What's The Right Option

Hello,

I have a server that I use it to test software. This server is a Windows
2008 server with Virtual Server 2005 R2 on it. It has a dozen virtual
servers running on an isolated virtual segment. To connect the virtual
servers to the Internet, it uses a physical network interface card. The
address space for the virtual servers must not be the same as any others in
my company. Other networks within the company should not access the virtual
network address space either. Because of a little issue, I need to have the
virtual servers connect to the Internet that the regular networks do so that
they can access preconfigured vendor update servers. I still have to have
all address spaces of all networks separated.

I know that I have to set up a loop back adapter.

What is uncertain to me is what is the correct option:

Trigger the Virtual DHCP server for the external virtual network and run IP
config on the servers

or

On the physical network run ICS (Internet Connection Sharing)

Please help because my boss is waiting for an answer!

--
Thank you for your help!
JYC

If the Firewall has additonal unused interfaces for perimeter networks,..then
use one of those. Or pay for a totally separate Internet connection just for
this purpose.

Without that it is impossible to have the networks totally separated because the
Firewall's LAN interface is obviously "on the LAN",..therefore you have to be
"on the LAN" to use it. I would have no problem with that,...I think total
absolute separation is not that important. To do this, the most straightforward
way it to put a cheap "NAT Device" between the physical host server and the
Firewall. The isolation would only be partial. You could probably gain more by
using a LAN Router instead of a NAT Device and run very strict ACLs


--
Phillip Windell
www.wandtv.com

The views expressed, are my own and not those of my employer, or Microsoft, or
anyone else associated with me, including my cats.
-----------------------------------------------------


"Mr. JYC" <(E-Mail Removed)> wrote in message
news:CE175B1B-E008-424D-8BC0-(E-Mail Removed)...
> Hello,
>
> I have a server that I use it to test software. This server is a Windows
> 2008 server with Virtual Server 2005 R2 on it. It has a dozen virtual
> servers running on an isolated virtual segment. To connect the virtual
> servers to the Internet, it uses a physical network interface card. The
> address space for the virtual servers must not be the same as any others in
> my company. Other networks within the company should not access the virtual
> network address space either. Because of a little issue, I need to have the
> virtual servers connect to the Internet that the regular networks do so that
> they can access preconfigured vendor update servers. I still have to have
> all address spaces of all networks separated.
>
> I know that I have to set up a loop back adapter.
>
> What is uncertain to me is what is the correct option:
>
> Trigger the Virtual DHCP server for the external virtual network and run IP
> config on the servers
>
> or
>
> On the physical network run ICS (Internet Connection Sharing)
>
> Please help because my boss is waiting for an answer!
>
> --
> Thank you for your help!
> JYC

"Mr. JYC" <(E-Mail Removed)> wrote in message
news:CE175B1B-E008-424D-8BC0-(E-Mail Removed)...
> Hello,
>
> I have a server that I use it to test software. This server is a Windows
> 2008 server with Virtual Server 2005 R2 on it. It has a dozen virtual
> servers running on an isolated virtual segment. To connect the virtual
> servers to the Internet, it uses a physical network interface card. The
> address space for the virtual servers must not be the same as any others
> in
> my company. Other networks within the company should not access the
> virtual
> network address space either. Because of a little issue, I need to have
> the
> virtual servers connect to the Internet that the regular networks do so
> that
> they can access preconfigured vendor update servers. I still have to have
> all address spaces of all networks separated.
>
> I know that I have to set up a loop back adapter.
>
> What is uncertain to me is what is the correct option:
>
> Trigger the Virtual DHCP server for the external virtual network and run
> IP
> config on the servers
>
> or
>
> On the physical network run ICS (Internet Connection Sharing)
>
> Please help because my boss is waiting for an answer!
>
> --
> Thank you for your help!
> JYC

I would not use a loopback network and I would certainly not use ICS!

In a situation like that I would set up the vms in their own IP subnet
on their own internal virtual network. If you want to run DHCP you can use
the DHCP option for the virtual network or you can run DHCP on one of the
virtual machines.

To give this network access to the physical network configure one of
your vms to act as a router (with one NIC in the virtual network and one
linked to the physical NIC of the host machine). You can use a Windows
server with RRAS or a Linux OS if you are familiar with with Linux routers.

Configuring the router as a NAT router should give you the isolation you
need. If you need more security than that, run ISA server instead of NAT.

The vms would use the NAT router as their gateway and you could use the
corporate DNS. You could set up a DNS server and set it to forward to the
corporate DNS service if you want your own DNS.