Samstag, 10. März 2012 08:55
Is there a "Best Practise" to configure a "fake" VM domain on the fringe of the real internet?
My goal is to have Hyper-V based "Data Centre" test system running in my home environment. ie: A VM for AD (DNS &/or DHCP), another as an AD mirror. Then any others I need to spin up for testing SQL, Sharepoint, Team Server etc.
- I'd like the VM servers to be able to see each other & also the internet.
- I'd like other PC's in the house to interact with the Virtual Environment.
- If possible, I'd like the AD in the VM to authenticate my Home accounts & register my home machines as part of that domain.
Currently my home machines use a cheap Netgear router for DHCP, Gateway & DNS. It's necessary for internet access as my ISP only provides one dynamic IP address per household. My ISP doesn't provide static IP addresses to domestic accounts.
1st problem: AD needed a FQDN & I don't have one. I'd like to invent one & use it. But I don't know how to have the VM's DNS to play nice with the real internet DNS service. It complains that there is no entry for the FQDN in my router's DNS. (Understandable, I don't really want a bogus domain name escaping into the internet).
It also complains that the DNS server shouldn't have a loopback address as its first entry.
Ideally I'd like the boundary to my "Fake" domain to be at the ISP router, as opposed to a Virtual network on the host.
Do I need to put all VM's on "Private" Virtual network & then create an ISA server VM to connect the private network to the "External" netcard. Or do I give each VM 2 networks; one internal & the other external?
Is there some way to keep DNS happy by using Conditional Forwarders. or should I be changing the IP4 Protocol with an Alternate Configuration.
In Short: Is there some way that all my Virtual servers & physical PC's can see the Active Directory in the VM, & also see the rest of the internet? But not let my fake domain collide with a real world.
Samstag, 10. März 2012 14:23
Whether it is on physical or virtual machines does not matter. Basically your DHCP server must hand out static address of AD server as primary DNS server address so clients can find DC. Then put the ISP's DNS addresses in the forward lookup of your DNS server so clients can find internet. Also make sure your server has static IP address outside of DHCP scope. 127.0.0.1 is Ok but AD/DNS server should have its own address first in DNS list.
Regards, Dave Patrick ....
Microsoft Certified Professional
Microsoft MVP [Windows]
Samstag, 10. März 2012 23:47
I find the best way is to set up AD on a private virtual network with its own private subnet. To give it Internet access run one vm as a NAT router (or TMG) with its public NIC connected to the LAN.
You can then proceed just as you would for a physical network behind a NAT router. Run DHCP on the DC and not on the NAT router. Give the clients the NAT router for a gateway but the DC for DNS. (AD works best with no other DNS addresses, even as secondaries). Modify the local DNS to forward to a public DNS (your ISP or 220.127.116.11) service to resolve foreign URLs.
If you want physical machines on your LAN to be in the domain as well you would use an external virtual network rather than private (so that the vms and the physicals are in the same network. This would need to be a different NIC from the one connecting the host to the DSL router). I would not join the host machine to the domain. Leave the host as a "black box" powering your vms and the host/DSL link as a pseudo DMZ.
So you need two NICs in the host. One connects to your DSL router. Only the host and the public side of your NAT router vm use this network and this IP subnet. The other NIC connects to a switch to which all your physical machines (except the vm host) connect. This network is behind your NAT router and is your domain network containing all your physical and virtual server and workstations (except the vm host). The "boundary" of your domain will be the NAT router.
Dienstag, 13. März 2012 06:29Moderator
Thanks for posting here.
>•I'd like the VM servers to be able to see each other & also the internet.
>•I'd like other PC's in the house to interact with the Virtual Environment.
>•If possible, I'd like the AD in the VM to authenticate my Home accounts & register my home machines as part of that domain.
We can have physical NIC on host directly be attached to each VM ,mean they can share a “real” NIC at same time . After that we can have VPN service on edge router and create a connect to this Hyper-V datacenter network form home across over internet in order to access it form remote home network.
VMs---(physical NIC)----Internet edge Router------(VPN over Internet)------Home
How does basic networking work in Hyper-V?
Hyper-V: Virtual Networking Survival Guide
TechNet Community Support
- Als Antwort markiert Tiger LiModerator Donnerstag, 15. März 2012 00:48