Share via


NAT Mode vs. Bridged Mode in MED-V V2

For MED-V V1, we made the following recommendations for MED-V workspaces running in NAT Mode (using VPC Shared Networking.) The article is found here: https://blogs.technet.com/b/medv/archive/2010/10/20/additional-recommendations-when-using-med-v-workspaces-configured-for-nat-mode.aspx For MED-V V2, those recommendations are still in place. But if you decide to use bridged mode instead of NAT mode, there are some important items to consider.

If you use bridged mode, the interface in the MED-V workspace appears external to the machine which means you will need to either apply a static IP address to it or make sure DHCP is available. Otherwise, the IP address will be an APIPA address (169.254.x.x.) This is not a MED-V issue, but rather a VPC issue.
If you have moved from NAT mode to bridged mode please make sure make sure of the following:

1.) Virtual Network Services are enabled on the host NIC.
2.) IP Address is assigned to guest either through DHCP or via a static IP address. For MED-V, it is recommended to use DHCP.

If you are using NAT mode, bear in mind the items mentioned in the following article

https://blogs.technet.com/b/medv/archive/2010/10/20/additional-recommendations-when-using-med-v-workspaces-configured-for-nat-mode.aspx

Especially the section on the following items:

- Disable Slow Link Detection
- Force Kerberos over TCP

These items all hold true for v2 in addition to the extensive information outlined in the following article:

https://technet.microsoft.com/en-us/library/gg548524.aspx

Also understand the following:

1.) NAT Mode will require FQDN’s (fully qualified domain names) when configuring domain join information in the SYSPREP.INF file used in the MED-V FTS (First-time-setup.)
2.) ICMP does not work in NAT Mode for regular users.
3.) UDP does not work well in NAT Mode for regular users.

NAT Mode basically turns MED-V host computer into a NAT router where the VPC gets a class C 192.168.x.x address in the range 192.168.131.1 to 192.168.1.253 and the VPC NAT routing software routes out through the host. This address is not configurable and you will not be able to assign a static IP address. The VPC is connected to a private network that includes a built in DHCP server (192.168.131.254) and a built in NAT service as the default gateway (192.168.131.254). This requires no extra configuration on the host computer and the VPC’s can connect to any IP Address.  MED-V Administrators need to ensure that the network adapter within the VPC guest operating system is configured to obtain a dynamically assigned IP address. This is a default when using SYSPREP. By default, the DNS server settings will be copied automatically from the host machine. It is important to note that NAT will not provide any inbound traffic to the VPC. So the host and none of the other VPC’s would be able to communicate to any other VPC.

Using NAT mode with SCCM (Configuration Manager)

It is important to remind administrators who want to use SCCM (Configuration Manager) to manage/patch/update MED-V workspaces using NAT mode of the required SCMM 2007 hotfix referenced in the following article:

https://support.microsoft.com/kb/2504904
 
This allows for ONLY MED-V workspaces running behind NAT to be managed as intranet CCM clients. Otherwise, the virtual machines cannot perform automatic site assignment or cannot find the closest distribution point to download content based on its current network location.

Comments

  • Anonymous
    January 01, 2003
    Sure. Have you tried changing it through PowerShell? blogs.technet.com/.../ramifications-of-switching-between-nat-shared-networking-mode-and-bridged-mode-with-med-v-v2.aspx

  • Anonymous
    June 14, 2012
    Hi Steve. Is there a way to permanently change the registry value from Bridged to NAT on a machine where the workspace has been deployed ALREADY? If I change the registry value it defaults back to the original setting which was set to Bridged mode after the Windows 7 host is restarted. Can you only make this change to stay on NAT permanently during the First-time-setup of the workspace? Thank you Johan