Hello,
I created a virtual lab space, and in doing so, created a vSwitch that is not connected to any physical adapters so that I can have my lab vms connected to each other, but not affect the outside world.
I created a resource group that I keep all the lab machines under.
Other than configuring the host with that vSwitch only, is there any way to guarantee that the lab vms never accidentally get connected to the "live" network? I know this is me being extra paranoid, since configurations do not suddenly change on their own, but I can only shiver at the thought of my test domain controller suddenly being introduced to it's live counterpart, and the chaos in my domain that would ensue!
Hello.
Other than configuring the host with that vSwitch only, is there any way to guarantee that the lab vms never accidentally get connected to the "live" network?
You could set very restrictive permissions on it.
Good Luck!
Please explain.
Are you worried about someone changing this without you knowing? If so, you could set permissions on this VM so that only you have access to it. I don't know of any way to lock a VM to a vSwitch, other than protecting it via permissions from those people that would potentially make this type of change.
No, I'm just worried I might do something dumb, or somehow screw up.
I guess if I cannot lock it down, I just have to be very careful.
You could leave the virtual nic disconnected, except when you are using the VM. That way if something gets changed or if the VM gets powered on, it still won't actually connect.
Yeah, I think that'll be part of my safety net.