Virtualization Netowrking Questions

I am running some virtual machines (VM) on hosts with two network cards.  I wish to have some of my VM's be accessible from the internet like one of my VM's manages a bunch of websites that are public facing.

While I wish for my VM to be public facing I do not want the host to be accessible via the publc internet.  Right now my host are address via the public internet because on physical host NIC 1 I have a public IP and on physical NIC two I have a internal IP.  The VM has two virtual NICs on pointing to each physical NIC.  What is the best way to make my VM public facing without makine the host accessible?  VLAN?, Another configuration?

I am using Windows Virtualization (Hyper-V), but I tihnk the question is pretty generic
Note: I am a bit of a VLAN rookie
eferronAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Scott AndersonPrincipal Support EngineerCommented:
Hmmm... if each of your VM's have their own IP address, it's a lot like using separate physical servers - the only difference is that your Hyper-V host will be acting as a "switch" to pass through to get to the VM's from your internal network or public Internet.

You'll just need to configure a static IP on the outside of your network (given to you from your ISP) and set up your Router/NAT device to do port forwarding to your internal VM IP's...  There's not really any more risk that the standard "allowing Internet traffic into your Internal network" security risk.  If one of your VM's gets compromised, they'll have access to your whole internal network infrastructure.

VLAN's could help, but will require some additional configuration and an addtional subnet running in your network.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
eferronAuthor Commented:
Maybe I should take the approach of having external VM host that only host outbound facing guest and internal facing host that manage all internal facing guest machines.  I was really hoping there was a better way of exposing a guest machine to the outside network without making the host NIC visible to the internet.
Maybe for now the best way is to just publish the web sites using reverse proxy, like the web publishing feature in ISA Server.
Any other thoughts or validations anyone?
Thanks,
Ed
0
eferronAuthor Commented:
Doesn't sound like anybody else is weighing so I guess you win.  Thanks,

Ed
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Network Security

From novice to tech pro — start learning today.