Hyper-V, the fantastic Windows Server 2008 new feature have a small limit I discovered when on my "home/handmade server:-)" I tried to use it. It doesn’t manage wireless networks. This is "by design", as clearly described by Ben Armstrong in his blog. This absolutely make sense because Windows Server 2008 and Hyper-V is a server oriented product.
Despite of this, there are scenarios I can define "consumer" or "Lab" oriented where allow to Hyper-V to interact with a wireless network can be required. The scenarios list include:
- A test server at home connected via wireless to both Internet and other home PCs via a SOHO router (my scenario 🙂
- A server machine used on a live/conference demo connected to the speaker’s PC via wireless
For these scenarios, we can identify following connectivity requirements:
- to allow to guest machine (on Hyper-V) to access to Internet
- to allow to guest machine to access to other machines connected to wireless LAN
- to allow to other machines connected to the wireless LAN to access to guest machine
- to allow to guest machine to be exposed and accessed from Internet
The great Ben’s post on this topic, address just the scenario (1) leaving other not covered. Objective of this post is to show a configuration that allow to address all above requirement in 15 minutes or less:-)
Well, Hyper-V allows to create "Internal Virtual Networks" (IVN). These IVN are networks visible from both HOST and GUEST operating systems. In example if I have an internal virtual network called "RoI" (Route over Internet:-) on my host machine (i.e. SRV04.local) and the this network is shared with 3 guest machines (GUEST01.local, GUEST02.local, GUEST03.local), I’ll have a "virtual" network topology as shown below:
In order to create a new virtual internal network switch you have to:
- Open the Hyper-V Manager and select your server.
- Select Virtual Network Manager… from the action pane (on the right).
- Select New virtual network and choose to Add an Internal network.
- Give the new virtual network the name you want hit OK.
Because SRV04.local have a wireless network card too, SRV04.local now have 2 network cards. Through this second network card, it is able connect to wireless network (WIRELESS) that allows it to interact with both other PC connected via wireless and to Internet.
Now, in order to allow to GUEST machines to interact with both machines connected to wireless LAN AND Internet we can enable HOST machine (SRV04.local) to act as a router.
Windows Server 2008 have a standard role called "Network Policy and Access Service" that can be activated to allow this kind of scenario.
Before to proceed, in order to simplify the discussion, let’s assume to use following network configuration:
- IP Range: 192.168.1.x (1<= x <=255)
- Subnet Mask: 255.255.255.0
- DNS == Default Gateway == 192.168.1.1
- Wireless LAN is private and router act as a NAT to allow local machines to access Internet.
- IP Range: 192.168.2.x (1<= x <=255)
- Subnet Mask 255.255.255.0
- DNS: 192.168.1.1
- Default Gateway: 192.168.2.6 (SRV04 machine on RoI LAN!)
- IP on Wireless LAN: 192.168.1.6
- IP on RoI LAN: 192.168.2.6
Steps required to allow GUEST01.local to access to Internet are following:
- enable and configure "Network Policy and Access Service" on SRV04.local
- add a static route on "default gateway" router
Step1: how to configure/enable "Network Policy and Access Service"
From Server Manager, select "Add Role".
Select "Network Policy and Access Service", then click Next.
Select "Remote Access Service" and "Routing" then click Next.
Select "Custom Configuration" then click Next.
Select "LAN Routing only" then click Next.
when finished, select "Start Service" on server manager.
Step 2: how to configure your default gateway router
Previous configuration is not enough to allow routing because you still need to say to your router that addresses 192.168.2.x must be forwarder to SRV04.local machine. You can obtain this adding a static route on your router. Almost every SOHO router of €50 or more is able to do this, please refer to your router manual to discover how to do this.In example, at home, I have a Netgear toy that shows the following page
In our example have to add a route to 192.168.2.0 mask 255.255.255.0 through 192.168.1.6
And that’s all! Now your guest machine can access to Internet. The cool think is that with this configuration, and thanks to your cheap:-) router too, someone from Internet can access to a service based on your GUEST machine. In example, if you have an IIS on GUEST01.local and you want to show it on Internet, you can use the port forwarding option of your router with following parameters:
- Service/Port: 80
- Server IP Address: 192.168.2.10
Again for more information on port forwarding please refer to your router instruction manual.
This configuration still doesn’t allow:
- Other machines on your wireless LAN to access to GUEST01.local
- GUEST01.local to access other machines on your wireless LAN
This because machines on your wireless LAN have as default gateway 192.168.1.1 and the router is not smart enough to understand that 192.168.2.x addresses must be routed to SRV04.local. The easy solution is to add a static route on each machine connected to the wireless LAN. You can achieve this adding a static route via command prompt with the following instruction:
- route ADD 192.168.2.0 MASK 255.255.255.0 192.168.1.6
Remember that this action, on Vista, requires elevation.
Thanks to Marcello "router" Formica for the fundamental help:-)