On 23/02/2010 03:20, benenglish100 wrote:
> We are looking to put a public DNS server in our DMZ but also want it to be
> on our Hyper-V cluster.
>
> I'd like to install a standalone Windows Server 2008 virtual server on our
> Hyper-V cluster, but am concerned about security. The Hyper-V host is on our
> domain and has direct network links into our LAN.
>
> Is there enough security between the Hyper-V host and Hyper-V virtual
> machine to be able to run a standalone public server on a host that is in a
> domain?
I would say yes, provided you use a dedicated network adapter for the
DMZ-connected machine, and you unbind all protocols and services (other
that the Hyper-V Virtual Switch Protocol) from the adapter.
If you're using 2008 R1, you'll also need to ensure that the host
doesn't have access to the virtual switch network adapter that gets
created (again, unbind the protocols). 2008 R2 has an option ('allow
management operating system to share this network adapter'). If you
disable this for your DMZ adapter, no virtual switch gets created for
the host machine.
Cheers,
--
Chris M.
|
Similar Threads
Linear Mode
