Book Image

Hyper-V Network Virtualization Cookbook

By : Ryan Boud
Book Image

Hyper-V Network Virtualization Cookbook

By: Ryan Boud

Overview of this book

Related Content you might be interested in

Current Title:

Small book image
Hyper-V Network Virtualization Cookbook
Ryan Boud
Nov, 2014 | 228 pages
No titles found
Table of Contents (16 chapters)
Hyper-V Network Virtualization Cookbook
Hyper-V Network Virtualization Cookbook
Credits
Credits
About the Author
About the Author
About the Reviewers
About the Reviewers
www.PacktPub.com
www.PacktPub.com
Preface
Preface
Free Chapter
1
Installing Virtual Machine Manager
Installing Virtual Machine Manager
Introduction
Deploying the required service accounts
Creating the distributed key management container in Active Directory
Installing Virtual Machine Manager on a single server
Installing a highly available Virtual Machine Manager server
2
Configuring Networks for Hyper-V Network Virtualization
Configuring Networks for Hyper-V Network Virtualization
Introduction
Creating the required Logical Networks in Virtual Machine Manager
Creating the required Port Profiles in Virtual Machine Manager
Creating and assigning Logical Switches to Hyper-V hosts
Creating the Virtual Machine Networks for Tenants
Testing the basic Virtual Machine Networks
3
Creating the Gateway for Virtual Machine Communications
Creating the Gateway for Virtual Machine Communications
Introduction
Creating a Logical Network, Port Profiles, and Logical Switches for external access
Creating a Hyper-V Network Virtualization gateway manually
Creating a Hyper-V Network Virtualization gateway with a Service Template
4
IP Address Management Integration with VMM for Hyper-V Network Virtualization
IP Address Management Integration with VMM for Hyper-V Network Virtualization
Introduction
Installing IPAM in Windows Server 2012 R2
Integrating IPAM into VMM
Using IPAM data for reporting
5
Windows Server Gateway Configuration
Windows Server Gateway Configuration
Introduction
Network Address Translation with the gateway
Direct Routing and how it is different from NAT
6
Implementing Network Isolation in Hyper-V
Implementing Network Isolation in Hyper-V
Introduction
Understanding VLANs in Hyper-V and VMM, including the PowerShell cmdlets
Understanding Private VLANs in Hyper-V and VMM, including the PowerShell cmdlets
7
Network Access Control Lists
Network Access Control Lists
Introduction
Locking down a VM for security access
Applying rules to a list of VMs
VM Templates
VM Templates
Configuration
Sysprep
Planning the Virtual Machine Manager
Planning the Virtual Machine Manager
Preparing
How to plan the Virtual Machine Manager
Index
Index

Creating the distributed key management container in Active Directory

Some of the data stored by VMM needs to be held securely, so it cannot be compromised. For example, when you store user credentials in VMM for Run As accounts, the passwords for these are encrypted. When you install VMM, you are given the choice of where to store the encryption keys, as shown in the following screenshot:

It is required to always store your encryption keys in Active Directory if you are going to deploy a highly available (clustered) installation of VMM.

The account used to install VMM must have full control over the container in Active Directory for the duration of the installation. During the installation, the installer program reconfigures the security of the container to ensure that only the correct security principles have access.

For a small scale installation, a single container in the root of Active Directory could be created to store the encryption keys. For a large-scale implementation where several different installations of VMM may be required due to the number of hosts and/or virtual machines, it is advisable to create a parent container in Active Directory and then have containers within the parent for each installation of VMM.

Getting ready

You will need to have sufficient access to Active Directory to create Container objects.

How to do it…

The following diagram shows you the high-level steps involved in this recipe and the tasks required to complete this recipe:

There are two possible methods of creating a container in Active Directory: one is using ADSI Edit and the other is via PowerShell. The method discussed here will be PowerShell-based:

  1. On a Domain Controller, or a machine where the Active Directory PowerShell Module is installed, open an elevated PowerShell console.

  2. The following PowerShell line will create a container called DKMVMM in the root of Active Directory:

    New-ADObject –Name DKMVMM –Type container –Path "DC=ad,DC=demo,DC=com"

  3. Once the container has been created, the user who will be installing VMM needs to have full control of the container and that permission must apply to the container and all descendant objects. The following PowerShell will perform this function:

    Set-PSDrive AD:

$VMMInstallAccount = Get-ADUser -Identity Install_VMM

$SID = New-Object System.Security.Principal.SecurityIdentifier $VMMInstallAccount.SID

$DKMVMMacl = Get-Acl -Path "CN=DKMVMM,DC=ad,DC=demo,DC=com"

$ObjectGuid = New-Object Guid 00000000-0000-0000-0000-000000000000                           

$newACL = New-Object System.DirectoryServices.ActiveDirectoryAccessRule $SID,"GenericAll","Allow",$objectguid,"All"

$DKMVMMacl.AddAccessRule($newACL)

Set-Acl -AclObject $DKMVMMacl -Path "CN=DKMVMM,DC=ad,DC=demo,DC=com"

This recipe is complete and the Distributed Key Management container is now ready to be used by DEMO\Install_VMM during installation.

How it works…

When VMM is installed, it uses the Distributed Key Management container to store its encryption keys and using the privileges granted to it previously, it will lock down the container to ensure that only the account running the VMM Management Service, the VMM Installation Account, and Domain Administrators have access to the container.

Previous Section
End of Section 4
Next Section