Hyper-V V2: Guest Only External Networks + Add Roles Wizard Changes
The Hyper-V best practice in traditional production environments is that any physical network interface used by guest virtual machines is dedicated and isolated to guest only traffic and not shared with the management operating system (host). This recommendation was made for several reasons – security is the primary reason since virtual machines are considered less trusted than the management partition isolating the network traffic reduces the risk that a malicious guest could take advantage of a remote security exploit to take over the physical machine. Following this practice also reduces the risk of a guest virtual machine saturating the network preventing the server administrator from being able to log onto the physical machine and take appropriate action. In Server 2008 (Hyper-V V1) you accomplished this by unbinding TCP (as well as any other network protocol) on the virtual adapter exposed by Hyper-V – in Server 2008 R2 we have added a new feature which be default does not create the virtual adapter on the management partition (of course there’s an option to have it the old way). In addition this functionality was pushed into the Add Roles Wizard when you create your first virtual network. Here’s some screen captures to illustrate.
Taylor Brown
Hyper-V Integration Test Lead
https://blogs.msdn.com/taylorb