtual IP on that subnet.

This works for them as if they had 3 physical servers under their desk on a private hub which they have then plugged their LAN cable in to. Each clump maintains it's own DNS server, AD & global catalogue server and PDC and\or BDC etc. So it is simpler if the IP ranges can stay the same.

At the moment, this is a pilot project, so the amount of  clumps which are running is minimal, but the pilot is going very well. The product we are testing in these "clumps" is an enterprise level database application, which can be linked to numerous other 3rd party applications, these 3rd party apps have been configured on VM's, of which any combination can be chosen to make up a clump. e.g. Clump 1 could consist of 1xExchange server, 1xDocument management server, 1xOur db app server(including VPN server). Clump 2 = 1xGroupwise server, 1xAccounts server, 1xour db app server(including VPN server). The combinations of which can get very silly! Hence the requirement to run multiple clumps per server.

Initially, we configured the physical host server as the VPN server and did just host 1 clump per server, but we realised that this was a severe waste of resources and we could maximise the server utilisation by having the VPN server within the clump, hence allowing for multiple clumps (albeit currently with a different IP subnet) per server. Now the only stumbling block is the inability to be able to clone a clump without having to have a sysadmin on hand to re-configure that clump to run on its new subnet - this can involve, depending on the make up, adjusting DNS, adjusting host files, adjusting pointers within the application etc. etc. - it would be a mamouth task to document all the changes involved owing to the complexity of some of the possible clump contents. That would also present further issues if settings were missed, causing time lost to troubleshoot these.

I had a thought, based on what scrathcyboy has said about multihoming a NIC; These servers have 2 NIC's in them already. Utilising these, even if only to make them able to run 2 clumps per server, could we assign a VPN server to each NIC. This would be a major step in the right direction.
Would this be possible, or have I misunderstood?
0
 
LVL 22

Expert Comment

by:cj_1969
ID: 16742287
Yes, you can definately do what you want if you have a physical interface on the host machine for each clump that you want to run ... each interface on the host would essentially emulate a physical server on the LAN.

Let me look at my server and see if there is a way to do this without a physical interface for each one ... don't know that there is but I won't know until I look  :)
I'll let you know what I find out.
0
 
LVL 44

Expert Comment

by:scrathcyboy
ID: 16744750
"These servers have 2 NIC's in them already. Utilising these, even if only to make them able to run 2 clumps per server, could we assign a VPN server to each NIC."

Yes, you can put 3 NICS in each system and get exactly what you want.  Realize, this is working around windows inability to multiplex an adapter across virtual machines, but it will definitiely work.
0
 
LVL 22

Accepted Solution

by:
cj_1969 earned 2000 total points
ID: 16750786
I think you can do EXACTLY what you want even with the one interface.

First, from the VM Server Console, you need to create the Host Virtual Adapters, one for each clump.
  *** Check the Summary tab to make sure that each of the new VMnets is " A private networks shared with the host"
Next, select each of the virtual machines to be in a clump, select "Edit virtual machine settings",
  - select the Hardware tab
  - select the Ethernet device
  - select Custom from the Network Connection
  - Click Ok
  *** you have now isolated all of its communication to a host only "VLAN"

Next, select the Win2k3 VPN server
  - go through the same menu selection to get to the hardware list.
  - Click the ADD button
  - Add a new Ethernet adapter
  - Select Bridged as the "Network Connection" type
  -- Click the Ok button

*** Do this for each clump, selecting a different VMnet for each clump

Now you should have all your clumps isolated to their own internal VLAN on the VM server with a bridged network adapter available for the Win2k3 server for VPN access.

Now you need to configure the IP address on the Win2k3 server as a legitimate IP address on your network, each Win2k3 server will need a unique IP address, just as your physical servers, so that you don't run into IP address conflicts.
  - Set up your VPN access to the server on this bridged Ethernet interface.

*** You have now completely emulated the multiple Physical server configuration you currently have
*** All of your clumps are isolated so that they will only talk to other machines in the same clump
*** Each clump can be VPN'd into via the bridged network interface on the Win2k3 server

Let me know if/when you  get this working.

P.S.  I haven't actually implemented this, I don't have the disk space on my server to set up that many machines, but I am looking at the options within the VM Server Console and based on these configuration options this SHOULD work.
0
 
LVL 22

Expert Comment

by:cj_1969
ID: 16750812
Opps ... In the instructions, I missed the selecting of the VMnet after selecting Custom from the Ethernet settings.  
*** This is what will isolate the LAN traffic for each clump so that they can only talk to one another and run into IP address conflicts with the machines in the other clumps.
0
 

Author Comment

by:visualfilesis
ID: 16832865
We have now managed to get this working with the solution above from cj_1969. - Thanks very much.
And thank you to everyone else who contributed. :-)
0
 
LVL 16

Expert Comment

by:gurutc
ID: 16841287
Good good
0
 

Author Comment

by:visualfilesis
ID: 16853952
Sorry Guru, I wanted to split the points with you, but couldn't find the option.
Lame excuse for a techi i know!! ;O)
0
 
LVL 16

Expert Comment

by:gurutc
ID: 16854795
I am absolutely perfectly cool with cj_1969 getting the points.  I make my monthly points for my free membership with no trouble.  cj_1969 went the extra mile on this one with a detailed 'cipherin' of how to make this work.  I'm actually bookmarking this question so I can keep cj_1969's excellent and detailed configuration guide handy.  So don't feel bad.  I'm glad you're working, and your nifty experiment has helped me by inspiring me to virtualize some of my horde of non-virtual servers so thanks for that too.  

But, if there's a question you want to award split points for, here's how.  Down at the bottom, below all the questions, answers, and comments including the new comment box is the SPLIT button.  It took me some looking to find it as well.  Almost all the experts here are cool with askers splitting points, and that's the best way to encourage input from 'one more' expert who may be able to add the 'sprinkles' to the 'ice cream sundae' that is an almost fully answered question.

Thanks for being an involved and communicative 'asker.'

- gurutc
0

Featured Post

VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In this tutorial, we’re going to learn how to convert Youtube to mp3 for Free. We'll show you how easy it is to make an mp3 from your video clips so that you can enjoy them offline.
In today’s time where quality is an essential factor all over the world, software testing and effective QA (Quality Assurance) is an all-important element for any business to ensure less risk for an end product. A good software testing company deliv…
The viewer will learn how to successfully download and install the SARDU utility on Windows 7, without downloading adware.
This is used to tweak the memory usage for your computer, it is used for servers more so than workstations but just be careful editing registry settings as it may cause irreversible results. I hold no responsibility for anything you do to the regist…
Suggested Courses

581 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question