Firewall in the stand-alone version of Hyper-V?
Is there a firewall built in the stand-alone version of Hyper-V?
If it is, how can I open ports in it?
If it does not have a firewall, how vulnerable is to attacks?
I want to put a server with the stand-alone version of Hyper-V R2 in a Data Center connected directly to the Internet. I’ll install virtual machines on top of it and enable the firewall for each, but I want to know how exposed the underlying server is.
If it is, how can I open ports in it?
If it does not have a firewall, how vulnerable is to attacks?
I want to put a server with the stand-alone version of Hyper-V R2 in a Data Center connected directly to the Internet. I’ll install virtual machines on top of it and enable the firewall for each, but I want to know how exposed the underlying server is.
CincyItSolutions
Hyper V runs within Windows 2008 and does not have a firewall. However, windows 2008 does have a buil in firewall you can configure. If it is being run in a Datacenter surely they are behind a firewall.
ASKER
I'm buying only the shelf space from the data center so all they are giving me is an ethernet cable. Since it's a colocation, the server security and management is my responsibility.
So, the stand-alone version of the Hyper-V (not the one from Win server 2008) has no firewall - thus all ports are open?
How vulnerable is then to attacks if it's connected direcly to the Internet?
So, the stand-alone version of the Hyper-V (not the one from Win server 2008) has no firewall - thus all ports are open?
How vulnerable is then to attacks if it's connected direcly to the Internet?
Hyper-V can run as a role within Windows 2008 but it is also available as a stand-alone install (http://www.microsoft.com/hyper-v-server/en/us/default.aspx)
It does have a basic firewall included. You manage it via the command line "netsh firewall" commands
It does have a basic firewall included. You manage it via the command line "netsh firewall" commands
Oh Ok, I have a better understading now. I was going in the opposite direction. If there is no security either hardware or software then it is going to be very vunerable. With no hardware firewall (watchguard, cisco pix or other firewall) it is like sending a soldier to war without any gear. At the bare minimum, once you get an operating system installed, I would use the built in firewall or purchase one.
Ideally the hyper-v server wouldn't have access from the internet and only be available internally. There should be nothing that "clients" need from it. They typically only need access to the guests OSes that run as virtual machines.
I know with a co-location this is different, but something to think about with how many IP addresses you are allowed to have and so forth. Each guest OS will need an IP address so users can connect to it.
I know with a co-location this is different, but something to think about with how many IP addresses you are allowed to have and so forth. Each guest OS will need an IP address so users can connect to it.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
dariusg - do you know if the instructions from your link work with the stand-alone version of the Hyper-V Server, or it's only for the Server 2008 Core?
The Hyper-v standalone version is actually called Windows 2008 server Core.
http://www.petri.co.il/understanding-windows-server-2008-core.htm
http://www.microsoft.com/hyper-v-server/en/us/default.aspx
Now in R2 it is called Hyper-V Server.
http://www.microsoft.com/hyper-v-server/en/us/default.aspx
Now in R2 it is called Hyper-V Server.