1

Hi,

I am setting up a new server, and have installed Hyper V. I know just enough to get myself in trouble.

I did a P-to-V conversion using the Star Winds conversion tool. I have started it up, without a network, because the system it will “replace” is active. I work for a public library. We have essentially two networks, one business, and one public. The server itself is on the business side and has a static IP of 10.1.1.X. The system I converted is actually on the public side and has an IP of 10.12.1.X. Is it possible to do this? The 10.12.1 system runs our time and print management software. It doesn’t need to be virtualized, but it would be nice. I thought about plugging in the 2nd NIC to the public side, but since this server will host another critical system that is on the business side, I did not want to risk opening things up.

TIA

6 Spice ups
2

By default vSwitches on Hyper-V are trunks, all traffic passes.

Your physical switch, connecting the port(s) from your HV server, also need to be trunks.

Then you simply apply the VLAN ID to the VM and assign the corresponding IP or enable DHCP.

All being well, this should be resolvable as it would be when physical.

Does that cover your query?

3 Spice ups
3

If you’re using VLANs, you can use just the one NIC interface, and assign the correct VLAN tag to the VM’s NIC in Hyper-V Manager. If you are not using VLANs and are using separate switches for the two networks, plug in a second NIC on the host to the public network. Create a new virtual switch, but DO NOT share it with the management OS. This will keep the host off of the public network, and things will be reasonably secure. You can double check by running “ipconfig /all” from the command prompt. The second NIC should not appear on the list. If you see two NICs with an IP address, that is a sign that you don’t have things correct.

2 Spice ups
4

I would think you should speak to your IT management on what their policies and audit requirements are ?

For some very public organizations or even banks, they have different server hardware for different purposes, in current times, different hosts (ESXi or Hyper-v) for different VMs that serve different purposes.
They could have one set of hardware for Internal usage and another set of hardware for public facing usage. These 2 sets of hardware are usually on very different networks usually separated by a firewall and/or even not connected at all (own set of switches & their own Internet connectivity etc).

I think your current set up is running on 2 networks, 2 sets of server hardware etc…if you want to convert them into VMs and “merge” the networks etc, you will really need to know what you are doing BEFORE even proceeding and get the correct hardware (Servers with multiple NIC cards and/or multiple NIC ports, firewall, managed network switches) and correct config (like creating a DMZ zone, different VLANs). Then you need to know how to manage the VMs and the hosts like populating VLANs to the vSwitches and presenting which vSwitch to which VMs etc…

I would find it rather unacceptable just to plug in a 2nd NIC card or use additional NIC ports and expose the host to the public while the host also have other critical VMs that may hold public data and/or customer’s personal data.

1 Spice up
5

Assuming compliant with policy and security design, then - yes if you have two physically separate networks now then using a different nic for each network will work. On the hyper-v server you need to create a second ‘virtual switch’ of type ‘EXTERNAL’ and select the 2nd nic to attach to this switch. perhaps name it ‘public’. Then in the settings of the new VM, select this second new virtual switch network to use for the virtual network adapter.

If using vlans, then as above trunk the public vlan to the server, select the vlan ID in the public vm settings.

1 Spice up