Solved

Networking issues with Virtual SBS 2011 deployed in Hyper-V

Posted on 2013-05-29
6
844 Views
Last Modified: 2014-11-12
Hi experts,

I'd like to have SBS 2011 virtually deployed on a 2008R2 Hyper-v server.

I have 1 static IP address for remote access to hyper-v server, and I'd like to use it as the external ip address for SBS as well (Exchange, Sharepoint, etc.)

Please give me heads up on how to make this setup?

I'm able to get SBS connected to internet (via External network type), but it gets 192.168.137.2 IP address. Also, SBS might require a router as a default gateway with internal network address.

Regards,
Janibek.
0
Comment
Question by:Janibek
  • 4
  • 2
6 Comments
 
LVL 77

Accepted Solution

by:
Rob Williams earned 500 total points
ID: 39205879
SBS will only support a single NIC and single IP, and that IP must be in a private IP range.  You would crate the SBS VM using the default Hyper-V NIC, the virtual switch,  in the VM set up, which would use a Private IP.  This IP needs to be a static IP and would be in the same subnet as the hyper-V host.

Then on your router you forward the appropriate ports (25, 443, & 987) to the private IP of the SBS, the same as you would do for a physical machine.

Only SBS 2003 supported a 2 NIC configuration with one being a public IP assigned to the SBS and a direct internet connection.
0
 
LVL 77

Expert Comment

by:Rob Williams
ID: 39205892
Perhaps in re-reading I may have misunderstood
>>"I have 1 static IP address for remote access to hyper-v server"
You just forward the appropriate services to each internal private IP.  The hyper-v and SBS will be different.  I assume your current access is using rdp (port 3389)?  There are security risks with using that port but it is not necessary for SBS so forward 25, 443, and 987 to the SBS IP and 3389 to the hyper-v IP.
0
 

Author Comment

by:Janibek
ID: 39217907
RobWill,

many thanks for your input, it is highly appreciated!

I ended up connecting SBS to Internet using Routing and Remote access on the Hyper-V host and an Internal type of Virtual NIC.

This scheme was chosen just because I needed a router simulation, and proper port forwarding for exchange and other services -- I had issues configuring the Hyper-V External NIC.

In my opinion, Routing and Remote Access is a little bit easier way for this particular situation. Thus, I'm awarding half the points.

Regards,
Janibek.
0
Better Security Awareness With Threat Intelligence

See how one of the leading financial services organizations uses Recorded Future as part of a holistic threat intelligence program to promote security awareness and proactively and efficiently identify threats.

 
LVL 77

Expert Comment

by:Rob Williams
ID: 39217918
Where did you get your Hyper-V license?  If it is the one that comes with SBS it is a licensing violation to install any roles other than Hyper-V on the host, such as RRAS.  Any of the Hyper-V licenses that you get as part of an O/S or the free version can only be used as hyper-V hosts.  There are also security concerns with having direct access to your host.  Personally I would be a little concerned about the configuration, but glad to hear you have it working.
0
 

Author Comment

by:Janibek
ID: 39217937
This was a lab environment. The main goal is to have a bunch of SBS running on Hyper-V server. Hyper-V is deployed on Windows 2008R2 Standard, so I suppose that wouldn't be a license violation.

Could you please get into some details about the security concerns?
In general, the firewall is turned on on the Host, I'm only forwarding ports such as SMTP, FTP, HTTP, etc. to the VM.

In the future, I'm planning to add more static external IPs. Would it be possible to assign them via RRAS to a VM and route all traffic coming on that IP (and still have only single NIC)?

Many thanks, man
0
 
LVL 77

Assisted Solution

by:Rob Williams
Rob Williams earned 500 total points
ID: 39217960
>>"Hyper-V is deployed on Windows 2008R2 Standard"
SBS comes with a 2008 R2 license to be used as a hyper-V host.  If that is the license it is not allowed.  If an independent license, which is unusual because of the cost, it would be allowed.  In a lab environment it might be forgiven.

As for security it is always best to have a perimeter device such as a router between the Internet and a server.  RRAS has a feature called a firewall but it is just basic NAT, there is no other protection at all.  In addition you try to avoid direct connections to your key servers such as Domain Controllers and Virtual Hosts.   If it is a lab you may not be as concerned as in a production environment.

Assigning multiple IP's to a single NIC is called multi-homering and Windows doesn't handle it very well.   Usually you would have a router that will do 1 to 1 NAT, multiple NICs on the server, and map 1 IP to each NIC, however that is not something with which I am overly familiar.
0

Featured Post

Enabling OSINT in Activity Based Intelligence

Activity based intelligence (ABI) requires access to all available sources of data. Recorded Future allows analysts to observe structured data on the open, deep, and dark web.

Join & Write a Comment

Every once-in-a-while, when you try to add a XenServer host to the System Center Virtual Machine Manager console, it will generate a certificate error, and the XenServer host will not be added to Virtual Machine Manager: If you are experiencing t…
Introduction In one of my previous articles (http://www.experts-exchange.com/Microsoft/Applications/Virtual_Server/Hyper-V/A_10686-Creating-a-Hyper-V-Cluster-on-Windows-2012.html), I explained how to create a native Windows 2012 Cluster.  The metho…
Internet Business Fax to Email Made Easy - With eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, fr…
This video discusses moving either the default database or any database to a new volume.

708 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

17 Experts available now in Live!

Get 1:1 Help Now