Solved

Windows 2012 R2 -- hyperV DMZ ?

Posted on 2015-02-16
2
396 Views
Last Modified: 2016-11-23
Is it OK to put both both external
and internal hyper-v on same physial
server or should they be on different
physial servers to insure proper DMZ
segregation on my Dell SonicWall firewall ?

http://www.experts-exchange.com/Networking/Network_Management/Network_Design_and_Methodology/Q_26811952.html
acts like it might be OK to have
them on the same physial server.
0
Comment
Question by:finance_teacher
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 6

Accepted Solution

by:
Matt earned 250 total points
ID: 40612608
If you have network segmentation properly configured, it should be no problem. The same thing is valid also for VMware.

I have for smaller customers all on one Hyper-V host, behind is network defined for internal LAN, DMZ zones, all is controlled by CISCO ASA FW.

Hyper-V:
- 1 team for management
- 1 team for LAN
- 1 team for DMZ

LAN and DMZ are configured as trunks, teaming interface has no IP. All is done on network interface of the virtual machine (VLAN identification), access list on ASA - interface of each DMZ zone has its own ACL filter.
0
 
LVL 25

Assisted Solution

by:Mohammed Khawaja
Mohammed Khawaja earned 250 total points
ID: 40612944
I have the same in VMware at work and on my home Hyper-V lab.  I have created trunk on the switch ports connected to the Hyper-V (I have 4 NICs): Management (VLAN100), DMZ (VLAN200), LAN (VLAN300), Test (VLAN400), Live-Migration(VLAN500)

I am using 1 NIC for Management, one for Live-Migration and the other two for all VMs (Test, LAN, DMZ, etc.).  This works great as I tag the VLAN in the OS.  This works fine for some Linux servers but for some, I had to create a vswitch with the VLAN tag assigned on the switch (I have decommissioned those VMs) .
0

Featured Post

When ransomware hits your clients, what do you do?

MSPs: Endpoint security isn’t enough to prevent ransomware.
As the impact and severity of crypto ransomware attacks has grown, Webroot has fought back, not just by building a next-gen endpoint solution capable of preventing ransomware attacks but also by being a thought leader.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article offers some helpful and general tips for safe browsing and online shopping. It offers simple and manageable procedures that help to ensure the safety of one's personal information and the security of any devices.
Sometimes drives fill up and we don't know why.  If you don't understand the best way to use the tools available, you may end up being stumped as to why your drive says it's not full when you have no space left!  Here's how you can find out...
In this Micro Tutorial viewers will learn how to use Boot Corrector from Paragon Rescue Kit Free to identify and fix the boot problems of Windows 7/8/2012R2 etc. As an example is used Windows 2012R2 which lost its active partition flag (often happen…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…

734 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question