Now that I have started studying for my MCITP certification I found that I am going to need some windows servers in order to complete all the labs. Not to mention that I will probably to need to setup a network inside of my network so that I can test things like AD replication between “New York” and “San Francisco” or whatever make believe location the book listed. The problem is that I don’t have too many spare servers capable of running Windows 2008 R2 just sitting around. I also don’t want to pay for the power to run all them while they idle along because ACME Inc’s workload isnt very high. However I do have an ML370 G5 with more then enough RAM sitting on my desk…
Enter VMware ESXi Hypervisor (I guess I should use the new terms).
Basically what I will explain is how to take …
And make it all run on a single server while making sure that each “site” has its own subnet and remains isolated from my employers network. The other advantage is that we can do this all with free software, and still provide internet access to each virtual site so that if we wanted to we can download windows updates, activate windows, and basically just emulate a real network. So lets get started.
The first thing that we will need to do is load VMware’s free hypervisor on to the hardware. I wont go into details on that, but there are many good places and even some VMware white papers on how to do this. After installing the hypervisor we will want to go ahead and configure it as we normally would, so go ahead and give it a static IP, a password, and configure your storage and other required stuff so that we can run VM’s.
After all the setup stuff is complete you will want to go to the configuration tab, and navigate down to the networking section over on the left side of the config tab. You will find that you have a single vSwitch0 listed which will probably have just the standard vmk0 interface.
So what we will want to do is click “Add Networking” in the top right corner. On the first screen select “Virtual Machine” as the connection type then press ‘Next’. On the next screen you are asked to select a physical network adapter to associate with this new vSwitch. We do now want a physical NIC on this vSwitch so un-check anything that is checked and press ‘Next’. On the next screen you will need to name the vSwitch, you can make it whatever you want… you can also change this later, but to make it simple I am naming mine the “City” that they represent. So Chicago, San Francisco, or New York. Click ‘Finish’, and we now have our first site. Do this as many more times as you need sites. Eventually you have something that looks like this…
So to plan this out we are going to associate “New York” with a subnet… in my case I picked 192.168.10.0/24. I then picked 192.168.20.0/24 for Chicago, and 192.168.30.0/24 for San Francisco. If we were to spin up a VM and put its network adapter in Chicago and one in New York, they would not be able to talk to each other because there is no physical or virtual connection out of that vSwitch. Also your VM’s would not be able to talk to the internet either… clearly a problem if you want to activate them, or download updates, etc etc.
In order to make the “sites” internet accessible as well as route traffic between sites we need a router… a virtual router to be exact. For this task we are going to use Debian Linux, you could substitute in Ubuntu or whatever you want really, I just like Debian. What we will do is create a virtual machine, and we will put one virtual network card in vSwitch0, this network card will pull a DHCP address from your LAN. Then we will also add more network cards… one for each vSwitch/Site you created. So in our case we will have 4 virtual network cards total in the virtual machine.
Here is what the router’s settings should look like:
Install Debian, there are a bunch of tutorials out there so I wont go into detail, but basically you can remove all roles except the base system. After you reboot, login as root and install the ssh server by issueing the following command.
apt-get install openssh-server
After installing ssh we can use Putty to connect to the host so that we can copy and paste in the rest of the config. So now we should have a linux machine that has 4 network ports, eth0-eth3. Eth0 should be pulling a DHCP address (or configured however you need for your LAN) and we will now configure eth1-3 to be the gateway address for each of our sites.
Network configuration in Debian (and Ubuntu) is stores in /etc/network/interfaces, inside Putty open this file so we can edit it.
append the following to the existing file.
iface eth1 inet static
iface eth2 inet static
iface eth3 inet static
Save the file by pressing ‘Ctrl + O’ then press ‘Enter’ then ‘Ctrl + X’ to exit.
The next thing we need to do is configure linux to allow IPv4 Forwarding. This can be done by editing the /etc/sysctl.conf file
Seach for ‘ip_forward’ by pressing ‘Ctrl + w’ and typing ‘ip_forward’ then press enter. This should take you to the line in the config file that controls ipv4 forwarding, turn it on by changing the 0 (zero) to a 1 (one). Then save and exit the same way you did for the interfaces file. One step left, this is to configure NAT so that we can get out to the internet, and the best way I have found to do this is to install webmin and use its GUI. This is pretty easy on Debian.
tar xzvf webmin-1.520.tar.gz
Answer the installer’s questions and then go to your browser and open webmin. If you do not know what the dhcp ip address is on your router type ‘ifconfig’ and look for the eth0 interface, this will be the LAN ip of your router. The web URL you will need is http://:10000 Login with the credentials your created during the installer. Then on the left, click on Networking and then Linux Firewall… you should see the following:
Click on the second radial button “Do network address translation on external interface”. Click ‘Setup Firewall’. The last part is to click the “Activate at Boot” button, this will save the configuration and activate it ever time the router is rebooted. Now reboot the linux router, after it comes back up create a VM in one of the “Sites” and set its gateway to the ip of the router in the subnet and as a dns server use either your LAN’s DNS server or one from the internet like 22.214.171.124
That is it! you now have a multi-site, routed network, with internet access… ALL ON ONE SERVER! it doesn’t get much better then that. If you get stuck at any point feel free to leave a comment or shoot me an email, as always I would be glad to help.