×
INTELLIGENT WORK FORUMS
FOR COMPUTER PROFESSIONALS

Log In

Come Join Us!

Are you a
Computer / IT professional?
Join Tek-Tips Forums!
  • Talk With Other Members
  • Be Notified Of Responses
    To Your Posts
  • Keyword Search
  • One-Click Access To Your
    Favorite Forums
  • Automated Signatures
    On Your Posts
  • Best Of All, It's Free!
  • Students Click Here

*Tek-Tips's functionality depends on members receiving e-mail. By joining you are opting in to receive e-mail.

Posting Guidelines

Promoting, selling, recruiting, coursework and thesis posting is forbidden.

Students Click Here

HyperV Virtual Switch and Physical NIC question

HyperV Virtual Switch and Physical NIC question

HyperV Virtual Switch and Physical NIC question

(OP)
Hello All,
So I have a question that I cannot find the answer to directly but a lot of indirect opposite answers. So let me start it up by running the below config:
Server A has 4 network ports. Port 1 is statically set for the HOST only. Port 2-3 are set as a Team for all normal VM traffic. Port 4 is the one in question.

What I want to do with Port 4 is totally isolate it from all other traffic, Host and other VM. I am going to assign it one of our Public Static IPs but I want to make sure that all traffic on Port 4 can only talk with the 1 particular VM assigned to Port 4. The way I plan on doing it is to take Port 4 and turn it into a Virtual Switch and uncheck "Allow management operating system to share this network adapter" and assign it only to VM4. I'm assuming this is the right method but I would love to be 100% sure that no other traffic can get to the Host as the Host is on our internal network behind our business firewall where as Port 4 will be a direct line to the public internet. I guess I'm hoping someone can give me a warm fuzzy and state some MS doc that says all traffic can only get to the VM assigned to that port.

The other obvious option is to have a dedicated DMZ server to host this VM I suppose. VM 4 will be an FTP server for what it is worth.

Learning - A never ending quest for knowledge usually attained by being thrown in a situation and told to fix it NOW.

RE: HyperV Virtual Switch and Physical NIC question

(OP)
Found an old server I specifically set up to avoid any potential issue as it is fully off our internal network now. Still interested if anyone has any thoughts on above.

Also, if any of the members here operate a high activity FTP server I do have some basic questions I would like to pick your brain over security wise.

Learning - A never ending quest for knowledge usually attained by being thrown in a situation and told to fix it NOW.

RE: HyperV Virtual Switch and Physical NIC question

I wondering what the advantage is of having a dedicated server for the DMZ? Our firewall and WAPs all have DMZ settings. Set up properly, they even block access to our "real" network thus preventing someone from attacking our network from our guest network.

James P. Cottingham
I'm number 1,229!
I'm number 1,229!

RE: HyperV Virtual Switch and Physical NIC question

(OP)
I have a DMZ set up with the FW but the Host server is on our internal LAN while the VM that is on that server is supposed to be in the DMZ or externally via its public IP. I agree with what you are saying but my question above was that since the physical NIC on the HOST, which resides on our LAN, can I be sure that all traffic for the Virtual Switch on Port 4 is going only to the VM it is dedicated to and there is no communication to the HOST. Maybe Im not explaining properly. I am looking for one of two things. Either a known vulnerability with Hyper V switching that allows traffic to the HOST even when it isnt supposed to be able to use that interface or an MS article that states without that box mentioned above checked that the HOST cannot receive any traffic from that port.

Learning - A never ending quest for knowledge usually attained by being thrown in a situation and told to fix it NOW.

Red Flag This Post

Please let us know here why this post is inappropriate. Reasons such as off-topic, duplicates, flames, illegal, vulgar, or students posting their homework.

Red Flag Submitted

Thank you for helping keep Tek-Tips Forums free from inappropriate posts.
The Tek-Tips staff will check this out and take appropriate action.

Reply To This Thread

Posting in the Tek-Tips forums is a member-only feature.

Click Here to join Tek-Tips and talk with other members! Already a Member? Login

Close Box

Join Tek-Tips® Today!

Join your peers on the Internet's largest technical computer professional community.
It's easy to join and it's free.

Here's Why Members Love Tek-Tips Forums:

Register now while it's still free!

Already a member? Close this window and log in.

Join Us             Close