Improve company productivity with a Business Account.Sign Up

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 918
  • Last Modified:

Networking issues with Virtual SBS 2011 deployed in Hyper-V

Hi experts,

I'd like to have SBS 2011 virtually deployed on a 2008R2 Hyper-v server.

I have 1 static IP address for remote access to hyper-v server, and I'd like to use it as the external ip address for SBS as well (Exchange, Sharepoint, etc.)

Please give me heads up on how to make this setup?

I'm able to get SBS connected to internet (via External network type), but it gets 192.168.137.2 IP address. Also, SBS might require a router as a default gateway with internal network address.

Regards,
Janibek.
0
Janibek
Asked:
Janibek
  • 4
  • 2
2 Solutions
 
Rob WilliamsCommented:
SBS will only support a single NIC and single IP, and that IP must be in a private IP range.  You would crate the SBS VM using the default Hyper-V NIC, the virtual switch,  in the VM set up, which would use a Private IP.  This IP needs to be a static IP and would be in the same subnet as the hyper-V host.

Then on your router you forward the appropriate ports (25, 443, & 987) to the private IP of the SBS, the same as you would do for a physical machine.

Only SBS 2003 supported a 2 NIC configuration with one being a public IP assigned to the SBS and a direct internet connection.
0
 
Rob WilliamsCommented:
Perhaps in re-reading I may have misunderstood
>>"I have 1 static IP address for remote access to hyper-v server"
You just forward the appropriate services to each internal private IP.  The hyper-v and SBS will be different.  I assume your current access is using rdp (port 3389)?  There are security risks with using that port but it is not necessary for SBS so forward 25, 443, and 987 to the SBS IP and 3389 to the hyper-v IP.
0
 
JanibekAuthor Commented:
RobWill,

many thanks for your input, it is highly appreciated!

I ended up connecting SBS to Internet using Routing and Remote access on the Hyper-V host and an Internal type of Virtual NIC.

This scheme was chosen just because I needed a router simulation, and proper port forwarding for exchange and other services -- I had issues configuring the Hyper-V External NIC.

In my opinion, Routing and Remote Access is a little bit easier way for this particular situation. Thus, I'm awarding half the points.

Regards,
Janibek.
0
Get expert help—faster!

Need expert help—fast? Use the Help Bell for personalized assistance getting answers to your important questions.

 
Rob WilliamsCommented:
Where did you get your Hyper-V license?  If it is the one that comes with SBS it is a licensing violation to install any roles other than Hyper-V on the host, such as RRAS.  Any of the Hyper-V licenses that you get as part of an O/S or the free version can only be used as hyper-V hosts.  There are also security concerns with having direct access to your host.  Personally I would be a little concerned about the configuration, but glad to hear you have it working.
0
 
JanibekAuthor Commented:
This was a lab environment. The main goal is to have a bunch of SBS running on Hyper-V server. Hyper-V is deployed on Windows 2008R2 Standard, so I suppose that wouldn't be a license violation.

Could you please get into some details about the security concerns?
In general, the firewall is turned on on the Host, I'm only forwarding ports such as SMTP, FTP, HTTP, etc. to the VM.

In the future, I'm planning to add more static external IPs. Would it be possible to assign them via RRAS to a VM and route all traffic coming on that IP (and still have only single NIC)?

Many thanks, man
0
 
Rob WilliamsCommented:
>>"Hyper-V is deployed on Windows 2008R2 Standard"
SBS comes with a 2008 R2 license to be used as a hyper-V host.  If that is the license it is not allowed.  If an independent license, which is unusual because of the cost, it would be allowed.  In a lab environment it might be forgiven.

As for security it is always best to have a perimeter device such as a router between the Internet and a server.  RRAS has a feature called a firewall but it is just basic NAT, there is no other protection at all.  In addition you try to avoid direct connections to your key servers such as Domain Controllers and Virtual Hosts.   If it is a lab you may not be as concerned as in a production environment.

Assigning multiple IP's to a single NIC is called multi-homering and Windows doesn't handle it very well.   Usually you would have a router that will do 1 to 1 NAT, multiple NICs on the server, and map 1 IP to each NIC, however that is not something with which I am overly familiar.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Keep up with what's happening at Experts Exchange!

Sign up to receive Decoded, a new monthly digest with product updates, feature release info, continuing education opportunities, and more.

  • 4
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now