[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 273
  • Last Modified:

Virtualization Netowrking Questions

I am running some virtual machines (VM) on hosts with two network cards.  I wish to have some of my VM's be accessible from the internet like one of my VM's manages a bunch of websites that are public facing.

While I wish for my VM to be public facing I do not want the host to be accessible via the publc internet.  Right now my host are address via the public internet because on physical host NIC 1 I have a public IP and on physical NIC two I have a internal IP.  The VM has two virtual NICs on pointing to each physical NIC.  What is the best way to make my VM public facing without makine the host accessible?  VLAN?, Another configuration?

I am using Windows Virtualization (Hyper-V), but I tihnk the question is pretty generic
Note: I am a bit of a VLAN rookie
0
eferron
Asked:
eferron
  • 2
1 Solution
 
ScooterAndersonCommented:
Hmmm... if each of your VM's have their own IP address, it's a lot like using separate physical servers - the only difference is that your Hyper-V host will be acting as a "switch" to pass through to get to the VM's from your internal network or public Internet.

You'll just need to configure a static IP on the outside of your network (given to you from your ISP) and set up your Router/NAT device to do port forwarding to your internal VM IP's...  There's not really any more risk that the standard "allowing Internet traffic into your Internal network" security risk.  If one of your VM's gets compromised, they'll have access to your whole internal network infrastructure.

VLAN's could help, but will require some additional configuration and an addtional subnet running in your network.
0
 
eferronAuthor Commented:
Maybe I should take the approach of having external VM host that only host outbound facing guest and internal facing host that manage all internal facing guest machines.  I was really hoping there was a better way of exposing a guest machine to the outside network without making the host NIC visible to the internet.
Maybe for now the best way is to just publish the web sites using reverse proxy, like the web publishing feature in ISA Server.
Any other thoughts or validations anyone?
Thanks,
Ed
0
 
eferronAuthor Commented:
Doesn't sound like anybody else is weighing so I guess you win.  Thanks,

Ed
0

Featured Post

Become an IT Security Management Expert

In today’s fast-paced, digitally transformed world of business, the need to protect network data and ensure cloud privacy has never been greater. With a B.S. in Network Operations and Security, you can get the credentials it takes to become an IT security management expert.

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now