We help IT Professionals succeed at work.

Firewall in the stand-alone version of Hyper-V?

mihaisz
mihaisz used Ask the Experts™
on
Is there a firewall built in the stand-alone version of Hyper-V?
If it is, how can I open ports in it?
If it does not have a firewall, how vulnerable is to attacks?

I want to put a server with the stand-alone version of Hyper-V R2 in a Data Center connected directly to the Internet. I’ll install virtual machines on top of it and enable the firewall for each, but I want to know how exposed the underlying server is.
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Hyper V runs within Windows 2008 and does not have a firewall. However, windows 2008 does have a buil in firewall you can configure. If it is being run in a Datacenter surely they are behind a firewall.

Author

Commented:
I'm buying only the shelf space from the data center so all they are giving me is an ethernet cable. Since it's a colocation, the server security and management is my responsibility.
So, the stand-alone version of the Hyper-V (not the one from Win server 2008) has no firewall - thus all ports are open?
How vulnerable is then to attacks if it's connected direcly to the Internet?
brwwigginsIT Manager

Commented:
Hyper-V can run as a role within Windows 2008 but it is also available as a stand-alone install (http://www.microsoft.com/hyper-v-server/en/us/default.aspx)

It does have a basic firewall included. You manage it via the command line "netsh firewall" commands
Oh Ok, I have a better understading now. I was going in the opposite direction. If there is no security either hardware or software then it is going to be very vunerable. With no hardware firewall (watchguard, cisco pix or other firewall) it is like sending a soldier to war without any gear. At the bare minimum, once you get an operating system installed, I would use the built in firewall or purchase one.
brwwigginsIT Manager

Commented:
Ideally the hyper-v server wouldn't have access from the internet and only be available internally. There should be nothing that "clients" need from it. They typically only need access to the guests OSes that run as virtual machines.

I know with a co-location this is different, but something to think about with how many IP addresses you are allowed to have and so forth. Each guest OS will need an IP address so users can connect to it.
Top Expert 2012
Commented:
Server 2008 Core (Hyper-V server) has a firewall enabled by default. You configure the firewall through the command line usig netsh

http://www.petri.co.il/remotely-managing-windows-2008-server-core-firewall.htm

http://blogs.techrepublic.com.com/datacenter/?p=329 

Author

Commented:
dariusg - do you know if the instructions from your link work with the stand-alone version of the Hyper-V Server, or it's only for the Server 2008 Core?
Top Expert 2012

Commented:
The Hyper-v standalone version is actually called Windows 2008 server Core.
Top Expert 2012

Commented: