X hits on this document

189 views

0 shares

0 downloads

0 comments

29 / 62

29

  • The virtual network switch itself, which sets the VLAN ID the parent partition‘s virtual network adapter will use

  • The virtual network adapter of each guest, which sets the VLAN ID the guest will use

The diagram below illustrates an example of using a single physical NIC in the host that is connected to an 802.1q trunk on the physical network carrying three VLANs (5, 10, 20). The design objectives in this example are:

  • An 802.1q trunk carrying 3 VLANs (5, 10, 20) is connected to a physical adapter in the host.

  • A single virtual switch is created and bound to the physical adapter.

  • The VLAN ID of the virtual switch is configured to 5, which would allow the virtual NIC in the parent to communicate on VLAN 5.

  • The VLAN ID of the virtual NIC in Child Partition #1 is set to 10, allowing it to communicate on VLAN 10.

  • The VLAN ID of the virtual NIC in Child Partition #2 is set to 20, allowing it to communicate on VLAN 20.

The expected behavior is that there is a single virtual switch; the parent and two children can only talk on their respective VLANs, and they can‘t talk to each other.

Child Partition #1

Child Partition #2

OS / Application

OS / Application

Parent Partition

OS / Application

TCP/IP

Virtual NIC

TCP/IP

TCP/IP

VLAN 5

Physical NIC

Virtual Network Switch

Virtual NIC

Virtual NIC

VLAN 10

VLAN 20

Hyper-V Host Server

802.1q Trunk (VLAN 5, 10, 20)

Physical Network

Security Considerations

Microsoft Hyper-V was designed to minimize the attack surface on the virtual environment. The Hypervisor itself is isolated to a microkernel, independent of third-party drivers. Host portions of the Hyper-V activities are isolated in a parent partition, separate from each guest. The parent partition itself is a virtual machine. Each guest virtual machine operates in its own child partition.

These are the recommended security best practices on a Hyper-V environment,

Document info
Document views189
Page views189
Page last viewedFri Dec 09 21:44:20 UTC 2016
Pages62
Paragraphs1090
Words16693

Comments