VDI Security - Securing the Host Network

The configuration of the physical network interfaces of the computer running Hyper-V can help to improve the isolation of the management operating system from the virtual desktops. Its recommended that you install at least two network adapters on the computer hosting Hyper-V. Dedicate the first network adapter for the exclusive use of the management operating system, and then allow the virtual desktops to use the other network adapters.

 

There are three different types of virtual networks:

· External virtual networks use virtual network switches that are bound to a network adapter in the physical computer. Any virtual machines attached to an external virtual network can access the same networks to which the physical adapter is connected.

· Internal virtual networks use virtual network switches that are not bound to a network adapter in the physical computer. An internal virtual network is isolated from networks external to the physical computer. However, virtual machines connected to an internal virtual network can communicate with the management operating system.

· Private virtual networks use virtual network switches that are not bound to a network adapter in the physical computer, as with internal virtual networks. However, network traffic from virtual machines connected to a private network is completely isolated from network traffic in the management operating system and in the external networks.

For more detail please refer to Hyper-V Security Guide