Jump to content
RESET Forums (homeservershow.com)

Virtualization isolation .. whats my hyper-v options?


adsboel
 Share

Recommended Posts

Hi Guys,

 

Whats your suggestions to isolate VM in a hyper-v environment. I current only have the two NIC of the Gen8 Microserver, but was imagining a mix of router and virtualization setup would be able to isolate traffic.

 

I want a setup, where I can provision VM to a remote entity, without getting my local traffic snooped.

 

Any suggestions?

Link to comment
Share on other sites

One way to isolate traffic is to use a different subnet: e.g. if you're using 192.168.x.x for you main LAN, consider using another private range such as 172.16.x.x. Since the entity is remote, there should be no way for them to spoof a 192.168.x.x IP or to set up a NIC in Promiscuous Mode. The only 'trick' is that it would involved having 2 IPs on the LAN port of your router. Depending on the router, this may or may not be possible, or difficult.

Link to comment
Share on other sites

Adsboel, how were you planning on presenting the VM to the remote system? Anywhere access? VPN connecting to your router?

Once we know how you want them to connect, we can think about how best to do it.

 

John

Link to comment
Share on other sites

I am open to any suggestion.

 

The ideal is a full on outbound firewall except the default route and no promiscuous mode.

 

This would make virtuals accessible locally but not able to compromise local servers.

 

 

 

 

Sent from my iPhone usingyu

Link to comment
Share on other sites

I've only done this kind of thing once or twice, but, the way we did it was to set up one-way trusts between the DMZ and main LAN servers. The LAN servers were allowed free access to the DMZ ones, but not the other way round.

Link to comment
Share on other sites

What you'll probably have to do is VPN from the remote location to your network. You will need a fully managed switch and configure a couple of VLANs on them to isolate the networks from directly seeing each other and then access control settings (ACE) on the switches to allow local access to the VMs from the internal LAN for management but not vice versa.

 

You are really going to need a few more ethernet ports on the host otherwise you are going to have to do some VLAN port trunking on the switch.

 

John

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

×
×
  • Create New...