Solved

Virtualiation: Network connection between Virtual Machines (theory applies to both VMWARE & Virtual Server 2005)

Posted on 2007-03-26
5
425 Views
Last Modified: 2012-05-05
Greetings,

I have read up on quite a few posts, but could not find a solid answers which I could really bank on.  For the entire weekend, I have been draw, draw, and redraw my network diagram.  My mind is going in circle and I am hoping someone could help.  I am doing my best to avoid a trip to a psychiatrist <grin>

1) CURRENT CONFIGS & SCENARIO:

Current configurations (inbound):
---------------------------------

PIX-525 ----> External Cisco Switch1 -----> Internal Cisco Switch2 ---> HOSTs

Scenario 1:
-----------

HOST A:
- Dual NIC; NIC1 = IP NOT YET ASSIGNED / NIC2 = 192.168.1.1
*** NIC1 is connected to External Switch1, NIC2 is connected to Internal SWitch2
- VM1: MS Small Business Server with ISA 2004 (to server as application server)
- VM2: WINXP PRO (as workstation)

HOSt B:
- Dual NIC: NIC1 = 192.168.1.2 / NIC2 = IP NOT YET ASSIGNED
*** BOTH NICs are connected to Internal Switch2
- VM1: WINXP PRO (as workstation)
- VM2: WINXP PRO (as workstation)

Scenario 2:
-----------

Similar to Scenario 1, but the HOST B VM1 is now a
MS Small Business Server with ISA 2004 (to serve as application server). This VM1 in HOST B now acts as a firewall.


2) PURPOSE:

a) I would like for the HOSTS to be on a different subnet.  Example, right now it is assigned to 192.168.1.x range.

b) The host will need to see each other.

c) The VMs need to see each other, but does not need to see the host.

d) The VMs need access to the internet.

e) The HOSTS also need access to the internet.

f) From outside, we also need VPN access to both the host and the VMS.

*** Please suggest the best method to configure this Virtualization network based on the current set-up & purposes.


3) OTHER QUESTIONS:

a) I am sure we are not the first to have this need.  In brief, how are the VMs be able to communicate with each other on a different subnets from the hosts.

b) The reason as to why I created Scenario 2 with the VM1 as the ISA are: Second backup ISA and second backup eMail server (fail over).  Is this not the right way to do it?

c) I saw a post which suggested to let VMs bridge through the server NIC, then remove all services and leave only virtual machines.  But doing so also leave my hosts inaccessible to the internet and other hosts.  Any suggestions?

d) I am thinking of installing another NIC (NIC3) to HOSTA and assigned IP in the same subnet as NIC2 (192.168.1.x).  Then I also assign the same subnet IP to NIC2 on HOSTB (192.168.1.x). Next, I remove all services in the NIC properties and leave only virtual machines access.  Is this one way to do it?

This mean I am having all of the VMs on the same subnet, but they can only see each other and does not have access to the hosts (even on the same subnet).  Am I correct or is this a crazy way to do it?


Thank you very much in advance for your help.
0
Comment
Question by:impire
  • 3
  • 2
5 Comments
 

Author Comment

by:impire
ID: 18793023
I also would like to add another question to section 3) Other Questions:

3e) If I were to adopt scenario 2, how would I configure the two ISA servers to allow the VMs to communicate with each other.

Please enlight me on the simplest method to configure this network.  My mind is already in a maze.  Thanks very much.
0
 
LVL 74

Expert Comment

by:Jeffrey Kane - TechSoEasy
ID: 18793155
What are you running as your HOST operating system?  Because you can certainly use SBS as the HOST OS, and then just run a single VM on top of that as detailed in this paper:  http://sbsurl.com/vs

Also, what do you mean by "to server as application server" with regards to your SBS with ISA 2004 setup?  SBS is not really an application server... although you can run some apps on it.  

Then my next question is... have you ever installed a virtual server and virtual machine before?  Because from the tone of your question I'm assuming that you haven't and if not, you need to do that as a test... just a single host, running either SBS or Server 2003 Standard and a couple of virtual machines.  Doing this will help you to better understand how virtualization works (including how to use Virtual Network Interfaces if you like -- avoiding that 3 NIC setup you are talking about).

Jeff
TechSoEasy
0
 
LVL 74

Accepted Solution

by:
Jeffrey Kane - TechSoEasy earned 500 total points
ID: 18793163
Also... you NEVER want TWO ISA servers on the same network... talk about a nightmare!  

Jeff
TechSoEasy
0
 

Author Comment

by:impire
ID: 18793468
Hi Jeff,

Thanks for the quick response.  I am running W2K3 Enteprise with PAE enabled (supports above 4GB RAM).  I would love to use use the SBS as my host but SBS have a limitation of 3GB RAM.  Most of our hosts have a minimum of 6-GB RAM.  Also, the article you sent are for VS, I am using VMWARE. Another guy in our department did the extensive research between the two and they settled on VMWARE.  It's not up to me to choose the Virtualization software.

"to server as application server" was a typo.  I meant "to serve as application server".

Yes, I have installed quite a few VMWare machines.  Networking between the VMs and the Host is never a problem.  However, my questions are related to networking between the VMs residing in different hosts... and on different subnet.  

We do not want the VMs to have access to the hosts, only the hosts can have access to the VMs.  This gets complicated and I've tried searching different forums but found mixed answers.  Perhaps you can point me in the right direction as to make this as simple as simple can be.  Thanks.
0
 
LVL 74

Expert Comment

by:Jeffrey Kane - TechSoEasy
ID: 18821769
SBS does not have a limit of 3GB of RAM, it's 4GB.  Not sure where you heard that.  Also, whether your comment was a typo or not, you cannot use SBS merely as an application server... as my comment stated.

As for one-way TCP/IP access... tht is tricky... because to cut off the round-trip means that sometimes the VM cannot respond to a request which requires a response to continue.  You'll have to define what KIND of access you need from the hosts to the virtual machines because of course you always have a VM Control Panel, but if it needs to be automated, that's another story.  Post a question to that effect and we can discuss.

Jeff
TechSoEasy
0

Featured Post

What Should I Do With This Threat Intelligence?

Are you wondering if you actually need threat intelligence? The answer is yes. We explain the basics for creating useful threat intelligence.

Join & Write a Comment

This guide is intended to provide step by step instructions on how to migrate from Small Business Server 2003 to Small Business Server 2011. NOTE: This guide has been written using the preview version of SBS2011 therefore some of the screens may …
The articles for turning off the Client firewall policy on the internet are for SBS 2008 and don't really help for SBS 2011. They actually moved the Client firewall policy. In 2011, the client firewall policy has moved to the SBS computers conta…
In this seventh video of the Xpdf series, we discuss and demonstrate the PDFfonts utility, which lists all the fonts used in a PDF file. It does this via a command line interface, making it suitable for use in programs, scripts, batch files — any pl…
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.

709 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now