Keeping my hyper-v lab isolated from my production enviroment

Xenomeow

Hi everyone,

Working on labing for 70-410 and found out today that the IP range I have been using was in fact part of the production environment, which not only explains a lot of errors, but also could have caused some issues. So i'd like that to not happen again. I am not really the best at networking anything beyond a home network so this is a bit over my head.

So is there any way I can make it so my VMs will have network access, but things like the DCHP, AD DS, DNS and so forth will not be exposed to the production environment? Current setup is host running hyper-v with the hyper-v switch set to external and allowing the OS to share the network adapter.

TechGuru80

You can make the network on a separate IP space. DHCP will only hand out addresses from the space you specify so just make sure it does not conflict. You can still direct the domain to the default gateway allowing network access. Are you familiar with subnetting at all? That is a key topic on separating the networks.

What is your current IP range for the network? You could also separate things in the network by using VLANs that do not talk to each other.

Wagnaard

whatever you do don't put a dev DHCP server on a highly important and secure production subnet like I did the other day. People will notice, and people will yell at you.

Xenomeow

TechGuru, I am very much unfamiliar with subnetting. I know the 10.5.xx.xx range is in the production environment. Ideally I would like to create some type of setup where the host is the only point exposed and active within the production environment. Is there some way i can create a virtual network where the VM's can interact, yet still be able to access the internet? Networking confuses me.

Wagnaard, yeah I kinda did that and it may or may not have been running all weekend....

Johnnie.it

Why not a private network?
Hyper-V: What are the uses for different types of virtual networks? - John Howard - Senior Program Manager in the Hyper-V team at Microsoft - Site Home - TechNet Blogs

Still, basic subnetting is a core IT skill, and you may want to practice a little bit, although not to the level required by Cisco ICND/CCNA.
Besides everything else, it's required for a MS 70-410 exam, and it will allow you to keep things apart even if you make a mistake using private networks.
There's a heap of resources out there to learn how to subnet, but be careful: there's a million different ways to explain it, but only one way will work for you just like magic. My advice is: keep looking at different sources until you find it.

P.S. By "basic subnetting" I mean how to use just /24 and perhaps /16 networks.

pjd007

Hyper-V Private vs. Internal Virtual Switches: Which to Choose? -- Redmondmag.com

Verruckt

Your best bet if you have an additional NIC on the host, is to just configure it in a completely separate network and use that NIC exclusively in your virtuals.

You want to achieve complete isolation from the production environment.

To be honest, you should have looked at this first before creating your demo environment - this is the second thread I've read on here today where people have accidentally intermingled their test with production environments. It's the basics of Hyper-V administration. People seem to be skipping the most crucial steps and that's laying the groundwork for the proper environment to test in.

EDIT: I see you don't really have networking experience. I'd say you need to have a networking guy step in and assist you, or have your local network admin create you a specific dev network / subnet. Usually if you chat them up and let them know you're learning they can set you up with something isolated with only internet access.

Xenomeow

Pjd007, thanks for the link. Not exactly what I was looking for, but a good read.

Verruckt, While I do have an additional NIC on my lab server, I really don't want to be just placing it in to the (physical) switch all willy nilly. While I do agree that this should have been an initial consideration, I am very new to networking anything larger the a home network. So I grabbed my course guide and went to town. The course guide did not go into initial network configuration at all, which could be common problem that keeps showing up here.

But I did speak to my boss, there is an internal network I can use, but it is public and unsecured. He will be in this week to help me setup some security on it and use it for the lab. Until then I am going to use an internal switch to allow the vm's/host to communicate and plug the external switch in when I require net on the VM's. not the most efficient setup, but beats exposing my dhcp and such to the production environment.

EDIT: the one disadvantage to this setup is I can not really test my DNS

Skelly

Try this:

Words, Ideas, and Things: Hyper-V Internal Virtual Network and Internet Access

Zartanasaurus

You shouldn't be putting your playthings on the work production network, especially if you don't know what you're doing. Even if we tell you what to do and how to do it, you still shouldn't do it. Put it on your home network and remote in to it.

Xenomeow

Skelly, Thanks for the link. Some very good information in there.

Zaratanasaurus, I do agree 100% that they should not be on the production enviroment. Hence the asking how to isolate them. The current setup is very much isolated, the internal switch wil not allow me to even get a ping out. As for putting it on my home network, the lab is at my work I KVM in to it from my terminal, I scored an amazing job that is paying me to do physical installs and study for certs.