HyperV isolated network with internet access

Question

Hi!

I need to create a 'private test lab' in HyperV. I need that all VM inside will be 'isolated' (must no see any computer from my local network, and local network must not see them), but they should be able to access internet through HyperV host

I have read about just using an internal swith with NAT (https://petri.com/using-nat-virtual-switch-hyper-v), but I have some doubts:

-> I am going to run backups of some VM now running in my network. The idea is being able to backup a VM form my current network, and run it in my ¡'isolated envitonment' to make some tests. Even though 'isolated', they must have internet access.

-> If possible, those 'test VM' should preserve its IP when added to the 'test lab' so. This means the isolated' network should have the same subnet addresses than the local one. I.E.: My local and my 'isolated' network should be 192.168.1.x/24.

I am specially worried because one of thwe VM I am going to backup and test is de domain controller, so I must be sure it will be correctly isolated, so it does not interfere with the active DC.

Does the simple 'internal NAT switch' I referred before can achieve this, or will I have to create a more complex environment?

Thanks!

Answer 1

You can create a Hyper-V virtual switch that uses network address translation (NAT), enabling virtual machines to be isolated behind a single shared IP address on the host. This works the same way as NAT in VMware Workstation. However, this feature is not enabled in the GUI. Use PowerShell. Should server your needs.

Using a NAT Virtual Switch with Hyper-V
https://petri.com/using-nat-virtual-switch-hyper-v
http://techgenix.com/nat-network-hyper-v-vms/

Answer 2

Hyper-V does not change networking rules. In other words, you cannot create a network configuration in Hyper-V that cannot be created in a physical world.

For a VM to have access to the internet, it must be able to route through its network to reach an external network which has access to the internet. This is fairly simple to implement with an External virtual switch on the Hyper-V host to which all the VMs are connected. But in that situation, the Hyper-V host could not have access to the same IP subnet for both lab VMs and production systems.

However, if you configure a VM as a router in the lab, then the Hyper-V host could have the external network on a different subnet. Lab VMs could use whatever IP subnet they wanted, but the router VM would be the only VM exposed to the Hyper-V virtual switch. If configured properly, you could have the same subnet on two separate network segments, same as you could accomplish with a physical environment.

Answer 3

Hi,

I tested below:

1. Create the environment you required:
   
2. Create a VM connect to the virtual NAT switch and assign an IP address of 192.168.8.2, test ping the Physical network and the Internet, network is well:
3. When I try to backup the Windows 10 VM from the External Physical machine with Windows Server Backup Tool, I can't discovery the Windows 10 VM from Network. So, if we use virtual NAT network, I am unable to backup the VM from external network.

As far as I am concerned, if you would like to make the VMs running in an isolated network with the virtual NAT switch, we may try to backup the VM on the Hyper V host. On the hyper v host, we may use backup tool, export, etc, methods to backup the VM.

Thanks for your time!

If the reply could be of help, please help to accept it as an answer, thanks for your cooperation!
Thanks for your time!
Best Regards,
Anne