Solved

Networking issues with Virtual SBS 2011 deployed in Hyper-V

Posted on 2013-05-29
6
868 Views
Last Modified: 2014-11-12
Hi experts,

I'd like to have SBS 2011 virtually deployed on a 2008R2 Hyper-v server.

I have 1 static IP address for remote access to hyper-v server, and I'd like to use it as the external ip address for SBS as well (Exchange, Sharepoint, etc.)

Please give me heads up on how to make this setup?

I'm able to get SBS connected to internet (via External network type), but it gets 192.168.137.2 IP address. Also, SBS might require a router as a default gateway with internal network address.

Regards,
Janibek.
0
Comment
Question by:Janibek
  • 4
  • 2
6 Comments
 
LVL 77

Accepted Solution

by:
Rob Williams earned 500 total points
ID: 39205879
SBS will only support a single NIC and single IP, and that IP must be in a private IP range.  You would crate the SBS VM using the default Hyper-V NIC, the virtual switch,  in the VM set up, which would use a Private IP.  This IP needs to be a static IP and would be in the same subnet as the hyper-V host.

Then on your router you forward the appropriate ports (25, 443, & 987) to the private IP of the SBS, the same as you would do for a physical machine.

Only SBS 2003 supported a 2 NIC configuration with one being a public IP assigned to the SBS and a direct internet connection.
0
 
LVL 77

Expert Comment

by:Rob Williams
ID: 39205892
Perhaps in re-reading I may have misunderstood
>>"I have 1 static IP address for remote access to hyper-v server"
You just forward the appropriate services to each internal private IP.  The hyper-v and SBS will be different.  I assume your current access is using rdp (port 3389)?  There are security risks with using that port but it is not necessary for SBS so forward 25, 443, and 987 to the SBS IP and 3389 to the hyper-v IP.
0
 

Author Comment

by:Janibek
ID: 39217907
RobWill,

many thanks for your input, it is highly appreciated!

I ended up connecting SBS to Internet using Routing and Remote access on the Hyper-V host and an Internal type of Virtual NIC.

This scheme was chosen just because I needed a router simulation, and proper port forwarding for exchange and other services -- I had issues configuring the Hyper-V External NIC.

In my opinion, Routing and Remote Access is a little bit easier way for this particular situation. Thus, I'm awarding half the points.

Regards,
Janibek.
0
Migrating Your Company's PCs

To keep pace with competitors, businesses must keep employees productive, and that means providing them with the latest technology. This document provides the tips and tricks you need to help you migrate an outdated PC fleet to new desktops, laptops, and tablets.

 
LVL 77

Expert Comment

by:Rob Williams
ID: 39217918
Where did you get your Hyper-V license?  If it is the one that comes with SBS it is a licensing violation to install any roles other than Hyper-V on the host, such as RRAS.  Any of the Hyper-V licenses that you get as part of an O/S or the free version can only be used as hyper-V hosts.  There are also security concerns with having direct access to your host.  Personally I would be a little concerned about the configuration, but glad to hear you have it working.
0
 

Author Comment

by:Janibek
ID: 39217937
This was a lab environment. The main goal is to have a bunch of SBS running on Hyper-V server. Hyper-V is deployed on Windows 2008R2 Standard, so I suppose that wouldn't be a license violation.

Could you please get into some details about the security concerns?
In general, the firewall is turned on on the Host, I'm only forwarding ports such as SMTP, FTP, HTTP, etc. to the VM.

In the future, I'm planning to add more static external IPs. Would it be possible to assign them via RRAS to a VM and route all traffic coming on that IP (and still have only single NIC)?

Many thanks, man
0
 
LVL 77

Assisted Solution

by:Rob Williams
Rob Williams earned 500 total points
ID: 39217960
>>"Hyper-V is deployed on Windows 2008R2 Standard"
SBS comes with a 2008 R2 license to be used as a hyper-V host.  If that is the license it is not allowed.  If an independent license, which is unusual because of the cost, it would be allowed.  In a lab environment it might be forgiven.

As for security it is always best to have a perimeter device such as a router between the Internet and a server.  RRAS has a feature called a firewall but it is just basic NAT, there is no other protection at all.  In addition you try to avoid direct connections to your key servers such as Domain Controllers and Virtual Hosts.   If it is a lab you may not be as concerned as in a production environment.

Assigning multiple IP's to a single NIC is called multi-homering and Windows doesn't handle it very well.   Usually you would have a router that will do 1 to 1 NAT, multiple NICs on the server, and map 1 IP to each NIC, however that is not something with which I am overly familiar.
0

Featured Post

Efficient way to get backups off site to Azure

This user guide provides instructions on how to deploy and configure both a StoneFly Scale Out NAS Enterprise Cloud Drive virtual machine and Veeam Cloud Connect in the Microsoft Azure Cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Few best practices specific to Network Configurations to be considered while deploying a Hyper-V infrastructure. It may not be the full list, but this could be a base line. Dedicated Network: Always consider dedicated network/VLAN for Hyper-V…
In this article, I am going to show you how to simulate a multi-site Lab environment on a single Hyper-V host. I use this method successfully in my own lab to simulate three fully routed global AD Sites on a Windows 10 Hyper-V host.
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…

756 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question