VMware Communities
mraaronp
Contributor
Contributor
Jump to solution

Recommended reading on VMworkstation teams

Hi Everyone,

I am trying to setup a a development network for one of my developers. Here is what we want to do:

2 Windows 2003 Server systems, one Windows 7 system

one will be a DC for a dev domain, as well as WSUS

One will be Exchange 2007 system

Windows 7 box will be domain member and connect to exchange.

We want the DC to be able to get out to the internet to get updates, but not interfere with the corproate domain. The exchange box should only be able to talk to the Windows 7 box, and to the DC.

I have tried setting this up, and i can get the DC talking to the internet by using bridge or NAT mode, but i can't seem to get the other systems to talk to the DC. All three systems have 1 LAN segment on them (the DC also has a NAT/BRIDGE connection)

Any help would be appreciated, or if someone can provide me with some document that i could follow, that would be great.

Thanks in advance

app

Tags (3)
Reply
0 Kudos
1 Solution

Accepted Solutions
golddiggie
Champion
Champion
Jump to solution

Since you want to limit the communications to just the three

systems/VM's using the host-only networking between them is going to

give you that. It will isolate them from your LAN and regular domain as

well. Since you were talking about just having the DC go out for Windows updates, it makes more sense to have everything else in the sandbox. You can also think about setting up the DC to also perform WSUS functions to the other systems so that they never need to go out to the internet for updates.

Host-Only networking is for creating isolated networks that won't impact any other segments on the network/LAN wherever you go. With the DC in the mix, you'll be able to have full domain functionality within that sandbox. If you leave the DC with the connection to the regular LAN, someone on the networking team, or someone just browsing the network, could (or will eventually) see that domain and raise questions about it. It's far easier to have the bubble network on your system, that's not connecting out, than to explain why there's yet another (foreign) domain on the network.

VCP4

View solution in original post

Reply
0 Kudos
5 Replies
golddiggie
Champion
Champion
Jump to solution

Use the host-only network option for all three VM's to communicate with each other. Have the DC with a second NIC that connects out to the internet, but only use that when you actually need to get out. (uncheck the "connect at power on" option for that one, just use the "connected" option when you need to use that network leg). Since you're making one of the VM's a DC, have it perform the DNS/DHCP duties for the other two VM's as well. Make a completely unique (local) domain for the three systems to be members of.

That should make a "sandboxed" or "bubble" network that's isolated to just the virtual environment on that one system. IF you have enough resources on that system, you could add more guests to extend the testing.

VCP4

mraaronp
Contributor
Contributor
Jump to solution

So i should use the Host Only, and not a LAN segment? If i don't use a LAN segment for this setup, when do i use it?

Reply
0 Kudos
golddiggie
Champion
Champion
Jump to solution

Since you want to limit the communications to just the three

systems/VM's using the host-only networking between them is going to

give you that. It will isolate them from your LAN and regular domain as

well. Since you were talking about just having the DC go out for Windows updates, it makes more sense to have everything else in the sandbox. You can also think about setting up the DC to also perform WSUS functions to the other systems so that they never need to go out to the internet for updates.

Host-Only networking is for creating isolated networks that won't impact any other segments on the network/LAN wherever you go. With the DC in the mix, you'll be able to have full domain functionality within that sandbox. If you leave the DC with the connection to the regular LAN, someone on the networking team, or someone just browsing the network, could (or will eventually) see that domain and raise questions about it. It's far easier to have the bubble network on your system, that's not connecting out, than to explain why there's yet another (foreign) domain on the network.

VCP4

Reply
0 Kudos
mraaronp
Contributor
Contributor
Jump to solution

Thanks for the help. I will test this out and let you know if i have any problems

app

Reply
0 Kudos
golddiggie
Champion
Champion
Jump to solution

I would only use the host-only networking option when you want to isolate all network traffic to just the VM's within that bubble. Such as what you're looking to do. By adding the secondary NIC to the DC, so it can go out for updates, and enabling it just when you need to get updates, you maintain the bubble for the majority of the time. If you have the resources on your host system, you might want to think about creating a WSUS server as well, that can go both out to the web, and has a leg in the bubble network, so that it can perform all your Windows updates for you. Keeping the DC to just the host-only networking could, also, prevent additional issues/troubles for you (either on the VM or within your job/company).

The last WSUS I created wasn't on the DC, or any other server. I made it as a stand-alone VM so that I didn't need to worry about sharing resources on that VM with other software. It made for a very efficient system, pushing out the updates as I decided. You can set that up so that updates are only performed when you wish (daily, weekly, monthly, etc.). You could have the WSUS pull down the updates during off hours, provided you enable the secondary (Bridged would be my suggestion) NIC before hand.

I would probably do you well to map out the servers, and services, you're looking to create with this test environment to get a better handle on everything.

VCP4

Reply
0 Kudos