Procedure for dedicating a NIC to Hyper-V management only

How do we dedicate a physical NIC to Hyper-V managment only?  Is there an option for doing so or is it simply not setting up one physical NIC in Hyper-V networking?  We are aware of the option to allow sharing of a NIC in Hyper-V with managment but since we have more than enough NIC's (8 all together) we do not need to share.  Also, here is an example of what we will do with the 8 NIC's:

1 - Management
1 - CSV
1 - Failover clustering (heartbeat)
1 - Live Migration
2 - iSCSi traffic
2 - LAN traffic

Does this look like a pretty standard setup for a network with 2 Hosts (each host has 8 NIC's) and a SAN (8 NIC's)?

Thanks in advance
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

I would say it better then standard.  I know that you can limit the NIC to VM communication but am not sure about management.  
One way I think you can prevent users for accessing is by simple not putting gateways in IP configuration or private network. To clarify let take an example. let say you want to prevent user for accesing the heartbeat n/w. We can use

node 1:

node 2:

What we have done here is that used a private (which doesn't exist on your n/w) for communication and we have also limited access by giving a big bitmask.

One other way is to remove gateway from your n/w configuration. For example for CSV we can you use
node 1:

node 2:

Since we don't have gateways, n/w access from outside this network subnet is not possible.
You can use method 1 to limit communication on CSV, hearbeat, live migration networks, since communication is exclusive to nodes only and you can use method to limit communication on iSCSI n/w.


Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
"Is there an option for doing so or is it simply not setting up one physical NIC in Hyper-V networking?"
It's simply not setting up one physical NIC in Hyper-V networking: the NIC is only available in the parent, allowing management of that management.

You can assign an IP etc on that NIC, but put that connection behind a firewall: you need that connection for management only, not for regular client access.
Syed Mutahir AliTechnology ConsultantCommented:
As other experts have already shed there thoughts and suggestions :

In Windows 2008R2, when you create a Virtual Network of Type External it gives you an option whether you want to share this NIC with the Host mgmt or not, you simply select "NO" to that, I think its on the same screen when you are setting up a virtual network.

Now if one has a very busy virtual server say "Exchange or SQL" ; you can simply create a virtual network, bind it to a physical nic, type external and just use it for that VM only.

Once you create your virtual network and bind it to the Virtual server, then inside the virtual server you specifiy the static IP.

For Hyper-V management, you would want to be able to access the host from your LAN so, you assign it a static ip and gateway, which will allow you to manage  your hyper-v host via any computer connected to the LAN.

You can also bind one NIC to a virtual network, then bind that nic to say three (3) VMs and then assign the same VLAN ID for those VMs, so that they communicate together but not with your external LAN

The following describes what you are attempting (i Think) :

VLAN tagging in Hyper-V
When you would like to secure and divide traffic you can use  VLAN technologies to achieve this. You can isolate traffic from the  parent OS or other VM’s sharing the same virtual switch. The physical  adapter must support VLAN configuration but no configuration on the  physical adapter is required.
A VLAN is identified by a VLAN ID. The VLAN ID must be unique  and it represent a virtually segmented network. The VLAN ID is  encapsulated within the Ethernet frame, which is how multiple VM’s using  the same physical NIC can communicate simultaneously on different  VLANs. In Hyper-V you can set VLAN ID’s on different places.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Microsoft Virtual Server

From novice to tech pro — start learning today.