Microsoft Azure AZ-800 — Section 11: Manage Hyper-V and guest virtual machines Part 7
93. Configure Hyper-V network adapter
And one of the things obviously, that we are concerned about involving our VMS is that they can communicate on a network in most cases, your virtual machines, you’re going to want them to be able to get out to the internet or you’re going to want them to be able to interact with other virtual machines. In order to do that, of course, you must have network adapters, and these network adapters are called virtual network adapters, and they can be connected to your different virtual machines.
Now, keep in mind that if you start communicating with the external side of things, start going out to the internet and all that. You will actually associate these virtual networks with a physical adapter as well on your host Hyper-V machine.
So, I want to show you a little bit about configuring your Hyper-V virtual network adapters.
So, we’re going to take a look at this server here on my host Hyper-V machine right now that has my NYC DC one, as well as my NYC server one. And I’ve I’ve got my NYC server one virtual machine here. I’m going to right click it and I’m going to click Settings. And then from there, you’ll notice I have one network adapter.
OK, so one adapter that is configured here. And then if I wanted to, I could click add and I could add additional network adapters.
OK, so, I could click add to that and have additional network adapters now. Once you have added network adapters, they also get connected to what are called virtual switches, which I’m not covered in this video, but I will be. But ultimately, right now, this network adapter is connected to this one external internet switch that I have. And then this new one that I just added is not connected to anything at the moment.
OK.
So another thing I’ve got is I can support what’s known as VLANs.
So, if your company is using VLANs, you can select this option and associate the VLAN number with it. All right, another thing you can do is you can enable bandwidth management and you can control a minimal maximum amount of bandwidth that you want the virtual machine to use because obviously some of the virtual machines, depending on the services and applications that you’re running on and they could consume a lot more bandwidth. And so you might want to kind of police that a little bit more, and you can definitely do that by selecting this option right here.
OK. From there, I can again associate it with a switch and wishing and not getting into switches just yet. But I’ve now got my two network adapters here. Click OK, and you’ll notice it says cannot apply changes for network adapter with a minimum of zero. Let me go ahead and just turn that bandwidth off. Click OK. And then from there, we’re just going to start that virtual machine. Up came a virtual machine is started up here enough connected into it, and I’m just going to go down here to start and type the word control. And will open up control panel and take a look.
OK, so here we are, network and sharing. Senator. Come up here to change it after settings, and you can see that I now have my two nicks here Ethernet, Ethernet two right here, of course, it’s connected to Network three because it’s connected to a virtual switch. This object here is representing the virtual switch, but these are my two virtual necks. And so now officially, you got multiple nicks setup on this machine. Of course, I could have added more, but ultimately what you what you really want to do is you want to have physical nicks along with this. Ideally, if you’re going to, maybe you’ve got two physical nicks in your server or more physical nicks in your server, and you’re going to create these virtual nicks and tie those to those physical nicks with the help of virtual switches. And you can do something called nicknaming teaming, which I’m not explaining in this video, but I’ll get I’ll get more thoroughly into it. Ultimately, though, that’s that’s one of the great things you can do now. Another thing you could do also, Is instead of pairing the two nicks together for teaming, you could have one net connected to one network. And another knit connected to another network. And so you’d have the benefit of the server being able to interact on multiple networks simultaneously. But the main thing here is just, do you want to kind of think of virtual nicks, just like physical nicks? And you can do a lot of the same kinds of things that you can do with physical nicks? OK, coming back over here into Hyper-V, I want to show you a couple of other features involving your virtual nicks in regards to your virtual machine.
So here I am looking at NYSE Server one again. I’m going to right click that and go to Settings, go down to my network adapters here, and if I expand that out, I have a feature, an option here called hardware acceleration, and you’ll notice an option that says enable virtual machine queuing.
Now, first thing I want you to know about VM queuing is that virtual machine queuing is a hardware based feature that you’re network adapters would have to support in order for you to take advantage of. This VM queuing is a neat little feature that if you are receiving traffic from the outside world, let’s say from the internet going into a virtual machine, it makes it where this traffic does not have to pass through the host operating system layer. In order to get to the virtual machine. Traffic can be passed directly from the physical nick on the Hyper-V host directly into your virtual machine without having to pass through that host operating system.
OK, so pretty neat feature, but it is something that you must support hardware wise in order for it to take effect. I mean, I have it turned on, but my nick doesn’t necessarily support it, so you’d have to actually have. This a feature that you’ve got on your nick, your physical nick. And then you have IP SEC task offloading. This if you are utilizing IP SEC Internet Protocol. Security is a very powerful encryption and integrity based protocol that can be enabled to protect your traffic that’s going across the network. This going to try to offload some of the processing power within the VA into Hyper-V, OK, and try to give you better performance with dealing with the encryption and decryption of IP SEC. If you go right here to advanced features, you have some advanced features you can take advantage of. First off, you can use what’s called a Mac address spoofing, so allow your virtual machines to change their source Mac addresses. If you want them to be able to do that, change the Mac address on virtual machines. You can turn that on. You have DHP guard. This will make it where your Hyper-V virtual machines will not receive an IP address for from an unauthorized DHP service.
So, if there’s a virtual machine or something that’s pretending to be a DHB server handing out addresses, this not going to allow that.
So, it only Active Directory based authorized DHB servers would be able to hand out addresses if you turn that on. In my case, I had my router handing out addresses, so, I wouldn’t want to turn that off. But then you’ve got Router Guard, Router Guard is going to drop routing advertised advertisements. Basically, if there’s a virtual machine that’s sending out router messages as though that virtual machine is a router. This would make it where does not allow that information to be propagated.
So messages won’t be propagated involving a virtual machine acting like it’s a router. There’s a concept that hackers use, known as virtual machine escaping for a version where a hacker connects into a virtual machine and tries to escape out by tricking different services into doing different things. And one way a hacker has been known to do that is to set up a software based router on a virtual machine and try to trick routers into routing traffic because they think that they’re talking to a router. Turning this on is going to prevent that from happening. You’ve got protected net. This a failover clustering based system, if you’re using failover clustering with your virtual machines, then it’s going to detect if network traffic is not communicating between two virtual machines that are in a failover cluster, it’s going to go ahead and trigger a fail over. This generally something you would keep turned on. Port mirroring is a feature that allows you to sniff network traffic on virtual machines.
So, if you want, if you got like a Wireshark or something like that, you need to be able to sniff traffic from source and destination. You can turn on port mirroring. Then you got Nic teaming, which NIC team is going to let you pair next together and team them together together for better bandwidth and fault tolerance for your NIC. And then lastly, you have device naming. Device naming allows it if you’re a virtual machine, supports device naming a lot of the newer operating systems do, then what will happen is when the newer operating system gets created gets installed on a virtual machine. It can take the name of your virtual machine.
So, in my case, my virtual machine name is NYC SVR one -server image for 2022. It will take that name if I turn that on else. If you don’t turn it on you, then you just have to manually name virtual machines.
OK. And those are the network adapter settings that you can configure for your virtual network adapters.
94. Configure NIC teaming
I don’t want to discuss a neat little feature that we have with Hyper-V, known as Nic, teaming now traditionally with Nic, teaming what you want to think of is having a physical server with Hyper-V running on it and maybe multiple physical networks that are connected into that server. From there, these physical nicks can be connected to your network and they could be teamed together, right? Teaming essentially means that I’m going to connect these two next together on the same network so that they can both send and receive traffic at the same time, which is going to improve my performance. It’s also going to improve redundancy because of the fact that if I have two nicks and they’re both sending receiving traffic on the network, if one of the nicks fails, then the traffic can fail over to the NIC that is remaining. And so, we can then have in regards to Nick teaming on our physical server, not only that we can with our virtual machines, we could actually set up Nic teaming on our virtual machines and utilize the same kind of capability with our virtual NICS associated with their physical NICS.
OK.
Now, in order to set this up, I’m going to right click my server one here and go to settings and I’ve got some nicks here. And of course, you can add as many nicks as you want by going right up here. But one thing I need to do is I’m going to disconnect them from any switches because sometimes it will throw an error when you try to do Nic teaming if they are connected to switches. The next thing I’m going to do is I’m going to expand this out and go to advanced features, and then I’m going to turn on Nic teaming right here.
So go ahead and apply that. All right. And then I’m going to go to the second one here, but to turn it on there? So, we’re going to go ahead and apply it there. And then I’m going to go to this last one here, and we’re going to apply it there as well.
OK, so at that point, we have our necks here disconnected from the switches, and we’ve got the Knicks now set to support Nic teaming.
So, we’re going to go ahead and click OK to that. And we’re just going to start this virtual machine up and then we’ll connect into it once it gets started. Once my virtual machine is up and running, I can go over here to server manager and we’ll go to local server and we don’t have to load up. You’ll notice we have an option here, says Nic teaming. And currently that is disabled, right? So, we’ll just go ahead and click that. And then from there you’ll notice we have our adapters. Here we’re going to click Task New Team. I’m just going to call like nicotine for lack of a better name. Select my adapters. That’s going to be involved in the NIC team and click OK. All right. At that point, it’s now officially creating the Nic and the nicotine, and at that point I can go ahead and connect those back to switches, and I’ve now officially got myself a nicotine.
So, I’ll just real quick, I’ll show you how to connect those back to switches. And then at that point, you’ll have the nicotine officially working.
OK, so right here, I’ve got my NYC server one, I’m just going to go get settings and then I am going to just connect those to my virtual switch. And they are officially set up. Of course, the only team, a couple of them together, but I just went ahead and connected them all to, I connected them all to the same switch. Keep in mind that you know your physical notes. You’d have to have the physical text on the server and you know, you could team those together on the physical knick and then teaming the virtual interfaces would let you take advantage of that. But ultimately, that is how you set up a NIC team using Hyper-V.
95. Configure Hyper-V switch
I’d like to take some time now and explain to you how configuration of what are called virtual machines, which is work. All right.
So, inside of Hyper-V here, if we look to the right, we have this thing called Virtual Switch Manager. We can click on a virtual switch manager. And then from there we have the option of creating three different types of switches.
Now you probably are aware that in the physical networking world, we use network switches that allow us to connect cables. Ethernet cables, fiber optic cables, whatever into our networks. And communicate using wires, right? Well, in the virtual networking world, we have virtual switches and we can connect our virtual machines to our virtual switches.
Now there are three different kinds of virtual switches that we can create, and I would like to just briefly kind of help you visualize how these three different virtual switches work.
So let me draw this out for you.
OK, so, If you think about a Hyper-V server, let’s say that this rectangle here is going to represent a Hyper-V server. Hyper v host server, OK? And of course, we’ve got maybe the internet right here, this cloud is going to represent our internet connection. All right. And of course, on our. Hyper-V server we have now worked after car, OK, this green thing here is going to represent a network adapter card. And of course, we’ll put that right here. All right. Of course, we could also have multiple network adapter cards together. We could team those in course, you know, we got internet connections. Maybe, these are going out to the internet and maybe they’re connected to a network switch and router and gets us off to the internet. Everything is great. Then they’re teamed. And this would be, you know, ideally the way you’d want that physical server we set up. But then what we also have is we have virtual machines, right? So, we have virtual machines. They say a VM and our virtual machines also have. What is known as a virtual Nick? Let me just illustrate this a little differently. There we go. V-neck. All right. And so. We can have multiples of those Vinick’s connected and team together as well, but we’re just going to connect. We’ll do that right there.
OK. And then perhaps. Maybe, we’ve got. Multiples of these. Right, that are connected.
So the first type of switch we have, that’s very simple is the concept of what’s called an external switch.
OK, so an external switch is a switch we can create on Hyper-V that basically once we use it, it is going to link us to our external connection.
So you’ll have an external switches connected to our external nicks or external Knick team. And then if we want to get our virtual machines out to the internet, we could simply just connect them to this external switch. At that point, those virtual machines could connect to the internet. They could communicate with the Hyper-V host server, they could connect to the internet. They could also connect each other because they’re all on the same switch.
OK, so that is, you know, one option that we can go with. All right.
So another option that we can go with is. We can create something called a private switch now, a private switch. Let me just illustrate that real quick. A private switch is a switch that will not allow you to get out to the internet, and it will only allow the virtual machines to communicate with each other, they cannot communicate with the Hyper-V host. They can only communicate with each other.
So, if I was to do this right here and connect these these machines to this private switch, they would not be able to get out to the internet. They would be able to communicate with each other.
OK, but they would not be able to get out to the internet.
OK, if I did that.
Now, speaking of which to, let’s say, we had.
Some more VMS. Just. Illustrate that. And I’ll just copy this object here. There we go. Put that right here. All right. And so, If we move this right here, let’s just move this up a little bit.
OK. And we got three more virtual machines running. We could connect them all to that private switch or not.
OK. And if we connected these three, they could talk to each other, they could talk to these VMS. They also cannot communicate with the Hyper-V host, so you wouldn’t build to share files or anything.
So, they wouldn’t be able get out to the internet and they couldn’t communicate with Hyper-V host. You could. If you wanted to mix and match this, you could have, you know, I could have a private switch here and a private switch here. And maybe I want, you know, these these machines to communicate these and then maybe these two are on this and you could mix and match any way you want.
OK, so that is called a private switch private switches. The computers can communicate with each other that are connected to the private switch, but they can’t communicate with Hyper-V host, and they can’t communicate with the internet because they’re not connected to the external.
OK, know, the third and final type of switch is cold. This known as an internal switch.
OK, now an internal switch. What an internal switch will let you do. He is you can communicate the virtual machines can be can communicate with each other and they can communicate with the Hyper-V host.
OK. All right.
So, if you look at what I’ve done here. I’m going to connect that being to the external switch, so, If you look you would you would be able to see that these these two virtual machines connect to private switch. They can communicate with each other, but nobody else. These three right here, these three right here, I should say, are all connected to on the central switch. They can communicate with each other and they can communicate with the Hyper-V host server. This, but they can’t get out to the internet. None of them can get out to the internet, except this guy right here because he is currently connected to the internal switch. Our external switch.
Sorry.
So you can get out to the internet now. Alternatively, don’t forget that one other option one of the thing that is possible is if you really, really wanted, you could have a second nick in one of these virtual machines, for example, I could put it there, and then I could connect him to the external switch.
So then therefore you got this guy right here who could connect both. Alternatively, and this getting a little bit crazy, but if you wanted, you could even enable network address translation on this machine if maybe it was a server, and you could allow these VMS to go through him to get out to the external, switching it up to the internet. That’s getting a little bit crazy, but it is. It is doable.
OK, so hopefully this drawing now helps you get a better visualization of what the switches can do.
So back over in a Hyper-V, I can click on Virtual Switch Manager, create whichever switch that I want.
OK. Just by clicking to create. There’s an internal switch, give it a name, whatever you want to name it, or if you want to make it an extra on switch.
Now when you choose the external switch, you do have to attach it to a physical nick or a nick team. All right. And so that’s that’s pretty important. And of course, this little checkbox allow management operating system to share this network adapter. That’s important, too, because this the your operating system could is wanting to share the adapter with your operating system as well. You don’t want to make it where it’s purely just Hyper-V in this case.
Now, if you do you if you do want to do that, if you want to allow the management operating system to share this network adapter, you can actually make it where it’s just for Hyper-V. You can have a dedicated nick.
OK. But anyway, so that’s what that option is. You could also select VLAN if you had V lanes on your network. And then, of course, you’ll notice that you can do VLANs with internal network switch, but not the private switch.
OK. All right. But once you’ve created your switches the way you want, then you just go to your virtual machines. Right click settings. You select your network adapter or network adapters, and then select which switch you want to connect it to. And that’s it. You are now officially connected to that switch, and hopefully that gives you a much better understanding of dealing with Hyper-V virtual switches.