Setting up a VS network

Hi I am having problems trying to configure a Virtual Server set up.

I think what I am trying to do is quite unusal but i'm sure it should be
possible.

I have a demo laptop running Vista Business and have loaded virtual server.

I have created a virtual network called DemoNet and attached the physical
network card to this. I have configured the server 2k3 as a domain controler
called DemoDomain and would like to now connect a client to this domain all
on the laptop. I tryed to add the laptop that I am useing to the DemoDomain
however it could not find the DNS server even after I created alternative DNS
setting pointing straight at it.

I then started thinking that what I need is a new Local Area Network
connection on the laptop that is set up on DemoNet. However I can't find a
way of doing this through Vista. Anyone got any ideas?

Ok so I have made some progress with this, what I needed was a loop back
adapter configured on the host machine and to create a virtual network with
that.

This has got my V server, V Xp and the host vista enviroments all talking to
each other with out a network cable attached.

Next problem that I am having differculty with is that I can no longer get
either virtual machine to ping the default gateway properly.

I have added 2 network adapters on both the V xp and the V server box one
based on the loopback adapter of the hostmachine the other connecting
directly to the phisical network card of the host machine.

But not getting through to the internet at all maybe it's something to do
with ordering which adapter to try first or something....

anyone got any ideas>?

"AlexisColes" <AlexisColes@discussions.microsoft.com> wrote in message
news:F2BB71A7-809A-4B3C-9BF6-0104905FC4EE@microsoft.com...
> Ok so I have made some progress with this, what I needed was a loop back
> adapter configured on the host machine and to create a virtual network
> with
> that.
>
> This has got my V server, V Xp and the host vista enviroments all talking
> to
> each other with out a network cable attached.
>
> Next problem that I am having differculty with is that I can no longer get
> either virtual machine to ping the default gateway properly.
>
> I have added 2 network adapters on both the V xp and the V server box one
> based on the loopback adapter of the hostmachine the other connecting
> directly to the phisical network card of the host machine.
>
> But not getting through to the internet at all maybe it's something to do
> with ordering which adapter to try first or something....
>
> anyone got any ideas>?
>
This is a pretty common problem when people have never used a network
until they set up a virtual network. What you are seeing is normal behavior.
Setting up a domain and giving it Internet access is not straight-forward.

1. You should not run a domain controller on the same network as the
physical NIC. If you plug you laptop into a network to do a demo, that
network will see your DC and could cause havoc. You should not use your DC
as an Internet router (unless you are running SBS server).

2. With Active Directory, the client machines (and the DC itself) should
only point to the local DNS server. No other DNS server has the necessary
SRV records to find AD resources. If you have Internet access, you need to
set up this DNS server to forward to a public DNS service to resolve foreign
URLs.

3. The AD machines on the loopback network should be in their own IP subnet.
To use the Internet they need a NAT router to share the host's Internet
connection. If your laptop is running a client OS like Vista, the only
built-in option is ICS, and this does not work well with AD. You might need
third party NAT software. The setup would look like this.

Internet
|
public IP for Internet connection
host machine NAT
private IP on loopback adapter
192.168.21.254 dg blank
|
DC
192.168.21.1 dg 192.168.21.254
|
workstation(s)
192.168.21.x dg 192.168.21.254
dns 192.168.21.1


4. The best solution is to run a NAT router in a vm, but it requires enough
memory to run another vm and also you need to know how to set up NAT
software in RRAS (or Linux).

I run my AD setup on a virtual network with no connection to the host or
the physical network. This connects to the physical network through a vm
running Server 2003 as a NAT router. the setup looks like this.

Physical LAN (and thence to Internet)
|
______________________________
| |
10.1.1.99 dg 10.1.1.1 host and physical machines
RRAS/NAT 10.1.1.x
dg 10.1.1.1
192.168.21.254 dg blank
|
DC
192.168.21.1 dg 192.168.21.254
|
clients
192.168.21.x dg 192.168.21.254
DNS 192.168.21.1

Hi Bill, many thanks for the reply. Has taken a little while to sink in But
I think I see what you are getting at now.

I am going to set up another VM to act as the RAS server, dosn't really
matter about the ram as I will only need to launch it when I want to connect
to the outside world.

I am just setting up the new VM now and am wondering if I will be able to
remote desktop to the machines that are on the loop back adapter?

"AlexisColes" <AlexisColes@discussions.microsoft.com> wrote in message
news:F6A660FE-62C6-4969-9588-751A3358CFBE@microsoft.com...
>
> Hi Bill, many thanks for the reply. Has taken a little while to sink in
> But
> I think I see what you are getting at now.
>
> I am going to set up another VM to act as the RAS server, dosn't really
> matter about the ram as I will only need to launch it when I want to
> connect
> to the outside world.
>
> I am just setting up the new VM now and am wondering if I will be able to
> remote desktop to the machines that are on the loop back adapter?

If you are using a vm as the router, I would put the other vms in a
private virtual network rather than the loopback network. You do not really
need a connection the the host machine.

You only really need the loopback adapter if you are using the host as
the router.

On Sat, 11 Oct 2008 10:35:20 +1100, "Bill Grant"
<not.available@online> wrote:

>
>
>"AlexisColes" <AlexisColes@discussions.microsoft.com> wrote in message
>news:F6A660FE-62C6-4969-9588-751A3358CFBE@microsoft.com...
>>
>> Hi Bill, many thanks for the reply. Has taken a little while to sink in
>> But
>> I think I see what you are getting at now.
>>
>> I am going to set up another VM to act as the RAS server, dosn't really
>> matter about the ram as I will only need to launch it when I want to
>> connect
>> to the outside world.
>>
>> I am just setting up the new VM now and am wondering if I will be able to
>> remote desktop to the machines that are on the loop back adapter?
>
> If you are using a vm as the router, I would put the other vms in a
>private virtual network rather than the loopback network. You do not really
>need a connection the the host machine.
>
> You only really need the loopback adapter if you are using the host as
>the router.

If one wants to access the guests via RDP from the host, how can one
set it up then? Without the loopback and with the guests in private
there is no connectivity from the host to the guests...

AFAIK you need network connectivity between the host and the guests to
do RDP and if you put them into private then you need some method to
get into that network from the host.

Would it be possible to use the RRAS router (in the VM) to handle VPN
tunneling from the outside world into the private network and then use
RDP to the guests?

--

Bo Berglund (Sweden)

"Bo Berglund" <boberglund@home.se> wrote in message
news:42a0f4tsf5eft4ig995oed6prsstjfrmpq@4ax.com...
> On Sat, 11 Oct 2008 10:35:20 +1100, "Bill Grant"
> <not.available@online> wrote:
>
>>
>>
>>"AlexisColes" <AlexisColes@discussions.microsoft.com> wrote in message
>>news:F6A660FE-62C6-4969-9588-751A3358CFBE@microsoft.com...
>>>
>>> Hi Bill, many thanks for the reply. Has taken a little while to sink in
>>> But
>>> I think I see what you are getting at now.
>>>
>>> I am going to set up another VM to act as the RAS server, dosn't really
>>> matter about the ram as I will only need to launch it when I want to
>>> connect
>>> to the outside world.
>>>
>>> I am just setting up the new VM now and am wondering if I will be able
>>> to
>>> remote desktop to the machines that are on the loop back adapter?
>>
>> If you are using a vm as the router, I would put the other vms in a
>>private virtual network rather than the loopback network. You do not
>>really
>>need a connection the the host machine.
>>
>> You only really need the loopback adapter if you are using the host as
>>the router.
>
> If one wants to access the guests via RDP from the host, how can one
> set it up then? Without the loopback and with the guests in private
> there is no connectivity from the host to the guests...
>
> AFAIK you need network connectivity between the host and the guests to
> do RDP and if you put them into private then you need some method to
> get into that network from the host.
>
> Would it be possible to use the RRAS router (in the VM) to handle VPN
> tunneling from the outside world into the private network and then use
> RDP to the guests?
>
> --
>
> Bo Berglund (Sweden)

It is certainly true that you need an IP connection from the host to
the guests if you want to use RDP from the host.

I don't do that from the host. I have always run the host as a
"powerplant" to run virtual machines, whether in Virtual Server or now with
Hyper-V. It is not part of the logical network.

I control the server from a Vista workstation on the LAN, not from the
host. The host is a headless server that just sits there and runs vms.

You could certainly use VPN to connect to the private LAN behind the NAT
router if you wanted that option. A virtual network is really no different
from a physical one. The networking software doesn't even know which it is
running on. One of the first virtual networks I set up was to emulate a
site-to-site VPN link. It connected two sites running under VPC on two
workstations. Each site had a client machine and a RRAS router.

On Sat, 11 Oct 2008 16:27:30 +1100, "Bill Grant"
<not.available@online> wrote:

>
>
>"Bo Berglund" <boberglund@home.se> wrote in message
>news:42a0f4tsf5eft4ig995oed6prsstjfrmpq@4ax.com.. .
>> On Sat, 11 Oct 2008 10:35:20 +1100, "Bill Grant"
>> <not.available@online> wrote:
>>
>>>
>>>
>>>"AlexisColes" <AlexisColes@discussions.microsoft.com> wrote in message
>>>news:F6A660FE-62C6-4969-9588-751A3358CFBE@microsoft.com...
>>>>
>>>> Hi Bill, many thanks for the reply. Has taken a little while to sink in
>>>> But
>>>> I think I see what you are getting at now.
>>>>
>>>> I am going to set up another VM to act as the RAS server, dosn't really
>>>> matter about the ram as I will only need to launch it when I want to
>>>> connect
>>>> to the outside world.
>>>>
>>>> I am just setting up the new VM now and am wondering if I will be able
>>>> to
>>>> remote desktop to the machines that are on the loop back adapter?
>>>
>>> If you are using a vm as the router, I would put the other vms in a
>>>private virtual network rather than the loopback network. You do not
>>>really
>>>need a connection the the host machine.
>>>
>>> You only really need the loopback adapter if you are using the host as
>>>the router.
>>
>> If one wants to access the guests via RDP from the host, how can one
>> set it up then? Without the loopback and with the guests in private
>> there is no connectivity from the host to the guests...
>>
>> AFAIK you need network connectivity between the host and the guests to
>> do RDP and if you put them into private then you need some method to
>> get into that network from the host.
>>
>> Would it be possible to use the RRAS router (in the VM) to handle VPN
>> tunneling from the outside world into the private network and then use
>> RDP to the guests?
>>
>> --
>>
>> Bo Berglund (Sweden)
>
> It is certainly true that you need an IP connection from the host to
>the guests if you want to use RDP from the host.
>
> I don't do that from the host. I have always run the host as a
>"powerplant" to run virtual machines, whether in Virtual Server or now with
>Hyper-V. It is not part of the logical network.
>
> I control the server from a Vista workstation on the LAN, not from the
>host. The host is a headless server that just sits there and runs vms.

To me this is tyhe same thing, the PC from which you RDP into the
guests must be able to reach them and so the virtual network cannot be
completely isolated from the outside network where your own PC
resides.

> You could certainly use VPN to connect to the private LAN behind the NAT
>router if you wanted that option. A virtual network is really no different
>from a physical one. The networking software doesn't even know which it is
>running on. One of the first virtual networks I set up was to emulate a
>site-to-site VPN link. It connected two sites running under VPC on two
>workstations. Each site had a client machine and a RRAS router.

My point for asking is that the OP wanted to RDP into the guests and
if the guests were on private network that network must be accessible
from outside. This could be done with RRAS on a single guest with two
NIC:s, one in the private network and the other on the outside
network. RRAS because it must be capable of establishing a VPN tunnel
since the connection is from outside. NAT won't do, but is enough for
the VM:s to reach the Internet.
I guess that one could also skip the VPN step and just set up a simple
routing scheme, but then I think the guest running RRAS must be set as
the default gateway on the "outside" PC:s, which probably is not very
good....

I have been running a VS2005 guest with Win2003 as a RRAS router since
about 2 years in order to handle my own VPN access from the Internet
into my home LAN via the ADSL router. Before that I hade a physical
Win2000 server doing the same thing for many years.
My VS2005 host is XP-Pro SP2.
The virtualized solution works as good as the physical one except for
recurring problems of getting the guest to start up automatically
after power outages.
Virtualization saves me one PC and therefore also the energy for that.
:-)
--

Bo Berglund (Sweden)